Fuzzing online games to find interesting bugs requires a unique set of novel techniques. In a nutshell the lack of direct access to the game server and having to deal with clients that are far too complex to be easily emulated force us to rely on injecting fuzzing data into a legitimate connection rather than using the standard replay/execution approach. Top that with heavily encrypted and complex network protocols and you start to see why we had to become creative to succeed :)
In this talk, we will discuss and illustrate the novels techniques we had to develop to be able to fuzz online games, including how to successfully inject data into a gaming sessions and how to instrument the game memory to know that our fuzzing was successful. We will also tell you how to find and reverse the interesting part of the protocol, and how to decide when to perform the injection.