Anticheat Update Tracking

(not-matthias.github.io)

124 points not-matthias | 1 comments | 29 Jun 25 21:06 UTC | HN request time: 0.467s | source

Show context

nulld3v ◴[30 Jun 25 03:24 UTC] No.44419002[source]▶

Very nice walk-through on the reverse engineering process.

Also, they linked this post that made my jaw drop: https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-...

Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...

I'm sorry, why do we trust these guys again?

replies(5): >>44419067 #>>44419870 #>>44421138 #>>44421444 #>>44425268 #

ethan_smith ◴[30 Jun 25 05:52 UTC] No.44419870[source]▶

>>44419002 #

This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.

replies(2): >>44421326 #>>44425616 #

gen6acd60af ◴[30 Jun 25 09:49 UTC] No.44421326[source]▶

>>44419870 #

>a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted

Can you elaborate? I'm unsure what a trust boundary definition means in this context and how it relates to attestation.

replies(2): >>44422531 #>>44422538 #

1. close04 ◴[30 Jun 25 12:39 UTC] No.44422538[source]▶

>>44421326 #

It means you trust something with lower trustworthiness without (re)validating, or even trusting it at all if the validation isn't all but guaranteed. The boundary is when you switch between levels of trust.

Trusting something outside of your control is a good example. When your trusted game server trusts the untrusted game client when it says "trust me, it was a headshot" without validating this.

↑