Comment by gruez

Comment by gruez 8 days ago

0 replies

View on Hacker News

>I'm under the impression an executable binary shouldn't be easily read to find such credentials

It's hard but not impossible. It's more annoying than trying to extract strings out of a minified js file, but far from impossible. There are tools for it (eg. IDA), so you're not searching for credentials amongst anything that vaguely looks like a string.

>and I don't know what else a game dev is supposed to do if their executable needs to authenticate itself with a remote server.

The problem isn't that that the binary has hardcoded credentials, it's that the credentials are privileged.