RAID: Shadow Legends
Cyrex partnered with Plarium to deliver full-scale white box penetration testing for Raid: Shadow Legends, securing Unreal Engine gameplay systems and live services across mobile and PC platforms.
The Challenge
Securing a Cross-Platform Unreal Engine RPG at Scale
Raid: Shadow Legends is a free-to-play tactical RPG featuring over 400 champions, multi-faction progression systems, dungeon raids, and a live in-game economy. Available on mobile, Windows, and Mac, the title operates across multiple platforms with persistent live services.
For Plarium, security validation required deep inspection of:
- Gameplay logic and combat systems
- Reward and progression mechanics
- In-game shop and transaction flows
- Upgrade and building systems
- Chat functionality
- Character and artifact systems
- Daily bonus logic
- Backend live services
In live service RPGs with complex progression and economy systems, vulnerabilities can disrupt balance, enable exploits, or undermine player trust. Plarium engaged Cyrex to conduct comprehensive white box penetration testing with full source code access.
The Cyrex Solution
Full-Scale White Box Penetration Testing
Cyrex performed structured white box penetration testing across both gameplay and live services layers.
With access to internal implementations, our engineers conducted a deep review of trust boundaries, validation logic, and integration points within Unreal Engine and backend systems.
Gameplay & Progression Security Assessment
Our engagement included analysis of:
- Battle system mechanics
- Heroes and character logic
- Artifact systems
- Upgrade and building systems
- Reward distribution mechanisms
- Daily bonus functionality
We evaluated whether progression systems were properly validated server-side and resistant to manipulation.
Economy & Live Service Validation
Cyrex also assessed:
- In-game shop and purchase flows
- Chat systems
- Backend live services infrastructure
This ensured that economic and communication systems were secured against tampering, improper validation, or abuse vectors.
Vulnerability Identification & Remediation
Through detailed code-level analysis, Cyrex identified several vulnerabilities and weaker architectural points.
We delivered:
- Prioritized remediation recommendations
- Detailed documentation of potential exploit paths
- Best-practice guidance for long-term security resilience
This allowed Plarium to address findings before they could impact the player base.
The Outcome
Strengthened Gameplay Integrity & Service Security
- Identification and remediation of critical vulnerabilities
- Improved server-side validation of progression systems
- Strengthened protection of in-game economy mechanics
- Increased confidence in cross-platform stability
Client Feedback
Plarium
“Cyrex has proven to be a deeply specialised security firm that is incredibly experienced in the gaming industry. They worked on a wide range of different assets, ranging from multiplayer games to launchers and platforms, and consistently delivered excellent results exceeding industry standards. We’re looking forward to more fruitful collaborations.”
Don't Let Players Find the Weakness
Your launch is months away. Hackers will find exploits in hours. Let our engineers secure your game before it's too late.
Response time: <24 hours • NDA included • No commitment required