In today's gaming market, Game Black/Gray Industry is employing increasingly sophisticated attack methods. Beyond common Memory Modification Cheats and custom Injection Cheats, there has been a rise in Packet Capture Cheats specifically designed to intercept game traffic. Effectively detecting such Packet Capture Cheats has become a major challenge for game developers.
Game packet capture refers to the process of capturing and analyzing data packets transmitted between a game client and server using packet capture tools. Common packet capture tools available on the market include WPE, Fiddler, and Charles Proxy.
Packet capture tool Fiddler
Packet capture tools employ two implementation methods: one relies on hardware, such as placing the network card into promiscuous mode to intercept and decompile packets; the other uses hooking techniques to intercept send and recv functions and obtain packets.
Cheaters can use packet capture tools to intercept, tamper with, resend, or discard game upload/download packets, ultimately enabling the creation of cheats. This article analyzes case studies to explain the principles and risks of game packet capture and protocol cracking.
During normal gameplay, when players perform actions, the client sends game behavior requests and parameters to the server via network packets according to predefined rules agreed upon with the server. Upon receiving the request, the server parses it, processes the information, and sends it back to the client. The client then parses this information and displays it to the player.
Under normal circumstances, game client-server interaction
Packets captured through packet sniffing contain requests sent from the game client to the server and responses returned from the server to the client. They hold substantial information, such as the requested address, request headers, request body, and the server's response headers and response body.
After capturing packets, cheaters analyze and decrypt the data. They then tamper with the game's inbound and outbound data to create Packet Capture Cheats. Examples include modifying a character's attack power, health points, in-game win/loss logic, or surrender-as-loss rules to achieve cheat functionality.
Analysis of Client-Server Interactions After Decryption
After game packets are captured, they are analyzed and cracked to create “offline cheats.” These cheats are commonly used by studios for mass account farming. Once packets are cracked, studios can bypass the game client's restrictions and directly send various operation commands to game servers. These commands are then automated into scripts, enabling low-cost, rapid, and bulk account creation.
JikGuard addresses the issue of cheats arising from packet capture and protocol cracking by providing customized countermeasures. This solution has been integrated into multiple popular games and has demonstrated outstanding protection capabilities.
Communication Protocol Encryption Feature
Utilizing JikGuard's proprietary high-obfuscation encryption algorithm, this feature encrypts game communication protocols. It significantly raises the barrier for analysis and cracking, intercepting the majority of hacking attempts.
Data Verification Feature
When combined with the data verification feature, it enables precise validation of both upstream and downstream game data. Upon detecting any data anomalies, it immediately reports and handles them, delivering truly effective protection.
