Mobile Game Security

Overview

This skill covers mobile security resources from the awesome-game-security collection, focusing on Android and iOS game security research, reverse engineering, and protection bypass techniques.

Android Security

APK Analysis

Tools

apktool: Decompile/recompile APKs
jadx: DEX to Java decompiler
APKiD: Identify packers/protectors
Frida: Dynamic instrumentation
APKLab: VS Code integration

Workflow

bash

# Decompile APK
apktool d game.apk

# Analyze DEX files
jadx -d output game.apk

# Identify protection
apkid game.apk

Native Library Analysis

IL2CPP Games (Unity)

1. Extract libil2cpp.so from APK
2. Use IL2CPP Dumper to generate headers
3. Analyze with IDA/Ghidra
4. Hook using Frida or native hooks

Native Games

1. Identify target libraries (.so files)
2. Analyze with reverse engineering tools
3. Pattern scan for functions
4. Apply hooks/patches

Memory Manipulation

Tools

GameGuardian: Memory editor
Cheat Engine (ceserver): Remote debugging
Custom memory tools: Direct /proc/pid/mem access

Access Methods

// Via /proc filesystem
int fd = open("/proc/pid/mem", O_RDWR);
pread64(fd, buffer, size, address);
pwrite64(fd, buffer, size, address);

Hooking Frameworks

Frida

javascript

// Basic function hook
Interceptor.attach(Module.findExportByName("libgame.so", "function_name"), {
    onEnter: function(args) {
        console.log("Called with: " + args[0]);
    },
    onLeave: function(retval) {
        retval.replace(0);
    }
});

Native Hooks

Substrate: Inline hooking framework
And64InlineHook: ARM64 inline hooks
xHook: PLT hook library
Dobby: Multi-platform hook framework

Root Detection Bypass

Common Checks

- /system/bin/su existence
- /system/xbin/su existence  
- Build.TAGS contains "test-keys"
- ro.build.selinux property
- Magisk files/folders
- Package manager checks

Bypass Methods

Magisk Hide: Built-in root hiding
LSPosed/EdXposed: Xposed framework hooks
Frida scripts: Hook detection functions
APK patching: Remove detection code

Zygisk Modules

cpp

// Zygisk module structure
class Module : public zygisk::ModuleBase {
    void onLoad(zygisk::Api *api, JNIEnv *env) override {
        this->api = api;
        this->env = env;
    }
    
    void preAppSpecialize(zygisk::AppSpecializeArgs *args) override {
        // Before app loads
    }
    
    void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
        // After app loads - inject here
    }
};

Android Protections

Common Protectors

Tencent ACE: Chinese market protection
AppSealing: Commercial protection
DexGuard/ProGuard: Obfuscation
Arxan: Enterprise protection

iOS Security

Analysis Tools

Hopper: Disassembler
IDA Pro: Industry standard
class-dump: Objective-C header extraction
Frida: Dynamic instrumentation
Clutch/dumpdecrypted: App decryption

Jailbreak Tools

H5GG: iOS cheat engine
Flex: Runtime patching
Cycript: Runtime manipulation
ceserver-ios: Cheat Engine for iOS

Hooking (Jailbroken)

objc

// Using Logos (Theos)
%hook TargetClass
- (int)targetMethod:(int)arg {
    int result = %orig;
    return result * 2;  // Modify return
}
%end

Non-Jailbreak Techniques

Sideloading: Modified IPAs
Enterprise certificates: Custom signing
AltStore: Self-signing tool

Unity Mobile Games

IL2CPP Analysis

1. Locate libil2cpp.so (Android) or UnityFramework (iOS)
2. Find global-metadata.dat
3. Run IL2CPPDumper
4. Generate SDK/headers
5. Hook target functions

Mono Analysis

1. Extract managed DLLs
2. Decompile with dnSpy/ILSpy
3. Modify and repackage
4. Or hook at runtime

Common Targets

- Currency/coins values
- Player stats (health, damage)
- Inventory manipulation
- Premium unlocks
- Ad removal

Unreal Mobile Games

Analysis Approach

1. Identify UE version
2. Dump SDK using appropriate tool
3. Locate GObjects, GNames
4. Find target functionality
5. Apply memory patches or hooks

Overlay Rendering (Android)

Surface-Based

cpp

// Native surface overlay
ANativeWindow* window = ANativeWindow_fromSurface(env, surface);
// Render using OpenGL ES or Vulkan

ImGui Integration

Zygisk + ImGui modules
Surface hijacking
Direct framebuffer access

Network Analysis

Tools

mitmproxy: MITM proxy
Charles Proxy: Traffic analysis
Frida SSL bypass: Certificate pinning bypass

Certificate Pinning Bypass

javascript

// Frida universal SSL bypass
Java.perform(function() {
    var TrustManager = Java.registerClass({
        implements: [X509TrustManager],
        methods: {
            checkClientTrusted: function() {},
            checkServerTrusted: function() {},
            getAcceptedIssuers: function() { return []; }
        }
    });
    // Install custom TrustManager
});

Anti-Cheat on Mobile

Common Systems

Tencent ACE: Chinese games
NetEase Protection: NetEase games
Custom solutions: Per-game implementations

Detection Methods

- Root/jailbreak detection
- Frida detection
- Emulator detection
- Integrity checks
- Debugger detection
- Hook detection

Bypass Strategies

1. Static analysis of detection code
2. Hook detection functions
3. Hide injection footprint
4. Timing attack consideration
5. Clean environment emulation

Emulator Considerations

Android Emulators

LDPlayer: Gaming focused
BlueStacks: Popular emulator
NoxPlayer: Game optimization
MEmu: Android gaming

Emulator Detection

- Build.FINGERPRINT checks
- Hardware sensor verification
- File system characteristics
- Performance timing

Resource Organization

The README contains:

Android hooking frameworks
iOS jailbreak tools
Memory manipulation utilities
Root/jailbreak bypass tools
Mobile anti-cheat research
Emulator resources

Data Source

Important: This skill provides conceptual guidance and overview information. For detailed information including:

Specific GitHub repository links
Complete project lists with descriptions
Up-to-date tools and resources
Code examples and implementations

Please fetch the complete data from the main repository:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.

mobile-security

NPX Install

Tags

SKILL.md Content

Mobile Game Security

Overview

Android Security

APK Analysis

Tools

Workflow

Native Library Analysis

IL2CPP Games (Unity)

Native Games

Memory Manipulation

Tools

Access Methods

Hooking Frameworks

Frida

Native Hooks

Root Detection Bypass

Common Checks

Bypass Methods

Zygisk Modules

Android Protections

Common Protectors

iOS Security

Analysis Tools

Jailbreak Tools

Hooking (Jailbroken)

Non-Jailbreak Techniques

Unity Mobile Games

IL2CPP Analysis

Mono Analysis

Common Targets

Unreal Mobile Games

Analysis Approach

Overlay Rendering (Android)

Surface-Based

ImGui Integration

Network Analysis

Tools

Certificate Pinning Bypass

Anti-Cheat on Mobile

Common Systems

Detection Methods

Bypass Strategies

Emulator Considerations

Android Emulators

Emulator Detection

Resource Organization

Data Source