About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Insecure by Design, Epic Games Peer-to-Peer Multiplayer Service- 347

Bill DemirkapiPosted 5 Years Ago
  • The author decided to look at the video game Satisfactory. This game had a unique feature: peer-to-peer multiplayer sessions. Once the hacker started analyzer, they realized that this used Epic Games Online (EOS).
  • EOS has two user roles: GameClient and GameServer (backend usage). The GameClient has ReadOnly permissions to the server. So, what is a peer-to-peer client then? Well, it needs to alter the state of the machine. So, it is given the GameServer role if it wants to do anything interesting. This feels like a problem.
  • An intermediate issue, that the author found, was that the EOS API had a filtering mechanisms for sessions. However, if this search had no filtering, then it disclosed a significant amount of information, such the local IP of other users and user IDs.
  • The major flaw that was found with the GameServer role was the ability to create arbitrary sessions. Using the EOS API, an attacker can create a set of duplicate sessions in order to force users to join their own game, instead of somebody else's game. This is then paired with the ability to find sessions for games, with the GameServer role attached.
  • This attack would allow for the hijacking of all matchmaking sessions to join a attackers session instead. This essentially acts as a DoS.
  • The author got a bunch of push back on the vulnerabilities from the Epic Games side of things. I assume this is because they would have been difficult to fix, from a P2P perspective. However, Epic Games did add a new user role that was specific to P2P connections but still left the IP address exposed in the communication.
  • The article seems to blow this out of proportion a little bit (it is a DoS with a small information disclosure). Other than that, the article is well-written and I enjoyed the analyzing of the Security model for P2P communication that stretched from the documentation to the actual implementations.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed