DC33

DefCon 33 Activities

Hacker vs. Hacker Olympics

HvH.webp

The Timing for switching games will be delayed from the static time shown on the screen. Dowload S&Box from https://sbox.game/give-me-that. Find our Blocks and Bullets Server and make some hacks

A schedule of games that consist of a play and learning period followed by a final round of the game to determine a winner for each game. The individual or team is at the top of the scoreboard at the end of the final round will be crowned the winner of that game. The next game will be revealed at the end of one game’s end. Use the time before the final round to develop cheats for the game, but do not DOS the servers!

Further Rules

  • Game cheating is allowed (and expected if you want to win)
  • Do not DOS the server
  • Use vulnerability disclose processes to disclose any platform security vulnerabilities

Blocks and bullets will be the main game today with multiple game modes and will last until around 2PM for the final round. The Game Mode for that final round will not be disclosed until just before the final round.

Sandbox Escape Challenge

Escape.png

This year we are highlighting two awesome public Bug Bounties that let you hack on games and win money.

If you find a submittable exploit for bug bounties on either program, please announce your success in the discord channel. We will be issuing merit prize badges for the top finds!

Epic Games

Our sponsor Epic Games has an amazing bounty program and has paid out millions to game hackers. Work on these bounties solo or with a team by using the discord channel in our server to find teammates.

Epic Games - Bug Bounty Program | HackerOne

S&Box from Facepuch Studios

As part of our hacker versus hacker Olympics, we are using a new exciting platform called S&Box. This is a platform to both develop and play games similar to Roblox. Since the platform is quite new, security is a important and green fields place that is still under development. Where our other challenge focuses on the security on the game this bounty is specific to securing the platform

Facepunch Studios Ltd

Mobile Game Hacking

HvH.webp

What is Game Hacking?

Game hacking is the process of modifying a game's behavior to produce unintended effects. This can range from simple cosmetic changes to deep manipulation of game logic, physics, or scoring. Game hacking is used for fun, research, proof-of-concept security work, or in some cases, malicious purposes. As a cybersecurity engineer, understanding how games can be reverse-engineered helps you explore app vulnerabilities, code integrity, and tampering prevention techniques all valuable in real-world application security.

Why Hack 2048 Game

2048 is a simple puzzle game that makes it a perfect target for modding. It uses plain scoring logic which can be easily modified. For this hack, the goal was to change the way the score increased. Instead of only going up when tiles merged, the score should go up by double or quadruple even when nothing meaningful happens. This is a good example of logic tampering. It shows how you can bend a system to behave your way without crashing it.

Click here to download the 2048 Game Hacking Walkthrough PDF file

DC33 Workshops

Minecraft Coding Puzzles Workshop

minecraft.webp

Welcome to the world of modded Minecraft: Java Edition! This workshop allows anybody who owns a Minecraft account to try their hand at solving a short series of custom-created puzzles inside of a custom-created modded world focused on puzzles solved using the Computer Craft mod.

These puzzles will involve creating code in the LUA programming language, which is used by the Computer Craft mod in what’s known as an “emulated” fashion. This simply means that while there are some differences, the programs you write is still real LUA code.

All of these puzzles involve the manipulation of what are known as “turtles” these little handy computers have a complete feature set

Click here to download the Minecraft Workship ZIP file

Advanced Modding Workshop: C++ Doom External Trainer

freedoom.png

This is a low-level coding workshop that builds a GUI external game trainer in C++ that modifies live game state by hooking into a target process via Win32 APIs. It implements pointer chasing and an executable memory scanner to locate and overwrite x86 instructions, enabling features such as infinite ammo. It also teaches process memory manipulation, runtime patching, and OS-level security concepts.

Our goal is to teach you what is happening underneath the hood of programs such as Cheat Engine. We hope to give you insight as to how to perform similar modifications by reverse engineering game code through the development of an external trainer for GZDoom.

Doom External Trainer GitHub Repository

Click here to download the Advanced Modding Workshop: C++ Doom External Trainer PDF file

DC33 Talks

talks.webp

Game Hacking 101 with Julian Dunning

game_hackers_teach.png

Click here to download the "Game Hacking 101" Presentation PDF file

What Game Hackers teach us about Offensive Security and Red Teaming

game_hackers_teach.png

Click here to download the "What Game Hackers teach us about Offensive Security and Red Teaming" Presentation PDF file