Statistical Effort Modelling of Game Resource Localisation Attacks

TL;DR

This paper fully instantiates and validates a statistical effort modeling method for game resource localisation attacks, demonstrating its feasibility and utility for understanding software protection impacts.

Contribution

It provides the first complete implementation and validation of a statistical effort model for game resource localisation attacks, advancing the study of MATE software protections.

Findings

Confirmed the feasibility of the statistical effort modeling method.

Validated the utility of the models for decision support.

Opened new avenues for scalable analysis of software protections.

Abstract

Evidence on the effectiveness of Man-At-The-End (MATE) software protections, such as code obfuscation, has mainly come from limited empirical research. Recently, however, an automatable method was proposed to obtain statistical models of the required effort to attack (protected) software. The proposed method was sketched for a number of attack strategies but not instantiated, evaluated, or validated for those that require human interaction with the attacked software. In this paper, we present a full instantiation of the method to obtain statistical effort models for game resource localisation attacks, which represent a major step towards creating game cheats, a prime example of MATE attacks. We discuss in detail all relevant aspects of our instantiation and the results obtained for two game use cases. Our results confirm the feasibility of the proposed method and its utility for decision support for users of software protection tools. These results open up a new avenue for obtaining models of the impact of software protections on reverse engineering attacks, which will scale much better than empirical research involving human participants.