Challenge 1: Anti-Debugger ========================== Nowadays, many games use kernel-level anti-cheat systems to prevent cheating. The reason why these anti-cheat systems are implemented in the kernel is that they can monitor and control drivers, hardware, virtual memory of user-space processes or of the kernel. These anti-cheat systems are too complicated for us (especially for your first challenge). Therefore, the anti-cheat system you will implement could in fact have been implemented in user-space, but you will do it in the kernel using eBPF instead. The anti-cheat you will implement is an anti-debugging mechanism since debuggers allow attackers to inspect memory, alter program flow, and bypass security checks. You will thus detect whether the game process is being debugged and terminate it if it is. Description ----------- The game you are going to protect is a very simple terminal-based hangman game. .. code-block:: none You guessed e and revealed 0 characters! ************************************** *****************************\\|//** **You have 3 guesses left \|/ ** | ** () ** /||\ ** // ** _ k i _ i d i ************************* Guessed letters: a - - d e - - - i - k - - - - p - - - - - - - - - - Enter a letter here: The rules are simple: the player has to guess a word letter by letter. If the letter is in the word, it is displayed. If the letter is not in the word, an additional part of the hangman is drawn (in the implementation, the hangman is always drawn, but whatever). The hangman has 6 parts: head, body, left arm, right arm, left leg, right leg. Therefore, the player can make 6 mistakes before losing the game. The game developer is worried that some players might try to analyze or manipulate the game using a debugger such as ``gdb``. Your task is to detect whether the game process is being debugged. If a debugger has attached to the game process, the game should be immediately terminated. Setup ----- First, install the ``gdb`` debugger: .. code-block:: bash $ sudo apt update && sudo apt install gdb Download the files for this challenge using: .. code-block:: bash $ wget --no-check-certificate https://people.montefiore.uliege.be/~gain/courses/info0940/asset/antidebug.tar.gz $ tar -xzvf antidebug.tar.gz The game is located in ``antidebug/hangman``. .. note:: The original source code can be found on `github `_. However, we modified it a bit, so please use the provided source code and not the one on github. You can compile it using the Makefile provided (simply run ``make`` within the ``hangman`` directory). Then you can run the game using: .. code-block:: bash $ ./hangman To debug the game, you can use the ``gdb`` command. .. code-block:: bash $ gdb ./hangman This will launch the ``gdb`` debugger, and ``gdb`` will then in turn launch the game when you use the ``run`` command inside ``gdb``. For this challenge, debugging is defined as: the game process being launched and controlled by gdb, which can be approximated by checking its parent process. If you want to terminate the game, you can then use ``Ctrl+C``, and to quit ``gdb``, you can use the ``quit`` command. .. note:: You don't actually have to use more than the ``run`` and ``quit`` command, but if you are curious, you can use the ``help`` command to get a help message with all the available commands. For more information on how to use gdb, you can refer to the official documentation: https://www.gnu.org/software/gdb/documentation/ or via the ``man gdb`` command. Inside ``antidebug/src``, you will find the same template as in tutorial 3. Use it to implement the anti-debug system. What you need to do ------------------- You are expected to implement a uprobe that hooks into a function of the game in order to detect whether the game process is being debugged [1]_. If debugging is detected, the game should be terminated. You must choose a function in the game to attach the probe to such that the game is terminated before the player is asked to enter a letter. This challenge is quite simple, don't be surprised if your solution is very short. .. [1] We consider that a process is being debugged if gdb is attached to it. The debugging "step" starts when the ``run`` command is used. You don't have to terminate the game if gdb is launched but the ``run`` command is not used yet.