Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
himata4113 2 hours ago

I'll simplify for everyone: They don't. Although I do appreciate the author delving into this beyond surface level analysis.

Modern cheats use hypervisors or just compromise hyper-v and because hyper-v protects itself so it automatically protects your cheat.

Another option that is becoming super popular is bios patching, most motherboards will never support boot guard and direct bios flashing will always be an option since the chipset fuse only protects against flashing from the chipset.

DMA is probably the most popular by far with fusers. However, the cost of good ones has been increasing due to vanguard fighting the common methods which is bleeding into other anticheats (some EAC versions and ricochet).

These are not assumptions, every time anticheats go up a level so do the cheats. In the end the weakest link will be exploited and it doesn't matter how sophisticated your anticheat is.

What does make cheat developers afraid is AI, primarily in overwatch. It's quite literally impossible to cheat anymore (in a way that disturbs normal players for more than a few games) and they only have a usermode anticheat! They heavily rely on spoofing detection and gameplay analysis including community reports. Instead of detecting cheats, they detect cheaters themselves and then clamp down on them by capturing as much information about their system as possible (all from usermode!!!).

Of course you could argue that you could just take advantage that they have to go through usermode to capture all this information and just sit in the kernel, but hardware attestation is making this increasily more difficult.

The future is usermode anticheats and gameplay analysis, drop kernel mode anticheats.

No secure boot doesn't work if you patch SMM in bios, you run before TPM attestation happens.

orbital-decay 2 hours ago | parent | next [-]

>It's quite literally impossible to cheat anymore (in a way that disturbs normal players for more than a few games)

AKA the way that is easiest to detect, and the easiest way to claim that the game doesn't have cheaters. Behavioral analysis doesn't work with closet cheaters, and they corrupt the community and damage the game in much subtler ways. There's nothing worse than to know that the player you've competed with all this time had a slight advantage from the start.

szmarczak 35 minutes ago | parent | next [-]

In CS2, the game renders your enemies even though you can't see them (within some close range). The draw calls are theoretically interceptable (either on the software/firmware or other hardware level). Detecting this is essentially impossible because the game trusts that the GPU will render correctly.

chii 22 minutes ago | parent [-]

if you cheated with wallhacks, post-game analysis can detect it.

And it is possible to silently put you into a cheating game match maker, so that you only ever match with other cheaters. This, to me, is prob. the better outcome than outright banning (which means the cheater just comes back with a new account). Silently moving them to a cheater queue is a good way to slow them down, as well as isolate them.

himata4113 2 hours ago | parent | prev [-]

Overwatch has made the decision that closest cheaters are not a problem and have actually protected a cheater in contenders, although they were forced to leave the competitive scene. None of it ever became public.

maccard an hour ago | parent [-]

How do you know if none of it went public?

himata4113 an hour ago | parent | next [-]

Word of mouth, but if you looked at their twitter and proof presented it was undeniable. If you want to go digging check a french contenders player that there are videos of with an instance of where the aimbot bugged out and started aiming directly at the center of a player with perfect reaction time and movements.

JasonADrury an hour ago | parent | prev | next [-]

Every other competitive game regularly has public cases of cheaters being caught in pro games, overwatch doesn't.

PUSH_AX 27 minutes ago | parent | prev [-]

“Trust me bro”

uhx 2 hours ago | parent | prev | next [-]

Everything you described increases the cost of attack (creating a cheat), and as a result, not everyone can afford it, which means anti-cheats work. They don't have to be a panacea. Gameplay analysis will only help against blatant cheaters, but will miss players with simple ESP.

It's almost the same as saying "you don't need a password on your phone" or something like that.

himata4113 2 hours ago | parent [-]

Economics work out, harder to make means that it's more profitable to do so. DMA crackdown has actually lead into innovation which has drove the prices down for "normal" DMA hardware what used to be thousands is now $120, excessive spoofing detection has driven down the cost of bios level spoofing and as a result the creation of bios level DMA backdoors - no additional hardware required.

ESP is a lot more obvious to a machine than one might think, the subtle behavior differences are obvious to a human and even more so for a model. Of course none of that can be proven, but it can increase the scrutiny of such players from player reports.

maccard an hour ago | parent [-]

The number of people willing to spend $120 and hook up a hardware device compared to downloading and running an executable is significantly less. That’s kind of the point of it!

himata4113 an hour ago | parent [-]

You can achieve the same with usermode anticheats, once you have bare minimum obfuscations the level of entry is roughly the same as kernel mode anticheats in terms of price. Cheats cost more than $100 a month (rest are scams or don't put any effort into being undetected).

maccard 2 minutes ago | parent [-]

A DMA cheat requires a hardware change (and a second device). That is a much higher barrier than a download plus reboot.

> you can achieve the same with user mode anticheats

A user mode anti cheat is immediately defeated by a kernel mode cheat, and cheaters have already moved past this in practice.

A user mode anti cheat (on windows) with admin privileges has pretty much full system access anyway, so presumably if you have a problem with kernel AC you also have a problem with user mode.

Lastly, cheating is an arms race. While in theory, the cheaters will always win, the only thing that actually matters is what the cheaters are doing in practice. Kernel mode is default even for free cheats you download, so the defaults have to cover that.

lachiflippi 41 minutes ago | parent | prev | next [-]

Don't forget that ActiBlizz are also pretty much the only ones regularly taking legal action against pay2cheat developers, see Bossland/EngineOwning.

fleroviumna 2 hours ago | parent | prev [-]

[dead]