If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...

If you have a not-so-usual solution for your problems but need to justify it to your boss...

If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...

...then 'No Bugs' Hare on Soft.ware might be the right place for you.

Your mileage may vary. Batteries not included

Assorted Rants Tagged ‘Client’, page 2:

Bot Fighting 201: Declarative Data+Code Obfuscation with Build-Time Polymorphism in C++

posted December 26, 2017 by "No Bugs" Hare

Quote:	“Technically, what we’re looking for here, is any kind of bijection; we’ll use this bijection to convert our data from one representation into another one (and as it is a bijection, we can revert it later).”
Another Quote:	“As we’re not writing our obf<> classes manually (instead, we have a code generator doing it for us on each build), the sky is the limit to the obfuscations we can generate.”
	[→]

posted December 12, 2017 by "No Bugs" Hare

Quote:	“Bingo! We’ve got an executable, which automagically performs TONS of integrity checks, which checks are spread all over the executable, and are extremely non-obvious too.”
Another Quote:	“This approach of ‘not revealing code until attack costs are high’ is certainly not limited to payments.”
	[→]

posted December 5, 2017 by "No Bugs" Hare

Quote:	“it is fundamentally impossible to prevent (or detect) debugging, at least as long we’re staying on one single box.”
Another Quote:	“DON’T spend more than 10% of your overall anti-bot-fighting time budget on system-specific protections.”
	[→]

posted November 28, 2017 by "No Bugs" Hare

Quote:	“Some of the system calls are not absolutely necessary, and using them will significantly simplify life of the attacker”
Another Quote:	“Scrambling will help to protect your protocol even if the attacker manages to F.L.I.R.T. with your TLS library”
	[→]

posted November 21, 2017 by "No Bugs" Hare

Quote:	“One of the nastier-for-us features of IDA Pro is so-called F.L.I.R.T.”
Another Quote:	“All the popular protection methods lag well-behind capabilities of the average-attacker-on-a-100K-simultaneous-player-game.”
	[→]

posted November 14, 2017 by "No Bugs" Hare

Quote:	“Given enough time, everything can be broken”
Another Quote:	“in this fight, most of the non-cheating player population will be on our side”
	[→]

posted August 1, 2017 by "No Bugs" Hare

Quote:	“asm.js has invented its own instruction set, which can be still seen as an instruction set of a CPU, at least from the point of view of a C++ compiler.”
Another Quote:	“As asm.js is a strict subset of JavaScript – it will run even if there is no special support for asm.js in browser.”
	[→]