Information Security Asked by user58446 on December 21, 2021
I read the following post, and while the questions was specific to SkyRim, the more general answer was that it depends on the game. I wanted to pose a more generic question here to the security folks.
The main concern seemed to be the type of file extension and language that was being used for the mod. I was under the impression that any code can do almost anything it likes, so I’m not sure how the language would matter. Also, I understand that an executable is more dangerous than perhaps a simple text-based config file.
To sum: How can I mod safely?
I'm going to throw a piece of paranoia in here (simply because of stuff I have been doing recently on console hardware).
While direct executable content is definitely makes life very easy for an attacker, it's not the only vector. All it takes is one mis-checked buffer in a game's data file, and all of a sudden you have the potential to smash through the stack.
Although beyond the ability of your average Joe, an executable with disk and network capability could quite possibly load a "map" or "model" file and actually be reading / writing files on the disk, opening sockets, maybe writing to the Windows registry, installing a key logger, or who knows what.
It's only a small step from there to be executing your own code as opposed to mangled function calls in said game. And then you have complete user land ownage of a given system.
Answered by Damian Nikodem on December 21, 2021
There are different kinds of mods.
Answered by Philipp on December 21, 2021
Mods certainly can be used as infection vectors. A lot of it comes down to a question of trust. A mod with tens of thousands of downloads and nobody suggesting they've had any problems is likely to be OK (though still no guarantee!).
In an ideal world:
Sections of your question are not possible to answer with any real useful information, as there are so many different types of mod available with great differences between them. However, generalizing:
How dangerous are gaming mods, does language and file-type matter, and how can I decide these for each individual game?
How long is a piece of string? Mods can be very dangerous or not dangerous at all. File type certainly matters. Mods that just replace textures, or add new models etc are pretty unlikely to cause you any problems. Mods that use .exe installers are something to be wary of.
Does the maliciousness/exploitability depend on the mod file I am downloading, or the type of files the mod-file is modifying?
Both. If the mod you are downloading is a .exe, it's a bigger risk than if it's a .zip or .rar (generally). If the mod file just replaces some textures or config files, it's a much smaller risk than if it replaces the game executable...
Will a decent AV with signatures/heuristics pick up a malicious payload?
Hopefully, but don't rely on it.
Can mods be examined in a debugger (OllyDBG) or other tool (which type)?
Again, this would depend on what the mod is and what it does. You can certainly check .exe files in a debugger, but frankly I just wouldn't run them at all. Or run them sandboxed in a VM if you really must run them to check them in a debugger.
Answered by AlexH on December 21, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP