I worked in wearable electronics back in 2013. At the time, everyone was trying to crack wristworn heart rate monitors. It’s a challenging problem to solve: having to detect a faint color change in human skin while ignoring the massive shifts in ambient light from sunlight to shade all while bouncing around on a wrist.
Different vendors had different solutions and couldn’t even agree on what color LED was best for illuminating the skin.
Anyway, when the next generation of Nike Fuelband came out and didn’t include heart rate monitoring, I’ll never forget one of the comments I saw on a review.
“Come on Nike, it’s not hard to add a heart rate monitor. Just use pulse tracking.”
Same with any game, “how hard is it to detect cheaters‽”. Turns out, very.
Being an engineer, you’ll know that the amount of shit that has to go right to get a single pixel to glow is pretty crazy, some when armchair dickheads that have never written so much as a Hello World say shit like “it’s not that hard!”, it just…
…listen, I’m not a violent man…
The cheater thing just makes me think of Rocket League. Every action you can take is handled server side and the game is so unique, so you literally can’t cheat in ways that would matter. You technically could have wallhacks; but there are no walls. You technically could have aimbots; but there’s no point to it.
I’ve never understood why any cheat detection can’t just be “this is the code we wrote, this is the code that all players must be running, and if any of it deviates from this, they’re cheating.” Is it just super hard to do? Is there a need for differences in the code to exist that could be used for something benign as well as cheating? But I also don’t necessarily know how the cheats work. Afaik, they are changing how the game runs as it’s running, which should be very noticable right? I mean obviously if it was that easy, someone would have done it so what’s really going on?
I can’t answer for Psionix, because… I don’t work for Psionix. But having worked on other projects, I can tell you that a fully-authoritative server (that’s the word you’re looking for, btw) is not the end-all-be-all of anticheat. Every game has different levels of mechanical complexity, logical complexity, and a myriad of other variables that factor into what type of architecture is used in online games, and that a fully-authoritative server not only isn’t feasible for all projects, but also isn’t a silver bullet against cheaters.
Now I’m curious what would still be possible to cheat in such an environment. Unless you are merely suggesting that the server itself could be hacked; I do understand that would end up being the target in this case.
So forgive me for not knowing the term, but there’s a type of attack that waits to send commands until after packets have been received whose data provides an advantage. For instance, a bot could simply wait until it receives the position of your opponent, calculate how far to turn the player to aim, then tell the server “I’ve moved the mouse in this vector”
A bit like playing rock-paper-scissors, but waiting until you opponent shows what they’ve chosen before making your own decision.
What’s going to tell if the client has been modified? The client, which has been modified…?
The server. Like how some games handle the hit detection client side (counter-strike) and others do it server side (battlefield). If everything was handled server side, the server should be able to detect modified clients and not permit them to even connect. This is basically how Blue Sentinel for Dark Souls 3 works. It’s a 3rd party anti-cheat that can detect modified clients and block them from connecting to you or vice versa if the client data doesn’t match up. This way you can only connect to vanilla clients if you’re playing vanilla or only to clients also running the mod you’re running.
And who tells the server that the client hasn’t been modified…?
But then you started to being in external solutions, which of course themselves could be modified, and you’re starting to answer your own question about why it’s pretty hard.
And who tells the server that the client hasn’t been modified
The server itself checks against what is allowed and what isn’t. It knows what the clients should be doing, and if they do something else it’s flagged. External hacks still, afaik, hook into the client and change the code as it is executed but still before it’s sent to the server, so you could still be checking against what the client is actually doing.
The external solution I mentioned in Blue Sentinel only exists because such a thing was not built into the game itself by FromSoftware, but there is no reason why it couldn’t be.
You’re not a developer, I take it.
Ironically, this is the kind of thing that sebinspace was complaining about, even if you’re saying more than just “it’s not hard!”
But the server only knows what the clients tell it. It’s not psychic or magic. And if the client is compromised, there’s all kinds of things you can do. One of the main goals is often just making exploits/cheats as difficult as possible.
On the client-side, some of the anticheat solutions are designed to help prevent the client being modified, or be able to detect if memory of running client has been modified, etc.
Some are to do some kind of regular cryptographic hash of what’s in memory and send that home in a way that is difficult to hack. But that’s difficult too because all the info needed to generate and send this home are running client-side. Its one reason that having TPM chips and things are potential security benefit.
But the point is that this is NOT simple.
…listen, I’m not a violent man…
“Aaaand…?”
“No that’s it. I’m not a violent man.”
Im not a violent man.
but?
……
One of my college courses we hand wrote a scan line renderer and it took like a month before we could get a single blank triangle to show up isometrically. I knew it was going to be difficult but that was especially eye opening for me at the time
I hate that i’m guilty of that. I don’t know anything about that stuff, i’m just here for the jokes. I know it’s not easy, but my first reaction is always: “aaaaw c’mon, just make it so it doesn’t do the thing it’s not supposed to do.”
But for real, i have a question. Why is it that every game even the newest most polished game in 2024 can’t get rid of clipping? Like in a character creator, slightly bigger top? Hair goes now through it. I remember playing overwatch for the first time and the game looked stellar and the characters interacted with way more things that i woul’ve imagined, but then you look closely and roadhogs anchor still clipps through his belt. Like what would happen if you drew a hard line saying: your clothes don’t go through anything anymore. Would the game just freak out? Would it just eat up processing power like crazy? Or is it just one of these not really a real problem so why looking for a solution kinda things?
if(goingtohitstuff) {
brake;
}I’m so so sorry. I put in
if(isGoingToHitStuff) { Break; }
and now thousands of people are dead.
Fun fact, that’s literally what the code does in Teslas. They shut off self driving if they sense an imminent impact in an attempt to shift legal culpability onto the driver.
Senior dev material right here.
Elon:
*leans over shoulder of Tesla engineer, presses Ctrl+N in a code editor and writes this code into the new file*
There you have it. I just wrote the most safety-critical piece of code for Full Self Driving. Now just put it in the right spot in the codebase and sort out the dependencies while I go collect my well-deserved bonus. Don’t bother me with the low-level stuff like computer vision but if you find some new trolley problems the car might need to solve, you know where to find me. And don’t you dare touch this code. It’s perfect, first try. If all of you write code like I do, y’all be drivin’ home in robotaxis by December. I swear, it’s not that hard!Yeah, and nowhere in my code it uses that damn expensive radar. I think we can just do cameras. If I can safely drive by sight only, so can that thing. See, unengineering! Saves so much cost! I think I can have another billion in bonuses just for this.
But then you have to program it to get where you want
car.drive_to(“Destination”)
Done.
We might just get a working car out of this
The car now refuses to shift out of Park.
Not driving into things by itself is very easy. The hard bit is getting places without driving into things.
Considering that humans pretty much learn this stuff all by themselves before the age of five… why do they want self-driving cars again?
Oh right… they will waste billions to blame the users of their insanely dangerous and lethal (but extremely profitable) privatized transport model.
The only three laws safe varient then is not to start. Checkmate OpenAI
