Date : 08 juin 2023 à 09:15 — 30 min.
Valve, the company behind the widespread videogame platform Steam, released in 2019 a feature called Remote Play Together. It allows sharing local multiplayer games with friends over the network through streaming.
The protocol associated with the Remote Play technology is elaborate enough to lead to stimulating attack scenarios, and its surface has scarcely been ventured in the past.
This presentation covers the reverse engineering of the protocol and its implementations within Steam (client and server). Then, it presents a dedicated fuzzer and a few bugs that have been discovered thanks to it, some of which were exploitable.