Hacker News new | past | comments | ask | show | jobs | submit login
Riot Games Approach to Anti-Cheat (riotgames.com)
557 points by cammm on July 17, 2018 | hide | past | web | favorite | 399 comments

Back when I worked in games we would detect cheaters and then shadow ban. Quarantine them by only matching them into games with other cheaters.

You may still have to ban them from certain elements of your game, like player economies (auction house, etc). But the more legitimate their experience looks the better.

The idea is that instead of fully banning them and triggering the next iteration of the arms race, you trap and release them into a competitive arena for cheaters. It's actually fun for them to compete with each other at who can cheat the hardest and no one else gets hurt. We hooked them up with a community rep. They found bugs and generally improved our security. Everyone won.

There's no way to win with an adversarial approach to cheating IMO, not when you let the client run on their machine

Sure. Until you're playing Dark Souls for the first time, you get summoned to help someone with a boss, and then get invaded by someone with a 360 degree one-shot kill spell that breaks all your weapons and armor, gives you an egghead that you can't remove unless you know where to go, and gives you an item that marks you as a cheater so you now get constantly invaded by exclusively cheaters.

The item that marks you as a cheater might have been a drop in another invasion, I don't remember. The point remains, once the cheaters realize you have a separate cheaters' matchmaking system, they will weaponize that too.

> The item that marks you as a cheater might have been a drop in another invasion, I don't remember.

I believe they can do it completely passively, so you’re kinda screwed if it happens to you :( This is sadly the nature of trusting what clients send you: a hacked client can send whatever it wants and the “anti cheat” in Dark Souls sadly seems to simply just check if an item should be possible, meaning a cheater can trick the game into punishing non-cheaters. Luckily this hasn’t been a problem for me on console, but it certainly does suck on PC :(

And of course, if it didn't punish non-cheaters, then cheaters could simply cheat the items in on one account, invade/summon another of their own accounts, (or passworded summon in the remaster) and then give the new account the items.

There's no winning against cheaters as long as you trust the client. (And it's possible to do it on consoles too, just more rare as the tools are readily available on PC.)

> There's no winning against cheaters as long as you trust the client.


> And it’s possible to do it on consoles too

Sure, but the barrier to entry is higher, so its not done as often. I’ve never noticed someone who was obviously cheating (which doesn’t mean I’ve never encountered any, but if I have, they’ve never been so severe as to do the things mentioned here or for me to notice it)

That seems to be a completely different type of cheat than described in the article. The article is just about cheats that automate certain moves that players would already be able to do, just would be very hard. It's not possible to stop this type of automation in the general case.

If a cheater can make items appear out of nowhere, that's not an automation cheat, that's a security vulnerability in the server that should be fixed.

My understanding is that the server is not for realtime. Realtime gameplay is peer to peer.

That sounds like a completely different system than League of Legends has. So hellbanning should work fine as suggested (it was suggested for League of Legends).

Other games that use (IMHO) broken protocols by trusting the client can't reliably use hellbanning, and I don't think they can reliably do anything.

But the realtime gameplay is where the cheaters are giving other clients items in order to mark innocent players as cheaters.

So everyone's getting hellbanned, at which point no one is hellbanned...

I'm saying that a game where the server isn't in the middle is broken, and cannot implement hellbanning.

League of Legends has a server in the middle, thus isn't broken, players can't give each other fake items, and hellbanning will work.

This is an interesting approach because even though they may be cheaters they are _still_ people that are interested in your game. The percent of cheaters with the objective to utterly destroy the game they're cheating at is probably negligible.

I mean... sure but they're also only willing to interact with the game when they're making the experience bad for everyone else.

I don't think it is really the cheaters that degrade the experience, it is the knowledge (right or wrong) that cheaters exist that reduces trust that makes for not fun experiences.

I've played online games for many thousands of hours over the past two decades and I can count the number of times I encountered a blatant cheater on my hands. Every time it actually happened people had a good laugh about it and either hopped servers or banned the person cheating. Sure I have probably unknowingly encountered a bunch of map and wall hackers but I didn't know so it didn't degrade my experience. For all I knew those players were just better than me, plenty of those around. Having played with some extremely high level players in various games, it actually feels like the good players are using map/wallhacks more than the actual hackers because they have such good gamesense.

On the other hand, I have been accused of cheating more times than I have actually for sure encountered real cheaters. It isn't fun when a server turns sour because everyone is accusing each other of cheating and getting salty over nothing.

Of course, if cheaters are allowed to completely run rampant this isn't the case. But any game with a modicum of community power to enforce rules won't have that problem. The major places you reliably encounter cheaters are non-private servers and matchmaking services that have essentially been abandoned by the developers.

Borderlands was fun until the cheaters showed up, and this even as a cooperative game.

People with hacked 999999999-damage guns warp in, splat everything and even if they dont steal all the loot, they make the entire game pointless.

You couldnt do anything about it but leave. There was no ban system users could appeal to.

Though some fun memories were had with cheaters in other competitive games, like coordinating to try to take down or hide from literally invincible opponents.

Counterpoint: Pokemon Go is incredibly infuriating to play as a new player because of cheaters. People spoofing their location fill up gyms, making it extremely difficult to earn in-game currency. They can also prevent you from effectively raiding with members of your own team, if spoofers from another team vastly outnumber you (reducing the reward from the raid).

Not only is it not fun, it's discouraging. And it's one of the big things that led to me quitting the game.

What games do you play? Because it's at least once a play session for me. Perhaps we are playing different games or different regions have more cheaters than others.

I have also often wondered if cheaters choose other regions than their own to exploit in, hence why little ol' Australia gets so many of them.

Wait, what? Why would allowing cheaters to run rampant mean people accused others of cheating LESS?

Sorry, in "if cheaters are allowed to completely run rampant this isn't the case." I meant "the case" as something like "the perception of cheating is more damaging than the actual cheating". Poorly written on my part.

Certainly not all cheaters have the same interests.

Some are simply curious experimenters, others are trolling, others want to make videos doing the impossible etc.

I wish there was another path out of this mess than the current arms race. It would be interesting what effect would result in providing a sandbox mode where cheating were allowed to see if it would reduce cheating in general population.

I've thought a little about building cheating detection into the mechanics and lore of maybe an MMORPG by treating it like a forbidden dark art.

If a player is flagged for cheating, they could take on an "aura" in the game. Maybe different types of auras for different types of cheating or for the types of events that took place around the cheating. It could grow stronger with more flags or fade with time. Fine-grained detection of auras could be a sought-after perception skill.

The in-game community could decide how they want to treat different types of cheaters. You could see interesting things like self-segregation or vigilante organizations.

You still have to intervene a lot to block gold farming bots or whatever, but I think you can keep the vanilla players and most cheaters happy.

Some game developers are making AI teams for their games which seems to be the logical conclusion for botting.

Console speed-runs have different leagues where different levels of glitches are allowed - from 0% to any%. Maybe that could work here, possibly as a "competitive aimbot league".

I was under the impression that 0%, 100%, and any% were completion ranges, not different levels of glitches allowed.

0% means you make as little progress as possible, level up as few times as possible, pick up as few items as possible, and otherwise avoid progress other than completing the objective.

100% means you pick up every item, finish every quest, etc...

any% means you do whatever you have to in order to get through as quickly as possible.

That said, there are different levels of glitches, exploits, and external tools allowed in different speedruns. TAS (Tool Assisted) speedruns would probably appeal to this crowd.

For instance this run[0] of the NES Super Mario Brothers games where all four games use the same controller inputs and finish in the same second. (Host says 3 games, but it's really 4.)

[0]: https://www.youtube.com/watch?time_continue=3358&v=EHfw-BEuR...

I’ve always heard n% refer to the completion ranges, as you say, however, the level of glitches allowed has often been a factor too (although in my limited experience its usually been simply no glitches allowed or glitches allowed). Mostly I’ve watched dark souls speedruns where the general consensus is that any in-game glitches are allowed, external tools, hacks etc are not and the % refers to how many of the bosses are defeated.

Doubt it. The one time I cheated on a game( borderlands 2) was because the game was too hard without the p2w dlcs that I had no intention to buy. I didn't mind playing along with other people that played in whatever way they wanted( cheating or not) but I was too afraid of getting banned that I disabled online play while cheating.

A friend of mine that was cheating hard for a period on CoD 4 only did so for the fun of it and had no intention to ruin the game for the rest players.

In the case of Riot / League of Legends, these are still potentially customers willing to pay for skins etc, which is their income stream.

I wonder if cheaters are as likely to pay for that stuff as non-cheaters?

A game with prevalent hacking/cheating is going to go downhill quick and lose it's established player base. Catering to these people in any way does not seem like a wise strategy.

The options presented are 1) segregate them into a separate pool, as suggested. They can then still give you money, the arms race is short circuited, and they don't impact the enjoyment of other players.

2) You ban them.

And then they possibly create an account and tread more carefully next time so they don’t lose their skins. This is behavior you can even see in streamers that get banned.

Frankly I think a zero tolerance approach to cheating makes sense and sends a more serious message. It still looks bad if cheaters exist even to other cheaters, for example a shadowbanned streamer, and makes it harder to take your game seriously.

So you ban them and they get back up to the same, if not worse behavior. Maybe they behave a little better or try to avoid getting caught.

Trying to keep someone banned is much much harder problem than finding them to ban in the first place.

Sorry, I was meaning my comment from the context of the conversation, where they'd be in a separate pool competing against each other. If cheaters want to cheat each other, it's no skin of my nose. Might still be a good revenue stream for Riot.

I see you’ve never had to deal with trolls and griefers.

What game did you do this for?

> It's actually fun for them to compete with each other at who can cheat the hardest and no one else gets hurt.

This part reminds me of 'Open' Battle.net for Diablo 2. Everyone used hacked items in pvp and just tried to have better fake items than their opponents.

Did you consider the possibility of false positives? Even the most modern and well considered justice system runs into this issue. Or is this not possible when detecting video game cheaters?

False positives are certainly possible. My office has an hour allotted to gaming on Friday afternoons. There have been occasions when TF2 kicked all players connecting from Linux clients (approx 50% of us).

I don't have much time for playing games anymore, but I can think of a few games where I would gladly start paying for subscriptions again if I was able to use bots. Even if it meant using special bot-only accounts. For some reason this is much more fun to me than just games specifically designed around programming bots.

I always thought it would be better if the player got to choose who they played with. Let me tag other players, and feed that into a ratings engine. Match me up with players who tag like me, and not with players that people who tag like me tag as arseholes, and untagged players. Lets put the social media perception filter to good use. Could be even better on MMORPGs, where you can populate worlds with players who will have fun with each other and speak the same language and do the RPG part in similar ways.

Quarantine only delays the length of time the cheater/spammer knows they've been caught, usually on the order of days. So, the tradeoff is building the real experience (along with adding new features) for those users to save days. It's usually not worth it.

>Quarantine only delays the length of time the cheater/spammer knows they've been caught, usually on the order of days

Days are crucially important in a game's development cycle. This is because the modern review style is structured around "first impressions", since interest in a game is an L-curve: the first person to get a review out can sometimes claim a lion's share of ad-revenue from possible viewers.

This means preventing cheating "on the order of days" can protect your game's review scores during the most critical review period.

How would you do that and ensure they don't interfere? Would have you have a separate server just for cheaters?

This approach sounds incredibly smart. Hope you can share more details about it, or even a fun story or two.

There's a youtuber who focuses on CSGO that recently made a video where he interviews a cheater, they touch on the "cheater vs cheater community" in the video as well.


Matching cheaters to cheaters is brilliant and should be THE non-intrusive industry standard!

Like Ashley Madison.

Very productive approach. I felt like I learned something today.

I have mixed feelings about anti-cheat, especially in the last few years. A lot of them are getting rather intrusive. Take Player Unknown's Battlegrounds for instance, which uses BattlEye. It actually injects a kernel mode driver into Windows that spies on whatever else your system is doing and exfiltrates unknown data in the name of "guaranteeing a fair game experience." I didn't even realize that this is what it was doing until my system crashed one day and the cause was some .sys file in PUBG.

It'll also randomly kick you from games for having various programs installed or running. Programs such as VMware. You have to disable all VMware services or PUBG will kick you randomly for using "unauthorized applications." God forbid you have any VMs running, that might amount to a ban (seriously).

Worse still is that when you take your complaints to their social media, or in anyway speak ill of it, you get hordes of fanboys saying that you shouldn't install anything other than games on your PC or you're a dirty cheater. "Oh you want to do things _other_ than gaming on your PC? You should buy another PC then."

Don't even get me started about trying to run games in a virtual machine w/ GPU passthrough. The communities will tear you a new one telling you to do things "normally" and by attempting to use anything other than the "normal" setup makes you a cheater. Just google anything like "steam vac kvm" or "battleye kvm" and you'll get hordes of people claiming they heard some guy say virtualization is the future of game cheating therefore VMs are cheating tools and should be banned.

Seriously, if I could get a refund for every game that uses BattlEye, I would try.


> You have to disable all VMware services or PUBG will kick you randomly for using "unauthorized applications."

If any game dis this to me, I would be having a refund, through credit-card charge-back if necessary.

Unless of course it is made obvious up-front that the game will not work with certain common legitimate software, in which case I'd have not paid for it in the first place and would play something else instead.

> which uses BattlEye. It actually injects a kernel mode driver

Sounds like something I need to avoid. A game is a user-land program and has no business touching kernel-space (with the possible exception of direct communication with the graphics hardware for performance reasons, but in this decade that to me would be a huge code smell...)

Having said that: I've not bought much by way of games aside from a few small ones in Steam of HumbleBundle sales, other parts of life are just too busy for me to have the time ATM, and I've never really bothered with PvP/online gaming (when I play games I do so to escape the unwashed masses, not invite them into my living room!), so I might be so far from the target audience that my thoughts on the subject count for nothing.

Be careful, if you do a chargeback on Steam or similar platforms you will be banned.

It shouldn't be necessary: if it wasn't made clear that the product was incompatible with common standard software and that stops it working for me, then it is not fit for purpose and if they are following the law a refund should be easy to obtain.

If it gets to the point where a chargeback is necessary then they are being a bad actor and I wouldn't be spending any more money with them in future anyway. If any banning means I lose access to content I've already paid for, then I can re-obtain that by other means. I currently chose to pay for their games but that doesn't mean I'm not capable of obtaining them by other means and would feel no moral compunction not to if I'd already paid for them but been locked off unfairly.

One more reason not to use Steam and friends..

I agree with everything you say. It's ironic because game companies themselves use virtual machines with obfuscated instruction sets in their games as a copy protection mechanism. It's pretty hard to feel any sympathy for them once hackers get around their pathetic countermeasures.

To add to your post, here's an example of why game developers can't be trusted to run code in kernel mode:


What would be a better option?

GOG is doing just fine, including AAA titles as Witcher3. It's the only place I buy games from.

GOG is run by a subsidiary of the developer of the Witcher games (CD Projekt), so that may not be the best example to make this point.

Why? They have other games too, by definition drm free: what's awesome if you use wine.

I've been out of gaming for some years but this reminds me of similar issues with PunkBuster. I'd spend hours pulling my hair out trying to figure out why I was being booted from games. The worst bit was, it didn't actually stop cheaters.

Oh god... I forgot punkbuster even existed, what an absolute pile of garbage. So many hours wasted on dealing with that shit and reading redundant and useless forum posts where everyone just copy pasted the same shit over and over.

> The worst bit was, it didn't actually stop cheaters.

These things usually don't, unfortunately, at least not for any considerable length of time.

It is the age-old arms race scenario. There are small number of developers and an army of potential cheaters. The developers have to get it right 100% and the cheaters only have to get their part right once: once a viable method is found it can be reused by themselves or sold, or passed on gratis.

And cheaters can be very determined, either because success in the game world by any means gives them some real form of affirmation or in the case of "professionals" some form of profit.

Heck, for some working out how to cheat the system is the game!

I wouldn't take PUBG as a compelling example. Most of what they do is WTF IMHO. The game is famous for being laggy, buggy, crashy, and the servers down often. They also have a history of making very strange technilogical and features choices.

There is a reason the hype has gone down quite a bit...

Still sounds very wrong what they are doing though.

I'm not entirely sure how this works but I would think the developers of BattlEye decides and develops what it reacts to and not the PUBG developers? Why else would you use a third party solution?

Ha yes, that sounds likely indeed.

I see they are used in quite a few games as well : https://www.battleye.com/ (including PUBG's main rival).

Interesting. Maybe my disappointment in PUBG got me to be a bit more biased than I should :).

Also since games are owned by Companies there is literally nothing you can do for all the decisions they take. You just have to get on with it.

You may also avoid such games and demand fair labeling of such titles by platforms like stream.

So I'm not seeing anything particularly novel here. In fact, I think most AAA titles do most if not all of these things today. It really just boils down to understanding your title's threat model and mitigating the threats.

I think the article missed an opportunity to talk about false positive rates, the workflow for users to get unbanned due to false positives (usually a very nasty process), performance, platform support (Windows, for example, has encrypted app packaging [1], anti-cheat monitoring [2], and protected processes [3] built in), and the privacy implications of uploading non-game-related Windows driver and process data.

[1] https://docs.microsoft.com/en-us/windows/uwp/packaging/creat...

[2,3] https://docs.microsoft.com/en-us/windows/uwp/packaging/app-c...

> It really just boils down to understanding your title's threat model and mitigating the threats.

Well that can be said for every product ever...

I do agree though, I did expect a little more real content. Not the "how anti-cheat works" because then we can find ways around it more easily, but like you said: reliability, performance, etc.

If you wanna something more novel, look at this talk from Valve [0] on how they are integrating Deep Learning into their CS:GO cheater detection system (confusingly called Overwatch). It's not used to ban users, but rather to bring suspicious plays into their existing user-reviewed moderation system.

In general, this type of human/AI side-by-side feedback loop seems to be very successful, all the way from games to moderating content on the web.

[0] https://www.youtube.com/watch?v=ObhK8lUfIlc

> usually a very nasty process

especially with how opaque the whole flagging is.

I understand why they do it and a game environment is not a democracy or a court of law, but it's hard to defend yourself when you do not have access to the evidences.

Videogame cheat developer here (although, not for the game mentioned in the article) -- The mentality of game companies is if the 'evidence' of the anti-cheat flag is made accessible to users, cheat devs will use the same evidence to overcome the existing detections in place.

The oft-used 'arms race' analogy for this would be like sending blueprints of your newly-fabricated weapons to the adversary.

I've always been curious about this, do you get paid, and if so how?

People love cheating so much they pay for the tools to do so.

The fact is 99 out of 100 banned users were actually banned for good reason and are lying about not cheating. Half of those will also dmit to cheating but beg for forgiveness as if they aren't quite literally destroying the game and everyone's enjoyment of it. That less than 1 percent that is truly innocent is nearly impossible to service because of all the noise.

Cheating definitely sours a gaming community, as does falsely accusing people of cheating. I left the original (circa early 2000s) Counter Strike community after being routinely accused of cheating. I have never once cheated in a online multiplayer game. But, some people just couldn't grasp that I was really that (comparatively) good & quick of a shot. Also, I don't think they realized that certain materials could be shot through with a powerful enough weapon. I probably had a bit of a leg up on most people, too, as I had state of the art hardware for the time (I had dual P4 Xeons, 3GB RDRAM & the best at the time GeForce AGP card in 2002) and a single to low double digit ping for most servers being on a university OC-3 line.

Your comment reminded me of a frustrating evening on bzflag.

Long ago I was using a custom Linux box with a slow GPU, and on one map no matter how hard I tried (and no matter how many fellow players watched trying to help me get the timing right) I simply couldn’t jump to the first level of a building.

I’d never experienced a hardware limitation quite like that.

Haha neat. That was probably caused by the physics engine running slower than needed. If you do a rough friction calculation based on the frame rate you will end up with more friction at 20 fps vs 40 or 60.

Really trivial question, just look at any big cheats and most work based on subscriptions. AimWare, Project-7, ...

Yeah, I remember seeing the anti-scanning measure in another game circa 2009. IAT hooks were hot then too. I wonder if they run a CRC on sections of the game code as well (also pretty trivial to defeat).

This is a great technical breakdown of some modern high level approaches to common cheats. I think this the most transparent approach (even though the author admits leaving some detail out) to modern anti-cheat for massive multiplayer games. Good on riot for having an open dialogue about this. I don't think you'd ever see someone like Valve going a transparent route with something like this. (Not making a judgement on that decision, just an observation).

Fair context: I make cheats/utilities this exact game being talked about in this article, so perhaps my opinion on the subject is biased or even invalid.

I partially disagree about the transparency of this article, while they do explain most of their approach to anti-cheat (and that is pretty cool for them to do), they seem to leave out any mention of anything that could be controversial.

It suppose that it does make sense to not mention the implementation details of their anti-cheat, but I wish that they would be a little more transparent about how/when/what they snoop around and send to their servers. The current Mac game client for League Of Legends contains full debug symbols and it doesn't have Packman (the packer described in this article), which makes it quite easy to look through the symbols. Inside you can find all of the anti-cheat-related network packets, in specific:

PKT_C2S_EnumDrivers PKT_C2S_EnumProcesses PKT_C2S_EnumDrives PKT_C2S_EnumHandles PKT_C2S_EnumRecentFiles PKT_C2S_EnumModules PKT_C2S_ProcessorData PKT_C2S_SystemState PKT_C2S_ModuleLoadNotification PKT_S2C_SendModule PKT_C2S_ModuleResponse

Now, I personally expect anti-cheat to snoop around my system when I'm doing something shady like scanning its memory. However, if I was a normal user of the game, I would be a bit concerned to know that it might be sending my recently used file names, drive names, system driver names, currently running processes, processor information, system state, and even entire binary files that it automatically deems as "suspicious", to their servers.

I don't expect software I use to scan my hard drives and exfiltrate data ("send samples") to their developers. That's exactly what malware does.

Companies just say it's for "security reasons" as if that somehow justified everything. When I read an anti-cheat software's privacy policy, I discovered it could scan my RAM, my files, take screenshots... They're basically trojans. It's not just game companies either. Banks here trick users into installing "security modules" that are actually kernel mode network monitors. I refuse to accept that.

These shady anti-cheating practices makes cheaters look good in comparison; similar to how copy protection measures make a genuine product inferior to the cracked version. If a hacker figures out the game's network protocol and writes his own client, he won't have to install a bunch of malware on his machine just to play the game. In my opinion, these developers are the real heroes.

Do you know if process information contains command-line information? Because that could totally contain someone's credentials...

Which is precisely why it is an antipattern for any program to pass it accept credentials as command line arguments.

I wasn't endorsing the practice.

>even entire binary files that it automatically deems as "suspicious", to their servers

If "deems as suspicious" means "whatever the server tells it to send" I would be very concerned.

Wouldn't that run afoul of GDPR?

Not necessarily. GDPR isn't a blanket ban on collecting/using this info without consent, it's a policy that consent is required for non-essential collection/usage. You could argue that anti-cheat is essential for an online multiplayer game like this.

I think it's sketchy to collect this much info, but I don't think it's explicitly illegal.

It's a bit more complicated than that. You have to do a few things. First you have to tell the customer that you are collecting their data. Then you have to tell them under what lawful basis you are collecting their data. The user then has various rights (depending on the lawful basis you choose) to object, etc. If you must collect and use the data in order to fulfil the contract (i.e., there is no other way to do it -- for example you need to get their address in order to ship them a package), then you can just do it (as long as you tell them that you are doing it). For most other lawful bases, you have to allow them to object, in which case you have to stop using the data.

I think the real question is whether or not the information in question is personally identifiable information. If it's not, then GDPR doesn't apply. I think you could make a pretty strong argument that it doesn't apply, as long as you take pains to ensure that you can't identify the person from the information.

> I think you could make a pretty strong argument that it doesn't apply, as long as you take pains to ensure that you can't identify the person from the information.

That would entirely defeat the purpose of an anti-cheat system. You have to have some sort of personally identifiable information attached to the data being sent in to the server, otherwise how are you going to ban the cheaters? Even IP addresses are personal identifiers as far as the GDPR is concerned and even if they're not storing it long term, just sending the user data over the wire is enough to trigger the data collection portions of the GDPR.

Exactly this. The moment you send it via IP you have the IP address and therefore have PII data. And the moment you take screenshots you cannot not be sure what you collected.

This does go further beyond GDPR as it is imho an intrusion into the inner most personal space. I believe a German court of law would have a field day ripping this practice apart, if a case would be presented.

Esp. if they do not totally make it clear upfront what they are doing. In a way every layman is able to understand.

Instead of using an IP address to identify cheaters the game could assign a unique random generated ID to players. Then they could ban that id without using IP. I think this scheme complies with the GDPR if you take care of not binding that ID with other user personal information.

If you can identify a physical person with a unique identifier, it is PII according to GDPR, I believe.

You can apply a one way function to an IP to obtain an ID and then maintain a database of bad IDs. For example you could compute this ID by the SHA256(IP + secret salt). Since way one function don't allow you to recover the IP, the ID is not PII. If you detect an IP which has bad ID the connecting ban that IP from the game. I think this respect the GDPR, you don't maintain a list of IPs or any other PII.

The second you use this ID to tag data you're sending over to the servers, that ID could easily lose any claim to anonymity for the purpose of the GDPR because the anti-cheat system vacuums up a vast trove of information. All it takes is one email "Re: Claim for Your Local Psychiatrist Bob" or a document named "John Doe Jr - First Grade Book Report.docx" showing up in the titles of your open windows (that many anticheat systems send to a remote server) and boom, that ID and all of the data attached to it are now a radioactive liability.

Any phone has enough computing power to just bruteforce a 32bit value in order to recover the original IPv4 address from a normal cryptographic hash in a practical timeframe.

I seriously doubt you'll be able to cheat the courts with silly tricks like this. SHA256 isn't any different from ROT13 here.

The anticheat team at a videogame company might not know/care about this. This has definitely been the case with past European data privacy regulations.

Or it might be deemed reasonable. E.g. you may not film public road in the Netherlands because of privacy, but you may film the patch that your car stands on it if there have been car fires in your neighbourhood in the past month and you are concerned about your car.

> you may not film public road in the Netherlands because of privacy

So does this effectively make dash-cams illegal?

License plates contain personal data.

> The current Mac game client for League Of Legends contains full debug symbols and it doesn't have Packman

Probably because the person writing these anti-cheating facilities isn't as aware of how to implement these on macOS.

Unlikely. More likely there's simply not a very large Mac player base for the game, as compared to Windows

So are you living out of that?

How do they know you're not doing something shady if they don't actively scan...

Why do you think they have the right to know whether I'm doing something shady? Are they some kind of police? Did they get a warrant?

Valves John McDonald recently gave a talk at Gdc how they use machine learning to combat cheaters in CS:GO. Quite interesting to watch. https://m.youtube.com/watch?v=ObhK8lUfIlc#

Is this really open dialogue? Correct me if I'm wrong, but basically all of the methods that they mentioned are pretty standard stuff. They had a few interesting twists on these ideas, but in general, things like source code encryption and shuffling memory locations seem pretty basic.

if you are familiar enough with the subject matter everything will seem basic.

Well I have to agree with op. Encryption and obfuscation started with early copy protection systems, even packers like upx offered that iirc. Measurements against memory manipulation have also been around for a while, I encountered them the first time when I tried cheating money in rollercoaster tycoon in 99 or whenever that came out. Obfuscating the network protocol actually seems more of a novelty than those two things.

It's a good article but I'd hesitate to call this "modern"; this is circa-2006 AAA title security. Serious content protection is significantly more sophisticated than this.

(I'm not an expert but I've done some anti-cheating pentests before, and have seen literally all these primitives deployed on old titles).

Most anti-cheat methods stop working once the details are known. As someone else mentioned, there was a talk at GDC this year about one of their anti-cheat systems. The talk got into a lot of detail about how this particular system worked.

Because they all do the same so there is no need to share that. Riot is a recent studio, other studios have been doing that for years. As for transparent approach I'm not sure what you're referring to, players don't need to know that kind of things, there is no benefit sharing that to the public.

Here's my project's approach to Anti-Cheat.

1, 2, 3) Everything on the server. Server's version always wins. Server is the authoritative source. Granted, I have a mathematical advantage in the game's particular movement mechanics which makes this easy to get away with. The other game mechanics are also designed with facilitating this in mind. Corollary: The client is almost nothing and trusted with nothing. It's pretty much a dumb terminal for displaying moving things, syncing their motion with the server.

4) Scripting -- if you can't beat 'em, join 'em! We're going to publish an API to allow for user scripting. We plan on releasing the client as Open Source, allowing people to modify and extend the client.

5) Cryptographically hard RNG and procedural generation. If you want to know what's in Star System 7, Galaxy Grid 123987236-87324958, you're going to have to go there yourself. We don't even know ourselves!

Regarding #4 -- This is going to be a design philosophy. Anything we can't enforce, we will allow and co-opt into the game!

Essentially, treat the client as a client to the API that is the game and that presents the game world.

I like the idea of customized clients, ala WoW's add-ons back in the day. Looking at the screenshot in the article, the idea of treating visible weapon ranges as a cheat strikes me as less balance than artificial difficulty. (Especially considering how many games have exactly that feature.)

Very unfortunately what you explain here only work for very specific type of gameplay. For instance almost nothing works when you need to secure first-person shooter simply because it's skill-based gameplay where it's also very easy to cheat for the bot.

Nvidia has geforce now http://www.nvidia.com/object/cloud-gaming.html and people with good internet connection have been able to play FPS games. Granted, the latency and the FPS are worse than a local game, but surprisingly it is unnoticeable to many people.

Streaming wont help against cheating in FPS, aimbot just going to use machine learning to determine enemy location and conrrols are not problem.

There are more kinds of skill than just twitch fast aiming.

#4 has introduced an interesting problem in the MMO space. By allowing scripting in WoW, players were penalized either because they couldn't keep up, or the general community would demand they run parsers to tell that they couldn't keep up. The vanilla experience was no longer good enough. FFXIV decided to ban any client customization in an attempt to avoid these kinds of toxic situations:


#5 is a bit of a double-edged sword, isn't it? All RNGs that I know of would require a shared seed value, and with procedural generation, you can effectively path any/everywhere in parallel.

You can always leave some crucial part or procedural generation on server-side too and impose some limits on how client can use API to it. E.g client might do any kind of heavy lifting (generation of terrain, etc), but code that handle important stuff (e.g PvE enemies, rewards) could be stay on server-side.

All generation is done on the server side. The cryptographic strength is to protect the seed from being inferred from the output.

> 4) Scripting -- if you can't beat 'em, join 'em!

Yeah, I was kind of annoyed that he flags this:

> draws the ranges of various abilities, indicates which minions are ready to be last-hit, and shows the path of skillshot projectiles.

as a cheat. It seems like this would be a godsend to new players.

However, I prefer Supreme Commander/Total Annihilation-like games over the twitchfests like Starcraft.

However, I prefer Supreme Commander/Total Annihilation-like games over the twitchfests like Starcraft.

We've made our client so dumb, even Fog of War is cheatproof. How do we enforce not seeing something? The data for those entities isn't sent. In fact, this is exactly the same thing as making an entity disappear. The entity's tag and movement info aren't sent, and so it's diffed out of the set of visible entities.

Same thing already done in spiritual successor for Supreme Commander/Total Annihilation called Planetary Annihilation. Basically there is authoritative server that work exactly that way.

Only downside of this is that when you have few thousand units on screen game will use abysmal about of bandwidth like 8Mbps for each client. So when there is 10 players in-game server-side must have these 80Mbps.

Oh and it's also used as replay / save system. Amazing tech:


Interesting. My bandwidth use is on the high side, but I have certain advantages. For one thing, there will never be more than 70 units on the screen, and all of the locally simulated objects are deterministic. I'm also planning a replay/debugging system based on the mechanism.

The tech is quite interesting.

The game, sadly, not so much.

I wish they had spent 1/10 the effort on the actual game for single players that they did on making it "Twitch/YouTube-friendly".

Now you have me curious what project you’re working on.

The game is 100% online. Could you have a piece of the networking protocol where the server sends little snippets of executable code over the network during the game that read some specific locations in memory, do some processing, and send the results back to the server in the next packet? You could do things like check the starting address and length of loaded dlls, or take the hash of some random span of machine code, or even random locations in the heap, all of which may or may not actually be verified on the other end.

You can use any number of obsfucation tricks to hide their purpose (if they even have one) and you could even randomly generate them. And since the server expects the response in the next client packet it would be literally impossible for a cheater to manually deconstruct them, and even be difficult for automatic analysis tools to have enough time to do anything meaningful with it.

You can reduce the security nightmare from the user's perspective by only allowing machine code that's on a tight whitelist. Allow it to read from anywhere, and only let it write to a dedicated little sandbox area with e.g. fixed addresses.

If you restrict the machine code it makes it that much easier for me to write an emulator to execute your machine code and return the result. It might even be trivial. It is a never ending Ouroboros. You build a more clever mouse trap, I will design a more clever mouse. If I have all your code and am running it on my computer it will be a matter of time before I can back out whatever obfuscation or technique you are doing and undo it. You may have some hope in network delivery of graphics only. If I am not running the game client code, and just streaming the game from one of your servers, you have a chance at keeping your client safe.

> emulator to execute your machine code

I think you missed a part. Namely that "It is allowed to read from anywhere". If it can't write anywhere but the sandbox, that just means it can't modify the game dynamically, just read its state. Which is plenty to verify whether the client has been hacked anywhere. You can read spans of .text to check whether code has been modified, you can read heap locations to check whether the state of the game is valid, and you can take all of that and hash it with a random seed included in the packet to set a high bar on the speed of any emulator. Your emulator would have to dynamically check every access to make sure it doesn't touch anything that has been tampered with, and change the reads to read from un-modified sections, while allowing it to view everything else accurately. Seems like a high level of effort for the cheater, for a low investment from the developer.

I see. The problem is the server needs to know all of the values it expects. And if the server knows the values a cheat can figure them out too. For example, a cheat could hook OS functions and report on values in certain memory regions (e.g . the games loaded .text as some cached values). Same with reading heap locations, hook the memory read functions. Computing a hash doesn't have to be emulated, though, right? A cheat can just compute it with whatever data /should/ be there for the game state. This also means the questions the server can ask of the client are ones it can somehow model. So, this is imposing potentially restrictive requirements on any server software if it needs a non trivial mapping of the client's memory. I have chased down a lot of really bizzare and non-deterministic packers and cheat software like this and ultimately you can only make things so difficult due to Rice's theorem. To truly detect cheating you would practically have to run all the computations my computer is running, at which point you might as well just stream the game to me instead of letting me install it and run it on my computer. These sort of "check for a known good state" things can almost always defeated by appropriate function hooking. Ultimately, my computer is a hostile environment for your game and I have complete control of it. The traps a client running can only be so elaborate. I do agree things like this will take some time and increase the skill required to take them apart, but you would be surprised at how much harder some CTF competition reversing problems are compared to a scheme like this, I think.

I think what you are getting at is that it's impossible to 100% fully prevent cheating. This is true, but I don't think that's the goal; the goal is to make it difficult enough that it's not worth the effort. The value gained from cheating in a video game is low enough that the vast majority of people would not be willing to go through such lengths to do so.

The average user doesn't have to go to such lengths, they just subscribe to a cheat company that does. That's literally how it works today. Cheats are big business.

Okay, but my comment still stands: You don't need to make it impossible, just hard enough that it's not worth the effort. This applies whether we're talking about individuals or companies.

As an aside, I don't know anything about the market for game cheats. Do people really pay a significant amount of money for that?

People are diligent enough to crack Denuvo's wall-of-VMs approach for free, even though it takes 6-12 months of work to do it. How much effort do you think people will put into it when there's money on the line?

People pay enough money for cheats that cheat makers have their own pretty intense DRM set up to make sure they get paid. You're probably looking at $10/month for something entry level, going up to $50 or $100/mo for something exclusive (that will take longer to get you banned).

> The value gained from cheating in a video game is low enough

Many people made serious money botting MMORPGs and selling gold. It's so prevalent it accelerates the inflation of the in-game currency.

If people make it too difficult to hook into the client, cheat developers can always reverse engineer the network protocol and make their own custom client. This bypasses all client-side annoyances. They might even create a headless client that can be run on servers.

A sandbox can be a virtual machine, for all practical purposes indistinguishable from any "normal" computers ordinary players use. Of course this will lead to the never ending Ouroboros of more sophisticated detectors and more sophisticated virtualization, ad infinitum.

I've heard there are cheats that use hypervisors to stand above the operating systems and avoid kernel-level anti-cheats. I wouldn't be too surprised to learn about cheats that sit on a bus and use DMA to peek into anything they please (subject to the memory protections of IOMMU - again, this war doesn't seem to have an end) - they're probably impractical but not something that couldn't exist.

I never claimed that this would be perfect. All security, especially the kind we're talking about here and the kind mentioned in the fine article is about the relative effort that the developer and cheater has to do to create the obsfucation and work around it, respectively. Making debugging harder doesn't make debugging impossible, it makes it more difficult and take more time. Adding random cheat checks on every rebuild doesn't make it impossible to find and remove them, just takes more effort and time. I.e. how much time investment do the developers have to put into making the workaround vs how much effort it takes the cheater.

I'm just saying this could be a relatively low effort on the part of the developers to create and a relatively huge effort on the part of cheaters to work around.

I really want to believe all this effort better be spent into fixing cheating. Either by tweaking game mechanics so cheating provides no meaningful gain (and just gets boring) or by tweaking other participating nodes (servers or other clients) into not accepting situations that should be impossible.

I don't know anything about LoL, though.

The article goes over all of these things, and LoL already goes to many lengths to invalidate as much cheating as possible. Their servers already don't trust data sent over the network and verify it independently, they already don't send information to a client that it doesn't currently require to render the frame, like the hidden locations of enemies, they're simply not sent so "map hacking" is literally impossible. The article has lots more details, I would recommend it.

Hah. Are you me? That is what I always call the cat and mouse of cheat / anti cheat. (An Ouroboros) :-D

I've just read your comment above and then quoted you without the proper credit ;) Liked the naming.

Ahh, well thanks :)

"If I have all your code and am running it on my computer it will be a matter of time before I can back out whatever obfuscation or technique you are doing and undo it."

sure try to undo a block-chain and see what happens.

The code will be encrypted with a unique key that will need to be registered on the server with your account. Change that code and it invalidates your entire build along with your account. case closed.

I think you are missing my point. This concept in client computing security basically chains back to the halting problem. You can't /know/ what I am doing with my computer. You can build a very elaborate trap / obfuscation and it might be hard, really hard, to defeat it or circumvent it, but it is a certainty that I can. The block-chain has absolutely nothing to do with client code security because it has a network enforced mechanism. What the grandparent was suggesting was running some nugget of code in a little VM (or actually on my machine), computing a result, and then returning the result to the server to make a security decision. The problem is I control that machine performing that computation and your security decision as the server is based solely on the computation performed on my computer. A skilled reverse engineer will just hook your code in the right place, intercept that security check and have it return the right bytes back to your server, while still doing whatever client side cheats they wanted to do.

https://en.wikipedia.org/wiki/Rice%27s_theorem <--- this is all about program behavior and did the user actually run the code you sent them. Block chain is about "did I possess certain data" (such as a private key to sign a transaction) and not about "did I run certain code".

You are absolutely correct, but it occurs to me that CPU designers could actually implement a kind of RSA style memory fetch instruction. The CPU would generate a public/private key pair, where the private key is not accessible by any means. The client would send the public key to the server, which would in turn encrypt the memory location(s) that it wishes to inspect. There would then be an instruction on client's CPU which would accept that encrypted memory location and return the contents, without divulging location. The CPU could regenerate the public/private key values for each request. I can't imagine defeating that kind of scheme without hardware hacks. The more that I think about it, the more I wonder why no-one has done it before, because it seems useful. Probably there is something I'm missing...

You're on your way towards reinventing "trusted computing". https://en.wikipedia.org/wiki/Trusted_Computing

How do you prevent the cheat doing a MITM attack and changing keys?

Yes, you are right. That's what I was missing :-)

The answer, and it has dark implications, to me, is Trusted Computing. Never let the user have full control. Do this key exchange on a base OS or some other VM the user can never touch (e.g. Knox / TrustZone). Still, we can exploit our way to this trusted OS and MiTM there, but it takes much more skill. With Trusted Computing the base OS can more simply install a "spy" to keep track of a games memory / code to ensure it is only ever loaded and executed from memory that is essentially made read only after the program is loaded but before it executes. The trusted OS verifies the program code, the OS, etc, and if it all checks out, let's the code run. Of course it goes back to the halting problem, but if the programs memory is unexecutable and modern exploit mitigation is applied the game is now in a considerably sturdier mouse trap :)

Blockchains are not a solution here. This comment doesn't make much sense; your proposed solution is missing a lot of details.

If there was a simple solution to this problem there would not be insanely complicated packers that basically try to make their own instruction set.

If the player controls the CPU the code is running on, there is fundamentally no way to enforce they are actually running the code provided.

A server can't validate the integrity of the game remotely. A program on the user's computer must do that for you. You're trusting that the program will do what you expect it to do.

All one needs to do is modify the program to make it always tell your server the build is valid. Problem solved.

This is a very bad analogy, and you have misunderstood the problem to a huge degree.

What you describe is very similar to "Warden", Blizzard's anti-cheat system. I'm not sure how up to date this article is but it talks about how it works and approaches to working around it https://hackmag.com/uncategorized/deceiving-blizzard-warden/

It's pretty tricky to build a machine code validator to only be able to write and execute on certain areas... in x86, you have to take care of 'jumping in the middle of an instruction', that not only writes but also jumps are limited to your small area (because otherwise you will end up with something similar to ROP), etc.. I think Google Native Client did something like this, but it doesn't seem trivial.

On the other hand, a way to bypass it could be that, when you detect one of those "executable code packets" has to be run, you undo all the injection/hooks in the game (so that you are really running a 100% unmodified process), and let the executable code packet run. After it finishes (you could detect this by a timer, page fault, etc. which can be handled by a different process in a different address space), you inject all the hooks again.

So as a cheater you intercept those snippets, lets them do their magic in a dedicated address space that has the same client code loaded?

So you're saying the cheater would have to run a duplicate, unmodified, instance of the game in parallel with the hacked version that the cheater is actually using, while correctly teeing networking traffic and mouse/keyboard inputs, and dynamically inserting the snippet results from the legit copy over top of the results of the hacked copy. That seems like a huge increase in level of effort from cheaters for a relatively small measure from riot. Seems worth it to me.

You are going to kick players off for a missed packet? Network connections have packet loss and game protocols are usually udp.

Nope, just like any other game state that will eventually have to be synced to the server the results can be synced later. But you can't just run it any time because it reads the state of the game as soon as it arrives.

I wonder if Riot would consider building the scripting UI they show into some kind of training mode. It's a bit like the argument that no one would pirate if they content was easy to get for a reasonable price.

If players could train with the spell range circles, skill shot path projection, last hit helpers, etc in a sanctioned way, I wonder how much this would remove the desire to seek out the cheating programs.

Edit: I see they have a "training mode" already: https://na.leagueoflegends.com/en/news/game-updates/features...

"I wonder if Riot would consider building the scripting UI they show into some kind of training mode. It's a bit like the argument that no one would pirate if they content was easy to get for a reasonable price."

Well, much like that argument being bunk, the idea that no one would cheat if it was for this is also bunk. People like getting stuff for free if they can, and people like winning, even if it means cheating.

> I wonder if Riot would consider building the scripting UI they show into some kind of training mode.

The game would probably be more vulnerable then, because now you have "cheat" scripts designed to work with the game.

> If players could train with the spell range circles, skill shot path projection, last hit helpers, etc in a sanctioned way, I wonder how much this would remove the desire to seek out the cheating programs.

People who cheat aren't trying to practice; they're trying to win games. There already exists a "practice mode" which lowers cooldowns and shows tower ranges. And it doesn't make sense to practice with cheats because it won't help you play the game without cheats very much.

>The game would probably be more vulnerable then, because now you have "cheat" scripts designed to work with the game.

That's possible. For example, World of Warships is a game where you fire big ship-mounted guns and must learn to take shell travel time and target relative velocity into account to hit moving targets. There used to be a cheat which did those calculations for you and showed you a reticle you could aim at instead. IIRC this cheat relied on code that existed within the game already and was just not used.

So basically the same reasons real warships developed rangekeepers resulted in a game targeting computer? :)

Dota has this as well.

Dota 2. And Valve made 2 big swings of banhammer for using addons which implemented that (turret ranges to be precise) and model change for trees to become mushrooms (sound silly, but that way the path between them is easier to see).

Unfortunately, their latest anti-cheat measures broke the ability to play on Wine.

Guess no LoL for me anymore.

They broke GPU passthrough setups as well at first. There was some community backlash and they rolled that back, and I believe they also mentioned they intended to work with the wine people on a solution for that as well.

"they also mentioned they intended to work with the wine people on a solution for that as well"

Be nicer if they'd just put the damn thing on Linux. They're already on Windows and Mac after all

How did it break GPU passthrough?

Then again I heard recent versions of VAC detect running under a KVM hypervisor and kick you out of CS:GO servers.

That's unfortunate to hear that VAC looks for KVM. I was planning on moving my gaming partition to just a VM and using GPU passthrough. It's how I have my work PC setup, figured I'd replicate it at home.

Sorry to be the bearer of bad news.

I plan to reverse engineer VAC sometime to figure out how the detection works.

This might also prevent it from running on ARM laptops with win32 emulation.

They undid that.

No they didn't. Some people use a modified client, but that's super risky for a lot of reasons.

I think the number of people playing LoL in wine could be stored in a uint8_t.

It's a lot more than that, actually. Not millions or anything, though.

Good timing, I am using my own AI (keras + tensorflow) stack to predict in-game hackers on ARK Survival Evolved with an AWS EC2 instance. Here's some background on the fully open-sourced stack: https://github.com/jay-johnson/train-ai-with-django-swagger-... with docs http://antinex.readthedocs.io/ I would love some players, but I'm still load testing how many players the game server can use + make real time predictions without impacting the game. Reach out if you want to try it out!

Message to EA: don’t try to be clever. Make simple query based bans, after the fact. Sift through the event tables and make trivial questions like if A killed B with a weapon that is not possible to use on the map - then he cheated. Check for ridiculous (not just suspicious) activity.

The cheaters that ruin games aren’t the ones that make players better such as discrete wallhacks. It’s the trolls that are immortal and flying. They blatantly cheat just for the response to their trolling, and they empty a server in a matter of minutes. But just because they are so very blatantly cheating, they should be quite simple to detect in logs too. If someone has 200 kills with an ammo box in a 5 minute round that’s enough to say it’s definitely a cheat. Yet these people do it over and over with NO obvious response to reports. Focus on THIS type of cheating (which is trolling, not gaining an advantage). Only after that look at more subtle cheating.

I'd love to see a game where cheating and scripting is the primary means of gameplay. By default the game would present a very simple UI but players would be encouraged to write and share scripts enabling varying levels and types of functionality.

As a game developer your job then would be to write interesting enough systems for players to exploit to come up with interesting gameplay. I can imagine a scenario where different Overwatch-style "classes" emerge all built from the same basic game elements.

Check out http://www.pwnadventure.com/

"Pwn Adventure 3: Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That's because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you ready for the mayhem?!"

"Pwn Adventure 3 was originally during Shmoocon 2015, from January 16-18, 2015. While the CTF is now over, we are still running the servers in a limited capacity so others can try it."

Recently (last week or so), there has been a hacker in PUBG who is using a flying car. I had never seen this cheat before, EXCEPT in "LiveOverflow" 's YouTube videos of pwnadventure!


In this series he managed to get his player to be able to fly.

I can't help but wonder if whoever that hacker is that developed the recent PUBG cheat, got his inspiration from pwnadventure and this series :)

I had a cheat back in Halo 2 for Vista that could make the Warthog fly. A flying car in a game is really not new

I got this all setup the other day, but on OSX I only get a pure white screen unfortunately.

Here's a great playlist I found of it though: https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw...

There was some excitement for Notch's 0x10c for a while, an open universe space game where you would have been able to program your ship's computer. But according to wiki:

> The game was eventually indefinitely postponed because Persson found several creative blocks, citing the main problem as "it not being very fun to play".

Not quite the same thing, but there were a lot of cheat-only servers in counter-strike in the 2000s with anti-cheat turned off (it's optional if you run your own server). Since it was all cheats vs cheats, whoever had the best ones won. The game servers were often very scriptable and modded as well.

Those servers are still available in CSGO too. 3kliksphilip recently did a video[1] with someone who plays on one. Interesting insight into the kind of player who cheats.

[1] https://www.youtube.com/watch?v=gniSF1M9g_o&

Neat. I used to love the hack vs hack servers. The cheats were a bit more primitive back then, so I imagine hvh isn't as fun nowadays since all cheats are very advanced... I remember when xqz2 first came out - the first opengl-based client cheat for the half-life engine. It was simply a wallhack at first, and evolved to a primitive aimbot I believe.

Anyway, they started to get pretty sophisticated around cs 1.4 or 1.5. The real breakthrough was the client aimbot which hooked into the game (using function trampolines) rather than opengl, and was instantly fast, but it was still a little inaccurate because it used hardcoded constants for offsets from the center of the player model to the head. It eventually got a bit more sophisticated with hitbox aimbots I believe.

The next breakthrough was "nospread" which basically allowed you to fire your gun with laser accuracy. I remember how it worked - to make accuracy random the game used a pseudo RNG which was seeded with the game's current tick, that way the spread was shared by both the client and the server. The cheat calculated the future spread by using the game's next tick (current tick + 1) for the RNG seed and setting the player's view angle to the inverse of that. If you watched the player, it looked like they had a shaky crosshair. You could be bunnyhopping around with any gun and get insta headshots with 100% accuracy. Each gun had its own spread constant so these had to be hardcoded into the cheat, and adjusted based on whether or not they were crouching or standing.

The last major breakthrough was "autowall," which would only shoot through a wall if it was a guaranteed hit. After this, cheats and hvh servers got more boring with marginal improvements only.

All of this got me into programming and I learned a lot, both about some game internals and operating systems. No ragrets

At this point it's less about the quality of the hacks, but how the players use them. Now that everyone can wallbang well map knowledge is extra important. You need to know where is and isn't safe to stand.

Wallhacks completely remove early game tactics too. Instead of having a game centered around information gathering each side is already completely aware of the game state. No being sneaky.

Sometimes people jokingly say that it would be cool if there was a second Olympics with steroid and genetically engineered participants. Concerns for player health and blah blah blah stops that from happening. Not in CS though! Crank the aimbots up to 11 and have em duke it out! I love it.

That makes sense. I haven't played in a hvh since 1.6 so I'm not up to date on the current scene. Back then, if you had the better cheats you basically outright won, it was an arms race rather than a competition. Good times!

Screeps is a game where you need to program each move: https://screeps.com/

It's a fun game! :)

You might enjoy old school TradeWars 2002, which you play over TELNET nowadays. There are all kinds of helpers (e.g., TWXProxy, SWATH), and there are some pretty sophisticated scripts you can run (e.g., MomBot for TWXProxy). Ice9 is probably my favorite server (http://www.oregonsouth.com/ice9/), and there are others out there.

Im not sure if this really fits, but you might enjoy Speedrunning. It can included a good portion of analysis of the game, including code analysis(if available), debugging, disassembling etc.

Not sure if this will scratch your itch, and I haven't really looked into it, but checkout https://screeps.com/ "The world's first MMO sandbox game for programmers"

Although a single player game and a game that must be hacked instead of extended with new functionality, maybe you like https://en.wikipedia.org/wiki/Hack_%27n%27_Slash

Universal Paperclips: http://www.decisionproblem.com/paperclips/index2.html

You can play it in the browser console with the JS API.

Something like this, but I wouldn't want to deter non-engineers from playing or feeling inferior to engineers. I still want to believe that fairness can be enforced and different skills and strategies can be competitive, not restricted.

It is unfortunate a negative perception for cheats is so universal some countries are insane enough to make it into their laws. Call me names but I perceive computer game[1] cheating as something that surely has a positive part. A lot of games are all about exploiting their mechanics (also called "developing a strategy" or "looking for weaknesses") to... err... win (or not lose). Cheats are the engineering solution to this, sometimes dull and non-imaginative, sometimes beautifully cunning hacks.

That is, unless we're talking about cheating griefers which I feel must be considered as a separate kind of people. Trying to gain advantage is natural for any player, depriving others of their fun is not[2]. If cheating makes grief (besides envy!) to other players I believe it means that it's the game mechanics that are flawed for allowing this. At least it's treated as a bug in all other kinds of software engineering.

Of course I recognize network lag is the enemy and computational complexity is another, so at least for anything fast-paced developers just have to offload calculations onto endpoints, sure. But still...

Oh, and I think this should be certainly possible for games where players don't compete. It's not impossible to believe a game where you can cheat yourself into gaining all the treasures of the world but that wouldn't mean anything and cheater would just deprive themselves of the fun. At the very least, the trend to try to shove anti-cheats into single-player games disgust me.


[1] I'm not sure about other areas of cheating. Although I think I wouldn't mind seeing Cheaters' Olympic Games, allowing humans with any aids, robots and basically anything that is physically able to participate. That would be fun and probably awe-inspiring to see.

[2] Can we talk about cheaters' moral codex, haha? Do unto yourself only as you would have others do unto themselves too and stuff.

Reminds me of my childhood playing ROBLOX on various Script Builder games where users on the server could script with Lua. It was basically a race to who could script admin commands and completely own the server.

I got my start with computers hacking ROBLOX as a kid! We probably met each other. I went by Shanethe13 / Aeacus back then. If that rings a bell, you should hit me up :)

I actually work in cybersecurity now, directly as a result of ROBLOX. Shedletsky came across some of my work a few months ago, and we reconnected over dinner. It's a crazy small world sometimes.

That’s awesome! Name rings a bell actually, did you have any places? I made one of the build a raft games back in the day [0], was great fun to build games on there. I remember sometimes waiting around to get on Sword Fights on the Heights to get in the same server as Shedletsky hahah!

[0] https://www.roblox.com/games/7729765/BUILD-A-RAFT-AND-SURVIV...

Seems like this would devolve into a market for add-ons for your game. Let's assume that this game becomes popular. I'd claim that then most players would passively consume the leading open source solution(s), which are likely to outperform whatever any one person can do working in secret (or just tweaking the leading open source solutions). Software is copyable -- I don't think you can give a mechanical advantage to being the author of the software instead of a script kiddie.

As with any tool, it depends on the person using the tool.

Just because someone gave you a sword doesn't make you a swordmaster. You might kill somebody, but a real master of the tool, maybe even the inventor, is much more capable.

Someone who knows some piece of software knows when, where and under what circumstances it aids the most.

Which is why I pitched a modular Foss launcher/market to the Depart of Education for a 3d virtual training simulation grant. I never heard back from them...

You might enjoy this video:


It's about security training rather than gaming, but talks about using an approach where students were forced to cheat in order to pass an exam, as an exercise in getting into a mindset of finding the holes in a system and thinking like an adversary.

https://technomancy.itch.io/bussard is a game about UI-building over low-level spaceship controls/sensors

Check out HackMUD.

> I'd love to see a game where cheating and scripting is the primary means of gameplay.

Come to Sydney. Play Ingress with the ENL faction.

I am surprised people don't virtualize the game and do their analysis at a level that the OS and game can't detect. Ultimately, these games trust that the hardware they're running on behaves according to specification. That is clearly an unwise assumption. Cheaters may not be taking this path today, but it gets easier and easier as time goes on, and it sounds like they're not prepared at all. (Some other comments mention that current games look for virtualization software installed on the same OS install that the game is running on and fails the integrity check if found. I can't imagine that stops anyone actually determined to cheat. I imagine it annoys people that test their Docker images on the same machine they play the game on, though.)

Even if virtualization is detectable, you can also take the computer entirely out of the loop. The state of the art for aimbots seems to be reading game memory and applying synthetic mouse movements at the OS level. That is quite a blunt instrument to apply and I'm sure that no game has a major problem with this kind of aimbot. A more elegant aimbot would look at the video of the game, look for targets, and provide the necessary mouse movements over USB. At best, the only countermeasure is to make enemies harder to see or to learn some heuristic in mouse movement that differentiates the bot from a human... but injecting randomness is straightforward and nobody needs a 100% accurate aimbot anyway. The pros destroy you with 30% accuracy.

Finally, it's unclear if there is even any advantage to be gained by cheating. If you want a higher rank in a competitive game, you can just pay someone to play on your account. From what I've read on Reddit... many of the people offering these services are apparently professional players. No anti-debugger hook is going to detect that.

It should be interesting to see how this advances. While games that rely solely on mechanics or information hiding are clearly doomed in the long run, it's probably good news for the rest of the software industry. What is your cloud provider really doing? Is your own software compromised? The tools used to cheat in games will be quite valuable in answering these questions and protecting your users from people that actually have something tangible to gain from these actions.

IMO games should encourage ergonomic aids. Why allow the UI to be a limiting factor to how you want to play?

For example people used to talk about APM in SC2 as a sort of measure of how good someone is. Why should that be? It's a strategy game. Imagine if you could express your ideas effectively into actual game actions?

>IMO games should encourage ergonomic aids. Why allow the UI to be a limiting factor to how you want to play?

For the same reason that sporting organizations regulate the equipment allowed during play - the make sure the playing field is reasonably level.

>For example people used to talk about APM in SC2 as a sort of measure of how good someone is. Why should that be?

Because dexterity has historically been a basis for comparison in recreational competition.

>It's a strategy game.

It's a real-time strategy game, which is an important distinction. Chess is a strategy game, and by its design guarantees each player an equal number of moves. SC2 is a real-time strategy game which makes no such guarantees, and if you have the dexterity to execute your strategy faster than your opponent can respond to, you should be rewarded for that.

>Imagine if you could express your ideas effectively into actual game actions?

Imagine the cost of such an interface in today's society, especially compared to a regular USB keyboard and mouse. Now imagine you're a game designer. Do you want to build a system that explicitly favors those rich enough to purchase the best equipment, or do you want to spread your playerbase as widely as possible?

Perhaps in another few decades, we can start rewarding the people with the "best" brains, but as long as we exist in meatspace, people are going to want to test their meat-skills against each other.

> Imagine the cost of such an interface in today's society, especially compared to a regular USB keyboard and mouse. Now imagine you're a game designer. Do you want to build a system that explicitly favors those rich enough to purchase the best equipment, or do you want to spread your playerbase as widely as possible?

While I kind of understand the Ready Player One-esque issue here, I am thinking that most ergonomic aids would look more like software plugins for WoW or EVE than professionally developed HCI hardware.

If I were to be leading a game I'd just make it a requirement that tools were opensourced (hard to enforce in reality tbh) but at least that would help.

(As a former high level StarCraft / SC2 player / caster).

It's not chess. That's why.

There is a real physical aspect to the game. Training your fingers to hit certain combinations quickly to execute build orders, and mix in micro is key. Pro players use hot packs to warm up their hands, or glasses to aid their eyes.

The game developer takes a lot of care to ensure the UI / hotkeys / peripheral setups are optimized for pro players.

Using external tools to defeat this setup simply isn't fair and diminishes skill built into the hands and muscle memory of players. Even at a mid-level of skill, people learn simple combos. For example, a Protoss player hitting "4+e" because that's where they have hotkeyed all their Nexuses and e is the hotkey to build probes.


At the end of the day, "skill" is a meaningless term except in the context of a specific game. If Starcraft 3 came out tomorrow with no macro mechanics, no activated abilities, a pay-as-you-go economy rather than a pay-up-front one, then APM would be much less valuable and "skill" would mean something completely different.

Overwatch has this issue right now where players are complaining about Mercy, a character who is fairly simple to pick up and can provide a lot of value. What they ignore is that she was intended to be that way, and that the "skill" Mercy introduces is not lightning-fast reflexes or similar, but the strategic response to her presence.

I'm not campaigning for SC2 to be changed. But players' definition of "skill" generally shouldn't be trusted. Skill is what wins.

Many responses are saying the same thing, so I'm going to respond to you ...

> It's not chess.

I agree it's not chess, and chess often has a time component to it. The realtime nature of a game doesnt mean you should have to be able to "move" in realtime, IMO it would be superior if it tracked more closely to your ability to react, intellectually, in realtime. That is, real time thought more than realtime motion. Ergonomic aids would help people to convert their thoughts into real game plays without limiting them to their body's capabilities. But I also admit this is my opinion and it's clearly an arbitrarily decided dividing line between how much should a game be about myelinating certain move patterns (spread out troops, cast a spell, select production groups) and how much a game should be about quality of thought in realtime (I see he made units X, How am i going to respond? I have many minerals, should I spend them on tech or units?) ...

With enough mechanical aides, the game balance breaks.

For example, SC2 has a very cheap unit called the roach. When burrowed, it can't attack, but regenerates health incredibly quickly.

It's trivial to write a cheat that will, whenever one of your roaches starts taking damage, causes it to burrow, and whenever it stops taking damage, unburrow.

The unit is balanced around human control - no human can, with perfect accuracy, choreograph burrows and unburrows of individual roaches in a pack of ~60.

With such a cheat, roaches punch way above their weight, completely breaking the rock-paper-scissors balance of the game.

I do not deny that the game mechanics would vastly change. The strategy would shift away from "How can I micro these roaches" vs "How can i effectively attack burrowing/unburrowing roaches" to "How can i ensure I get roaches" vs "How can I frustrate/prevent my opponent from getting them in the first place"... As an aside, ANY change to a game is going to disrupt the equilibrium in some manner and I assume would require human intervention to re-establish a "fun" gameplay.

> How can i ensure I get roaches

Which is trivial for any skilled player, because they are an incredibly cheap, low-tech unit, and passive base defenses are currently very good at fending off very early aggression.

> As an aside, ANY change to a game is going to disrupt the equilibrium in some manner

Yes, and sometimes, the equilibrium settles on an incredibly shallow, uninteresting game-space.

StarCraft is a game of a number of rock-paper-scissors cycles, all operating at the same time. Greedy expansion - versus rushing versus safe plays. Economy versus army versus tech. Roaches versus marauders versus zerglings.

Sometimes, due to patch changes, poor balancing, or because player skill improved, the game ends up stuck in a quagmire, where the risk/reward ratio for many of these options is completely out of whack. The game stagnates, and becomes incredibly unfun to play, and to watch.

Throwing a wrench into balance, by allowing auto-scripts, which have an incredibly uneven effect on the different units, mechanics, and races in the game is far more likely to push it into an unfun equilibrium, then a fun one.

Yes, but keep in mind this idea and thread is not about SC2 specifically. It used SC2 as an example of the class of games that I personally believe I would find improved by removing the mechanical aspect of the game allowing me to focus on the fun part -- Making decisions and giving instructions patterns more than "micro"

> I do not deny that the game mechanics would vastly change. The strategy would shift away from "How can I micro these roaches"...

It's kind of off-topic, but you will lose horribly if you actually try to win games on micro alone. People talk a lot about micro because it's flashy, but it's really just the icing on the cake. The pros can spend all their time showing off their icing skills because they all have solid macro underneath.

When I played in WoL, you could make it into master league (top ~2% of players) by: ensuring you were never supply blocked, spending all your money, scouting your opponent, and building counters. If you were efficient, you could do everything you really needed to with an APM of ~50.

>With such a cheat, roaches punch way above their weight, completely breaking the rock-paper-scissors balance of the game.

Against marines, sure. But against siege tanks/disruptors?

Sirlin's spiel about there being more counters than people think (http://www.sirlin.net/ptw-book/introducingthe-scrub) seems applicable here.

Is it, though? Sirlin's scrub is a strawperson player that will not adapt to any changes in the game, instead asking that the game itself is changed to suit them. Running cheats is the ultimate scrub move - you change your play experience asymmetrically to benefit yourself rather than practicing at the game as offered to get better.

There are a ton of interactions in games that are degenerate if performed at TAS level. These aren't areas looking for disruption; they're just impossible to perform with human inputs and they confer game advantages that are not surmountable by non-assisted players.

The speed running community segregates TAS content from played content specifically because of this. You will not beat the robot that can perform a 60 input 1 frame trick that gives you a .5 second time save.

>Is it, though? Sirlin's scrub is a strawperson player that will not adapt to any changes in the game, instead asking that the game itself is changed to suit them. Running cheats is the ultimate scrub move - you change your play experience asymmetrically to benefit yourself rather than practicing at the game as offered to get better.

That's a fair point; I agree. But the ancestors are debating a scenario with sanctioned mechanical aids. vkou classifies them as "cheats" above, but I humbly suggest that he used the term improperly, given the context.

Also, remember that we're talking about RTS games, which have an S component as much as they have an RT component. OpenAI can beat Dendi in the early phases of solo mid, but can a team of AIs beat Navi in a full game of DotA? Perhaps they will eventually, but if they do, it will take a whole lot more than just reaction time.

> but can a team of AIs beat Navi in a full game of DotA?

Yes it can, especially Na`Vi (Dota-reddit jokes that AI won't play with Na`Vi because developers want to test AI with a pro team). There were matches with pro players last month. Players say that mechanics in 5v5 fight are perfect and the global strategy is there.

I won't say that the strategy has many states in Dota: it's the items and position on the map (by choosing one of the objectives).

It's not ready for the real Dota 2 tournaments though: AI was trained for the specific 5 heroes.

Yes, they start punching way above their weight against tanks, too. Even moreso if you throw in an auto-scatter script.


What about tanks on high ground and out of reach? What if the roaches have to funnel through a walled choke guarded by some MMLib as well?

That might seem contrived, but there is a player whose job is to contrive it!

No, I don't think the next patch should include "improved" roach AI. But deep strategy games like Starcraft tend to have multiple levels on which to do battle, and you can often nullify an opponent's insurmountable advantage on one level by doing battle on another level. I honestly think that if super-roaches like we've been discussing were patched into the game, with no further changes made, winrates would stabilize around 50% in a few years (assuming everyone hadn't quit in disgust).

Now, that might not be the game you'd want to play. I'll freely admit I wouldn't want to play it. But that's you and me---perhaps whoever's into chess would love it. And "This would no longer be fun for me," while perfectly legitimate, is a very different claim than "the game balance breaks."

> ...deep strategy games like Starcraft tend to have multiple levels on which to do battle...

That's exactly the point; the "other levels" are macro, micro, and multi-tasking--the "realtime" components of an RTS game. (I consider positioning and scouting a factor of micro and multi-tasking respectively.) Those are the facets of the game that let you take two equally matched strategies, execute slightly better than the opponent, and thereby eke out a gradually compounding advantage.

If you remove those, the "deep strategy" of starcraft is basically just doing the one or two counterplays that you obviously need to do to survive. "He built too many early game marines so now I build banelings or I die." The strategic "if he does this, I'll do this, but then he'll do that" decision tree is very shallow in a game like brood war or sc2.

> What about tanks on high ground and out of reach? What if the roaches have to funnel through a walled choke guarded by some MMLib as well?

Then I'll be forced into one of a small handful of tictactoe-like responses: brood lords, vipers, doom drop on top of your army, or pull you apart with muta/nydus multi-taski... no wait. Just the first three options I guess.

> Ergonomic aids would help people to convert their thoughts into real game plays without limiting them to their body's capabilities.

StarCraft is physical - that's critical to the entire genre (RTS/MOBA/etc). Without it, it's not StarCraft.

Improving your dexterity is a real part of improving your skill in a game like StarCraft. So using a program to do this for you instead is cheating.

It sounds like you want to play something like Stellaris, Sins of a Solar Empire, or any other 4X-style genre game.

I don't understand why you're so intent on doubling down here. There are other strategy games out there that focus on strategy more than micro mechanics. Why not play those instead?

I don't think "I want to play Starcraft but without micro" is a compelling argument for changing Starcraft. I actually think it's pretty selfish to make these demands. It's a reasonable premise for finding or even creating a new game.

SC2 was simply an example. Clearly this is about the set of many RTS games more than just one game. And to be upfront, yes, "I want to play Starcraft but without micro" is a decent representation of my gaming desires.

I may just go ahead and make such a game sometime and, I suppose, we'll see if anyone likes such a game dynamic. It would definitely introduce a very meta game where creating and tuning your "loadout" could matter greatly.

Tooth and Tail is pretty close to what you're looking for, perhaps.

You might enjoy Grey Goo, btw.

Games aren't really about getting you to solve a problem, they are about making something fun. Making something fun is a lot easier when you control the UI completely. Letting the users build their own UI places a lot of constraints on what you can build in the game and still be fun.

StarCraft is not just a strategy game. It is a real time strategy game. The focus on real time is why APM and micro etc are so important. Broodwar is my personal favorite game, on the surface it is easy to not know video games can be physically taxing.

APM was certainly an impressive stat that conveyed the level of athleticism required for e-sports.

Of course, you're right, if the goal is who can strategize the best then APM shouldn't be a factor.

The playing field needs to be level though. Perhaps something like Formula 1 or Le Mans racing will develop for e-sports where people are allowed to fine tune their input with custom code with certain regulations for those inputs.

It's real-time strategy. So part of it is how you react to things, as well.

Great write-up. I'm my job we spend a lot of time dealing with hackers and cheats for our mobile and PC games.

We tend to see similar exploits across all our games (memory hacking, fake IAPs, etc) which lets us build an armoury of anti-cheat tools.

What I find most interesting is where hackers don't focus their attention. It took almost 4 years for them realise the encryption key for our assets was easily accessible using the 'strings' tool in Linux - once they found it we had a busy few days stopping modders from impacting legitimate players.

You're probably dealing with newbie reverse engineers, do you work for a triple A game publishing studio or an indie game shop? People who want to "mess" with games are usually doing it so that they can make a lot of money from it and therefore hunt big triple A games...the people I've seen do proper reverse engineer on triple A game to bypass ie. Blizzard's anticheat in World of Warcraft now all work for big "anti-virus" companies

Cheat, anti-cheat, antivirus, malware, and to a lesser extent debugger and profiler. All these tools are going after each other in the same territory: monitoring a certain system activity to report or intervene. To me, it looks that all these functions are traditionally in the realm of operating system. Are we going to have a new middle layer or a new OS architecture for catering things like this? I'm curious.

I'm working on this.

I wonder, given that nowadays access to vast amounts of computing power on demand is easy, if it would be effective to generate unique builds for each and every player. Just like they already do, but tailored for each downloader. Which would get tied to an account, and to a given fingerprint.

What problem would that solve?

I think he's implying a cheater's injected DDL would be tailored for a specific build, so if they shared it with others, it would be ineffective. And not only that, but based on how the Cheater.DDL is targeting the build, they could identify the account that made the cheat.

If I tell you right now that every single digital dollar will need to include the finger print of the digital printing press that created it. How would you be able to forge a new one without that fingerprint? You can't because every time you alter the digital dollar you create a new fingerprint that does not match the original digital printing machine.

This fixes a lot of problems with altering code and and extensions and modding. Does not fix memory changes but it can make it quite difficult because each memory change would have to be validated against the original fingerprint already registered on the server for your particular build.

you are talking about a blockchain.

I have talked about this in many occasions to developer and they also agree that a blockchain to maintain a unique fingerprint of the game is very good to deter many attacks to modding and extensions to code, no matter the platform.

Being a blockchain would give exactly zero advantages over a traditional database.

yes it will. Because in a block chain, you can't change anything unless everyone agrees to it.

If you change that code, and place it back in the block-chain no other block will agree to your change and reject you.

You seem to have several misconceptions about computing in general. This is not how any of this fits together.

As the game developer, I do not care if anyone else agrees to it. I am the ultimate authority. Thus, I don't need any kind of blockchain.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact