We outsmarted CSGO cheaters with IdentityLogger

Excellent write up and solution. Cheating in video games makes for a wretched experience for those who don't cheat.

It's crazy how rampant cheating in multiplayer games, especially competitive ones has gotten. Ten years ago, I thought it was at an extreme, but it's only gone up since then.

Part of the problem is that for some software developers, writing cheats brings in a massive amount of money.

So instead of some teenager messing around making unsophisticated cheats, you have some devs that are far better at writing cheats than game developers are at preventing them.

It doesn't help that game devs have to secure everything, everywhere, but cheat devs only have to find a single flaw.

I think a better question here is: why is game code so exploitable?

A: laziness and cost. It just doesn’t matter the same way that baking code matters, I guess.

So they toss on some cheap anti cheat instead of architecting it safely (expensively.)

No kidding, implementing multiplayer as a VNC session on a controlled server is very expensive.

> I think a better question here is: why is game code so exploitable?

The nature of FPS games means only environment integrity can stop cheating. It's not exploitable per se. Just the game skill can be done by a computer perfectly.

Conversely who knows how long it will take for AIs to play Hearthstone with never-before-seen-cards well.

Architecture can help up to a point but it can't stop everything - the usefulness of ESP can be reduced by not sending the client information it doesn't need to know, but that gets computationally expensive on the server, and culling information too aggressively can interfere with lag compensation. Perfect recoil compensation can be prevented by not replicating the servers RNG state on the client so it can't predict where the next bullet will go, which CS:GO started doing at some point. Aimbots though? Those are just automating an input the user could theoretically make legitimately, so you're pretty much stuck with statistical heuristics or client-side detection.

I think that's a very naïve way of looking at game development. There are many reasons why games are exploitable besides lack of reasonable dev effort.

- Almost all games are going to use a licensed or shared game engine. That means the softwsre architecture is already known to skilled cheat developers with reverse engineering skills.

- Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

- The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats. More advanced cheaters can use PCIe devices to read game memory, defeating that mitigation.

- TPMs cannot be trusted to secure games, as they are exploitable.

- Implementing any of these mitigations will break the game on certain devices, leading to user frustration, reputation damage, and lost revenue base.

- And most damning, AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

This isn't the better question.

When you have software running locally, you can arbitrarily modify how it runs.

Like an aimbot is a powerful cheat, and there's no amount of security that can prevent one from being used outside of an anticheat being able to look deep into what your system is doing, what it contains. The only way to prevent that kind of thing is to remove your control of your own computer.

And even then you could do aimbot with camera pointed on the screen and either faking a mouse or providing sensor sufficient data somehow to simulate movement... That is reach super human reaction times and accuracy...

It’s not that simple.

Some games aren’t able to prevent cheating. The client has the data on where the enemies on their screen are. The cheat only needs to move the mouse and click on the enemies heads. Other games like MMORPGs involve the cheat just playing the game and farming on behalf of the player.

It just becomes a cat and mouse game where the anti cheat is trying to detect something hooking into the game process while the cheat tries to hide itself.

> When you have software running locally, you can arbitrarily modify how it runs.

Well, you can on PC at least. Xbox and Playstation security has matured to the point that code modification in online games isn't really a thing anymore, the worst they have to deal with is controller macros most of the time.

Because at the end of the day the game is running on the user's machine, a machine in which the user has full access to every part of the execution and the software developer does not. You can only get around that by streaming the game instead of running it on the client side and even then an aimbot or some type of automation would be possible nowadays.

Until they get jailbroken that is. There is no such as a perfectly secure platform in which the user has complete physical control over it.

Priorities. Games need content and performance. Give game developers more budget, and they will work on making the game faster, fix game breaking bugs, and add content rather than make the game less exploitable.

And cheats do not always rely on exploitable bugs. A bot using screen capture and input device emulation works at the OS level and in other contexts (ex: accessibility), it would be a legitimate thing to do.

The PS4 and PS5 have been jailbroken numerous times, but...

1) Their secure boot implementation has never been broken, which means you can't upgrade from an exploitable version N firmware to a non-exploitable version N+1 while persisting a backdoor like you could on older systems like the PS3. You're stuck at version N until another exploit is found.

2) They rotate the crypto keys used for online play with every new firmware so they can easily lock those old exploitable firmwares out of online play for good, even if they try to spoof their version number. There's no getting around not having the new keys.

Meanwhile the Xbox One took a decade to get even a limited jailbreak that allows arbitrary code execution inside the game sandbox, but can't escape the game sandbox to take over the kernel, and the Xbox Series systems have yet to be jailbroken at all on any firmware.

Hypothetically being able to break anything with physical access doesn't count for much in practice if the thing you want to physically attack is buried inside a <7nm silicon die, doesn't trust anything outside of itself, and has countermeasures against fault injection attacks. The Switch may well be the last big victory for console hackers, the writing has been on the wall for years now.

I think GP's last line covers it. It's the same reason why DRM is ultimately ineffective, and why even companies that work hard and spend time and money to secure their infra still sometimes get popped: the game devs have to be perfect 100% of the time, but the cheaters only have to get lucky and find a flaw once.

> MMORPGs involve the cheat just playing the game and farming on behalf of the player

From a player perspective that's not cheating, that's running a bot. It's automation of a routine grind - which is typically designed to make players hate it and spend money instead. Automating boring stuff is simply natural.

For pay-to-win games it's effectively a balancing system, a pushback against player-hostile mechanics. Not unlike an adblocker on the web.

That's strictly in context of MMORPG genre, of course.

I wish I'd live to see the time of true cyborgs who will exceed ordinary human capabilities in some regard.

A couple of thoughts, but I largely agree with you.

> Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

Denuvo is for the most part DRM, rather than anticheat. It's goal is to stop people pirating the game during the launch window.

> The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats.

This ship has sailed. Modern Anticheat platforms are kernel level.

> TPMs cannot be trusted to secure games, as they are exploitable.

Disagree here - for the most part (XIM's being the notable exception) cheating is not a problem on console platforms.

> AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

I don't think these are rampant, or even widespread yet. People joyfully claim that because cheats can be installed in hardware devices that there's no point in cheating, but the reality is the barrier to entry of these hyper advanced cheats _right now_ means that the mitigations that are currently in place are necessary and (somewhat) sufficient.

Probably three years

Oh, that's an easy one.

- GOOD software are simple and easy to understand, which makes it EASY to cheat.

- BAD software are needlessly complex and finicky, so it's HARD to rig it for a cheat.

- Anti-cheats intentionally make software BAD and over-complicated, so cheaters would have hard time modifying it. But computers are brittle and also aren't smarter than humans so cheaters will eventually find a way.

- Security is completely irrelevant topic since game clients are "bought" and run on your hardware; Digital Restrictions Management built to work against you as user is anti-consumer, anti-right-to-repair, anti-human, super bad thing, and lots of efforts are made to keep PC away from it as much as practical.

It has nothing to do with laziness or cost. If anything it'll be the best programmed game that gets hacked fastest. And PS2 that gets emulated last.

It's not AI enabled cheats that are the issue, it's DMA through things like PCIe devices disguised as regular hardware. Sophisticated cheats no longer run on the same computer as you're playing on. Google "pcie dma cheat" for a fun rabbit hole.

A very large amount of games that are released nowadays all use well known and well documented engines, that's what makes it a lot easier, there's an interview on YouTube with a company that develops cheats for multiple games that mention this here: https://youtu.be/zwruk-tLIOU?si=3O2jBKQneur-n3iS

> This ship has sailed. Modern Anticheat platforms are kernel level.

so you use a kernel level anti-anti-cheat

Right, but the barrier for entry for those cheats is huge - the sp605 board is $700, for example. There are cheaper ones, but you’re not going to have rampant cheating testing through games when you add hundreds in hardware to the requirements.

Antiecheats work in layers and are a game of cat and mouse. They can detect these things some times, and will ban them (and do hardware bans). The cheaters will rotate and move on, and the cycle continues. The goal of an effective anti cheat isn’t stop cheating, it’s be enough of a burden that your game isn’t ruined by cheaters, and not enough of a target to be fun for the cheat writers.

How attached and how technical does it have to be to be "cyborg".

Me with a pen and paper exceeds many human capabilites.

Likewise with wearables like a smartwatch.

Does it have to be direct neural integration to be a cyborg? Definitely people with profound brain injuries have been enhanced to the ability to interact again.

Some competitive multiplayer games.

Which seem to be exclusively FPS games with ~10+M players ?

I don't even remember the last time when I've heard of a game outside that very narrow (albeit decently popular) category to have complaints about cheaters. Meanwhile for these games, I hear about it like every month, and all this despite this genre being amongst the ones that I play the least !

Cheating is commonplace in lots of games much smaller than that. Company of Heroes 2 (an RTS released in 2013) for example is pretty much ruined by map hackers.

Good question! IMHO, it's a spectrum, of course, not a binary concept.

But if we have to define a criteria... I guess, integrated just enough so it can't be trivially removed, making it more of a "body part" rather than a "tool".

Point is, it'll certainly spark a discussion and re-evaluation of what's "fair", potentially shifting the consensus from somewhere around the current "glasses are fair game, but a programmable mouse is not" to somewhere more accepting of differently-abed individuals.

Well, it's just a genre that's immensely popular and easy to cheat in.

If you have access to the game's memory etc, it's pretty easy to create an aimbot or thing that lets you see thru walls et cetera.

How you gonna cheat in a moba? It's a strategy game, you need, like, cutting edge AI to beat the best humans at it. In fact OpenAI specifically worked on an AI to play Dota 2, it was that hard.

One thing to note is that CSGO can be considered a play-to-earn type game; you play the game, get lootboxes, get lucky, sell the item for... idk, hundreds? thousands? So it's an incentive to cheat and buy new copies of the game if found out. A single item can be a month's income easily.

Mind you I don't know if that's the case on privately hosted servers as well, since those could be manipulated to give players the points needed to get the lootboxes.

That system incentives against it. Your inventory becomes locked meaning worthless if you get the proper ban. So for farming stuff, it is much better not to cheat.

Not that there isn't options of making money that do benefit from cheating. Like creating high ranking accounts to sell. Which some people buy for the status of the rank...

Maphack that gives vision of other players and resources is a common cheat in many games, including very popular moba games.

You don't need to improve your individual performance to cheat, anything that improves game-sense works just as well. A common one for moba (and other genres) is a radar style hack, which can show an overlay of the map with the player locations in real time. Knowing where you enemies are at all times is a HUGE advantage in a moba.

No, that figure is way off. Check out a website that sells digital goods or cheats and you will see that even far smaller games have cheats available.

Escape from Tarkov comes to mind. An extremely hard and niche first person shooter with RPG elements. It is a private Russian company so we don't know exact player numbers, but it is estimated to be ~200k by some hits in a google search.

There are people who will provide carry services and guns and gear for plenty of people who will pay for it, as well as other providers selling the cheats that the carriers use for a weekly fee. The people who are providing these services are getting paid in USD when their local currency has a far lower value. It isn't a moral thing, it is a money thing.

You know that you sometimes don't know a bug exists before someone exploits it or uses your software in a way that you did not think of. There are experts who stand to make tons of cash if they can create or use an exploit that people will pay money to advance with.

The only way to prevent this is something that no one wants to hear, but it needs to be a unique citizenship identifier of some sort, since HWIDs and other means of tracking are mostly useless.

Any decently competitive scene is going to develop cheaters in some form or another. MOBAs, Minecraft, Fortnite, at minimum I've heard about cheating some form or another. Any speedrunning community is going to face cheaters in some form or another doesn't matter what community you are talking about.

FPS games are kind of the gold standard when it comes to competitive environments, and thus gather cheaters or people complaining about cheaters substantially more than most other game genres.

If you look on popular cheat forums, you'll find a newbie guide that links to recommended hardware, typically priced around $250 from memory, certainly not $700.

Also, spending hundreds on hardware is standard for anyone playing competitive games. For example, Escape from Tarkov's "unheard edition" costs $250 for just a single game, and people still buy it. When you factor in the cost of gaming mice, hall-effect sensor keyboards, 480Hz displays, and high-end systems, the total investment adds up quickly for improvements that will never match the capabilities of a cheat, which is how a lot of them also like to justify their cheating, it's simply the most cost effective way to dominate in a game, especially if your livelihood depends on it.

I don't disagree with the second half of your statement.