What permissions does this require? A kernel module? Something that watches all processes all the time? Messes with input settings or breaks assistive devices?
On windows, a lot of the actions that "anti-cheat" software takes is indistinguishable from a rootkit.
Thank you. This makes me very uneasy. Apart from the obvious, it also potentially makes linux a bigger target by increasing exploitable surface a hacker can hold on to. And I am saying this as a happy proton user.
With all my heart, I'm rooting for the authors of this approach. Anti-cheat and DRM hide behind the defense of practicality and cost efficiency, but these products are absolutely evil. As personal computers are becoming more and more an extension of our bodies and minds, it is essential that they act in our interests and nobody else's. Imagine a prosthetic leg that phoned the insurance company if it detected illegal drugs in your blood. That's how I feel about these rootkit anti-cheats.
So please, let the cheaters turn to human-interface cheating methods. Force companies to deal with these problems in the proper way, like any other security problem: Don't trust the client at all. Infecting the client with your own agents is not an option. Can't make it work? Then use a different business model. Have your users put time and money into the game, and require more time and money the higher up the ranked ladder they climb. If they're buying as many in-game cosmetics as the average user, and playing for as much time as the average user must to reach a given level, then they never notice. If not, don't let them climb the ladder until they do. If they get reported by other players as cheaters, and manual validation confirms it, then they lose their investment. With that approach, you could have the most obviously hacked account in the world and it wouldn't be able to impact anybody for long without covering the costs of its own detection and banning.
> Imagine a prosthetic leg that phoned the insurance company if it detected illegal drugs in your blood.
Pure hogwash! There's no way a major company would decide to throw their users under the bus like this and subvert their best interests and there definitely haven't been recent events about one of the largest companies in the world doing exactly this thing! /s
Not a game dev but I don't think that's really feasible in a world where network latency is a thing, and it's necessary to send game state to a client that may not currently be visible on screen, unless you'd like us to move to a Stadia-like model of game streaming and dumb terminals.
You don't need game state. Good cheaters don't need to look behind walls, and it's obvious when they do so. You can theoretically build your own bot simply from visual recognition that plays pretty well.
And if a cheater makes it non obvious by being a bit worse sometimes, and has become indistinguishable from a regular or just really good player, then... Mission Accomplished? At that point, it's no worse for the other players than playing with someone who is organically good, unless the sanctity of some matchmaking algorithm is more important to them than the gameplay.
Which is fine too, but the solutions for that problem may ultimately need to extend our be situated beyond the game software itself.
I wonder if you could train an ai using screen grab and the mouse/keyboard input of players as a training set. so that it would look like a natural player rather than a aimbot
This will eventually lead to online multiplayer games to only be playable of a game console of sorts for ranked matches, where you are not the root user is implicit from the start.
Were they banned at a live tournament or an online only one? Article isn't clear. Also getting caught got them banned from the sport, much like sports doping today. It makes it a high risk action.
Epics anti cheat doesn't even work. flocks of kids get actual aim bots that epic can't deal with. CSGO anti cheat is yet to be matched in quality because it relies on players and statistics. It turns out that you can't control client software and hardware. Good competitive cheaters use hardware aim assist. Any software you make will be modified. The only way to stop cheaters is math, and people.
> The only way to stop cheaters is math, and people.
People are plenty enough. Let them run their own servers with robust moderation tools and custom software and then the community can deal with cheaters effectively. And false positives can simply find another server, since availability in a popular game will be higher than developer provided servers.
Over a decade of locking online gameplay even further behind developer and publisher control has been one of the greatest boons for cheaters.
In competitive Fortnite it seems like Epic is quick to permaban cheaters. Personally, in the last year of playing, I'm not sure I've run into more than a couple obvious aimbotters.
Aimbots are a form of obvious cheat. If anti cheat worked, they wouldn't be possible. The movement of the player input and accuracy is mathematically obvious. The problem is anti cheats aren't designed to prevent cheating, they're designed to sell a product that non programmers want to buy. Same as DRM. Somewhere down the list is actually having the anti cheat work, it's not the main goal.
Or worse machine-learning-to-bounding-box that takes the video stream through HDMI, identifies character heads, intercepts the USB HID mouse, and injects movement commands to move the center of the screen towards the nearest "head". Literally (not nearly) impossible to detect, there is no difference between this and just aiming by hand. The video is already out of the box, and the USB HID packets look the same as the real mouse's commands.
I spent about two months creating training data for this and it now runs smoothly on a sister PC with a capture card. I gave up because I got bored (and perhaps felt guilty about cheating) but I wholeheartedly believe I could have played top 500 region online matches and gotten away with it, as investigations usually trigger manual DMA checks by ESEA/Faceit mods, and a manual ("automated") ban in that case. But there is no DMA in my setup. The only way to get banned would be to play stupidly and obviously cheat, and to be honest that's a plus of my setup: the neural network is not perfect, so the aimbot can't be perfect. Like a built-in humanizer.
>I wholeheartedly believe I could have played top 500 region online matches and gotten away with it
Unless you were already near the top, climbing rapidly up rankings (in a 3rd party ladder) is going to be very suspicious. Draw enough attention and I think it's not unlikely someone would find evidence (not evidence of how your system works, but video proof that shows cheating).
And if the humanization is so good that it can literally never be detected... then better players with more knowledge and game sense will consistently still win. You'd need to be a good player in the first place - which is actually where the danger lies. A pro player with an undetectable cheat they can toggle on momentarily, even just once a series at a crucial moment, could make all the difference.
I've given up relying on technical anti-cheat solutions for online games. If it is apparent someone is cheating by watching them play then that's enough for me (and I've seen some _very_ subtle cheaters get banned from leagues for the most minor of slip-ups.) The only way to be totally sure are if the game is played on a LAN and the equipment is sufficiently controlled.
>climbing rapidly up rankings (in a 3rd party ladder) is going to be very suspicious
Hard agree here. There's always been people accusing semipros of cheating (see r/VacSucks for more) though, so unless it was pretty concrete, it wouldn't mean anything.
>And if the humanization is so good that it can literally never be detected
It's not that the humanization is good, it's that the cheat is poorly designed enough to be only as good as a really good consistent human. Though you're right that it's not going to be the holy grail.
>The only way to be totally sure are if the game is played on a LAN and the equipment is sufficiently controlled.
Hard agree as well. I've been hoping for online majors to be called off, but alas.
Once you start requiring external hardware setups like that, I think the barrier to entry for cheaters becomes high enough that they become far less prevalent.
The goal of good anti-cheat should never be to eradicate it entirely, since that is obviously impossible. You just need to make it so the vast majority of players rarely encounter it.
To be honest I have completely given up on competitive fps games. The cheating situation has only gotten worse and I really don't see anti-cheat makers winning.
I was 4 when the first DOOM came out, 7 when Quake was released - I LOVE me some fps games.
But I don't find playing online fun anymore - The first 3 days are great, then you've ranked up a bit and start hitting the rampant cheating, and you realize it's just a waste of time sitting for 20 minutes in a game where some 12 year old (or much worse, some 30 year old) has just bought hacks to feel good.
To be honest - I actually blame the automated matchmaking systems more than anything else.
Give me the good ol' server lists back, where a real person is an admin, and you can make a group of friends. This monotonous, automated, matching bullshit sucks the soul out of most games. It's not fun anymore, it's designed to be a chore to prove that you're "better", with an intentionally game-ified rewards systems built to trigger gambling impulses.
I'm grave digging a bit with this reply... but I was around the same ages as you maybe a bit older at all those releases. The only satisfying time to play big name competitive PVP FPS is during Beta periods and the first few weeks after launch. However... I've found satisfaction for my FPS itch playing games like 'Squad' it's very niche I have my servers I subscribe to for a few dollars a month and sometimes on 'free weekends' we'll have 3-4 a night but admins ban them within a minute. Cheating is rarely a problem in niche harder to play / enjoy games but comes with a time commitment cost. I'd be embarrassed to say how many hours I have in that game but let's just say it's more than 500 hours in ~6 years.
Another good niche game with virtually non-existent cheating is Midair. It's mostly old-school FPS players reliving their Tribes days with good admins global banning the rare cheater.
I wish I could reply to this with a rallying cry for you to keep trying. But it's true, every 14 year old kid with a keyboard can cheat in competitive now.
How does Stadia play a role in this? I don't play video games outside of Football Manager so not knowledgeable in the area but I recall reading about the competitive scene of one of these games moving over to the service due to the cheating.
I think it would kill the scene, Stadia is anti-performance, it's a video feed streamed over the internet, with all the problems associated with processing on a remote computer, the primary motivator for high refresh rate monitors and low latency input is FPS games I would assume, so going from sub 10ms end to end latency to a 40ms latency on a perfect connection, I just don't see it being accepted.
As an aside it's recommended to keep latency under 20ms to stop motion sickness in VR.
Developers can support this, if they want. Conan Exiles guides you to install the 3rd party anti-cheat, but you can opt out and play single player fine or even multiplayer on servers that allow it.
As someone who was really into CSGO, I can tell you the cheating just gets more subtle.
Up near LE/LEM ranks - no one is using the obvious hacks anymore. Instead it's things like a small autosnap radius for heads (ex: mouse within 3px of a players head? snap to head on fire), auto-recoil control, and map awareness hacks (4 went A, we go B)
It's a similar problem in Valorant - the goal of the cheater in the higher ranks is to get an unfair advantage with just enough of a cheat to leave the other players wondering if they actually cheated at all.
Hell - there are actually hardware cheats now - ex: mouse that will handle recoil for you in these games now.
It's destroyed my interest in the competitive FPS genre entirely.
>Literally (not nearly) impossible to detect, there is no difference between this and just aiming by hand. The video is already out of the box, and the USB HID packets look the same as the real mouse's commands.
doesn't "line" made of mouse coordinates look oddly for human?
At this point, I'm pretty sure any "human" pattern machines can find, other machines can fake. Simulating how a human would move a cursor towards a position definitely seems like something deep learning could approximate for cheap.
Naive aimbots will still have some artifacts (eg jumping to a new target as soon as the current one is occluded), but making an undetectable aimbot really doesn't seem hard, given the incentives involved.
The hosts are so cheap they wont do a raycast from a player to an object to see if its in line of sight, they are not going to try and scan your input looking for randomness.
You're downplaying how genuinely hard it is to do server side stuff on a game with 60+ players, a lot of this stuff is O(n^2), and the bottle necks is network packet sizes as well where players will start to complain about packet loss because they play on WiFi connection with someone else who watches YouTube or Netflix.
Apex legends does in fact do fully simulated bullet dropoff server side with temporal rewinding, and it doesn't stop hackers from just shooting you with 99% accuracy.
Its not _hard_ its $$$ expensive. You'll need bigger processors and more servers. I mean, I guess its _hard_ to choose what compromises to make, but not technically hard. Anyhow, I'm no expert.
The solution to competitive gaming is streaming, not anti-cheat. Everybody gets the same resolution, same frame-rate, same latency. Fair is fair.
Honestly think it's game consoles with keyboards and mice that are bound to proprietary crypto protocols, much like the anti-piracy that the current xbox has. Can't do video stream HID interception unless you make a robot, and you've just raised the barrier of entry so high to get rid of %99.9 of it. And in pro matches you can just watch them in person.
The point of crypto locked controllers made by and for the manufacturer's console is that tampering will cause the device to refuse to run. Which leaves you at a robot to physically manipulate the device as I said. Since it doesn't have to be an standard like HDCP, this can be locked down pretty well like the xbox one is. [0]
At that point the barrier to entry would be so annoying that online cheating will be reduced significantly, and pro tournaments will be done in person to let you prevent usage of robots. Also everyone will be using the same equipment probably provided by tournament organizers.
Congratulations on your fun project. Be careful about "literally impossible" though. If it's truly identical to aiming by hand, it won't help you. If it isn't, there might be some statistical (in)consistency that's detectable with enough play.
What if some person or algorithm notices that you don't have those skills while walking or shooting at other body parts - only at heads? That's the kind of inconsistency I'm talking about. Or what if the nature of the mouse movements is consistently a little different between the AI and yourself?
Physical aimbots are a much fairer cheat than picking apart the render pipeline to see through walls. A good player can still beat them.
I'm not saying I'm for any sort of cheat, including the built-in aim-assist for people who choose to play with a controller, but if I absolutely had to play against an unknown number of cheaters, I would prefer they were at least playing with the same deck as me.
Pretty well. It doesn't shoot through them, because it can't see through them. Sometimes it aims/shoots through them somewhat early before it dissipates completely, because rxn time is way faster than a human. But it's close enough to not be suspicious.
You know this? You've personally tried them? Or is this secondhand, thirdhand, hypothetical knowledge? It seems to me that anti-cheat works the same way DRM works: It poses a barrier to entry that keeps NN% of people who would hack from hacking, which is sufficient to keep the game from becoming a hacker cesspool.
As someone who runs an online Counterstrike platform, I can attest to this firsthand. There are literally dozens of open source cheats on Github that bypass the major anticheat services. And when one gets detected, they're usually updated in just a few days. For private paid cheats, they're very rarely detected. I've heard of people paying thousands of dollars for custom-built cheats that have gone years and years without being detected.
The cheating in the game is out of control and has been for half a decade. People still play and can find little pockets to play in to avoid cheaters (namely playing with friends or on paid services, that cut down on cheating due to the barrier to entry of cost), but it's inevitably unavoidable to consistently run into cheaters
My approach has been to run no client anti cheat outside of that built into the game (VAC), as I don't believe invading people's privacy (e.g. always-on kernel level detection) for the illusion of reducing cheating is worth it. There are better ways of hindering cheating than on-client detection, in my humble opinion.
You're talking about VAC, which is not even close to the same tier as EAC, there are no "open source cheats" that bypass the major anticheat services because they are quickly identified and patched.
Correct, VAC is very different than EAC. But it's absolutely not true that there are not open source cheats that bypass EAC, FaceIT, and ESEA. The more popular ones get patched, but I've seen a bunch of smaller ones that do not get detected – you just have to know how to find them. They may eventually get detected, but cheaters generally will just create a new account and start cheating again.
When my platform launched 6 years ago, we were the first to approach the problem of preventing cheating via non-invasive methods. We required you to have played several hundred matches in-game before being allowed to join our platform. ESEA, who are widely considered to have the best client side CS:GO anti-cheat, just recently implemented something similar, proving that clientside anticheats alone don't solve the problem.
> They may eventually get detected, but cheaters generally will just create a new account and start cheating again.
Typically games will either avoid putting low play count players in the pool with established or paying players. Both because they don't want the guy playing for the first time to be constantly creamed by heavily invested players which would drive them off but also because real time and real dollars are strong deterrent to most and at least an extreme slowdown to the remaining. The net result of anti-cheat is to make it unviable to continually cheat, not to never have hacks that temporarily work.
CS's problem is Valve has shit anti-cheat that doesn't really care to detect cheaters and even when it does it doesn't have strong new player segmentation to delay them from coming back. Both of these are reason's Valve is lax with cheaters not reason's anti-cheats aren't effective.
You probably won't be in there for long, if ever, if you're a standard new player. It's a factor most serious anti cheats consider, not the only factor.
That is you came in on an account that had existing game time or existing purchases or you hop on with a friend in good standing or you bought something in game or anything to indicate your account is actually valued by a legitimate player in some way you won't even see this process.
On the other hand if you're a fresh account with 0 time, 0 spend, and the only people that will friend you are accounts that accept every request or are known for accepting new cheaters expect you aren't just going to be dumped into the clean player pool on your first night. Not only are you the hardest type of player to prevent false positives for but you're the least likely to ever be profitable to server anyways.
Even if you aren't immediately uplifted some strategies mean you may not care if your initial nights had a higher risk of cheaters anyways matter. E.g. Fortnite is F2P but your first night you aren't likely to run into many real players. Both because they want you to get some wins to get hooked but also because it dilutes the amount of cheating new players will see.
Does popflash.site have an AC? I didn't have a problem last time I tested it.
I think your server could check for several cvars that are only enabled for cheaters using some cheats, to auto-ban them. Though this precludes externals and some better internals.
Sorry, I edited my comment after you asked. We don't have an "anti-cheat" in the traditional sense, though I've developed a few solutions to curb cheating in the past. Fortunately, it's not really a problem I've had to solve because I only offer scrimmages these days, meaning you choose who you play with. If I were to offer matchmaking, I'd be more liable to prevent cheaters from using the platform since I would be matching up people to play with.
Since my users are mostly just playing friends I don't really have rampant cheater problems like other services.
That's not really what DRM IMHO -- sure it says that on the tin... Once the video or game is cracked once, the DRM is done. It just provides hurdles and extra barriers for the first person. Once somebody finds a "hack" method that works, they can clone and resell it up until their greed belies their customer's wishes of being undetected due to small player pool using the hack.
And yes, hacks are "rootkits". It's kind of funny how they work. Some of them work at the memory level, or packet level. They require you to disable anti-virus, all firewalls, etc. The only incentive for them not to hack the user is a recurring subscription cost that's often more expensive than the game itself (leading to rage hacks where they are known to detected but the delay in detection-ban lets the user play still and farm RMT items).
I do know this, personally. EAC is not great. They sort of stay on top of things compared to something like CS but it's still possible to get away with it for a few months if you do it right
We need to go deeper! Cheat Makers produce their own kernels that trick the kernel modules by intercepting everything theses modules do.
I don't know if there is even cheat software on Linux, but if there's a market, there might be a product.
You’d be very surprised how much of the industry hasn’t discovered this. There’s lots of stats that can be used to reliably detect cheating.
* New account
* K/D ratio that’s multiple times better than the best players in the game
* Using incredibly off-meta “cheater builds”
* Consistent record breaking total kill count
* Inhumanly low TTK and headshot ratio
* Speed hacks that allow you to move around the map much faster than you should be
* Time to lock on/switch between targets
All of those are incredibly easy to statistically analyze. I play a fair amount of Warzone, and I often run in to cheaters that would fail a very basic “definitely cheating” stats check. You can even get a rather reliable indication of whether there’s an obvious cheater in the lobby by how quickly the surviving player count goes down.
A 3rd party implemented an app that looks up the stats of every player in your lobby, that players were using to detect the more obvious cheaters. There’s no non-cheating explanation for a double-digit K/D player getting 50+ kills for the past few matches in this game, but you’ll find players like that in your games routinely. The developer response was to declare the app against ToS and modify the public end points that provided those stats, breaking the app.
That’s one of the biggest games in the world, they’re clearly not utilizing even simple statistical methodology, and they don’t want users doing it themselves to decide what lobbies to back out of.
VACnet IS more effective than their previous system, but that's a LOW bar. CS:GO is still full of obvious spinbotters and wallhackers that get to ruin a hundred competitive games before eventually getting banned, and just grabbing a new account. VACnet for some reason can't even get the obvious stuff; Spinbotting looks nothing like a normal person playing, to the point that you could probably write "if average rotation rate > some high bar then ban" and do better
Valve have been doing it with Counter Strike for at least 3 years. And the "VACnet" they have is still far from perfect. Especially with the less obvious cheats. They used to be a talk on youtube, but it seems to have been taken down.
I did a few hundred cs overwatch (it's a system where people with 150+ won matches can review suspicious behaviours reported by system/other users - https://blog.counter-strike.net/index.php/overwatch/) cases and 95% of them were people using Spinbots. You can write a program/script that parses demos and detects those in few hours (assuming you don't know how to parse a demo file). Why is this even a thing? I want to help them with fighting less than obvious cheaters but if almost everything I get can be automated by any 1st-year cs college student then what is the point?
I am guessing extra computation? Maybe this sort of technology is in infancy?
The real interesting take away is it is always a mouse and cat game. The hackers will adapt, instead of reading memory they might just read packets, or use a m.2 memory reader card, because they have to -- and so will the anti-hackers. I am interesting in machine learning to simulate COD -- I saw a video of it and it's like a young child was playing the game -- not good but obviously on the path to competence.
They do. And after a few weeks/months there will be a ban wave. But there really isnt incentive to fix these problems because if you ban cheaters they have to buy new copies of games.
Because they can get people to install rootkits on their PCs and offload the computational burden on to them instead of paying $$$ to detect these themselves?
That can only detect obvious hacking. Subtle hacking is hard enough to detect that you'd either have to accept high amounts of false positives or false negatives.
Eliminating obvious hacking would be an improvement in a lot of games. You can get good enough to outplay a waller with a subtle aimbot, especially considering the cheaters are typically not very good at the game. The “rage hacks” offer no level of counter play at all.
Client-side analysis allows the game to identify unauthorized access to game state, which is the root cause of most cheating (probably not going to prevent computer vision aimbots that just analyze frames). It's just a much simpler and effective solution than fine-tuning a statistical model.
If it's running on the client, it can be patched out. Any checks done on the client side can be bypassed. Sure, obfuscation will deter most people from trying to reverse engineer the checks, but all it takes is one person to succeed and distribute their cheat program to others.
I wouldn't be shocked if it used BPF probes or something like that. A kernel module is possible, too, especially if they're targeting Ubuntu with DKMS.
I don't know if you're being sincere or just trying to gotcha it, but Ubuntu has had support for this for ages as part of DKMS [0]. It generates a key and registers it with the firmware during setup if secure boot is on, and it signs any modules you build with that key as part of the regular DKMS build.
This is why I still use the console model with my gaming PC. It is exclusively for games without exception. I would have it boot directly into steam if I could get steam to boot other games like from Battle Net without so much work.
I did that for a long time, but I get a little too into FPS games and playing ranked against people who can see in the dark using game filters, have a high FOV not supported on console, 240FPS, and 1ms input lag I decided to switch. Cheating is a console problem too now that everything is doing crossplay anyway.
You can, actually. Steam can add non-steam games to the library, and also can stream them over Steam link. I've used that to play GoG games on Android TV.
The dev page still says "The Anti-Cheat Client interface currently only supports the Windows platform and requires a 64-bit operating system installation. Mac and Linux client support are coming soon." so there's not much info yet. I'm guessing it'll require a specific kernel version and an obfuscated kernel patch that probes everything and calls a web service constantly.
Riot games already made this on their game titled "Valorant." It's irritating because you need to restart your pc every time you encounter some of the game's errors.
On windows, a lot of the actions that "anti-cheat" software takes is indistinguishable from a rootkit.