←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 8 comments | 16 Oct 24 18:18 UTC | HN request time: 1.196s | source | bottom
Show context
LinuxAmbulance ◴[16 Oct 24 19:16 UTC] No.41862747[source]
Excellent write up and solution. Cheating in video games makes for a wretched experience for those who don't cheat.

It's crazy how rampant cheating in multiplayer games, especially competitive ones has gotten. Ten years ago, I thought it was at an extreme, but it's only gone up since then.

Part of the problem is that for some software developers, writing cheats brings in a massive amount of money.

So instead of some teenager messing around making unsophisticated cheats, you have some devs that are far better at writing cheats than game developers are at preventing them.

It doesn't help that game devs have to secure everything, everywhere, but cheat devs only have to find a single flaw.

replies(2): >>41862854 #>>41865147 #
DJBunnies ◴[16 Oct 24 19:26 UTC] No.41862854[source]
I think a better question here is: why is game code so exploitable?

A: laziness and cost. It just doesn’t matter the same way that baking code matters, I guess.

So they toss on some cheap anti cheat instead of architecting it safely (expensively.)

replies(11): >>41862902 #>>41862917 #>>41862922 #>>41862944 #>>41862966 #>>41863021 #>>41863103 #>>41863154 #>>41863221 #>>41863906 #>>41864021 #
1. colechristensen ◴[16 Oct 24 19:36 UTC] No.41862966[source]
This isn't the better question.

When you have software running locally, you can arbitrarily modify how it runs.

Like an aimbot is a powerful cheat, and there's no amount of security that can prevent one from being used outside of an anticheat being able to look deep into what your system is doing, what it contains. The only way to prevent that kind of thing is to remove your control of your own computer.

replies(2): >>41863000 #>>41863090 #
2. Ekaros ◴[16 Oct 24 19:39 UTC] No.41863000[source]
And even then you could do aimbot with camera pointed on the screen and either faking a mouse or providing sensor sufficient data somehow to simulate movement... That is reach super human reaction times and accuracy...
replies(1): >>41863400 #
3. jsheard ◴[16 Oct 24 19:47 UTC] No.41863090[source]
> When you have software running locally, you can arbitrarily modify how it runs.

Well, you can on PC at least. Xbox and Playstation security has matured to the point that code modification in online games isn't really a thing anymore, the worst they have to deal with is controller macros most of the time.

replies(1): >>41863137 #
4. lagadu ◴[16 Oct 24 19:53 UTC] No.41863137[source]
Until they get jailbroken that is. There is no such as a perfectly secure platform in which the user has complete physical control over it.
replies(1): >>41863161 #
5. jsheard ◴[16 Oct 24 19:56 UTC] No.41863161{3}[source]
The PS4 and PS5 have been jailbroken numerous times, but...

1) Their secure boot implementation has never been broken, which means you can't upgrade from an exploitable version N firmware to a non-exploitable version N+1 while persisting a backdoor like you could on older systems like the PS3. You're stuck at version N until another exploit is found.

2) They rotate the crypto keys used for online play with every new firmware so they can easily lock those old exploitable firmwares out of online play for good, even if they try to spoof their version number. There's no getting around not having the new keys.

Meanwhile the Xbox One took a decade to get even a limited jailbreak that allows arbitrary code execution inside the game sandbox, but can't escape the game sandbox to take over the kernel, and the Xbox Series systems have yet to be jailbroken at all on any firmware.

Hypothetically being able to break anything with physical access doesn't count for much in practice if the thing you want to physically attack is buried inside a <7nm silicon die, doesn't trust anything outside of itself, and has countermeasures against fault injection attacks. The Switch may well be the last big victory for console hackers, the writing has been on the wall for years now.

6. drdaeman ◴[16 Oct 24 20:18 UTC] No.41863400[source]
I wish I'd live to see the time of true cyborgs who will exceed ordinary human capabilities in some regard.
replies(1): >>41864737 #
7. colechristensen ◴[16 Oct 24 22:59 UTC] No.41864737{3}[source]
How attached and how technical does it have to be to be "cyborg".

Me with a pen and paper exceeds many human capabilites.

Likewise with wearables like a smartwatch.

Does it have to be direct neural integration to be a cyborg? Definitely people with profound brain injuries have been enhanced to the ability to interact again.

replies(1): >>41865433 #
8. drdaeman ◴[17 Oct 24 01:01 UTC] No.41865433{4}[source]
Good question! IMHO, it's a spectrum, of course, not a binary concept.

But if we have to define a criteria... I guess, integrated just enough so it can't be trivially removed, making it more of a "body part" rather than a "tool".

Point is, it'll certainly spark a discussion and re-evaluation of what's "fair", potentially shifting the consensus from somewhere around the current "glasses are fair game, but a programmable mouse is not" to somewhere more accepting of differently-abed individuals.