![]() ![]() Protobuf is a technology developed by Google which allows defining messages and provides an API for serializing and deserializing those messages. More importantly, this custom UDP-based protocol carries Protobuf serialized payloads. We won’t go into detail about the networking code, as it is irrelevant to the bugs we will present. As security researchers, it was our task to understand the network protocol used by CS:GO and what kind of messages are sent so that we could look for vulnerabilities.Īs it turned out, CS:GO uses its own UDP-based protocol to serialize, compress, fragment, and encrypt data sent between clients and a server. ![]() Once the player joins a server, their game client and the community server start talking to each other. Players can join community servers using a user friendly server browser built into the game: data section of one of the game’s loaded modules, leading to control over the instruction pointer. The second bug is an out-of-bounds access of a global array in the. The first bug is an information leak that enabled us to break ASLR in the client’s game process. We’ve managed to find and exploit two bugs that, when combined, lead to reliable remote code execution on a player’s machine when connecting to our malicious server. Players can connect to potentially malicious servers, exchanging complex game messages and binary assets such as textures. However, this design choice opens up a large attack surface. Server administrators can create and utilize custom assets such as maps, allowing for innovative game modes. These community servers are free to download and install and allow for a high grade of customization. One of the factors contributing to Counter-Strike Global Offensive’s (herein “CS:GO”) massive popularity is the ability for anyone to host their own community server. Brymko, dezk, Simon Scannell May 13, 2021 ![]()
0 Comments
Leave a Reply. |