Resource Integrity Vulnerabilities and Protections in RPG Games: A Case Study of Elancia

IF 3.6 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Access Pub Date : 2025-07-25 DOI:10.1109/ACCESS.2025.3592760

Pyo Gil Hong;Sung Won Lee;Dohyun Kim

{"title":"Resource Integrity Vulnerabilities and Protections in RPG Games: A Case Study of Elancia","authors":"Pyo Gil Hong;Sung Won Lee;Dohyun Kim","doi":"10.1109/ACCESS.2025.3592760","DOIUrl":null,"url":null,"abstract":"The rapid advancement of network and internet technologies has profoundly impacted the online gaming industry, particularly in the domain of Massively Multiplayer Online Role-Playing Games (MMORPGs). These games, which allow players to interact in a shared virtual world, have witnessed a surge in popularity. However, the rise of cheating and malicious activities facilitated by rogue users and cheat developers poses a significant threat to the gaming industry and the experiences of fair-playing users. In this study, we analyzed the client resource files of the MMORPG Elancia, developed by Nexon, to understand their structure. Our findings revealed that critical game resource files, including graphics, music, and character settings, could be modified by unauthorized users, with the altered content taking effect during gameplay. To address this vulnerability, we proposed both client-side and server-side integrity verification methods for client resource files. On the client side, we suggested verifying the integrity of resource files by comparing their Merkle Root with the Merkle Root stored on the server. On the server side, we proposed a cloud gaming environment where resource files are not stored on the client; instead, the client sends input to the server, which renders the results and transmits them back to the client. Additionally, the server verifies client inputs and events, storing the results for further validation. To validate the proposed methods, we customized Minecraft’s Forge mod to evaluate the performance of our approaches. The results underscore the critical role of client-side file integrity in maintaining game security and highlight the potential impact of robust protection measures on safeguarding the gaming ecosystem.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"132926-132941"},"PeriodicalIF":3.6000,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11096629","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11096629/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid advancement of network and internet technologies has profoundly impacted the online gaming industry, particularly in the domain of Massively Multiplayer Online Role-Playing Games (MMORPGs). These games, which allow players to interact in a shared virtual world, have witnessed a surge in popularity. However, the rise of cheating and malicious activities facilitated by rogue users and cheat developers poses a significant threat to the gaming industry and the experiences of fair-playing users. In this study, we analyzed the client resource files of the MMORPG Elancia, developed by Nexon, to understand their structure. Our findings revealed that critical game resource files, including graphics, music, and character settings, could be modified by unauthorized users, with the altered content taking effect during gameplay. To address this vulnerability, we proposed both client-side and server-side integrity verification methods for client resource files. On the client side, we suggested verifying the integrity of resource files by comparing their Merkle Root with the Merkle Root stored on the server. On the server side, we proposed a cloud gaming environment where resource files are not stored on the client; instead, the client sends input to the server, which renders the results and transmits them back to the client. Additionally, the server verifies client inputs and events, storing the results for further validation. To validate the proposed methods, we customized Minecraft’s Forge mod to evaluate the performance of our approaches. The results underscore the critical role of client-side file integrity in maintaining game security and highlight the potential impact of robust protection measures on safeguarding the gaming ecosystem.

查看原文本刊更多论文

RPG游戏中的资源完整性漏洞和保护：以《Elancia》为例

网络和互联网技术的快速发展深刻地影响了在线游戏产业，特别是在大型多人在线角色扮演游戏（mmorpg）领域。这些允许玩家在共享的虚拟世界中互动的游戏见证了人气的激增。然而，由流氓用户和作弊开发者促成的作弊和恶意活动的增加对游戏行业和公平游戏用户的体验构成了重大威胁。在本研究中，我们分析了Nexon公司开发的MMORPG《Elancia》的客户端资源文件，了解其结构。我们的调查结果显示，关键的游戏资源文件，包括图像、音乐和角色设置，可能会被未经授权的用户修改，而修改后的内容会在游戏过程中生效。为了解决这个漏洞，我们为客户端资源文件提出了客户端和服务器端完整性验证方法。在客户端，我们建议通过比较资源文件的Merkle根与存储在服务器上的Merkle根来验证资源文件的完整性。在服务器端，我们提出了一个云游戏环境，资源文件不存储在客户端；相反，客户机将输入发送到服务器，服务器呈现结果并将其传输回客户机。此外，服务器验证客户机输入和事件，并存储结果以供进一步验证。为了验证提出的方法，我们定制了Minecraft的Forge mod来评估我们的方法的性能。研究结果强调了客户端文件完整性在维护游戏安全方面的关键作用，并强调了强大的保护措施对保护游戏生态系统的潜在影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.