←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 2 comments | 16 Oct 24 18:18 UTC | HN request time: 0.028s | source
Show context
Joel_Mckay ◴[16 Oct 24 19:43 UTC] No.41863054[source]
In general, hardware/GPU/MAC signature hash checks are the only consistent way to bind player account histories, and even then cheats will change their identity with new hardware on fake postal addresses. Best to add a few weeks delay with "reviewing" ban status to prevent them returning hardware to retailers. Each day randomly permute which hardware signature trips the auto-re-ban after a random number of minutes.

Cheaters ruin the fun for everyone including themselves. Admins need to provide a personal cost deterrent for problem users, and randomly hang the game for people using code mods.

Let the ban hammer fall =3

replies(1): >>41864808 #
1. johnisgood ◴[16 Oct 24 23:07 UTC] No.41864808[source]
Unless I misunderstood, I do not see how this would actually work in practice considering the client can be modified and I can send whatever I want to the server, i.e. spoofing.
replies(1): >>41865414 #
2. Joel_Mckay ◴[17 Oct 24 00:58 UTC] No.41865414[source]
Even the Webgl signature check is resilient, and is the new tracking cookie on many sites like YT etc. It is a robust unique property of a specific system, and GPU. Not just the serial number...

Indeed, duplicate salted-hash signatures on multiple active users mean shills, and immediate bans issued for both accounts tainted by the black list.

The trick is to randomize a mix of easy and difficult signature checks daily.

i.e. the exploit writers will have to spend time cleaning up bugs, redistributing the patches, and dealing with angry people that have a GPU that is on the blacklist for a game. The more hardware details collected, the more difficult it is to prevent tripping the admin alert.

This is already done by some studios... "Play Stupid Games, Win Stupid Prizes" as they say... =3