The latest weapon in the Cyrex team’s repertoire is another of our own making, a tool that will help automate and speed up our work. The Unreal Engine RPC Dumper is a tool developed by the Cyrex team, headed by our CTO, Tim De Wachter. When it comes to any product, for testing networking features and functionalities, it's necessary to find the RPCs or Remote Procedure Calls. It is a manual process of discovery but thanks to the RPC Dumper, it can be done quickly and instantly.
Gathering RPCs on Unreal EngineThere are many versions of Unreal Engine that are still in use, which meant a lot of groundwork for this tool to get off the ground. The RPC addresses, where to find them, changes between versions. This was a labour of love from the Cyrex team to ensure that future RPC discoveries could be far more efficient.
In simple terms, this tool is run alongside any Unreal Engine game and is injected into the memory of the game. Once the tool is finished, it delivers a complete text document to our team complete with every RPC, network function, and its arguments.
This list, of course, is always requested from the client. Or in the case of a white box penetration testing, we would be able to view these via the source code. We’re not always lucky to get the list however in some cases. And where we do, it’s just as handy to now have this tool deliver the entire list in one contained document. With one fell swoop we discover each RPC, their arguments, locations, and names. It’s a fantastic failsafe tool that ensures we miss absolutely nothing in your project. It also helps us with the scoping estimate as it quickly tells us how much is in need of testing and how long it may take based on each RPC.
A Deeper Dive into Cyrex’ Unreal Engine RPC DumperUnreal Engine games on PC are most typically windows programs, they run on your PC. They load into memory like any other program and reserve space in your RAM. This tool uses Windows APIs to look for the base memory address and, from there, we use base offsets to discover the location of the dynamic and static memory location.
As Unreal Engine is a set engine, its RPCs are always stored in the same place as any other game that uses the same version of Unreal Engine. We know where this G-Objects and G-Names are (G meaning global). Reading these two global elements is a core functionality of our tool. Where we would use it as a starting point, identifying functions declared within, and using it flags to discover which are RPCs. Once we’ve found the RPCs, the G-Names help us find the names of each RPC, we can then investigate what arguments pass through each function. Now, with our UE RPC Dumper, it is done quickly and easily for us.
The Replication IndexThe Replication or Rep Index is different in every game and is used to identify which RPC is sent over the network. Any packets sent will contain this index. The game, knowing which RPC the index is calling, will deliver. The connection between the Rep Index and RPC behind it is integral, it’s something that separates our understanding of the process from it just being a jumble of numbers.
Just as we said before, our tool makes it easier and more efficient. Once finished, the UE RPC Dumper will also dump out the complete Rep Index of every RPC. Turning this guessing game process into a painless and smooth process.
Why Should You Care?Anything that saves us time, saves you time and money. Our goal is a safer and more secure digital world. Tools like this give our team a helping hand in combating the far more numerous malicious actors online. We continue to develop tools like this to keep up with the ever-changing and accelerating digital arms race.
With this UE RPC Dumper, our team can discover and collate every single network operation in need of checking and penetration testing in a matter of minutes. Complete with their name, location, argument, and Rep Index, this means our team can focus more on testing your security instead of simply looking for what needs testing. Where we can increase efficiency, we can offer you better work in a shorter timeframe. More efficient work means more cost-effective testing for you!
Even without a white box penetration test, our team can now deploy a staggering degree of efficiency into discovering and testing every single network process your Unreal Engine game has.
If you’d like to ensure your game or application’s security, look into our gold standard penetration testing services for gaming, applications, and even Web3. We also offer one-of-a-kind load testing services, and much more. Check out our portfolio of previous works or get in touch to discover what we can do for your digital safety.