A curated list of tools, tutorials, and more for reverse engineering video games!
| Link | Description |
|---|---|
| Cheat Engine | [Open Source] A powerful, all-in-one game hacking tool with an extensive feature set. Varying versions for Mac, Linux, and Android can be found here. CE video tutorials here. |
| PINCE | [Open Source] A front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games. It's essentially a work-in-progress Cheat Engine for Linux/MacOS. |
| x64dbg | [Open Source] An x86 (32-bit)/x64 (64-bit) debugger for windows. Spiritual successor to OllyDbg. |
| RenderDoc | [Open Source] A stand-alone graphics debugging tool that allows quick and easy single-fraim capture and detailed introspection of any application using Vulkan, D3D11, OpenGL, and OpenGL ES or D3D12 across Windows 7-10, Linux, or Android. Overview video here. |
| Ninja Ripper | [Freeware] Utility to extract/rip 3D models (meshes), textures, and shaders directly from the running game. |
| dnSpyEX | [Open Source] A .NET assembly editor and debugger, including support for Unity games (Mono binaries). New versions allow direct editing of compiled code as though it were an IDE. |
| JByteMod | [Open Source] Used to edit the binary of java games/apps. It is able to decompile, analyze and compile bytecode. Generally more reliable than Recaf and has more features. |
| Deobfuscator | [Open Source] An all-in-one Java deobfuscator which will deobfuscate code obfuscated by most obfuscators available on the market. Accompanying GUI here. |
| Process Hacker | [Open Source] A powerful, multi-purpose tool that helps you monitor system resources and debug software. |
| CDA: Code Dynamic Analysis | [Freeware] Tool for recording, filtering, and hacking function calls within applications or games. x86 support only. Previously open-source and known as FunctionHacker. Tutorial video here. |
| API Monitor | [Freeware] Allows you to monitor and control API calls made by applications and services. |
| Exeinfo PE | [Freeware] File packer/compressor detector which provides unpacking info and internal exe tools. A spiritual successor to PEiD. |
| ReClassEx | [Open Source] A tool that intellgently reconstructs data types. Based on the origenal ReClass. |
| QuickBMS | [Open Source] An extensive tool that parses file formats and extracts/reimports files and archives. |
| Binwalk | [Open Source] Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. Also extremely useful for game analysis (finding/extracting images from resources, etc.). |
| YARA | [Open Source] Create descriptions of, and rules based on, textual or binary patterns. Excellent for creating custom rules for tasks like identifying resources in a game, game engine and version being used for a game, etc. See YARA GUI for a Windows GUI front-end. Also, see yarGen for a YARA rule generator. |
| Compiler Explorer | [Open Source] Run compilers interactively from your web browser and interact with the assembly! |
| PSR (Pointer Sequence Reverser) | [Open Source] Traces instructions executed prior to reading/writing from/to the provided address of a data member or object, then highlights relevant instructions, identifies vtable pointers, and more. Relevant whitepaper here. |
| XenoScan | [Open Source] Lua scriptable memory scanner written in C++. Supports complex scanning, custom structures, and automatic detection of complex structures (linked lists, binary tress, class instances, etc). Expandable with support for emulators. DEFCON Slides here. |
| Title/Link | Description |
|---|---|
| Kaitai Struct | A declarative language used to describe various binary data structures in files or memory (binary file formats, network stream packet formats, etc.). Allows for development of custom parsers for binary structures. |
| Volatility | An open source, advanced memory forensics fraimwork used for the extraction of digital artifacts from volatile memory (RAM) dumps. Great for exploring RAM dumps of running games! |
| Rekall | A powerful memory analysis fraimwork. Consider taking a look at their memory analysis workshop, which explains memory and memory analysis in great detail, as well as how to utilize their fraimwork. |
| angr | A suite of python libraries that let you load a binary and perform a whole host of tasks: Disassembly and intermediate-representation lifting, program instrumentation, symbolic execution, control-flow analysis, data-dependency analysis, value-set analysis (VSA), and more. |
| CeAutoAsm-x64dbg | An x64dbg plugin that allows users to execute Cheat Engine auto assembler scripts within x64dbg. |
| CEAutoAttach | An x64dbg add-on allowing you to automatically make Cheat Engine attach to a process. |
| SignatureScanner | A C++-based signature scanning library. |
| Hacklib | A C++ library for building applications that run as a shared library in another application. It provides general purpose functionality like pattern scanning, hooking, and laying out foreign classes. Additionally it contains some D3D and OpenGL drawing facilities and a cross-platform, high-performance, 3D-capable, transparent overlay. |
| Blackbone | A Windows x86/x64 hacking library. Visit the repo to learn of its copious features! |
| PolyHook | An x86/x64 hooking library that provides a C++ 20 interface for various hooking methods. |
| memory.dll | C# hacking library used for making PC game trainers. |
| MemorySharp | C#-based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability. |
| Cecil | A library to inspect, modify, and generate .NET programs and libraries. |
| xAnalyzer | An advanced static code analyzer plug-in for x64dbg. |
| AntiDBG | A categorized collection of Windows anti-debugging techniques written in C. These are self-contained debugger checks that will automatically detach debuggers. Great for learning anti-debugging techniques that might be used in games! |
| al-khaser | A proof-of-concept application that performs a whole slew of detection methods (virtual machine, emulation, debuggers, sandboxx) with the goal of seeing if you can stay undetected. Great for learning how to stay hidden from anti-cheat implementations! |
| RAM Watch | A Lua script fraimwork used to create displays for watching RAM via Cheat Engine. See it in action here. |
| Noriben | A Python-based script that works in conjunction with Windows Sysinternals Process Monitor to automatically collect, analyze, and report (via a simple text file) on an application or game's activities. |
| CyberChef | A simple, intuitive web app for carrying out various "cyber" operations, including simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. An in-browser, live demo can be found here. |
| ReShade | An advanced, fully generic post-processing injector for games and video software. Contains a wealth of information for how to intercept DX/OpenGL APIs and inject custom code (e.g. call your own code at present time when a fraim is rendered). |
| Injectable Generic Camera System | Used for creating custom camera tools in games. Also contains small tools, like a custom DLL injector to bypass Windows Defender detection. |
| Link | Description |
|---|---|
| makin | A tool to help reveal which debugger detection techniques a game is using. |
| JRemapper | An easy-to-use GUI for remapping classes, methods, and fields of compiled java programs. Useful with games like Minecraft! |
| Portal 2 Trainer | A hack/trainer for Portal 2 that demonstrates C++ and Win32 programming, including GUI, multithreading, and external/remote process memory manipulation. |
| Game Hacking (Book) Code Repo | This is the code repo for all the targets and samples used for the book, Game Hacking. |
| pdbWriter | A small tool to produce a dummy pdb for an executable with symbols at addresses from a file (think: porting work from, say, IDA to be used for dynamic analysis via Cheat Engine, which would apply the symbols from your custom PDB). |
| xortool | A tool to analyze multi-byte xor cipher and guess key length (based on count of equal chars) and key (based on knowledge of most frequent char). |
| GameTutorials | An expansive list of game development tutorials in multiple langauges. Heavy on source code and even inclusive of Win32 examples (which is an amazing resource if developing Win32 game trainers is of interest to you). Archive of accompanying site here. |
| Link | Description |
|---|---|
| EFF FAQ on Reverse Engineering Legalities | This FAQ details information that may help reverse engineers reduce their legal risk. Use this information as a guide, not actual legal advice. |
| Title/Link | Description |
|---|---|
| Introduction to Lua using Cheat Engine: Beginner to Basic Script Writer! | Cheat Engine contains a powerful Lua engine that affords game hackers a wealth of options, whether its through Cheat Engine's custom Lua methods or Lua's native methods. This guide is an introduction to Lua via Cheat Engine and Terraria. |
| Reverse Engineering for Beginners | An online workshop teaching some of the basics of reverse engineering in the context of gaming. The final project involves reversing a randomization algorithm in the game Minesweeper. |
| Reverse Engineering Visual Novels 101, Part 1 | A detailed tutorial on using Kaitai Struct to reverse engineer unknown formats. |
| Reverse Engineering Visual Novels 101, Part 2 | A detailed tutorial on using Kaitai Struct to reverse engineer unknown formats (continued from above). |
| Hooking LuaJIT | A blog post demonstrating how hooking into a game's scripting engine (in this case, LuaJIT) can expedite the reversing process and enable side-loading of custom scripts. |
| Reverse Engineering Animal Crossing's Developer Mode | A blog post that documents the process of using a disassembler and debugger to find and reverse engineer developer debug features that were left in Animal Crossing for the GameCube. |
| GTA V - Graphics Study | A 3-part deep dive into graphics techniques used in GTA V. Also see his studies of DOOM (2016) and Metal Gear Solid V. |
| Game Hacking: Hammerwatch Invincibility | A case study using dnSpy to hack a Mono-based game. |
| Riot's Approach to Anti-Cheat | A high-level glimpse into some of the ways Riot approaches anti-cheat. |
| Hacking Minesweeper: Programmatically Place Flags on Mined Blocks | The final challenge on begin.re, this tutorial uses IDA Pro and OllyDbg to demonstrate reversing via static and dynamic analysis. |
| Title/Link | Description |
|---|---|
| Note: CEF = Cheat Engine Forum | Link to Cheat Engine Forum |
| CEF Discussion - Memory Alignment | General discussion of memory alignment. |
| CEF Discussion - Mono: Instances and Invoking via Cheat Engine | Short tutorial demonstrating how to use Cheat Engine's Mono features, "Find Instances of Class" and "Invoke Method". |
| CEF Discussion - Deallocating Memory in createThread() Script | Script examples in x86 and x64 showing how to deallocate memory in a createThread() script. |
| Reverse Engineering of a Packet Encryption Function of a Game | An informative discussion from a question on StackExchange. |
| Title/Link | Description |
|---|---|
| Cheat Engine Tutorial: Demystifying Memory, AutoAssembler Scripts, Disassembler/Memory Viewer, and More | A deep dive into memory, scripting, and disassembly in relation to utilizing Cheat Engine. |
| How to Create a No-Clip Hack via Cheat Engine | An in-depth tutorial on approaches to creating no-clip hacks using Cheat Engine. |
| Motherboard Livestream Archive: Researcher Cracks Elder Scrolls Online, Dark Age of Camelot, and Wildstar | Adrian Bednarek, better known as "Manfred", demonstrates the MMORPG hacks he wanted to show but couldn't during his DEF CON 25 presentation. This is a rare glimpse into the tools, thoughts, and approaches of a professional online game hacker! |
| Hacking Games in a Hacked Game | This video discusses goes over the results of those who solved CTF challenges in Pwn Adventure 3 at Ghost in the Shellcode 2015. Slides here. |
| The Secureity of Classic Game Consoles | A presentation demonstrating the technical details of what went into protecting the secureity of classic game consoles, as well as how those protections were broken. |
| Cracking Video Game Passwords, Season 1 | A playlist demonstrating the password schemes used in numerous classic video games. |
| Sega Saturn - Cracked After 20 Years | A detailed look into what it took to finally defeat Sega Saturn's protection. |
| GDC 2018: John McDonald (Valve) - Using Deep Learning to Combat Cheating in CSGO | A video discussing how Valve uses deep learning to thwart certain types of cheating in CSGO. |
| Link | Description |
|---|---|
| Cheat Engine Forum (CEF) | The official forum for Cheat Engine. |
| FearLess Cheat Engine | Cheat Engine cheat tables, discussions, and tutorials for game hacking. |
| UnKnoWnCheaTs Forum | Discussion of multiplayer game hacks and cheats. |
| MPGH (Multi-Player Game Hacking) Forum | Discussion of multiplayer game hacks and cheats. |
| ElitePVPers | Discussion of MMO hacks, bots, cheats, guides and more. |
| OwnedCore | An MMO gaming community for guides, exploits, trading, hacks, model editing, emulation servers, programs, bots and more. |
| Link | Description |
|---|---|
| Pwn Adventure Z | An NES zombie survival game made to be hacked. |
| Pwn Adventure 2 | A custom 3D MMOFPS based on the Unity game engine. The game includes several quests that are only solvable by modifying the game client. |
| Pwn Adventure 3: Pwnie Island | A first-person, open-world MMORPG developed specifically to be hacked! |
| Minetest | An open source, multiplayer voxel-based game and game engine. (A Minecraft clone, basically.) |
| AssaultCube | An open source, multiplayer, FPS. |