←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 5 comments | 16 Oct 24 18:18 UTC | HN request time: 0s | source
Show context
LinuxAmbulance ◴[16 Oct 24 19:16 UTC] No.41862747[source]
Excellent write up and solution. Cheating in video games makes for a wretched experience for those who don't cheat.

It's crazy how rampant cheating in multiplayer games, especially competitive ones has gotten. Ten years ago, I thought it was at an extreme, but it's only gone up since then.

Part of the problem is that for some software developers, writing cheats brings in a massive amount of money.

So instead of some teenager messing around making unsophisticated cheats, you have some devs that are far better at writing cheats than game developers are at preventing them.

It doesn't help that game devs have to secure everything, everywhere, but cheat devs only have to find a single flaw.

replies(2): >>41862854 #>>41865147 #
DJBunnies ◴[16 Oct 24 19:26 UTC] No.41862854[source]
I think a better question here is: why is game code so exploitable?

A: laziness and cost. It just doesn’t matter the same way that baking code matters, I guess.

So they toss on some cheap anti cheat instead of architecting it safely (expensively.)

replies(11): >>41862902 #>>41862917 #>>41862922 #>>41862944 #>>41862966 #>>41863021 #>>41863103 #>>41863154 #>>41863221 #>>41863906 #>>41864021 #
andrewia ◴[16 Oct 24 19:34 UTC] No.41862944[source]
I think that's a very naïve way of looking at game development. There are many reasons why games are exploitable besides lack of reasonable dev effort.

- Almost all games are going to use a licensed or shared game engine. That means the softwsre architecture is already known to skilled cheat developers with reverse engineering skills.

- Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

- The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats. More advanced cheaters can use PCIe devices to read game memory, defeating that mitigation.

- TPMs cannot be trusted to secure games, as they are exploitable.

- Implementing any of these mitigations will break the game on certain devices, leading to user frustration, reputation damage, and lost revenue base.

- And most damning, AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

replies(1): >>41863443 #
1. maccard ◴[16 Oct 24 20:22 UTC] No.41863443[source]
A couple of thoughts, but I largely agree with you.

> Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

Denuvo is for the most part DRM, rather than anticheat. It's goal is to stop people pirating the game during the launch window.

> The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats.

This ship has sailed. Modern Anticheat platforms are kernel level.

> TPMs cannot be trusted to secure games, as they are exploitable.

Disagree here - for the most part (XIM's being the notable exception) cheating is not a problem on console platforms.

> AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

I don't think these are rampant, or even widespread yet. People joyfully claim that because cheats can be installed in hardware devices that there's no point in cheating, but the reality is the barrier to entry of these hyper advanced cheats _right now_ means that the mitigations that are currently in place are necessary and (somewhat) sufficient.

replies(2): >>41863979 #>>41864083 #
2. ghxst ◴[16 Oct 24 21:23 UTC] No.41863979[source]
It's not AI enabled cheats that are the issue, it's DMA through things like PCIe devices disguised as regular hardware. Sophisticated cheats no longer run on the same computer as you're playing on. Google "pcie dma cheat" for a fun rabbit hole.
replies(1): >>41864661 #
3. heavenlyblue ◴[16 Oct 24 21:36 UTC] No.41864083[source]
> This ship has sailed. Modern Anticheat platforms are kernel level.

so you use a kernel level anti-anti-cheat

4. maccard ◴[16 Oct 24 22:49 UTC] No.41864661[source]
Right, but the barrier for entry for those cheats is huge - the sp605 board is $700, for example. There are cheaper ones, but you’re not going to have rampant cheating testing through games when you add hundreds in hardware to the requirements.

Antiecheats work in layers and are a game of cat and mouse. They can detect these things some times, and will ban them (and do hardware bans). The cheaters will rotate and move on, and the cycle continues. The goal of an effective anti cheat isn’t stop cheating, it’s be enough of a burden that your game isn’t ruined by cheaters, and not enough of a target to be fun for the cheat writers.

replies(1): >>41885373 #
5. ghxst ◴[19 Oct 24 03:12 UTC] No.41885373{3}[source]
If you look on popular cheat forums, you'll find a newbie guide that links to recommended hardware, typically priced around $250 from memory, certainly not $700.

Also, spending hundreds on hardware is standard for anyone playing competitive games. For example, Escape from Tarkov's "unheard edition" costs $250 for just a single game, and people still buy it. When you factor in the cost of gaming mice, hall-effect sensor keyboards, 480Hz displays, and high-end systems, the total investment adds up quickly for improvements that will never match the capabilities of a cheat, which is how a lot of them also like to justify their cheating, it's simply the most cost effective way to dominate in a game, especially if your livelihood depends on it.

I don't disagree with the second half of your statement.