by Robert M
In addition to the above approach, they created a unique ID for each method that is called, and appended that to the end of the token that is at the beginning and end of each method. That way if the method call that is injected does not contain both the correct token and the correct ID assigned to that method, then it would be detected as malicious, and thus dealt with accordingly.
I had actually heard from random adventures throughout the internet that injections were one of the simplest and easiest tricks employed by people who are looking to do malicious things, but I had no idea they were that simple. Now I see why people were so angry over rumor that Sony’s big cyber security fiasco from last year caused by an injection.