←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 1 comments | 16 Oct 24 18:18 UTC | HN request time: 0.205s | source
Show context
LinuxAmbulance ◴[16 Oct 24 19:16 UTC] No.41862747[source]
Excellent write up and solution. Cheating in video games makes for a wretched experience for those who don't cheat.

It's crazy how rampant cheating in multiplayer games, especially competitive ones has gotten. Ten years ago, I thought it was at an extreme, but it's only gone up since then.

Part of the problem is that for some software developers, writing cheats brings in a massive amount of money.

So instead of some teenager messing around making unsophisticated cheats, you have some devs that are far better at writing cheats than game developers are at preventing them.

It doesn't help that game devs have to secure everything, everywhere, but cheat devs only have to find a single flaw.

replies(2): >>41862854 #>>41865147 #
DJBunnies ◴[16 Oct 24 19:26 UTC] No.41862854[source]
I think a better question here is: why is game code so exploitable?

A: laziness and cost. It just doesn’t matter the same way that baking code matters, I guess.

So they toss on some cheap anti cheat instead of architecting it safely (expensively.)

replies(11): >>41862902 #>>41862917 #>>41862922 #>>41862944 #>>41862966 #>>41863021 #>>41863103 #>>41863154 #>>41863221 #>>41863906 #>>41864021 #
1. jsheard ◴[16 Oct 24 19:32 UTC] No.41862922[source]
Architecture can help up to a point but it can't stop everything - the usefulness of ESP can be reduced by not sending the client information it doesn't need to know, but that gets computationally expensive on the server, and culling information too aggressively can interfere with lag compensation. Perfect recoil compensation can be prevented by not replicating the servers RNG state on the client so it can't predict where the next bullet will go, which CS:GO started doing at some point. Aimbots though? Those are just automating an input the user could theoretically make legitimately, so you're pretty much stuck with statistical heuristics or client-side detection.