Evidence on the effectiveness of Man-At-The-End (MATE) software protections, such as code obfuscation, has mainly come from limited empirical research. Recently, however, an automatable method was proposed to obtain statistical models of the required effort to attack (protected) software. The proposed method was sketched for a number of attack strategies but not instantiated, evaluated, or validated for those that require human interaction with the attacked software. In this paper, we present a full instantiation of the method to obtain statistical effort models for game resource localisation attacks, which represent a major step towards creating game cheats, a prime example of MATE attacks. We discuss in detail all relevant aspects of our instantiation and the results obtained for two game use cases. Our results confirm the feasibility of the proposed method and its utility for decision support for users of software protection tools. These results open up a new avenue for obtaining models of the impact of software protections on reverse engineering attacks, which will scale much better than empirical research involving human participants.

翻译：关于终端攻击者（MATE）软件保护措施（如代码混淆）有效性的证据主要来自有限的实证研究。然而，近期提出了一种可自动化方法，用于获取攻击（受保护）软件所需工作量的统计模型。所提方法已针对多种攻击策略进行了框架性描述，但尚未针对那些需要攻击者与受攻击软件进行交互的策略进行具体实例化、评估或验证。本文提出该方法的完整实例化方案，以获取游戏资源本地化攻击的统计工作量模型——此类攻击是创建游戏作弊工具的关键步骤，也是MATE攻击的典型代表。我们详细阐述了实例化的所有相关环节，以及两个游戏用例的实证结果。研究结果证实了所提方法的可行性及其对软件保护工具用户的决策支持价值。这些成果为建立软件保护对逆向工程攻击影响的量化模型开辟了新途径，其扩展性将远优于依赖人工参与的实证研究方法。