
Pcileech WebRadar – browser based radar cheat for CS:GO - msolujic
https://github.com/EngineOwningSoftware/pcileech-webradar/blob/master/readme.md
======
earthtourist
The main benefit of cloud gaming might end up being a significant reduction in
cheating.

The problem historically has been that game clients have access to a lot of
game state that enables cheats. With a "thin client" like Google Stadia, there
should be a lot less opportunity for hacks. The incoming game data is an
audio/video stream, which makes many hacks hard/impossible.

It would be great to play FPS games without any cheaters, they can easily
spoil an otherwise amazing game. Maybe future online tournaments will be cloud
gaming only.

~~~
wolfd
Competitive gamers care way too much about latency to use cloud gaming
services for tournaments. Some Counter-strike players still use CRT monitors
due to the latency advantage over LCD. I think that you won't see much
adoption in competitive gaming, where every millisecond counts.

~~~
rubatuga
Not anymore, LCDs these days have less than 1ms input lag.

~~~
microcolonel
No, they don't.

~~~
eBombzor
Source?

------
hombre_fatal
So, what data is it accessing and where does that data come from? I assume it
can show you players that you otherwise would have no info about in the game
UI?

For example, this data had to come from network packets, so if the server is
oversharing data, why wouldn't you just intercept the packets? What exactly is
the cheat?

The file doesn't explain much.

~~~
bri3d
It's accessing player location data after it's been decoded into structs in
the game memory. The packets are encrypted, so you'd need to MiTM the key
exchange to decrypt them, which takes you the same place this device goes (you
either need something running in the OS, or something outside of the OS with
access to host memory) - and it's a lot easier to just let the game handle
that for you and slurp the data once it's available.

~~~
ohmaigad
Why is the game sending all this data which is essentially just hidden by the
UI? What is the point of sending enemy location and health data when they
aren't near/visible to the player? For a non game dev like me it sounds like
wasted bandwidth and a way to enable wallhack.

~~~
Risord
Because knowing which data is hidden by UI from server is hard problem.

To achieve real-time feeling game apply (most) your inputs immediately without
having to wait relatively long time confirmation from server. So if you decide
to push button and peek around corner you expect to see enemy immediately but
server will know about your peek "much" later.

You can for sure limit some information by locations but you always must leak
more than it's actually seen by client. Also it isn't easy to solve: can any
part of volume be seen from another volume inside arbitrary 3D environment.
Enemy size and movement through network frame => players all possible eye
positions.

I think current best solutions rely on very rough (manual?) map piecing. So is
it worth to invest for such thing that makes some cheats bit less powerful but
cannot really prevent them.

~~~
mrguyorama
Keep in mind that CS:GO is ALREADY built on very very old BSP maps, so knowing
that some players aren't visible to others is super trivial, if not 100%
accurate (ie it's a little conservative)

------
sk0g
Readme seems out of date, seems to be detected by ESEA and FaceIt, unless the
hardware ID mitigation fixes that.

Shouldn't the hardware ID be randomised to start off with? Not that I plan on
using this either way, though.

~~~
bri3d
The detection is based on hardware ID interrogation, yes. Here's an ESEA blog
post about it although of course they don't go too far into their methods,
besides claiming they go "beyond just hardware ID" :
[https://blog.esea.net/esea-hardware-cheats/](https://blog.esea.net/esea-
hardware-cheats/) . My suspicion is that they interrogate "suspicious" devices
in various ways (for example, seeing if the IO mechanism provided by the
driver for each device installed in the system can be used in the expected
way), but this is of course easily defeatable.

~~~
sk0g
Have you tried to honeypot the ESEA client? See what digging around they do,
log absolutely everything you can, and see what you can learn from it.

Ugh, now I want to write my own game cheats for the sake of curiosity!

------
ezoe
This cheat use PCIe DMA to read the memory of the target computer which is
running CS:GO. No kernel/user space software on the target system is necessary
and practically undetectable from the target computer.

My stance on this is it's inevitable and game design shall be changed to make
this cheat irrelevant, by revealing everybody the all players location,
thereby the player who use this cheat has no advantage over the other. I think
it doesn't change the game that much for most of the game.

In case of the game which requires secret, it can be achieved by trusted
authority server or by using mental poker algorithm.

My guess is, you can't use this system to modify the target memory without
detection. Since it's impossible to change the multiple memory location
atomically, it would be pretty easy to detect from the target computer.

Also the guess, but to detect this memory peak attack, you take control of all
the memory bandwidth, no code but you can use all of the memory access, then
consume all memory bandwidth with cache disabled so you can detect the slight
bandwidth change that is either this attack, or it's DMA from the
motherboard(Possibly malicious access from evil binary blob firmware such as
Intel ME or AMD PSP)

~~~
TheGoddessInari
Aside from that this is a few years old, and got detected pretty quickly from
only the target computer without using the network...

------
cyptus
still wondering if you could not get some kind of radar cheat for cs, by 3d
analysing the audio outputs and rendering them on top of the game. Not as good
as a full radar, but seems pretty undetectable

~~~
ccmcarey
Already exists -
[https://www.nahimic.com/gamers/](https://www.nahimic.com/gamers/)

Utility is limited, since you can just .. hear the sound in the correct
direction anyway.

------
moneysake
this is years old

~~~
Karliss
This was probably posted as related to recent discussion of Riot Games’ anti-
cheat running at ring-0.

------
metreo
If you notice an issue please report. :D

------
cork
Cocaine is that you? Lol pretty sure i know these guys

