Cyrex conducted Grey Box penetration testing on Blankos Block Party, a popular title developed by Mythical. The objective of the testing was to assess the security validity across various sectors of the game, including gameplay and backend services. This case study outlines the services covered, the vulnerabilities discovered, and the positive collaboration between Cyrex and Mythical during the testing process.
Services Covered for Blankos Block Party
Our Grey Box penetration testing service encompassed a wide range of services within Blankos Block Party. The testing focused on the following areas:
- Matchmaking system: Our team assessed the security of the matchmaking system to ensure the integrity of player connections and fair gameplay experiences.
- World creation tools: The security of the tools used to create in-game worlds was evaluated to prevent unauthorized access or malicious manipulation of game environments.
- Player interactions: Cyrex analyzed the security measures in place to protect player interactions, such as chat systems, social features, and user-generated content sharing.
- Physics (player movement and attacking): The security of player movements and actions, including movement physics and combat mechanics, was examined to prevent cheating or exploits.
- Party and clan systems: The security of features related to party and clan systems, including group interactions and permissions, was reviewed to ensure data privacy and prevent unauthorized access.
- In-game transactions: our team assessed the security of the transactional systems, including virtual currency, item purchases, and any real-world financial transactions, to safeguard user data and prevent fraudulent activities.
- Mini-games: The security of mini-games within Blankos Block Party was evaluated to identify potential vulnerabilities that could impact gameplay fairness or compromise player data.
- Quests: Cyrex tested the security measures surrounding quest mechanics to ensure that progress and rewards were protected against manipulation or unauthorized access.
Results and Collaboration
During the penetration testing, Our security experts discovered a range of vulnerabilities across multiple services within Blankos Block Party. Many of these vulnerabilities were classified as high-level and critical by the developers. Following the test findings, the Mythical development team promptly addressed these vulnerabilities, implementing appropriate security measures and patches to enhance the overall security of the game.
Upon completion of the testing phase, Cyrex conducted a full set of sanity and regression tests to validate the effectiveness of the security improvements and ensure that no new vulnerabilities were introduced. The collaboration between the two teams was highly successful, resulting in the identification and remediation of critical vulnerabilities and establishing a positive working relationship. We were delighted to recieve the following testimony from the team:
“It was a pleasure working with the security team. They are extremely knowledgeable, capable, and very flexible; partnering with us and adjusting processes and communication to suit our needs. We are very much looking forward to an ongoing relationship between our teams.”