Mercury
Test Assistant for SuperCell
Tencent QA engineers prepare a professional security solution based on the game features, and ensure game security from all aspects, including protocol validation, functional variable modification, and variable memory address modification, speed changing, DDOS, and server crash scanning, to prevent players from obtaining illegal profits from game bugs and affecting the game balance. For details, see Figure 3-1 and Figure 3-2.
Process descriptions:
Protocol Test: The Tencent-developed tool hooks the send-package function of the game and parses and reconstructs general protocol formats. Testers can modify the protocol field, call the send-package function, cipher the protocol and send the ciphered protocol to the game server, and verify that the server can validate the protocol, thereby preventing vulnerabilities that generate illegal profits. For details, see Figure 3-3.
Function Modification Test: During the operating of the game, the Tencent-developed tool collects functions and dynamically hooks the functions. Testers can modify parameters and returned values of the functions, and check the existence of vulnerabilities that generate illegal profits and boundary errors that cause crashes. For details, see Figure 3-4.
Cheat Engine: Cheat Engine: Testers analyze high-risk data (character acceleration/overpowering, in-game item cheat, and ranking cheat) based on game features, collect related data materials (by viewing communications protocol data and performing reverse code engineering check, etc.), search the memory for the data, and modify the memory address, and check whether vulnerabilities that generate illegal profits exist.
DDOS: Testers scan the game server to find vulnerabilities that cause server crashes or breakdown, to ensure that the game can operate stably after release.
The ultimate goal is to ensure the security, stability and balance of the game, prevent vulnerabilities that generate illegal profits, and reduce risks of server crashes.