Most active commenters
  • pxc(5)

←back to thread

Anticheat Update Tracking

(not-matthias.github.io)
124 points not-matthias | 22 comments | 29 Jun 25 21:06 UTC | HN request time: 0.661s | source | bottom
1. nulld3v ◴[30 Jun 25 03:24 UTC] No.44419002[source]
Very nice walk-through on the reverse engineering process.

Also, they linked this post that made my jaw drop: https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-...

Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...

I'm sorry, why do we trust these guys again?

replies(5): >>44419067 #>>44419870 #>>44421138 #>>44421444 #>>44425268 #
2. ronsor ◴[30 Jun 25 03:34 UTC] No.44419067[source]
Because game companies force you to in order to play.
replies(1): >>44425146 #
3. ethan_smith ◴[30 Jun 25 05:52 UTC] No.44419870[source]
This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.
replies(2): >>44421326 #>>44425616 #
4. AHTERIX5000 ◴[30 Jun 25 09:17 UTC] No.44421138[source]
That's scary. I have an old Steam account with tons of games and already got banned once due to a bug in anti-cheat software and for a while my whole account was marked with a cheater tag.

The bug was so widespread that developers eventually removed bans but I'm sure something similar could happen where problem goes undetected and it would be really hard to try to convince developers to lift a ban.

5. gen6acd60af ◴[30 Jun 25 09:49 UTC] No.44421326[source]
>a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted

Can you elaborate? I'm unsure what a trust boundary definition means in this context and how it relates to attestation.

replies(2): >>44422531 #>>44422538 #
6. AnthonyMouse ◴[30 Jun 25 10:07 UTC] No.44421444[source]
It's crazy that people allow this stuff to effectively run as root. One of these companies is going to have a vulnerability that lets other players run code on your machine in kernel mode.
replies(2): >>44422770 #>>44423332 #
7. lightedman ◴[30 Jun 25 12:39 UTC] No.44422531{3}[source]
trust boundary basically means a spot in execution where the trust level of code changes (aka privilege level) and thus needs reverification
8. close04 ◴[30 Jun 25 12:39 UTC] No.44422538{3}[source]
It means you trust something with lower trustworthiness without (re)validating, or even trusting it at all if the validation isn't all but guaranteed. The boundary is when you switch between levels of trust.

Trusting something outside of your control is a good example. When your trusted game server trusts the untrusted game client when it says "trust me, it was a headshot" without validating this.

9. monster_truck ◴[30 Jun 25 13:01 UTC] No.44422770[source]
Happens about as often as games ship UI middleware that uses html and has xss, leading to an rce when the game leaves itself running as admin after an update. So basically all the time.
10. pxc ◴[30 Jun 25 13:56 UTC] No.44423332[source]
It's kind of amusing to me how some PC gamers act superior to console gamers because PC gamers run their games on a flexible, customizable, general-purpose machine that the user controls rather than an appliance... and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.

If you are a PC gamer and run anti-cheat software like this, you should probably think of your gaming PC as a much more powerful and much jankier console, and avoid running or storing anything on it other than your games.

replies(4): >>44425057 #>>44426618 #>>44427165 #>>44431639 #
11. MisterTea ◴[30 Jun 25 16:20 UTC] No.44425057{3}[source]
> and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.

This was not always the case.

Also, the publishers lie about how invasive their software is - see the Sony rootkit fiasco.

replies(1): >>44425795 #
12. seangrogg ◴[30 Jun 25 16:30 UTC] No.44425146[source]
Play dumb games, win dumb prizes.
13. dogleash ◴[30 Jun 25 16:40 UTC] No.44425268[source]
> I'm sorry, why do we trust these guys again?

Anyone who's attachment to gaming is low enough to let things like this effect their purchase decisions are already out. To the devs/pubs, those customers don't even exist in the category of potential customers. So they just worry about not pissing off the existing customerbase by changing the status quo too much or too fast.

replies(1): >>44425282 #
14. cobbal ◴[30 Jun 25 17:08 UTC] No.44425616[source]
Fortunately they have a solution for trusting untrusted clients already! They just need to run an anti-cheat for their anti-cheat.
15. pxc ◴[30 Jun 25 17:24 UTC] No.44425795{4}[source]
> This was not always the case.

I know. :(

(Though, unfortunately, the SecuROM fiasco shows that this has sadly been going on a long time.)

I say it's amusing, but it's a bitter thing for me, too.

16. ragequittah ◴[30 Jun 25 18:54 UTC] No.44426618{3}[source]
You just dual boot. Windows is a joke itself even without the anticheat shenanigans so I use it like a toy. Any real work gets done in Luks encrypted Linux inaccessible to the Chinese company with a rootkit in my windows. Hopefully.
replies(1): >>44429133 #
17. whoisyc ◴[30 Jun 25 19:55 UTC] No.44427165{3}[source]
What makes you think the PC gamers who do the PC master race things are the same people as the ones playing games with invasive anticheat? Just because they both game on PCs? Your assumption tells more about yourself than those mythical “PC gamers”, whoever they are.
replies(1): >>44427866 #
18. pxc ◴[30 Jun 25 21:05 UTC] No.44427866{4}[source]
Maybe you skipped over the word "some" in your reading of my comment, or there's other ambiguity in the scope of a subordinate clause that you interpreted uncharitably, but I don't actually assert (or assume) that all or only PCMR types run games that require such rootkits.
19. endmin ◴[30 Jun 25 23:46 UTC] No.44429133{4}[source]
Sony is Japanese
replies(1): >>44448152 #
20. hoseja ◴[01 Jul 25 07:55 UTC] No.44431639{3}[source]
> and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.

Only when you want to play mainstream anticheat slop.

replies(1): >>44436152 #
21. pxc ◴[01 Jul 25 17:25 UTC] No.44436152{4}[source]
A lot of people do! That's what makes it mainstream.

Even though it's not been part of my life for a long time, I would still prefer a world where people can participate in trendy multiplayer games without subjecting themselves to such corporate malware.

But I agree, many games are better and lack this, and a lot of games that rely on nasty anti-cheat software succeed more based on network effects than on intrinsic excellence.

If you game for games' sakes, it's not too painful to avoid games so encumbered, or to cut these from your gaming diet. If you game as a ritual to stay in touch with distant friends, you will probably experience more pressure towards the rootkit-encumbered slop.

22. pxc ◴[02 Jul 25 20:00 UTC] No.44448152{5}[source]
Maybe they're thinking of Riot Games' parent company, Tencent.