Cheating in mobile games is a huge issue that plagues every mobile game developer and publisher. In this blog series, I’ll discuss some of the most common ways fraudsters and malicious gamers cheat in mobile games. I’ll start off by describing the most common cheating tools and how they work. Then, I will describe some advanced methods used by experienced programmers to modify mobile games to cheat (eg: dynamic memory injection, function/method hooking), as well as to create mods and tweaks for other gamers to cheat. And finally, I’ll explain how developers and publishers can prevent cheating using several different methods – all without making changes to the app’s source code.
What is Game Cheating?
In mobile games, cheating involves a gamer or cheater changing the game (in one of many ways) to gain an advantage or ‘win’. There are as many ways to cheat in mobile games as there are mobile games. For example, sometimes players cheat by making their own character better, faster, stronger relative to the game or to other players (using speed hacking). Sometimes they cheat by acquiring game skills, assets, ammunition, gold coins, without paying for them (bypassing in-app purchases). Sometimes they cheat using auto-clickers, click bots, or auto macros – which are automated programs that simulate gameplay without the player needing to put in the required time or effort. Other times cheating is accomplished by disabling a licensing-checker in the app, so players can play a ‘premium’ game for free.
One of the key outcomes of mobile game cheating are ‘mods’.
What are Mods and Tweaks?
A mod (short for “modification”) is an alteration by players of a video game that changes one or more aspects of the game, such as how it looks or behaves. Mods range in scope from small additions of functionality all the way up to complete overhauls of a game. Sometimes mods expose hidden UIs that unlock features or allow players to ‘buy’ game objects/value without spending money (ie: bypassing in-app purchases).
Tweaks are the rough equivalent of mods, in the iOS world. Game tweaks are pre-packaged iOS modifications which can be downloaded and installed from alternative app stores which allow users to ‘customize’ the iPhone experience by circumventing apple’s restrictions. Cydia is the most popular repository or alternative app store to obtain game tweaks for iOS. In order to access or install Cydia, you need to Jailbreak the device.
Some of the key things to do with tweaks are: removing all mobile ads from a game, changing game values, bypassing in-app purchases, customizing the designs, icons, icon designs, or creating full-blown pirated copies of popular mobile games that cheaters attempt to distribute fraudulently on alternative app stores to generate revenue for themselves. Using the Cydia Repository, cheaters can download thousands of different tweaks for iOS which are not available on Apple’s Appstore. In the context of gaming, you can find tweaks that allow you for example to increase monetary/cash in a mobile game, activate special powers or capabilities for your character, speed up your play, jump to different levels, increase the speed of your clicking or accuracy of shooting, disable time or life limits, and much more. To borrow from the old apple saying, if a game capability exists, ‘there’s a tweak for that’.
Some game tweaks require jailbreaking, others can be done without jailbreaking. If jailbreak is required, it’s not too much effort for the cheater to use one of the many freely available jailbreak programs, such as Checkra1n or Unc0ver. Because Checkra1n exploits a hardware/firmware bug in order to achieve Jailbreaking Apple cannot issue a software patch to stop the Jailbreak exploit. And Checkra1n works on most iOS devices, making it a ‘go to’ tool for experienced game cheaters.
How Cheaters Create and use Game Mods
There are a few ways cheaters get their hands on game mods. One way is to download a pre-built ‘mod’ (modified game) from an alternative app store (like Cydia or Up2Down), and then run it on a rooted/jailbroken device or use an emulator to play the mod. Another way gamers get access to mods is by creating the mods on their own, either using pre-productized cheating engines like GameGuardian, Lucky Patcher, or Cheat Engines. Experienced programmers create game mods using advanced dynamic instrumentation techniques such as Memory mapping/editing, and dynamic code injection, both of which are carried out against apps while the app is running, usually on a Jailbroken or Rooted device or an emulator.
In essence, cheating tools are usually the end result of previous reverse engineering, static and dynamic analysis that fraudster performed on the mobile game, long before the first ‘mod’ or ‘tweak’ popped up on Cydia. This blog focuses on mods, tweaks, bots, and cheating apps.
Top 7 Game Modding techniques:
There are 7 main game modding techniques. I will go into detail in a few of them in this blog, and I will cover other techniques in other blogs. Needless to say, game cheaters and fraudsters have lots of options when it comes to game cheating:
- Live Memory Editing (using cheating apps like GameGuardian, Lucky Patcher, Cheat Engines)
- Dynamic Code/ Memory Injection (using tools like Frida, Hopper, IDA-Pro)
- Click-bots, Auto-macros and Speed Clickers
- Save Game State/File Editing
- Configuration or Resource File editing
- Network Interception (MitM)
- Binary Code Patching
Understanding these techniques and methods fraudsters use to cheat in mobile games is super important for game developers who want to effectively combat cheating. To effectively combat cheating, you’ll need to address the problem at the source – that is you need to protect your code so that it’s not easy to reverse engineer the game in the first place. Going after the apps in the ‘alternative’ app stores with ‘take down’ requests alone, you’re fighting a losing battle (think ‘whack-a-mole’). The second you pull one down, 5 more pop up in its place.
For the remainder of this post, I’ll dive into the top 2 modding methods listed above (Live Memory Editing and Dynamic Code injection). First, let’s discuss Live Memory Editing with tools like GameGuardian.
Live Memory Editing With GameGuardian and Other Cheating Apps
Let’s talk about live memory editing, which for Android games can be done using productized cheat engine apps, such as GameGuardian, Lucky Patcher, and Cheat Engines (note, the term cheat engines is used both to describe a specific tool called Cheat Engines, as well as an overall category of cheating apps….I know, it can be confusing, but hey I didn’t create the names, I’m just writing about them).
The mother of all modders is a cheating tool called GameGuardian. GameGuardian is a powerful game cheating/ alteration tool for Android that is used to cheat in a large number of mobile games. GameGuardian comes in the form of an Android app that can be used to cheat and modify a large library of Android games, using a method called “Live Memory Editing”. This is a modding technique in which the player locates the specific game values that are stored inside the app, so that they can edit those values to gain an advantage (aka: cheat) in the game. Using GameGuardian, players can do things like alter in-game money/coins, change the app/game’s internal clock to gain an advantage in the game, or acquire various game resources without paying for them (eg: by bypassing in-app purchases, bypass licensing checks, or altering the memory space that stores the game values outright). GameGuardian works best on rooted devices but will partially function inside a virtual space (with apps like Parallel Spaces). GameGuardian can also run scripts written by other developers to cheat in many games. GameGuardian also comes with sophisticated root hiding and root cloaking features which are designed to evade detection.
- Besides the ability to run scripts, GameGuardian comes with a set of built-in features like:
- Game acceleration/ deceleration (speed hacking)
- Search and modify memory content (unknown value scanning)
- Resource/Stat manipulation (Altering in-game money/coins/gold)
- Disabling mobile ads Skipping Levels
- Bypass In-app purchases
- Dumping of the game memory
- Disable random functions and replace their output
- And many more…
GameGuardian also allows cheaters to tap into a huge library of games that can be modified). GameGuardian is fully productized, comes with documentation. They even have a slick website and distribute marketing brochures about they ‘liberate’ gamers from the big bad evil game developers and publishers who have the audacity to make a living by monetizing that amazing mobile game that it cost $10 million to produce. How dare they! It should all be free gosh darn it! Seriously, that’s how they market themselves. And don’t take my word for it, google it and check out their website.
For example, when you run a game, you can open GameGuardian and select the specific process of the app you want to modify. For instance, if you only have a certain number of lives in a game, you can use GameGuardian’s built-in hex editor to search for this number and replace it with any value the cheater wishes.
Dynamic Code Injection/ Memory Editing
Advanced game cheaters use tools like Frida, Hopper or IDA-Pro, fraudsters attach to running processes and use techniques like function and method hooking to dynamically inject code or changing the game’s active memory or state while running the app (or playing the game). Sometimes cheaters package up their changes as new game mods or tweaks and then sell those tools or ill-gotten games to less experienced gamers on the black market. These experienced programmers use advanced techniques like memory mapping, fuzzing, hex editing, function and method hooking, dynamic memory injection, ROM-hacking, etc in order to modify mobile game memory or values and then create game mods based on the new attributes. We will describe these advanced power cheaters and their use cases in one of the next blogs in this series. Check out this blog on Dynamic Code Injection to understand the dynamic runtime methods and tools for modding games, along with some examples and use cases for Unity, iOS and Android game mods.
Recommendations for Mobile Game Developers and Studios
As a game developer, publisher or studio, learn how to stop mobile game cheating pre-emptively by preventing the methods and tools fraudsters use to alter mobile games, inject code, create mods, and weaponize apps by tricking mobile users:
Using Appdome Mobile Fraud Prevention, mobile developers can build the following pre-emptive protections into mobile games:
- Block click bots, auto-clickers, auto-macros, and speed hacking
- Block cheating apps like GameGuardian, Lucky Patcher and Cheat Engines from modding mobile games
- Prevent cheaters from using dynamic instrumentation tools like Frida or ADB for method hooking, dynamic script injection, code injection, memory injection to modify app functionality
- Detect and block apps that use highly privileged app permissions and block Accessibility abuse, which are often enabled unknowingly by mobile users who through trickery
The best defense against mobile fraud is to prevent it from occurring in the first place. Appdome’s No Code Mobile Fraud Prevention offers developers, publishers, studios and financial institutions an easy way to stop mobile fraud at the source. Using Appdome’s no-code technology, developers or fraud specialists can build pre-emptive and defensive protections into any mobile app in minutes, which equips the app with the intelligence it needs to prevent fraud from occurring.
Give Appdome a try today. Get started at https://fusion.appdome.com