We outsmarted CSGO cheaters with IdentityLogger

Excellent write up and solution. Cheating in video games makes for a wretched experience for those who don't cheat.

It's crazy how rampant cheating in multiplayer games, especially competitive ones has gotten. Ten years ago, I thought it was at an extreme, but it's only gone up since then.

Part of the problem is that for some software developers, writing cheats brings in a massive amount of money.

So instead of some teenager messing around making unsophisticated cheats, you have some devs that are far better at writing cheats than game developers are at preventing them.

It doesn't help that game devs have to secure everything, everywhere, but cheat devs only have to find a single flaw.

I think a better question here is: why is game code so exploitable?

A: laziness and cost. It just doesn’t matter the same way that baking code matters, I guess.

So they toss on some cheap anti cheat instead of architecting it safely (expensively.)

I think that's a very naïve way of looking at game development. There are many reasons why games are exploitable besides lack of reasonable dev effort.

- Almost all games are going to use a licensed or shared game engine. That means the softwsre architecture is already known to skilled cheat developers with reverse engineering skills.

- Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

- The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats. More advanced cheaters can use PCIe devices to read game memory, defeating that mitigation.

- TPMs cannot be trusted to secure games, as they are exploitable.

- Implementing any of these mitigations will break the game on certain devices, leading to user frustration, reputation damage, and lost revenue base.

- And most damning, AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

A couple of thoughts, but I largely agree with you.

> Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

Denuvo is for the most part DRM, rather than anticheat. It's goal is to stop people pirating the game during the launch window.

> The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats.

This ship has sailed. Modern Anticheat platforms are kernel level.

> TPMs cannot be trusted to secure games, as they are exploitable.

Disagree here - for the most part (XIM's being the notable exception) cheating is not a problem on console platforms.

> AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

I don't think these are rampant, or even widespread yet. People joyfully claim that because cheats can be installed in hardware devices that there's no point in cheating, but the reality is the barrier to entry of these hyper advanced cheats _right now_ means that the mitigations that are currently in place are necessary and (somewhat) sufficient.