Anticheat Update Tracking

(not-matthias.github.io)

124 points not-matthias | 1 comments | 29 Jun 25 21:06 UTC | HN request time: 0.282s | source

Show context

nulld3v ◴[30 Jun 25 03:24 UTC] No.44419002[source]▶

Very nice walk-through on the reverse engineering process.

Also, they linked this post that made my jaw drop: https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-...

Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...

I'm sorry, why do we trust these guys again?

replies(5): >>44419067 #>>44419870 #>>44421138 #>>44421444 #>>44425268 #

ethan_smith ◴[30 Jun 25 05:52 UTC] No.44419870[source]▶

>>44419002 #

This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.

replies(2): >>44421326 #>>44425616 #

1. cobbal ◴[30 Jun 25 17:08 UTC] No.44425616[source]▶

>>44419870 #

Fortunately they have a solution for trusting untrusted clients already! They just need to run an anti-cheat for their anti-cheat.

↑