• ImplyingImplications@lemmy.ca
    link
    fedilink
    arrow-up
    64
    ·
    10 months ago

    Amazing video! I like how it explores the history of cheating and how anti-cheat software hasn’t gotten rid of cheaters, but only made them less obvious.

    Wall hacking is obvious to other players, but a program that pulls the trigger when crosshairs are over an enemy isn’t. That leads to people thinking that cheating doesn’t exist because nobody is flying around the map only getting headshots. People are willing to install this rootkit to their machine because their lobbies don’t have cheaters. But they still do. It’s that their lobbies don’t have obvious cheaters.

    Also an interesting point that Riot has done little to deal with smurfs in their games. Now players are more likely to think they got matched with a smurf rather than a cheater.

    • ampersandrew@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      10 months ago

      From my experience with fighting games, people are also prone to mislabeling others as smurfs when they just know one or two more things about the game that give them an edge. I’ve observed replays in Street Fighter 6 that people claimed were smurfs, but they were absolutely playing at the level their rank said they were.

      • pinkdrunkenelephants@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        3
        ·
        10 months ago

        The only way to stop it is to stop letting people play with strangers and to go back to local LAN sessions, or for games to be private only with temporary invite codes that have to be shared manually, with a maximum number of users allowed.

        Online anonymity really has ultimately harmed us as a species and conferred little if any benefit.

        • ampersandrew@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          10 months ago

          There are plenty of ways to curb cheating. It still happens in fighting games too, but the way the genre works makes it far less prevalent. FPS games these days are largely designed around things that are hard for humans but easy for computers to do while looking like humans. Just spitballing, but if aiming was less of a concern, like it might be in the likes of old James Bond games or Metroid Prime, there are other ways to build competitive strategy around an FPS besides how well you can get your tiny crosshair to line up over a tiny target. Otherwise though, I’m with you on it being inevitable. There’s no way to truly stop it.

          • shastaxc@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            10 months ago

            I’m a fan of projectile-based objective-based shooters like Tribes. It’s a shame they are not more popular. Just the nature of the game design makes aimbots nearly useless.

  • dan1101@lemm.ee
    link
    fedilink
    arrow-up
    58
    arrow-down
    6
    ·
    10 months ago

    It’s frustrating how much trouble people will go to to cheat in a game that’s supposed to be fun.

    • Perfide@reddthat.com
      link
      fedilink
      arrow-up
      41
      arrow-down
      3
      ·
      10 months ago

      Most of the fun for the people breaking anti-cheat is the actual breaking of anti-cheat, not the cheating itself. It’s the script kiddies who use the already completed work with little to no effort involved who are doing most of the actual cheating.

      • trashgirlfriend@lemmy.world
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        edit-2
        10 months ago

        Most of the fun for cheat devs (that sell cheats) is the thousands they get off of children and neckbeards paying stupid amounts for their cheats.

        • littleblue✨@lemmy.world
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          10 months ago

          Ironically enough, those that sell cheats are more often cheating the cheat devs that wrote the script in the first place, not being able to do so on their own.

      • dan1101@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        Yeah I could see the appeal of breaking the anti-cheat code. But the actual cheaters find the cheats, often pay for them, install what could easily be malware, and take the risk of getting banned for using them. I don’t get the appeal.

    • 30p87@feddit.de
      link
      fedilink
      arrow-up
      13
      ·
      10 months ago

      It’s much more frustrating to see “anti cheat” and game developers forcing us to install a bad OS and a rootkit, for the benefit of fewer 10 year olds cheating. How about you develop server side anti cheat, instead of slowing down games by 25%?

      • filcuk@lemmy.zip
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        10 months ago

        Cheats are too sophisticated for that. Server doesn’t have enough data. It’s getting to the point where even the client might not, by using a 2nd device with image recognition for example.

      • Cethin@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        10 months ago

        Server side AC is there to stop people doing actions that are impossible, not to stop possible actions from being automated. Server AC can stop people from moving too quickly, for example. The server knows your position, velocity, and the amount that velocity can change in a tick. It can prevent anything from going above this. It can’t tell if you clicked on someone’s head really quickly, or accessed memory you shouldn’t be allowed to access.

        • vintageballs@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          Which, as this video shows, client side AC can’t either. So there is absolutely 0 benefit to these invasive solutions, effectively making Server side AC the only sensible solution to game developers who are actually interested in safety (instead of syphoning of user data)

          • Cethin@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            Pretty much every game has server side AC. They aren’t mutually exclusive. I’m certain Valorant is varifying data on the server and not accepting any packets a user sends without question.

  • narc0tic_bird@lemm.ee
    link
    fedilink
    arrow-up
    24
    ·
    10 months ago

    Client-side anti-cheat doesn’t make any sense. The player will always control the client if they really want to (and they have every right to do so).

    AI-supported server-side cheat detection should be where it’s at. I doubt it’ll be much worse than the half-baked “solutions” we currently have.

    Running essentially part of a game in ring 0 is completely unacceptable. Vanguard even runs when the game does not. It’s just cocky the publishers pretend like their anti-cheat is secure. Someone finding an exploit in the anti-cheat can use it to own systems running it.

    • chiliedogg@lemmy.world
      link
      fedilink
      arrow-up
      16
      arrow-down
      4
      ·
      10 months ago

      If a CCP-comtrolled company wants kernel-level access, the game should be banned. Full stop.

    • mindbleach@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      10 months ago

      The real solution is designing around the problem. Pretend everyone has an aimbot and make aim matter less.

      Players want to pull the trigger the moment their crosshairs touch the enemy? The game could just… do that. It’s only an instant-win button if, for some reason, bullets are perfectly accurate when you just whipped your mouse around to land on a guy.

      These games already add inaccuracy for movement. Why not for mouse movement? If you’re holding an angle and someone walks into it, yeah, you should definitely hit them; you correctly predicted what they’d do. If you’re smoothly tracking to align with someone, you should have great odds. If you did a 360 no-scope, get real. Why would that be any more accurate than leaping around wildly and hip-firing a submachinegun? A rifle bullet will be more accurate out the barrel, but you’ve expressed no precise control over where the barrel is pointed.

      • narc0tic_bird@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        10 months ago

        But if you’d just add everything to the game that a cheat would do, then you’d have no game left. Aimbot, wallhack etc. for everyone? What’s left of the game then?

        • mindbleach@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          Positioning, prediction, economy, teamwork, movement? Basically - ask any hardcore FPS player what they do besides click on heads. (And then watch them twist in pretzels to insist that clicking on heads is the heart and soul of the game and there’d be nothing left if that was changed in any way.)

          Wallhacks can stay forbidden. They’re detectable through gameplay. Especially when the server can straight-up lie to players about enemies just around a corner or off in the distance. Dummies can even be sent to the renderer, if they’re all masked by cheap occlusion queries. The client does not need to know until a player is nearly onscreen.

  • Fizz@lemmy.nz
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    10 months ago

    I watched this video yesterday. Holy fuck it was so good for someone who only had 3k subscribers.

    I actually believed that kernal level anti cheats stopped all cheating. I had never considered the lengths people would go to.

    • rdri@lemmy.world
      link
      fedilink
      arrow-up
      19
      ·
      edit-2
      10 months ago

      I actually believed that kernal level anti cheats stopped all cheating.

      This is what allows AC devs to continue working on their useless code that only makes a mess out of everyone’s PCs and getting money with it. Same with DRM devs.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      ·
      10 months ago

      All software has bugs, so you’ll never have a 100% effective anti-cheat. It’s going to be an arms race between cheaters and game devs, and the cheaters will always find a way.

      All kernel-level anti-cheat does is introduce security vulnerabilities to your system and delay the inevitable.

      There will also always be external methods to cheating, like screen recording based.

      • Crashumbc@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        10 months ago

        MSI is releasing a monitor, with cheating built in… Granted it only “highlights” things but still.

  • RubberElectrons@lemmy.world
    link
    fedilink
    arrow-up
    22
    arrow-down
    2
    ·
    10 months ago

    Fascinating. I work with FPGAs and previously with openCV on a Pi-based platform. The DMA hacks are a technical tour de force.

  • sulunia@lemmy.eco.br
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    10 months ago

    So, what’s next? Mouse and keyboard DRM? Also, not sure how’d cheaters would cheat in lan games nowadays. Great video btw

  • Elise@beehaw.org
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    10 months ago

    I’ve always wondered why not just ban their key from the platform entirely? Or is it free to play?

    • body_by_make@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      15
      ·
      10 months ago

      The anti-cheats are there to detect the cheats, not necessarily stop them (though they usually do that too, at least the basic ones). When they’re detected, they can ban accounts or whatever. They usually do this in waves to prevent cheat developers from knowing exactly when their cheats were detected and what triggered the anti-cheat.

    • Jako301@feddit.de
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      10 months ago

      Most games suffering from cheaters are at least partially free. LOL, Valorant, COD, CSGO, Fortnite, Overwatch, Various MMOs.

      Getting a new bot-leveled account for any of these games costs somewhere from 0.30€ to 5€. Ban one account and they just use the next one for pretty much free.

      Most of these games do account ban waves every few weeks to months, but if its this easy to create new accounts that’s useless. IP bans aren’t possible anymore since public IPs are dynamic and change every few days to weeks. Hardware bans, while technically possible, can still be circumvented easily by spoofing your mac-address and serial numbers.

      The only way to minimise cheating would be linking your Social security number (or the equivalent for your Country) with your account, which leads to a lot of privacy issues. And even that isn’t foolproof. LoL in Korea already uses this system and still has issues with a lot of trolls, scripters and wintraders.

    • lorty@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago

      Because having a low barrier of entry and smurfing is part of the business strategies of these sort of games.

    • Empricorn@feddit.nl
      link
      fedilink
      English
      arrow-up
      58
      arrow-down
      1
      ·
      10 months ago

      You don’t mind giving up your privacy and system security to a company for a single game?

        • sheogorath@lemmy.world
          link
          fedilink
          arrow-up
          54
          arrow-down
          2
          ·
          10 months ago

          It’s a rootkit. When it runs it basically has complete access to your system. You’re at the mercy of the guys at Riot and pray that no one breaches their system.

          IIRC Genshin Impact uses a similar system and a breach has already happened.

          • Lmaydev@programming.dev
            link
            fedilink
            arrow-up
            2
            arrow-down
            21
            ·
            edit-2
            10 months ago

            It’s a driver.

            Here the attacker installed the driver after gaining remote access.

            So it’s not actually anything to do with having the game installed.

            But it’s still a massive problem.

            • HuntressHimbo@lemm.ee
              link
              fedilink
              arrow-up
              30
              ·
              edit-2
              10 months ago

              You’re missing the point of what he is saying. The anti-cheat itself runs in a level with extreme access to anything on your computer. The anti-cheat is like almost all software almost certainly exploitable. You are trusting that no one will ever crack Vanguard in a way that exposes your user data, and that Riot will never change it to collect more than you think they are.

              • naeap@sopuli.xyz
                link
                fedilink
                arrow-up
                10
                arrow-down
                1
                ·
                10 months ago

                Not even about user data, this is just the side dish. You have complete control over the system and spy on, and probably even can do, whatever

                • HuntressHimbo@lemm.ee
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  10 months ago

                  You’re 100% right. Not only can they steal data, but they could use kernel level access to make your hardware misbehave, perhaps even to the point of damage. They could probably trash a hard disk or GPU for instance. It also gives them a locally controlled device on whatever network you’re on. From there they can weaponise their new access to attack other devices on the network, or cause the network itself to fail.

                  It just goes to show how dangerous this is, that even a programmer and security enthusiast like myself forgets to mention a huge chunk of the possible damages.

        • Empricorn@feddit.nl
          link
          fedilink
          English
          arrow-up
          27
          arrow-down
          2
          ·
          edit-2
          10 months ago

          It’s kernel-level control of your system, basically rootkit malware that you choose to infect your computer with. Keep in mind, it’s always running, whether you’re playing a game or not! By definition, it literally has more control of your system than you do signed in with your own private password. Ask yourself this: if the anti-cheat was compromised, sold, re-prioritized, bypassed by hackers or foreign interests, etc… How would you even know?

          I understand that all this sounds paranoid, but remember that you chose to give it system-wide access! I likely hate online cheaters at least as much as you, but the potential security/privacy implications are far too great, not to mention the performance hit every single game with kernel-level anti-cheat suffers…

          • SuperDuper@lemmy.world
            link
            fedilink
            arrow-up
            3
            arrow-down
            10
            ·
            10 months ago

            Keep in mind, it’s always running, whether you’re playing a game or not!

            Not necessarily. You can close the software. You’ll need to restart your computer before launching Valorant, but it absolutely does not need to be running while you aren’t playing.

          • Serinus@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            16
            ·
            10 months ago

            This isn’t really different from most software on your system. I can exfiltrate plenty of your data on Windows without root. And are you reviewing the source code of every application you run?

            It’s a problem when Riot does it, but not Nvidia?

        • Empricorn@feddit.nl
          link
          fedilink
          English
          arrow-up
          45
          arrow-down
          1
          ·
          edit-2
          10 months ago

          I’m not making an accusation, it’s kernel-level access. If I know where you live, have keys to your house, know your security code, can change anything in your home without you knowing, that’s a problem.

          Why are you so dead-set on defending a company’s bad practices just because you like their game?

            • RubberElectrons@lemmy.world
              link
              fedilink
              arrow-up
              29
              arrow-down
              1
              ·
              10 months ago

              Yup, so you don’t care. Lmao you literally gave away the key to your house for an uninteresting video game. Pitiful.

                • RubberElectrons@lemmy.world
                  link
                  fedilink
                  arrow-up
                  25
                  arrow-down
                  1
                  ·
                  10 months ago

                  Some of us wouldn’t proudly admit to doing nothing with their time, but here we are.

                  I’ve got important stuff on my personal machine, and it’s the principal of the thing, besides. Good luck to you, I suppose.

                • ReakDuck@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  10 months ago

                  I hope they use your PC as a botnet and steal your bank account some day when China has enough of us.

                • Lars :tux: :AFD:@social.tchncs.de
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  10 months ago

                  @kadu @RubberElectrons It seems you don’t understand how independent opinions in a democracy are made. It’s about privacy and the right for it. No company has the right to snuff in my life and collect private data. Everyone has secrets.

                • unfa🇺🇦@mastodon.social
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  10 months ago

                  @kadu @RubberElectrons It doesn’t have to be the company itself.
                  Imagine the unimaginable scenario where a group of hackers gains access to the company’s network and servers and plants a malicious patch to be sent in the next update.
                  I wouldn’t be afraid of the company exploiting this. I would be afraid that a bug or hacker can do whatever with my computer because I gave this software root access, and it gets remotely updated, has network access and can become an amazing tool in the wrong hands.

            • rdri@lemmy.world
              link
              fedilink
              arrow-up
              11
              ·
              10 months ago

              I’m dead set on playing online games without cheaters.

              Then you should’ve stopped playing when you encountered the first cheater. The one that you knew was a cheater, at least.

              Things like this create false sense of safety where you assume the game has less cheaters but in reality you can hardly tell.

            • ReakDuck@lemmy.ml
              link
              fedilink
              arrow-up
              4
              ·
              10 months ago

              Xbox should be plug an play. Everythig is open and viewable so you can see the malware if there is any.

              Otherwise show me the driver to prove me wrong.

    • naught@sh.itjust.works
      link
      fedilink
      arrow-up
      26
      arrow-down
      1
      ·
      10 months ago

      Not only can it be bypassed, but anti cheat with kernel level access can be used to distribute malware or spyware if it is compromised. Whether your personal anecdotes reflect the actual statistics or not, these anti cheats are dangerous and are not impenetrable.

        • Fizz@lemmy.nz
          link
          fedilink
          arrow-up
          18
          arrow-down
          1
          ·
          10 months ago

          There was a security vulnerabilitiy in the genshin impact anti cheat awhile ago.

          • Lmaydev@programming.dev
            link
            fedilink
            arrow-up
            2
            arrow-down
            12
            ·
            edit-2
            10 months ago

            That’s exactly the sort of source I was asking for

            Edit: the driver file was used after gaining access to the pc. So quite an involved attack but still really bad.

            Edit 2: so actually it’s nothing to do with having it installed. As the attacker installed it.

            • Fizz@lemmy.nz
              link
              fedilink
              arrow-up
              6
              ·
              10 months ago

              Yes it requires access to the pc but it’s still a huge vulnerability. Many things can gain access to your pc but lack the permissions to do any damage. In this case simply having genshin impact installed put you at significantly more risk.

              To your 2nd edit yes it is to do with it being installed. The user or the attack installing the anticheat is still the anticheat being used to exploit.

        • Empricorn@feddit.nl
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          4
          ·
          10 months ago

          As mentioned, cheaters can already bypass it, so what’s the point? As for security, by definition it infects your whole system and has access to everything. That’s what kernel-level is.

            • Chewy
              link
              fedilink
              arrow-up
              5
              arrow-down
              1
              ·
              10 months ago

              Actually, a driver can be an infection, just like any other program can be malicious. But I do agree that from a system access standpoint, running the Vanguard kernel driver is not much different than using kernel-level EAC/BattleEye. Except the annoying starting at boot part.

              A program without elevated privileges already has access to almost all important things on your computer anyway. Luckily flatpak supports sandboxing which protects from exploits in online games.

            • Russ@bitforged.space
              link
              fedilink
              English
              arrow-up
              10
              arrow-down
              2
              ·
              10 months ago

              Seems like a bad faith argument, seat belts are so that your skull (hopefully) doesn’t detach and fly through the window if you get into an accident - a life and death safety measure. It’s way more dramatic to make a fuss about that. However, in both cases you can choose to just not drive (or play the game) which people are choosing to do.

              Then again, none of your comments here seem like they’re in good faith, so I guess I shouldn’t be surprised.

              • ampersandrew@kbin.social
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                10 months ago

                Cars are actually a great analogy here but probably not in the way that user intended. The way we use them and the scale at which we use them are inherently unsafe, but seat belts and air bags are an illusion sold to make us believe that we solved the problem as best we can, even though we didn’t.

                • demonsword@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  10 months ago

                  seat belts and air bags are an illusion sold to make us believe that we solved the problem as best we can, even though we didn’t

                  As someone who has been in a few accidents (both as driver and as passenger), seatbelts saves lives. I wouldn’t be here typing this if they didn’t.

            • HuntressHimbo@lemm.ee
              link
              fedilink
              arrow-up
              6
              ·
              10 months ago

              More like my aunt pointed a loaded gun at the back of her seatrest and it went off when she hit the brakes too hard

        • snugglesthefalse@sh.itjust.works
          link
          fedilink
          arrow-up
          8
          ·
          10 months ago

          Honestly a few cheaters in a game is way less of a problem than letting a company, especially one owned by tencent, have root access to my pc. Anyway in my experience with league the cheaters are either mostly nonexistent or subtle enough that it doesn’t impact the games. Also nobody in here’s going to have a rank that’s actually important and I don’t see why they can’t have the fun anticheat in tournaments and ranked but leave it out of the other things.

        • Senal@programming.dev
          link
          fedilink
          English
          arrow-up
          7
          ·
          10 months ago

          Isn’t the whole point of this article to point out that no, in fact, you won’t ?

          Less volume perhaps, certainly less obvious, but not “without”.

    • ZeroHora@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      10 months ago

      Man if the only way to break the condom was with the expensive DMA cheat and shit like that I could agree with your logic but a $10 arduino and 2min google search is enough.

    • Cornelius@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      3
      ·
      10 months ago

      My sweet summer child, I will see you in 5 years when Valorant cheating is as bad as CS:GO cheating at its peak.

      Kernel AC circumventation will only improve, as there’s many cheaters putting money in this technology. In 5 years this stuff will be commonplace and mean that these solutions will be ineffective.