#Data collection for different apps

Hey there!

So I was curious to learn about how game cheats work (such as aimbot) and learned, that necessary data is collected and then thecheat modifies the character based on the data collected. The content creator (whomstvideo I watched to learn) never showed how they collected the data so I thought I'd ask here: how do cheats collect data such as player position, or should I say, where does it get the dat a from? Does it intercept the data that gets sent between player and server, if so, how is this done. Are there also other ways data gets sent/stored? If we say we take a survival game, presume data (such as a players inventory) is temp saved somewhere. How can I find such data?

it reads the player data and the server-player data

in some cases, some cheat for online games, just exploit bugs

For instance, if the server does not really do proper business input checking, you could have your player "teleport" and the game server says that's what's happening

I collected 300K gold, and server says, that's within the range, cool stuff.

If the client has to display current game or minimap, then it knows "local user position" because otherwise the time delay would be too large == too much lag

so if you know where that information is in memory, then you can just read the hexadecimal and act upon it.

In some games, they moved those every few release, but the cheat engine, just kept releasing new versions with the if version use address X instead

then game started using windows process list to detect other binaries to avoid aimbot and similar cheats...

then they added DRM, etc.

in one case, they detected winehq or codeweavers and refused that person to play

there is various debugging tool to know where stuff frequently change in memory in windows

and there is a pretty good disassembler tool for the USA gov too

What would be the best way to find the memory containing the data (if language relevant, what would be the best way for python?)

there is tools for that, I don't recall, try google

basically you need to inject your sniffer inside the app or between the app and the server "wireshark"

if the stuff is HTTPS / SSL, then only inside the app 😄

https://ghidra-sre.org/
https://github.com/NationalSecurityAgency/ghidra/releases

https://learn.microsoft.com/en-us/windows/win32/winauto/inspect-objects

ghidra was the one I forgot the name thanks @misty cliff

Ive used IDA Pro before too, I find its easier to reverse iOS applications w/ IDA than Ghidra

https://en.wikipedia.org/wiki/Dr._Watson_(debugger)

there is a bunch of these

radare2 is another good one

one has hard disk sniff

another one has memory sniff

https://rada.re/

theres also the concept of fuzzing:
https://github.com/topics/fuzzing

fuzzing is used by google against linux in the CI/CD pipeline 😄

for finding bugs

or exploits ;)

for mobile game hacking you could also use something like: https://frida.re/

well some old videos games were "solved" using integer overflow, buffer overflow and similar logical bugs

old video games are ez mode :)

I liked the one, where the guy entered 3 specific Japanese username in save mode

then ended up in the final scene of the last castle 🤣

Thank you both so much :D this will be very useful!

https://www.youtube.com/watch?v=fj9u00PMkYU

it's using a buffer overflow on the 12th sprite due to a whistle bug 😄
to execute "6502 binary assembly code" that are written using Japanese symbol on the login screen...