Back when I worked in games we would detect cheaters and then shadow ban. Quarantine them by only matching them into games with other cheaters.
You may still have to ban them from certain elements of your game, like player economies (auction house, etc). But the more legitimate their experience looks the better.
The idea is that instead of fully banning them and triggering the next iteration of the arms race, you trap and release them into a competitive arena for cheaters. It's actually fun for them to compete with each other at who can cheat the hardest and no one else gets hurt. We hooked them up with a community rep. They found bugs and generally improved our security. Everyone won.
There's no way to win with an adversarial approach to cheating IMO, not when you let the client run on their machine
Sure. Until you're playing Dark Souls for the first time, you get summoned to help someone with a boss, and then get invaded by someone with a 360 degree one-shot kill spell that breaks all your weapons and armor, gives you an egghead that you can't remove unless you know where to go, and gives you an item that marks you as a cheater so you now get constantly invaded by exclusively cheaters.
The item that marks you as a cheater might have been a drop in another invasion, I don't remember. The point remains, once the cheaters realize you have a separate cheaters' matchmaking system, they will weaponize that too.
> The item that marks you as a cheater might have been a drop in another invasion, I don't remember.
I believe they can do it completely passively, so you’re kinda screwed if it happens to you :( This is sadly the nature of trusting what clients send you: a hacked client can send whatever it wants and the “anti cheat” in Dark Souls sadly seems to simply just check if an item should be possible, meaning a cheater can trick the game into punishing non-cheaters. Luckily this hasn’t been a problem for me on console, but it certainly does suck on PC :(
And of course, if it didn't punish non-cheaters, then cheaters could simply cheat the items in on one account, invade/summon another of their own accounts, (or passworded summon in the remaster) and then give the new account the items.
There's no winning against cheaters as long as you trust the client. (And it's possible to do it on consoles too, just more rare as the tools are readily available on PC.)
> There's no winning against cheaters as long as you trust the client.
Indeed.
> And it’s possible to do it on consoles too
Sure, but the barrier to entry is higher, so its not done as often. I’ve never noticed someone who was obviously cheating (which doesn’t mean I’ve never encountered any, but if I have, they’ve never been so severe as to do the things mentioned here or for me to notice it)
That seems to be a completely different type of cheat than described in the article. The article is just about cheats that automate certain moves that players would already be able to do, just would be very hard. It's not possible to stop this type of automation in the general case.
If a cheater can make items appear out of nowhere, that's not an automation cheat, that's a security vulnerability in the server that should be fixed.
That sounds like a completely different system than League of Legends has. So hellbanning should work fine as suggested (it was suggested for League of Legends).
Other games that use (IMHO) broken protocols by trusting the client can't reliably use hellbanning, and I don't think they can reliably do anything.
This is an interesting approach because even though they may be cheaters they are _still_ people that are interested in your game. The percent of cheaters with the objective to utterly destroy the game they're cheating at is probably negligible.
I don't think it is really the cheaters that degrade the experience, it is the knowledge (right or wrong) that cheaters exist that reduces trust that makes for not fun experiences.
I've played online games for many thousands of hours over the past two decades and I can count the number of times I encountered a blatant cheater on my hands. Every time it actually happened people had a good laugh about it and either hopped servers or banned the person cheating. Sure I have probably unknowingly encountered a bunch of map and wall hackers but I didn't know so it didn't degrade my experience. For all I knew those players were just better than me, plenty of those around. Having played with some extremely high level players in various games, it actually feels like the good players are using map/wallhacks more than the actual hackers because they have such good gamesense.
On the other hand, I have been accused of cheating more times than I have actually for sure encountered real cheaters. It isn't fun when a server turns sour because everyone is accusing each other of cheating and getting salty over nothing.
Of course, if cheaters are allowed to completely run rampant this isn't the case. But any game with a modicum of community power to enforce rules won't have that problem. The major places you reliably encounter cheaters are non-private servers and matchmaking services that have essentially been abandoned by the developers.
Borderlands was fun until the cheaters showed up, and this even as a cooperative game.
People with hacked 999999999-damage guns warp in, splat everything and even if they dont steal all the loot, they make the entire game pointless.
You couldnt do anything about it but leave. There was no ban system users could appeal to.
Though some fun memories were had with cheaters in other competitive games, like coordinating to try to take down or hide from literally invincible opponents.
Counterpoint: Pokemon Go is incredibly infuriating to play as a new player because of cheaters. People spoofing their location fill up gyms, making it extremely difficult to earn in-game currency. They can also prevent you from effectively raiding with members of your own team, if spoofers from another team vastly outnumber you (reducing the reward from the raid).
Not only is it not fun, it's discouraging. And it's one of the big things that led to me quitting the game.
What games do you play? Because it's at least once a play session for me. Perhaps we are playing different games or different regions have more cheaters than others.
I have also often wondered if cheaters choose other regions than their own to exploit in, hence why little ol' Australia gets so many of them.
Sorry, in "if cheaters are allowed to completely run rampant this isn't the case." I meant "the case" as something like "the perception of cheating is more damaging than the actual cheating". Poorly written on my part.
Certainly not all cheaters have the same interests.
Some are simply curious experimenters, others are trolling, others want to make videos doing the impossible etc.
I wish there was another path out of this mess than the current arms race. It would be interesting what effect would result in providing a sandbox mode where cheating were allowed to see if it would reduce cheating in general population.
I've thought a little about building cheating detection into the mechanics and lore of maybe an MMORPG by treating it like a forbidden dark art.
If a player is flagged for cheating, they could take on an "aura" in the game. Maybe different types of auras for different types of cheating or for the types of events that took place around the cheating. It could grow stronger with more flags or fade with time. Fine-grained detection of auras could be a sought-after perception skill.
The in-game community could decide how they want to treat different types of cheaters. You could see interesting things like self-segregation or vigilante organizations.
You still have to intervene a lot to block gold farming bots or whatever, but I think you can keep the vanilla players and most cheaters happy.
Console speed-runs have different leagues where different levels of glitches are allowed - from 0% to any%. Maybe that could work here, possibly as a "competitive aimbot league".
I was under the impression that 0%, 100%, and any% were completion ranges, not different levels of glitches allowed.
0% means you make as little progress as possible, level up as few times as possible, pick up as few items as possible, and otherwise avoid progress other than completing the objective.
100% means you pick up every item, finish every quest, etc...
any% means you do whatever you have to in order to get through as quickly as possible.
That said, there are different levels of glitches, exploits, and external tools allowed in different speedruns. TAS (Tool Assisted) speedruns would probably appeal to this crowd.
For instance this run[0] of the NES Super Mario Brothers games where all four games use the same controller inputs and finish in the same second. (Host says 3 games, but it's really 4.)
I’ve always heard n% refer to the completion ranges, as you say, however, the level of glitches allowed has often been a factor too (although in my limited experience its usually been simply no glitches allowed or glitches allowed). Mostly I’ve watched dark souls speedruns where the general consensus is that any in-game glitches are allowed, external tools, hacks etc are not and the % refers to how many of the bosses are defeated.
Doubt it. The one time I cheated on a game( borderlands 2) was because the game was too hard without the p2w dlcs that I had no intention to buy. I didn't mind playing along with other people that played in whatever way they wanted( cheating or not) but I was too afraid of getting banned that I disabled online play while cheating.
A friend of mine that was cheating hard for a period on CoD 4 only did so for the fun of it and had no intention to ruin the game for the rest players.
A game with prevalent hacking/cheating is going to go downhill quick and lose it's established player base. Catering to these people in any way does not seem like a wise strategy.
The options presented are 1) segregate them into a separate pool, as suggested. They can then still give you money, the arms race is short circuited, and they don't impact the enjoyment of other players.
And then they possibly create an account and tread more carefully next time so they don’t lose their skins. This is behavior you can even see in streamers that get banned.
Frankly I think a zero tolerance approach to
cheating makes sense and sends a more
serious message. It still looks bad if cheaters exist even to other cheaters, for example a shadowbanned streamer, and makes it harder to take your game seriously.
Sorry, I was meaning my comment from the context of the conversation, where they'd be in a separate pool competing against each other. If cheaters want to cheat each other, it's no skin of my nose. Might still be a good revenue stream for Riot.
> It's actually fun for them to compete with each other at who can cheat the hardest and no one else gets hurt.
This part reminds me of 'Open' Battle.net for Diablo 2. Everyone used hacked items in pvp and just tried to have better fake items than their opponents.
Did you consider the possibility of false positives? Even the most modern and well considered justice system runs into this issue. Or is this not possible when detecting video game cheaters?
False positives are certainly possible. My office has an hour allotted to gaming on Friday afternoons. There have been occasions when TF2 kicked all players connecting from Linux clients (approx 50% of us).
I don't have much time for playing games anymore, but I can think of a few games where I would gladly start paying for subscriptions again if I was able to use bots. Even if it meant using special bot-only accounts. For some reason this is much more fun to me than just games specifically designed around programming bots.
I always thought it would be better if the player got to choose who they played with. Let me tag other players, and feed that into a ratings engine. Match me up with players who tag like me, and not with players that people who tag like me tag as arseholes, and untagged players. Lets put the social media perception filter to good use. Could be even better on MMORPGs, where you can populate worlds with players who will have fun with each other and speak the same language and do the RPG part in similar ways.
Quarantine only delays the length of time the cheater/spammer knows they've been caught, usually on the order of days. So, the tradeoff is building the real experience (along with adding new features) for those users to save days. It's usually not worth it.
>Quarantine only delays the length of time the cheater/spammer knows they've been caught, usually on the order of days
Days are crucially important in a game's development cycle. This is because the modern review style is structured around "first impressions", since interest in a game is an L-curve: the first person to get a review out can sometimes claim a lion's share of ad-revenue from possible viewers.
This means preventing cheating "on the order of days" can protect your game's review scores during the most critical review period.
There's a youtuber who focuses on CSGO that recently made a video where he interviews a cheater, they touch on the "cheater vs cheater community" in the video as well.
I have mixed feelings about anti-cheat, especially in the last few years. A lot of them are getting rather intrusive. Take Player Unknown's Battlegrounds for instance, which uses BattlEye. It actually injects a kernel mode driver into Windows that spies on whatever else your system is doing and exfiltrates unknown data in the name of "guaranteeing a fair game experience." I didn't even realize that this is what it was doing until my system crashed one day and the cause was some .sys file in PUBG.
It'll also randomly kick you from games for having various programs installed or running. Programs such as VMware. You have to disable all VMware services or PUBG will kick you randomly for using "unauthorized applications." God forbid you have any VMs running, that might amount to a ban (seriously).
Worse still is that when you take your complaints to their social media, or in anyway speak ill of it, you get hordes of fanboys saying that you shouldn't install anything other than games on your PC or you're a dirty cheater. "Oh you want to do things _other_ than gaming on your PC? You should buy another PC then."
Don't even get me started about trying to run games in a virtual machine w/ GPU passthrough. The communities will tear you a new one telling you to do things "normally" and by attempting to use anything other than the "normal" setup makes you a cheater. Just google anything like "steam vac kvm" or "battleye kvm" and you'll get hordes of people claiming they heard some guy say virtualization is the future of game cheating therefore VMs are cheating tools and should be banned.
Seriously, if I could get a refund for every game that uses BattlEye, I would try.
> You have to disable all VMware services or PUBG will kick you randomly for using "unauthorized applications."
If any game dis this to me, I would be having a refund, through credit-card charge-back if necessary.
Unless of course it is made obvious up-front that the game will not work with certain common legitimate software, in which case I'd have not paid for it in the first place and would play something else instead.
> which uses BattlEye. It actually injects a kernel mode driver
Sounds like something I need to avoid. A game is a user-land program and has no business touching kernel-space (with the possible exception of direct communication with the graphics hardware for performance reasons, but in this decade that to me would be a huge code smell...)
Having said that: I've not bought much by way of games aside from a few small ones in Steam of HumbleBundle sales, other parts of life are just too busy for me to have the time ATM, and I've never really bothered with PvP/online gaming (when I play games I do so to escape the unwashed masses, not invite them into my living room!), so I might be so far from the target audience that my thoughts on the subject count for nothing.
It shouldn't be necessary: if it wasn't made clear that the product was incompatible with common standard software and that stops it working for me, then it is not fit for purpose and if they are following the law a refund should be easy to obtain.
If it gets to the point where a chargeback is necessary then they are being a bad actor and I wouldn't be spending any more money with them in future anyway. If any banning means I lose access to content I've already paid for, then I can re-obtain that by other means. I currently chose to pay for their games but that doesn't mean I'm not capable of obtaining them by other means and would feel no moral compunction not to if I'd already paid for them but been locked off unfairly.
I agree with everything you say. It's ironic because game companies themselves use virtual machines with obfuscated instruction sets in their games as a copy protection mechanism. It's pretty hard to feel any sympathy for them once hackers get around their pathetic countermeasures.
To add to your post, here's an example of why game developers can't be trusted to run code in kernel mode:
I've been out of gaming for some years but this reminds me of similar issues with PunkBuster. I'd spend hours pulling my hair out trying to figure out why I was being booted from games. The worst bit was, it didn't actually stop cheaters.
Oh god... I forgot punkbuster even existed, what an absolute pile of garbage. So many hours wasted on dealing with that shit and reading redundant and useless forum posts where everyone just copy pasted the same shit over and over.
> The worst bit was, it didn't actually stop cheaters.
These things usually don't, unfortunately, at least not for any considerable length of time.
It is the age-old arms race scenario. There are small number of developers and an army of potential cheaters. The developers have to get it right 100% and the cheaters only have to get their part right once: once a viable method is found it can be reused by themselves or sold, or passed on gratis.
And cheaters can be very determined, either because success in the game world by any means gives them some real form of affirmation or in the case of "professionals" some form of profit.
Heck, for some working out how to cheat the system is the game!
I wouldn't take PUBG as a compelling example. Most of what they do is WTF IMHO.
The game is famous for being laggy, buggy, crashy, and the servers down often. They also have a history of making very strange technilogical and features choices.
There is a reason the hype has gone down quite a bit...
Still sounds very wrong what they are doing though.
I'm not entirely sure how this works but I would think the developers of BattlEye decides and develops what it reacts to and not the PUBG developers? Why else would you use a third party solution?
So I'm not seeing anything particularly novel here. In fact, I think most AAA titles do most if not all of these things today. It really just boils down to understanding your title's threat model and mitigating the threats.
I think the article missed an opportunity to talk about false positive rates, the workflow for users to get unbanned due to false positives (usually a very nasty process), performance, platform support (Windows, for example, has encrypted app packaging [1], anti-cheat monitoring [2], and protected processes [3] built in), and the privacy implications of uploading non-game-related Windows driver and process data.
> It really just boils down to understanding your title's threat model and mitigating the threats.
Well that can be said for every product ever...
I do agree though, I did expect a little more real content. Not the "how anti-cheat works" because then we can find ways around it more easily, but like you said: reliability, performance, etc.
If you wanna something more novel, look at this talk from Valve [0] on how they are integrating Deep Learning into their CS:GO cheater detection system (confusingly called Overwatch). It's not used to ban users, but rather to bring suspicious plays into their existing user-reviewed moderation system.
In general, this type of human/AI side-by-side feedback loop seems to be very successful, all the way from games to moderating content on the web.
I understand why they do it and a game environment is not a democracy or a court of law, but it's hard to defend yourself when you do not have access to the evidences.
Videogame cheat developer here (although, not for the game mentioned in the article) -- The mentality of game companies is if the 'evidence' of the anti-cheat flag is made accessible to users, cheat devs will use the same evidence to overcome the existing detections in place.
The oft-used 'arms race' analogy for this would be like sending blueprints of your newly-fabricated weapons to the adversary.
People love cheating so much they pay for the tools to do so.
The fact is 99 out of 100 banned users were actually banned for good reason and are lying about not cheating. Half of those will also dmit to cheating but beg for forgiveness as if they aren't quite literally destroying the game and everyone's enjoyment of it. That less than 1 percent that is truly innocent is nearly impossible to service because of all the noise.
Cheating definitely sours a gaming community, as does falsely accusing people of cheating. I left the original (circa early 2000s) Counter Strike community after being routinely accused of cheating. I have never once cheated in a online multiplayer game. But, some people just couldn't grasp that I was really that (comparatively) good & quick of a shot. Also, I don't think they realized that certain materials could be shot through with a powerful enough weapon. I probably had a bit of a leg up on most people, too, as I had state of the art hardware for the time (I had dual P4 Xeons, 3GB RDRAM & the best at the time GeForce AGP card in 2002) and a single to low double digit ping for most servers being on a university OC-3 line.
Your comment reminded me of a frustrating evening on bzflag.
Long ago I was using a custom Linux box with a slow GPU, and on one map no matter how hard I tried (and no matter how many fellow players watched trying to help me get the timing right) I simply couldn’t jump to the first level of a building.
I’d never experienced a hardware limitation quite like that.
Haha neat. That was probably caused by the physics engine running slower than needed. If you do a rough friction calculation based on the frame rate you will end up with more friction at 20 fps vs 40 or 60.
Yeah, I remember seeing the anti-scanning measure in another game circa 2009. IAT hooks were hot then too. I wonder if they run a CRC on sections of the game code as well (also pretty trivial to defeat).
This is a great technical breakdown of some modern high level approaches to common cheats. I think this the most transparent approach (even though the author admits leaving some detail out) to modern anti-cheat for massive multiplayer games. Good on riot for having an open dialogue about this. I don't think you'd ever see someone like Valve going a transparent route with something like this. (Not making a judgement on that decision, just an observation).
Fair context: I make cheats/utilities this exact game being talked about in this article, so perhaps my opinion on the subject is biased or even invalid.
I partially disagree about the transparency of this article, while they do explain most of their approach to anti-cheat (and that is pretty cool for them to do), they seem to leave out any mention of anything that could be controversial.
It suppose that it does make sense to not mention the implementation details of their anti-cheat, but I wish that they would be a little more transparent about how/when/what they snoop around and send to their servers. The current Mac game client for League Of Legends contains full debug symbols and it doesn't have Packman (the packer described in this article), which makes it quite easy to look through the symbols. Inside you can find all of the anti-cheat-related network packets, in specific:
Now, I personally expect anti-cheat to snoop around my system when I'm doing something shady like scanning its memory. However, if I was a normal user of the game, I would be a bit concerned to know that it might be sending my recently used file names, drive names, system driver names, currently running processes, processor information, system state, and even entire binary files that it automatically deems as "suspicious", to their servers.
I don't expect software I use to scan my hard drives and exfiltrate data ("send samples") to their developers. That's exactly what malware does.
Companies just say it's for "security reasons" as if that somehow justified everything. When I read an anti-cheat software's privacy policy, I discovered it could scan my RAM, my files, take screenshots... They're basically trojans. It's not just game companies either. Banks here trick users into installing "security modules" that are actually kernel mode network monitors. I refuse to accept that.
These shady anti-cheating practices makes cheaters look good in comparison; similar to how copy protection measures make a genuine product inferior to the cracked version. If a hacker figures out the game's network protocol and writes his own client, he won't have to install a bunch of malware on his machine just to play the game. In my opinion, these developers are the real heroes.
Not necessarily. GDPR isn't a blanket ban on collecting/using this info without consent, it's a policy that consent is required for non-essential collection/usage. You could argue that anti-cheat is essential for an online multiplayer game like this.
I think it's sketchy to collect this much info, but I don't think it's explicitly illegal.
It's a bit more complicated than that. You have to do a few things. First you have to tell the customer that you are collecting their data. Then you have to tell them under what lawful basis you are collecting their data. The user then has various rights (depending on the lawful basis you choose) to object, etc. If you must collect and use the data in order to fulfil the contract (i.e., there is no other way to do it -- for example you need to get their address in order to ship them a package), then you can just do it (as long as you tell them that you are doing it). For most other lawful bases, you have to allow them to object, in which case you have to stop using the data.
I think the real question is whether or not the information in question is personally identifiable information. If it's not, then GDPR doesn't apply. I think you could make a pretty strong argument that it doesn't apply, as long as you take pains to ensure that you can't identify the person from the information.
> I think you could make a pretty strong argument that it doesn't apply, as long as you take pains to ensure that you can't identify the person from the information.
That would entirely defeat the purpose of an anti-cheat system. You have to have some sort of personally identifiable information attached to the data being sent in to the server, otherwise how are you going to ban the cheaters? Even IP addresses are personal identifiers as far as the GDPR is concerned and even if they're not storing it long term, just sending the user data over the wire is enough to trigger the data collection portions of the GDPR.
Exactly this. The moment you send it via IP you have the IP address and therefore have PII data. And the moment you take screenshots you cannot not be sure what you collected.
This does go further beyond GDPR as it is imho an intrusion into the inner most personal space. I believe a German court of law would have a field day ripping this practice apart, if a case would be presented.
Esp. if they do not totally make it clear upfront what they are doing. In a way every layman is able to understand.
Instead of using an IP address to identify cheaters the game could assign a unique random generated ID to players. Then they could ban that id without using IP. I think this scheme complies with the GDPR if you take care of not binding that ID with other user personal information.
You can apply a one way function to an IP to obtain an ID and then maintain a database of bad IDs. For example you could compute this ID by the SHA256(IP + secret salt). Since way one function don't allow you to recover the IP, the ID is not PII. If you detect an IP which has bad ID the connecting ban that IP from the game. I think this respect the GDPR, you don't maintain a list of IPs or any other PII.
The second you use this ID to tag data you're sending over to the servers, that ID could easily lose any claim to anonymity for the purpose of the GDPR because the anti-cheat system vacuums up a vast trove of information. All it takes is one email "Re: Claim for Your Local Psychiatrist Bob" or a document named "John Doe Jr - First Grade Book Report.docx" showing up in the titles of your open windows (that many anticheat systems send to a remote server) and boom, that ID and all of the data attached to it are now a radioactive liability.
Any phone has enough computing power to just bruteforce a 32bit value in order to recover the original IPv4 address from a normal cryptographic hash in a practical timeframe.
The anticheat team at a videogame company might not know/care about this. This has definitely been the case with past European data privacy regulations.
Or it might be deemed reasonable. E.g. you may not film public road in the Netherlands because of privacy, but you may film the patch that your car stands on it if there have been car fires in your neighbourhood in the past month and you are concerned about your car.
Valves John McDonald recently gave a talk at Gdc how they use machine learning to combat cheaters in CS:GO. Quite interesting to watch.
https://m.youtube.com/watch?v=ObhK8lUfIlc#
Is this really open dialogue? Correct me if I'm wrong, but basically all of the methods that they mentioned are pretty standard stuff. They had a few interesting twists on these ideas, but in general, things like source code encryption and shuffling memory locations seem pretty basic.
Well I have to agree with op. Encryption and obfuscation started with early copy protection systems, even packers like upx offered that iirc. Measurements against memory manipulation have also been around for a while, I encountered them the first time when I tried cheating money in rollercoaster tycoon in 99 or whenever that came out. Obfuscating the network protocol actually seems more of a novelty than those two things.
It's a good article but I'd hesitate to call this "modern"; this is circa-2006 AAA title security. Serious content protection is significantly more sophisticated than this.
(I'm not an expert but I've done some anti-cheating pentests before, and have seen literally all these primitives deployed on old titles).
Most anti-cheat methods stop working once the details are known. As someone else mentioned, there was a talk at GDC this year about one of their anti-cheat systems. The talk got into a lot of detail about how this particular system worked.
Because they all do the same so there is no need to share that. Riot is a recent studio, other studios have been doing that for years. As for transparent approach I'm not sure what you're referring to, players don't need to know that kind of things, there is no benefit sharing that to the public.
1, 2, 3) Everything on the server. Server's version always wins. Server is the authoritative source. Granted, I have a mathematical advantage in the game's particular movement mechanics which makes this easy to get away with. The other game mechanics are also designed with facilitating this in mind. Corollary: The client is almost nothing and trusted with nothing. It's pretty much a dumb terminal for displaying moving things, syncing their motion with the server.
4) Scripting -- if you can't beat 'em, join 'em! We're going to publish an API to allow for user scripting. We plan on releasing the client as Open Source, allowing people to modify and extend the client.
5) Cryptographically hard RNG and procedural generation. If you want to know what's in Star System 7, Galaxy Grid 123987236-87324958, you're going to have to go there yourself. We don't even know ourselves!
Regarding #4 -- This is going to be a design philosophy. Anything we can't enforce, we will allow and co-opt into the game!
Essentially, treat the client as a client to the API that is the game and that presents the game world.
I like the idea of customized clients, ala WoW's add-ons back in the day. Looking at the screenshot in the article, the idea of treating visible weapon ranges as a cheat strikes me as less balance than artificial difficulty. (Especially considering how many games have exactly that feature.)
Very unfortunately what you explain here only work for very specific type of gameplay. For instance almost nothing works when you need to secure first-person shooter simply because it's skill-based gameplay where it's also very easy to cheat for the bot.
Nvidia has geforce now http://www.nvidia.com/object/cloud-gaming.html and people with good internet connection have been able to play FPS games. Granted, the latency and the FPS are worse than a local game, but surprisingly it is unnoticeable to many people.
#4 has introduced an interesting problem in the MMO space. By allowing scripting in WoW, players were penalized either because they couldn't keep up, or the general community would demand they run parsers to tell that they couldn't keep up. The vanilla experience was no longer good enough. FFXIV decided to ban any client customization in an attempt to avoid these kinds of toxic situations:
#5 is a bit of a double-edged sword, isn't it? All RNGs that I know of would require a shared seed value, and with procedural generation, you can effectively path any/everywhere in parallel.
You can always leave some crucial part or procedural generation on server-side too and impose some limits on how client can use API to it. E.g client might do any kind of heavy lifting (generation of terrain, etc), but code that handle important stuff (e.g PvE enemies, rewards) could be stay on server-side.
However, I prefer Supreme Commander/Total Annihilation-like games over the twitchfests like Starcraft.
We've made our client so dumb, even Fog of War is cheatproof. How do we enforce not seeing something? The data for those entities isn't sent. In fact, this is exactly the same thing as making an entity disappear. The entity's tag and movement info aren't sent, and so it's diffed out of the set of visible entities.
Same thing already done in spiritual successor for Supreme Commander/Total Annihilation called Planetary Annihilation. Basically there is authoritative server that work exactly that way.
Only downside of this is that when you have few thousand units on screen game will use abysmal about of bandwidth like 8Mbps for each client. So when there is 10 players in-game server-side must have these 80Mbps.
Oh and it's also used as replay / save system. Amazing tech:
Interesting. My bandwidth use is on the high side, but I have certain advantages. For one thing, there will never be more than 70 units on the screen, and all of the locally simulated objects are deterministic. I'm also planning a replay/debugging system based on the mechanism.
The game is 100% online. Could you have a piece of the networking protocol where the server sends little snippets of executable code over the network during the game that read some specific locations in memory, do some processing, and send the results back to the server in the next packet? You could do things like check the starting address and length of loaded dlls, or take the hash of some random span of machine code, or even random locations in the heap, all of which may or may not actually be verified on the other end.
You can use any number of obsfucation tricks to hide their purpose (if they even have one) and you could even randomly generate them. And since the server expects the response in the next client packet it would be literally impossible for a cheater to manually deconstruct them, and even be difficult for automatic analysis tools to have enough time to do anything meaningful with it.
You can reduce the security nightmare from the user's perspective by only allowing machine code that's on a tight whitelist. Allow it to read from anywhere, and only let it write to a dedicated little sandbox area with e.g. fixed addresses.
If you restrict the machine code it makes it that much easier for me to write an emulator to execute your machine code and return the result. It might even be trivial. It is a never ending Ouroboros. You build a more clever mouse trap, I will design a more clever mouse. If I have all your code and am running it on my computer it will be a matter of time before I can back out whatever obfuscation or technique you are doing and undo it. You may have some hope in network delivery of graphics only. If I am not running the game client code, and just streaming the game from one of your servers, you have a chance at keeping your client safe.
I think you missed a part. Namely that "It is allowed to read from anywhere". If it can't write anywhere but the sandbox, that just means it can't modify the game dynamically, just read its state. Which is plenty to verify whether the client has been hacked anywhere. You can read spans of .text to check whether code has been modified, you can read heap locations to check whether the state of the game is valid, and you can take all of that and hash it with a random seed included in the packet to set a high bar on the speed of any emulator. Your emulator would have to dynamically check every access to make sure it doesn't touch anything that has been tampered with, and change the reads to read from un-modified sections, while allowing it to view everything else accurately. Seems like a high level of effort for the cheater, for a low investment from the developer.
I see. The problem is the server needs to know all of the values it expects. And if the server knows the values a cheat can figure them out too. For example, a cheat could hook OS functions and report on values in certain memory regions (e.g . the games loaded .text as some cached values). Same with reading heap locations, hook the memory read functions. Computing a hash doesn't have to be emulated, though, right? A cheat can just compute it with whatever data /should/ be there for the game state. This also means the questions the server can ask of the client are ones it can somehow model. So, this is imposing potentially restrictive requirements on any server software if it needs a non trivial mapping of the client's memory. I have chased down a lot of really bizzare and non-deterministic packers and cheat software like this and ultimately you can only make things so difficult due to Rice's theorem. To truly detect cheating you would practically have to run all the computations my computer is running, at which point you might as well just stream the game to me instead of letting me install it and run it on my computer. These sort of "check for a known good state" things can almost always defeated by appropriate function hooking. Ultimately, my computer is a hostile environment for your game and I have complete control of it. The traps a client running can only be so elaborate. I do agree things like this will take some time and increase the skill required to take them apart, but you would be surprised at how much harder some CTF competition reversing problems are compared to a scheme like this, I think.
I think what you are getting at is that it's impossible to 100% fully prevent cheating. This is true, but I don't think that's the goal; the goal is to make it difficult enough that it's not worth the effort. The value gained from cheating in a video game is low enough that the vast majority of people would not be willing to go through such lengths to do so.
The average user doesn't have to go to such lengths, they just subscribe to a cheat company that does. That's literally how it works today. Cheats are big business.
Okay, but my comment still stands: You don't need to make it impossible, just hard enough that it's not worth the effort. This applies whether we're talking about individuals or companies.
As an aside, I don't know anything about the market for game cheats. Do people really pay a significant amount of money for that?
People are diligent enough to crack Denuvo's wall-of-VMs approach for free, even though it takes 6-12 months of work to do it. How much effort do you think people will put into it when there's money on the line?
People pay enough money for cheats that cheat makers have their own pretty intense DRM set up to make sure they get paid. You're probably looking at $10/month for something entry level, going up to $50 or $100/mo for something exclusive (that will take longer to get you banned).
> The value gained from cheating in a video game is low enough
Many people made serious money botting MMORPGs and selling gold. It's so prevalent it accelerates the inflation of the in-game currency.
If people make it too difficult to hook into the client, cheat developers can always reverse engineer the network protocol and make their own custom client. This bypasses all client-side annoyances. They might even create a headless client that can be run on servers.
A sandbox can be a virtual machine, for all practical purposes indistinguishable from any "normal" computers ordinary players use. Of course this will lead to the never ending Ouroboros of more sophisticated detectors and more sophisticated virtualization, ad infinitum.
I've heard there are cheats that use hypervisors to stand above the operating systems and avoid kernel-level anti-cheats. I wouldn't be too surprised to learn about cheats that sit on a bus and use DMA to peek into anything they please (subject to the memory protections of IOMMU - again, this war doesn't seem to have an end) - they're probably impractical but not something that couldn't exist.
I never claimed that this would be perfect. All security, especially the kind we're talking about here and the kind mentioned in the fine article is about the relative effort that the developer and cheater has to do to create the obsfucation and work around it, respectively. Making debugging harder doesn't make debugging impossible, it makes it more difficult and take more time. Adding random cheat checks on every rebuild doesn't make it impossible to find and remove them, just takes more effort and time. I.e. how much time investment do the developers have to put into making the workaround vs how much effort it takes the cheater.
I'm just saying this could be a relatively low effort on the part of the developers to create and a relatively huge effort on the part of cheaters to work around.
I really want to believe all this effort better be spent into fixing cheating. Either by tweaking game mechanics so cheating provides no meaningful gain (and just gets boring) or by tweaking other participating nodes (servers or other clients) into not accepting situations that should be impossible.
The article goes over all of these things, and LoL already goes to many lengths to invalidate as much cheating as possible. Their servers already don't trust data sent over the network and verify it independently, they already don't send information to a client that it doesn't currently require to render the frame, like the hidden locations of enemies, they're simply not sent so "map hacking" is literally impossible. The article has lots more details, I would recommend it.
"If I have all your code and am running it on my computer it will be a matter of time before I can back out whatever obfuscation or technique you are doing and undo it."
sure try to undo a block-chain and see what happens.
The code will be encrypted with a unique key that will need to be registered on the server with your account. Change that code and it invalidates your entire build along with your account. case closed.
I think you are missing my point. This concept in client computing security basically chains back to the halting problem. You can't /know/ what I am doing with my computer. You can build a very elaborate trap / obfuscation and it might be hard, really hard, to defeat it or circumvent it, but it is a certainty that I can. The block-chain has absolutely nothing to do with client code security because it has a network enforced mechanism. What the grandparent was suggesting was running some nugget of code in a little VM (or actually on my machine), computing a result, and then returning the result to the server to make a security decision. The problem is I control that machine performing that computation and your security decision as the server is based solely on the computation performed on my computer. A skilled reverse engineer will just hook your code in the right place, intercept that security check and have it return the right bytes back to your server, while still doing whatever client side cheats they wanted to do.
https://en.wikipedia.org/wiki/Rice%27s_theorem <--- this is all about program behavior and did the user actually run the code you sent them. Block chain is about "did I possess certain data" (such as a private key to sign a transaction) and not about "did I run certain code".
You are absolutely correct, but it occurs to me that CPU designers could actually implement a kind of RSA style memory fetch instruction. The CPU would generate a public/private key pair, where the private key is not accessible by any means. The client would send the public key to the server, which would in turn encrypt the memory location(s) that it wishes to inspect. There would then be an instruction on client's CPU which would accept that encrypted memory location and return the contents, without divulging location. The CPU could regenerate the public/private key values for each request. I can't imagine defeating that kind of scheme without hardware hacks. The more that I think about it, the more I wonder why no-one has done it before, because it seems useful. Probably there is something I'm missing...
The answer, and it has dark implications, to me, is Trusted Computing. Never let the user have full control. Do this key exchange on a base OS or some other VM the user can never touch (e.g. Knox / TrustZone). Still, we can exploit our way to this trusted OS and MiTM there, but it takes much more skill. With Trusted Computing the base OS can more simply install a "spy" to keep track of a games memory / code to ensure it is only ever loaded and executed from memory that is essentially made read only after the program is loaded but before it executes. The trusted OS verifies the program code, the OS, etc, and if it all checks out, let's the code run. Of course it goes back to the halting problem, but if the programs memory is unexecutable and modern exploit mitigation is applied the game is now in a considerably sturdier mouse trap :)
A server can't validate the integrity of the game remotely. A program on the user's computer must do that for you. You're trusting that the program will do what you expect it to do.
All one needs to do is modify the program to make it always tell your server the build is valid. Problem solved.
What you describe is very similar to "Warden", Blizzard's anti-cheat system. I'm not sure how up to date this article is but it talks about how it works and approaches to working around it https://hackmag.com/uncategorized/deceiving-blizzard-warden/
It's pretty tricky to build a machine code validator to only be able to write and execute on certain areas... in x86, you have to take care of 'jumping in the middle of an instruction', that not only writes but also jumps are limited to your small area (because otherwise you will end up with something similar to ROP), etc.. I think Google Native Client did something like this, but it doesn't seem trivial.
On the other hand, a way to bypass it could be that, when you detect one of those "executable code packets" has to be run, you undo all the injection/hooks in the game (so that you are really running a 100% unmodified process), and let the executable code packet run. After it finishes (you could detect this by a timer, page fault, etc. which can be handled by a different process in a different address space), you inject all the hooks again.
So you're saying the cheater would have to run a duplicate, unmodified, instance of the game in parallel with the hacked version that the cheater is actually using, while correctly teeing networking traffic and mouse/keyboard inputs, and dynamically inserting the snippet results from the legit copy over top of the results of the hacked copy. That seems like a huge increase in level of effort from cheaters for a relatively small measure from riot. Seems worth it to me.
Nope, just like any other game state that will eventually have to be synced to the server the results can be synced later. But you can't just run it any time because it reads the state of the game as soon as it arrives.
I wonder if Riot would consider building the scripting UI they show into some kind of training mode. It's a bit like the argument that no one would pirate if they content was easy to get for a reasonable price.
If players could train with the spell range circles, skill shot path projection, last hit helpers, etc in a sanctioned way, I wonder how much this would remove the desire to seek out the cheating programs.
"I wonder if Riot would consider building the scripting UI they show into some kind of training mode. It's a bit like the argument that no one would pirate if they content was easy to get for a reasonable price."
Well, much like that argument being bunk, the idea that no one would cheat if it was for this is also bunk. People like getting stuff for free if they can, and people like winning, even if it means cheating.
> I wonder if Riot would consider building the scripting UI they show into some kind of training mode.
The game would probably be more vulnerable then, because now you have "cheat" scripts designed to work with the game.
> If players could train with the spell range circles, skill shot path projection, last hit helpers, etc in a sanctioned way, I wonder how much this would remove the desire to seek out the cheating programs.
People who cheat aren't trying to practice; they're trying to win games. There already exists a "practice mode" which lowers cooldowns and shows tower ranges. And it doesn't make sense to practice with cheats because it won't help you play the game without cheats very much.
>The game would probably be more vulnerable then, because now you have "cheat" scripts designed to work with the game.
That's possible. For example, World of Warships is a game where you fire big ship-mounted guns and must learn to take shell travel time and target relative velocity into account to hit moving targets. There used to be a cheat which did those calculations for you and showed you a reticle you could aim at instead. IIRC this cheat relied on code that existed within the game already and was just not used.
Dota 2. And Valve made 2 big swings of banhammer for using addons which implemented that (turret ranges to be precise) and model change for trees to become mushrooms (sound silly, but that way the path between them is easier to see).
They broke GPU passthrough setups as well at first. There was some community backlash and they rolled that back, and I believe they also mentioned they intended to work with the wine people on a solution for that as well.
That's unfortunate to hear that VAC looks for KVM. I was planning on moving my gaming partition to just a VM and using GPU passthrough. It's how I have my work PC setup, figured I'd replicate it at home.
Good timing, I am using my own AI (keras + tensorflow) stack to predict in-game hackers on ARK Survival Evolved with an AWS EC2 instance. Here's some background on the fully open-sourced stack: https://github.com/jay-johnson/train-ai-with-django-swagger-... with docs http://antinex.readthedocs.io/ I would love some players, but I'm still load testing how many players the game server can use + make real time predictions without impacting the game. Reach out if you want to try it out!
Message to EA: don’t try to be clever. Make simple query based bans, after the fact. Sift through the event tables and make trivial questions like if A killed B with a weapon that is not possible to use on the map - then he cheated. Check for ridiculous (not just suspicious) activity.
The cheaters that ruin games aren’t the ones that make players better such as discrete wallhacks. It’s the trolls that are immortal and flying. They blatantly cheat just for the response to their trolling, and they empty a server in a matter of minutes. But just because they are so very blatantly cheating, they should be quite simple to detect in logs too. If someone has 200 kills with an ammo box in a 5 minute round that’s enough to say it’s definitely a cheat. Yet these people do it over and over with NO obvious response to reports. Focus on THIS type of cheating (which is trolling, not gaining an advantage). Only after that look at more subtle cheating.
I'd love to see a game where cheating and scripting is the primary means of gameplay. By default the game would present a very simple UI but players would be encouraged to write and share scripts enabling varying levels and types of functionality.
As a game developer your job then would be to write interesting enough systems for players to exploit to come up with interesting gameplay. I can imagine a scenario where different Overwatch-style "classes" emerge all built from the same basic game elements.
"Pwn Adventure 3: Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That's because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you ready for the mayhem?!"
"Pwn Adventure 3 was originally during Shmoocon 2015, from January 16-18, 2015. While the CTF is now over, we are still running the servers in a limited capacity so others can try it."
Recently (last week or so), there has been a hacker in PUBG who is using a flying car. I had never seen this cheat before, EXCEPT in "LiveOverflow" 's YouTube videos of pwnadventure!
There was some excitement for Notch's 0x10c for a while, an open universe space game where you would have been able to program your ship's computer. But according to wiki:
> The game was eventually indefinitely postponed because Persson found several creative blocks, citing the main problem as "it not being very fun to play".
Not quite the same thing, but there were a lot of cheat-only servers in counter-strike in the 2000s with anti-cheat turned off (it's optional if you run your own server). Since it was all cheats vs cheats, whoever had the best ones won. The game servers were often very scriptable and modded as well.
Those servers are still available in CSGO too. 3kliksphilip recently did a video[1] with someone who plays on one. Interesting insight into the kind of player who cheats.
Neat. I used to love the hack vs hack servers. The cheats were a bit more primitive back then, so I imagine hvh isn't as fun nowadays since all cheats are very advanced... I remember when xqz2 first came out - the first opengl-based client cheat for the half-life engine. It was simply a wallhack at first, and evolved to a primitive aimbot I believe.
Anyway, they started to get pretty sophisticated around cs 1.4 or 1.5. The real breakthrough was the client aimbot which hooked into the game (using function trampolines) rather than opengl, and was instantly fast, but it was still a little inaccurate because it used hardcoded constants for offsets from the center of the player model to the head. It eventually got a bit more sophisticated with hitbox aimbots I believe.
The next breakthrough was "nospread" which basically allowed you to fire your gun with laser accuracy. I remember how it worked - to make accuracy random the game used a pseudo RNG which was seeded with the game's current tick, that way the spread was shared by both the client and the server. The cheat calculated the future spread by using the game's next tick (current tick + 1) for the RNG seed and setting the player's view angle to the inverse of that. If you watched the player, it looked like they had a shaky crosshair. You could be bunnyhopping around with any gun and get insta headshots with 100% accuracy. Each gun had its own spread constant so these had to be hardcoded into the cheat, and adjusted based on whether or not they were crouching or standing.
The last major breakthrough was "autowall," which would only shoot through a wall if it was a guaranteed hit. After this, cheats and hvh servers got more boring with marginal improvements only.
All of this got me into programming and I learned a lot, both about some game internals and operating systems. No ragrets
At this point it's less about the quality of the hacks, but how the players use them. Now that everyone can wallbang well map knowledge is extra important. You need to know where is and isn't safe to stand.
Wallhacks completely remove early game tactics too. Instead of having a game centered around information gathering each side is already completely aware of the game state. No being sneaky.
Sometimes people jokingly say that it would be cool if there was a second Olympics with steroid and genetically engineered participants. Concerns for player health and blah blah blah stops that from happening. Not in CS though! Crank the aimbots up to 11 and have em duke it out! I love it.
That makes sense. I haven't played in a hvh since 1.6 so I'm not up to date on the current scene. Back then, if you had the better cheats you basically outright won, it was an arms race rather than a competition. Good times!
You might enjoy old school TradeWars 2002, which you play over TELNET nowadays. There are all kinds of helpers (e.g., TWXProxy, SWATH), and there are some pretty sophisticated scripts you can run (e.g., MomBot for TWXProxy). Ice9 is probably my favorite server (http://www.oregonsouth.com/ice9/), and there are others out there.
Im not sure if this really fits, but you might enjoy Speedrunning. It can included a good portion of analysis of the game, including code analysis(if available), debugging, disassembling etc.
Not sure if this will scratch your itch, and I haven't really looked into it, but checkout https://screeps.com/ "The world's first MMO sandbox game for programmers"
Something like this, but I wouldn't want to deter non-engineers from playing or feeling inferior to engineers. I still want to believe that fairness can be enforced and different skills and strategies can be competitive, not restricted.
It is unfortunate a negative perception for cheats is so universal some countries are insane enough to make it into their laws. Call me names but I perceive computer game[1] cheating as something that surely has a positive part. A lot of games are all about exploiting their mechanics (also called "developing a strategy" or "looking for weaknesses") to... err... win (or not lose). Cheats are the engineering solution to this, sometimes dull and non-imaginative, sometimes beautifully cunning hacks.
That is, unless we're talking about cheating griefers which I feel must be considered as a separate kind of people. Trying to gain advantage is natural for any player, depriving others of their fun is not[2]. If cheating makes grief (besides envy!) to other players I believe it means that it's the game mechanics that are flawed for allowing this. At least it's treated as a bug in all other kinds of software engineering.
Of course I recognize network lag is the enemy and computational complexity is another, so at least for anything fast-paced developers just have to offload calculations onto endpoints, sure. But still...
Oh, and I think this should be certainly possible for games where players don't compete. It's not impossible to believe a game where you can cheat yourself into gaining all the treasures of the world but that wouldn't mean anything and cheater would just deprive themselves of the fun. At the very least, the trend to try to shove anti-cheats into single-player games disgust me.
_____
[1] I'm not sure about other areas of cheating. Although I think I wouldn't mind seeing Cheaters' Olympic Games, allowing humans with any aids, robots and basically anything that is physically able to participate. That would be fun and probably awe-inspiring to see.
[2] Can we talk about cheaters' moral codex, haha? Do unto yourself only as you would have others do unto themselves too and stuff.
Reminds me of my childhood playing ROBLOX on various Script Builder games where users on the server could script with Lua. It was basically a race to who could script admin commands and completely own the server.
I got my start with computers hacking ROBLOX as a kid! We probably met each other. I went by Shanethe13 / Aeacus back then. If that rings a bell, you should hit me up :)
I actually work in cybersecurity now, directly as a result of ROBLOX. Shedletsky came across some of my work a few months ago, and we reconnected over dinner. It's a crazy small world sometimes.
That’s awesome! Name rings a bell actually, did you have any places? I made one of the build a raft games back in the day [0], was great fun to build games on there. I remember sometimes waiting around to get on Sword Fights on the Heights to get in the same server as Shedletsky hahah!
Seems like this would devolve into a market for add-ons for your game. Let's assume that this game becomes popular. I'd claim that then most players would passively consume the leading open source solution(s), which are likely to outperform whatever any one person can do working in secret (or just tweaking the leading open source solutions). Software is copyable -- I don't think you can give a mechanical advantage to being the author of the software instead of a script kiddie.
As with any tool, it depends on the person using the tool.
Just because someone gave you a sword doesn't make you a swordmaster. You might kill somebody, but a real master of the tool, maybe even the inventor, is much more capable.
Someone who knows some piece of software knows when, where and under what circumstances it aids the most.
Which is why I pitched a modular Foss launcher/market to the Depart of Education for a 3d virtual training simulation grant. I never heard back from them...
It's about security training rather than gaming, but talks about using an approach where students were forced to cheat in order to pass an exam, as an exercise in getting into a mindset of finding the holes in a system and thinking like an adversary.
I am surprised people don't virtualize the game and do their analysis at a level that the OS and game can't detect. Ultimately, these games trust that the hardware they're running on behaves according to specification. That is clearly an unwise assumption. Cheaters may not be taking this path today, but it gets easier and easier as time goes on, and it sounds like they're not prepared at all. (Some other comments mention that current games look for virtualization software installed on the same OS install that the game is running on and fails the integrity check if found. I can't imagine that stops anyone actually determined to cheat. I imagine it annoys people that test their Docker images on the same machine they play the game on, though.)
Even if virtualization is detectable, you can also take the computer entirely out of the loop. The state of the art for aimbots seems to be reading game memory and applying synthetic mouse movements at the OS level. That is quite a blunt instrument to apply and I'm sure that no game has a major problem with this kind of aimbot. A more elegant aimbot would look at the video of the game, look for targets, and provide the necessary mouse movements over USB. At best, the only countermeasure is to make enemies harder to see or to learn some heuristic in mouse movement that differentiates the bot from a human... but injecting randomness is straightforward and nobody needs a 100% accurate aimbot anyway. The pros destroy you with 30% accuracy.
Finally, it's unclear if there is even any advantage to be gained by cheating. If you want a higher rank in a competitive game, you can just pay someone to play on your account. From what I've read on Reddit... many of the people offering these services are apparently professional players. No anti-debugger hook is going to detect that.
It should be interesting to see how this advances. While games that rely solely on mechanics or information hiding are clearly doomed in the long run, it's probably good news for the rest of the software industry. What is your cloud provider really doing? Is your own software compromised? The tools used to cheat in games will be quite valuable in answering these questions and protecting your users from people that actually have something tangible to gain from these actions.
IMO games should encourage ergonomic aids. Why allow the UI to be a limiting factor to how you want to play?
For example people used to talk about APM in SC2 as a sort of measure of how good someone is. Why should that be? It's a strategy game. Imagine if you could express your ideas effectively into actual game actions?
>IMO games should encourage ergonomic aids. Why allow the UI to be a limiting factor to how you want to play?
For the same reason that sporting organizations regulate the equipment allowed during play - the make sure the playing field is reasonably level.
>For example people used to talk about APM in SC2 as a sort of measure of how good someone is. Why should that be?
Because dexterity has historically been a basis for comparison in recreational competition.
>It's a strategy game.
It's a real-time strategy game, which is an important distinction. Chess is a strategy game, and by its design guarantees each player an equal number of moves. SC2 is a real-time strategy game which makes no such guarantees, and if you have the dexterity to execute your strategy faster than your opponent can respond to, you should be rewarded for that.
>Imagine if you could express your ideas effectively into actual game actions?
Imagine the cost of such an interface in today's society, especially compared to a regular USB keyboard and mouse. Now imagine you're a game designer. Do you want to build a system that explicitly favors those rich enough to purchase the best equipment, or do you want to spread your playerbase as widely as possible?
Perhaps in another few decades, we can start rewarding the people with the "best" brains, but as long as we exist in meatspace, people are going to want to test their meat-skills against each other.
> Imagine the cost of such an interface in today's society, especially compared to a regular USB keyboard and mouse. Now imagine you're a game designer. Do you want to build a system that explicitly favors those rich enough to purchase the best equipment, or do you want to spread your playerbase as widely as possible?
While I kind of understand the Ready Player One-esque issue here, I am thinking that most ergonomic aids would look more like software plugins for WoW or EVE than professionally developed HCI hardware.
If I were to be leading a game I'd just make it a requirement that tools were opensourced (hard to enforce in reality tbh) but at least that would help.
(As a former high level StarCraft / SC2 player / caster).
It's not chess. That's why.
There is a real physical aspect to the game. Training your fingers to hit certain combinations quickly to execute build orders, and mix in micro is key. Pro players use hot packs to warm up their hands, or glasses to aid their eyes.
The game developer takes a lot of care to ensure the UI / hotkeys / peripheral setups are optimized for pro players.
Using external tools to defeat this setup simply isn't fair and diminishes skill built into the hands and muscle memory of players. Even at a mid-level of skill, people learn simple combos. For example, a Protoss player hitting "4+e" because that's where they have hotkeyed all their Nexuses and e is the hotkey to build probes.
At the end of the day, "skill" is a meaningless term except in the context of a specific game. If Starcraft 3 came out tomorrow with no macro mechanics, no activated abilities, a pay-as-you-go economy rather than a pay-up-front one, then APM would be much less valuable and "skill" would mean something completely different.
Overwatch has this issue right now where players are complaining about Mercy, a character who is fairly simple to pick up and can provide a lot of value. What they ignore is that she was intended to be that way, and that the "skill" Mercy introduces is not lightning-fast reflexes or similar, but the strategic response to her presence.
I'm not campaigning for SC2 to be changed. But players' definition of "skill" generally shouldn't be trusted. Skill is what wins.
Many responses are saying the same thing, so I'm going to respond to you ...
> It's not chess.
I agree it's not chess, and chess often has a time component to it. The realtime nature of a game doesnt mean you should have to be able to "move" in realtime, IMO it would be superior if it tracked more closely to your ability to react, intellectually, in realtime. That is, real time thought more than realtime motion. Ergonomic aids would help people to convert their thoughts into real game plays without limiting them to their body's capabilities. But I also admit this is my opinion and it's clearly an arbitrarily decided dividing line between how much should a game be about myelinating certain move patterns (spread out troops, cast a spell, select production groups) and how much a game should be about quality of thought in realtime (I see he made units X, How am i going to respond? I have many minerals, should I spend them on tech or units?) ...
With enough mechanical aides, the game balance breaks.
For example, SC2 has a very cheap unit called the roach. When burrowed, it can't attack, but regenerates health incredibly quickly.
It's trivial to write a cheat that will, whenever one of your roaches starts taking damage, causes it to burrow, and whenever it stops taking damage, unburrow.
The unit is balanced around human control - no human can, with perfect accuracy, choreograph burrows and unburrows of individual roaches in a pack of ~60.
With such a cheat, roaches punch way above their weight, completely breaking the rock-paper-scissors balance of the game.
I do not deny that the game mechanics would vastly change. The strategy would shift away from "How can I micro these roaches" vs "How can i effectively attack burrowing/unburrowing roaches" to "How can i ensure I get roaches" vs "How can I frustrate/prevent my opponent from getting them in the first place"... As an aside, ANY change to a game is going to disrupt the equilibrium in some manner and I assume would require human intervention to re-establish a "fun" gameplay.
Which is trivial for any skilled player, because they are an incredibly cheap, low-tech unit, and passive base defenses are currently very good at fending off very early aggression.
> As an aside, ANY change to a game is going to disrupt the equilibrium in some manner
Yes, and sometimes, the equilibrium settles on an incredibly shallow, uninteresting game-space.
StarCraft is a game of a number of rock-paper-scissors cycles, all operating at the same time. Greedy expansion - versus rushing versus safe plays. Economy versus army versus tech. Roaches versus marauders versus zerglings.
Sometimes, due to patch changes, poor balancing, or because player skill improved, the game ends up stuck in a quagmire, where the risk/reward ratio for many of these options is completely out of whack. The game stagnates, and becomes incredibly unfun to play, and to watch.
Throwing a wrench into balance, by allowing auto-scripts, which have an incredibly uneven effect on the different units, mechanics, and races in the game is far more likely to push it into an unfun equilibrium, then a fun one.
Yes, but keep in mind this idea and thread is not about SC2 specifically. It used SC2 as an example of the class of games that I personally believe I would find improved by removing the mechanical aspect of the game allowing me to focus on the fun part -- Making decisions and giving instructions patterns more than "micro"
> I do not deny that the game mechanics would vastly change. The strategy would shift away from "How can I micro these roaches"...
It's kind of off-topic, but you will lose horribly if you actually try to win games on micro alone. People talk a lot about micro because it's flashy, but it's really just the icing on the cake. The pros can spend all their time showing off their icing skills because they all have solid macro underneath.
When I played in WoL, you could make it into master league (top ~2% of players) by: ensuring you were never supply blocked, spending all your money, scouting your opponent, and building counters. If you were efficient, you could do everything you really needed to with an APM of ~50.
Is it, though? Sirlin's scrub is a strawperson player that will not adapt to any changes in the game, instead asking that the game itself is changed to suit them. Running cheats is the ultimate scrub move - you change your play experience asymmetrically to benefit yourself rather than practicing at the game as offered to get better.
There are a ton of interactions in games that are degenerate if performed at TAS level. These aren't areas looking for disruption; they're just impossible to perform with human inputs and they confer game advantages that are not surmountable by non-assisted players.
The speed running community segregates TAS content from played content specifically because of this. You will not beat the robot that can perform a 60 input 1 frame trick that gives you a .5 second time save.
>Is it, though? Sirlin's scrub is a strawperson player that will not adapt to any changes in the game, instead asking that the game itself is changed to suit them. Running cheats is the ultimate scrub move - you change your play experience asymmetrically to benefit yourself rather than practicing at the game as offered to get better.
That's a fair point; I agree. But the ancestors are debating a scenario with sanctioned mechanical aids. vkou classifies them as "cheats" above, but I humbly suggest that he used the term improperly, given the context.
Also, remember that we're talking about RTS games, which have an S component as much as they have an RT component. OpenAI can beat Dendi in the early phases of solo mid, but can a team of AIs beat Navi in a full game of DotA? Perhaps they will eventually, but if they do, it will take a whole lot more than just reaction time.
> but can a team of AIs beat Navi in a full game of DotA?
Yes it can, especially Na`Vi (Dota-reddit jokes that AI won't play with Na`Vi because developers want to test AI with a pro team). There were matches with pro players last month. Players say that mechanics in 5v5 fight are perfect and the global strategy is there.
I won't say that the strategy has many states in Dota: it's the items and position on the map (by choosing one of the objectives).
It's not ready for the real Dota 2 tournaments though: AI was trained for the specific 5 heroes.
What about tanks on high ground and out of reach? What if the roaches have to funnel through a walled choke guarded by some MMLib as well?
That might seem contrived, but there is a player whose job is to contrive it!
No, I don't think the next patch should include "improved" roach AI. But deep strategy games like Starcraft tend to have multiple levels on which to do battle, and you can often nullify an opponent's insurmountable advantage on one level by doing battle on another level. I honestly think that if super-roaches like we've been discussing were patched into the game, with no further changes made, winrates would stabilize around 50% in a few years (assuming everyone hadn't quit in disgust).
Now, that might not be the game you'd want to play. I'll freely admit I wouldn't want to play it. But that's you and me---perhaps whoever's into chess would love it. And "This would no longer be fun for me," while perfectly legitimate, is a very different claim than "the game balance breaks."
> ...deep strategy games like Starcraft tend to have multiple levels on which to do battle...
That's exactly the point; the "other levels" are macro, micro, and multi-tasking--the "realtime" components of an RTS game. (I consider positioning and scouting a factor of micro and multi-tasking respectively.) Those are the facets of the game that let you take two equally matched strategies, execute slightly better than the opponent, and thereby eke out a gradually compounding advantage.
If you remove those, the "deep strategy" of starcraft is basically just doing the one or two counterplays that you obviously need to do to survive. "He built too many early game marines so now I build banelings or I die." The strategic "if he does this, I'll do this, but then he'll do that" decision tree is very shallow in a game like brood war or sc2.
> What about tanks on high ground and out of reach? What if the roaches have to funnel through a walled choke guarded by some MMLib as well?
Then I'll be forced into one of a small handful of tictactoe-like responses: brood lords, vipers, doom drop on top of your army, or pull you apart with muta/nydus multi-taski... no wait. Just the first three options I guess.
I don't understand why you're so intent on doubling down here. There are other strategy games out there that focus on strategy more than micro mechanics. Why not play those instead?
I don't think "I want to play Starcraft but without micro" is a compelling argument for changing Starcraft. I actually think it's pretty selfish to make these demands. It's a reasonable premise for finding or even creating a new game.
SC2 was simply an example. Clearly this is about the set of many RTS games more than just one game. And to be upfront, yes, "I want to play Starcraft but without micro" is a decent representation of my gaming desires.
I may just go ahead and make such a game sometime and, I suppose, we'll see if anyone likes such a game dynamic. It would definitely introduce a very meta game where creating and tuning your "loadout" could matter greatly.
Games aren't really about getting you to solve a problem, they are about making something fun. Making something fun is a lot easier when you control the UI completely. Letting the users build their own UI places a lot of constraints on what you can build in the game and still be fun.
StarCraft is not just a strategy game. It is a real time strategy game. The focus on real time is why APM and micro etc are so important. Broodwar is my personal favorite game, on the surface it is easy to not know video games can be physically taxing.
APM was certainly an impressive stat that conveyed the level of athleticism required for e-sports.
Of course, you're right, if the goal is who can strategize the best then APM shouldn't be a factor.
The playing field needs to be level though. Perhaps something like Formula 1 or Le Mans racing will develop for e-sports where people are allowed to fine tune their input with custom code with certain regulations for those inputs.
Great write-up. I'm my job we spend a lot of time dealing with hackers and cheats for our mobile and PC games.
We tend to see similar exploits across all our games (memory hacking, fake IAPs, etc) which lets us build an armoury of anti-cheat tools.
What I find most interesting is where hackers don't focus their attention. It took almost 4 years for them realise the encryption key for our assets was easily accessible using the 'strings' tool in Linux - once they found it we had a busy few days stopping modders from impacting legitimate players.
You're probably dealing with newbie reverse engineers, do you work for a triple A game publishing studio or an indie game shop? People who want to "mess" with games are usually doing it so that they can make a lot of money from it and therefore hunt big triple A games...the people I've seen do proper reverse engineer on triple A game to bypass ie. Blizzard's anticheat in World of Warcraft now all work for big "anti-virus" companies
Cheat, anti-cheat, antivirus, malware, and to a lesser extent debugger and profiler. All these tools are going after each other in the same territory: monitoring a certain system activity to report or intervene. To me, it looks that all these functions are traditionally in the realm of operating system. Are we going to have a new middle layer or a new OS architecture for catering things like this? I'm curious.
I wonder, given that nowadays access to vast amounts of computing power on demand is easy, if it would be effective to generate unique builds for each and every player. Just like they already do, but tailored for each downloader. Which would get tied to an account, and to a given fingerprint.
I think he's implying a cheater's injected DDL would be tailored for a specific build, so if they shared it with others, it would be ineffective. And not only that, but based on how the Cheater.DDL is targeting the build, they could identify the account that made the cheat.
If I tell you right now that every single digital dollar will need to include the finger print of the digital printing press that created it. How would you be able to forge a new one without that fingerprint? You can't because every time you alter the digital dollar you create a new fingerprint that does not match the original digital printing machine.
This fixes a lot of problems with altering code and and extensions and modding. Does not fix memory changes but it can make it quite difficult because each memory change would have to be validated against the original fingerprint already registered on the server for your particular build.
I have talked about this in many occasions to developer and they also agree that a blockchain to maintain a unique fingerprint of the game is very good to deter many attacks to modding and extensions to code, no matter the platform.
Does it hinder Linux gamers who are using Wine? A lot of such anti-cheats can't figure out when Wine is used and ban Linux users. Some also ban custom D3D implementations like DXVK even if they are really correctly implementing the API.
Can't speak for Wine users, but VMs are working now. The workaround was found within days of the patch (they were just checking for the CPU feature "hypervisor"), and they actually ended up rolling back that check due to the community response.
> We block this very common technique by making sure that when the value is changed by taking damage, the value is actually moved as well.
> To introduce more entropy, we also made sure that each value uses slightly different encryption.
> At compile time, a randomly selected type of anti-debug check is inserted into each of the locations where a check was requested in the code.
Ive always wondered where you store the key that decrypts code at run time. On phones and DVD players the key is stored on hardware but it does not seem like an exe has this luxury.
If its out in the open it sort of defeats the purpose doesn't it? If you know the key + encryption scheme you could decrypt all the .text in a single pass.
One of the things I'm not seeing is what kind of statistical data they're collecting and storing for prevalence of discovered cheats/scripts/bots, on a per-ISP basis. Since they know and log the IP that every user connects to the game from, they can certainly profile it down to at least as granular as the individual /24. For example if there's a college dorm full of students where somebody has shared a recent script/bot, the behavior could be correlated between time, place and IP.
Thereby allowing them to develop IP space reputation lists that contain the relative likelihood of bots/scripts being run (sort of like SMTP spam RBLs, but not an all-or-nothing, more of a weighted distributed reputation scale).
There is also a league of legends mobile android/iOS app. If you set it up to require location permission, they could begin to correlate the physical location of cheaters with their specific IP block. For example if somebody is at home on their wifi, their phone is connected to their home router, and their desktop PC with a cheat script are all going outbound to the internet through the same NAT, and coming from the same /32 (in ipv4) address.
I'm willing to bet that if plotted on a map you could develop hotspots. Of course they would also match the density of players in general. But perhaps certain trends could be identified.
The best way to prevent cheating is by streaming games. Game streaming services are the future of multiplayer games. Edit: I mean cloud gaming like OnLive, not Twitch.
Aren't there massive video latency issues with this? People spend tons of money to get the absolute best frame rates and monitor response times, I can't imagine hardcore gamers wanting to have tens of ms additional latency in their gaming.
You can have real-time games whose mechanics are designed around latency. My game is one example. In fact, I would assert that for now, you have to design around latency in real-time multiplayer games. Until round-trip latency for your entire userbase is below 40ms, it will be an issue.
I'd say 30ms, not not 40. Because a single frame is 16.6ms, so 30ms round-trip would bring one-way down to below one frame of latency (potentially with a small amount of jitter).
It sounds surprisingly high, but a lot of the population won't notice 40ms round trip. Some of it will know. It also depends on the game's mechanics. Not all games are FPS. Not all games have action significant down to one frame. Some of my favorite real time games involve making decisions about once every 5 seconds which will result in a turning point in another 15 to 30 seconds which will get you killed or leave you victorious.
> I would assert that for now, you have to design around latency in real-time multiplayer games.
Yeah but I believe they mostly do that with client-side rendering using the graphics card, and then reconciling that with what the server side "thinks" things should look like.
That sort of thing wouldn't be possible if you're just working with a video stream.
Doubtful. It just so happens that a well known intro to neural nets focuses on controlling GTA using only on screen data and simulated keyboard inputs. That basic principle is valid for any game and can be improved to an unlimited extent.
Furthermore, approaching the endpoint as a dumb video terminal is very limiting, almost any real time 3d game will have visible latency on almost any internet link. At the very least, mouse movement needs to be local, menu navigation, ideally also panning in response to user input. That means some game state will be available for a cheat.
Essentially, my game system is the low tech version of this. The game is just a dumb terminal for displaying moving objects, which are syncing to info streaming from the server. It's so simplistic and dumb, we can even enforce Fog of War. When an entity disappears, its tag and move information are simply not sent. The client then diffs it out of the set of visible things.
Any reasonable multiplayer game works like this. They mention it in the linked article: "We don’t share the state of other players if it doesn’t need to be shared, so we can avoid common cheats like “map hacks”. Essentially the client only has the information it needs to show the current state of the game.
The problem is then that the state available to the client (like position of entities) is easily accessible in memory unless you implement some of the countermeasures they describe.
Streaming (as video) makes this harder as you'd then have to rely on visual information only. While this of course is also solvable using CV, it's a lot harder than looking at memory directly.
The problem is then that the state available to the client (like position of entities) is easily accessible in memory unless you implement some of the countermeasures they describe.
Not a problem for my project. If you can't see it, the server isn't sending you anything.
Here would be my solution: Either you don't have headshots, or you make aimbots a part of the game. Publish an API to let users have aimbots. Measure aimbot-ness by speed of aim, and have that status effect another stat, like "shield." ("Cranial shield feedback?") Manipulate that curve, such that the penalty only really kicks in for the truly superhuman.
Now 1) You've motivated the cheat-writing community to try and imitate very good human players, but no better. 2) Your game's mechanics de-emphasize the style of play that would've made aimbots op, making it just a player choice.
Latency to the server will always be higher, but player to player will be lower if server to server on the backend is better. Which has less latency? P2P from California to Europe or latency between streaming servers in California to Europe.
I totally see how streaming - and letting everybody be able to see your stream - would help the cause, but the sheer amount of players make this method quite ineffective. Yes, if it's one individual making good money off it; No, if it's pesky script kiddies ruining the game expierence.... I would think.
What I wonder is how the encryption keys are stored. There are obvious ways to obfuscate keys, but at decryption time, the keys need to be exposed plainly in memory, don't they? So how do game makers like Riot prevent debuggers from discovering the keys and revealing them to everyone? Does every player have different keys?
A good solution will not only generate keys for each player, will even generate different keys for same player each time that player starts a new gaming session. Start game->generate keys for session->play game->throw keys away.
Even if they move a memory value when it's changed they still need to have a pointer somewhere to it's new location. If you can find that pointer you can still read/write at will. This is actually one of the things covered by Cheat Engine's tutorial.
I wonder if there is any defense against adversaries that use computer vision and just digest the actual raw images and overlaying information, so there aren't any hooks into the software itself.
All anti-cheating techniques are fallible. It's impossible to build a perfect cheat detection/prevention, just like it's impossible to build something that will always detect all malware, etc. The client code is always going to be on the player's computer and has to execute on the player's computer. There's no way around that.
You can't guarantee effectiveness, but you can make it very hard to reverse engineer and circumvent, and you can constantly change techniques so that adversaries need to put in more work. It's an ever-evolving cat-and-mouse game.
One of the things coming out of this is that legitimate coding within a game (for example teaching children how to code - a very important point for me at this point in life) is almost out the window
I love minecraft for their RPi version but beyond that, I don't know of any games that have that kids pull and can still be taught
it's something like "we used to turn on a PC and see a command line. now we have to jailbreak something"
Is this approach similar to ones used in VAC (valve) or easyanticheat, or battleye?
Some of the above are notorious for consuming client resources. Easy anticheat is known for banning players in unrelated games that they cheated on. (E.g. cheat on pubg, get banned in a different game that you didn't cheat if both games use easyanticheat)
This is a great writeup but I'd love to see how 3rd party anticheat programs work
I don't know much about OS X except that they use the Mach-O executable format (unlike PE in the article), but I know that the ELF format as used on Linux and many other unixes is similar in that it also has a section where the code resides, so they can encrypt only that part. And inserting checks into the code is also portable of course.
It would have been interesting if they had talked about different platforms, but alas, it's quite a superficial article...
What great insight! As a developer I wonder how you implement such methods and still be sure the code runs at desired speeds. Benchmarks?
I'd really love to see the workflow of implementing new behaviours. I mean... incremental decryption of distinct pieces of code during execution seems so tough to thoroughly test! Not to speak of debugging... I am genuinely stunned.
I wish to see how they dealt with the overhead because of all the encryption, checks etc. performance-wise? I know LOL is quite an old game so they mastered these points. I am especially curious because lately I play PUBG and when PUBG does something about cheat it effectively kills performance.
I got into developing by modding doom with a hex editor. Giving my SimCity virtually unlimited money. Cheating in a video game is fun and standard practice in my opinion.
Cheating in single-player games is absolutely fun and a good way to introduce oneself to reverse-engineering. The key difference, though, is that cheating in multiplayer games can directly (usually negatively) impact the experience of other people playing the game.
Sure, but in a single-player, local context: do what you want and experiment.
League of Legends is a multi-player game, and a competitive one at that: you having fun by cheating is likely leading to another player not having fun, which is bad for the game (and Riot as a revenue-generating company!).
It definitely is. I had tons of fun cheating on RuneScape. There were (and maybe still are) more than 3 botting platforms with friendly APIs for writing scripts. Being a computer savvy kid I wrote my own scripts, tested them, ran them overnight... It took Jagex nearly a decade to ban me.
I wonder if there's an optimization to be made about tolerating a minimum amount of cheating while being vociferous about the countermeasures? Along the same lines as "no such thing as bad publicity", having just enough cheating to piss off a few people and getting them to talk about it and the countermeasures seems like a great way to get free advertising and game engagement of players just curious to see who is cheating or the drama between cat and mouse.
You won't find any companies with competitive online games that turn a blind eye to cheating. If you consider a game with a cheater as being ruined for the other players, a very small number of cheaters can ruin games for a large portion of the players.
For a rough example of how the math works, let's say we have a game that is 5v5. If we have 100 players, 1 player cheating, and everyone plays once you end up with 9 players having their game ruined. That's 9% of players impacted by having 1% of the players cheating.
> You won't find any companies with competitive online games that turn a blind eye to cheating.
My experience is a little different: if I buy enough in game shizzle (be it free to play or games like WoW with a buildin store), I get away with murder.
> For a rough example of how the math works[...]
IMHO You are right about the math, but use the wrong parameters. Many game companies that accept additional currency actually allow their moneymakers to "bend the rules". No hard data, just my individual observations while using "tools" in different settings.
I'm not suggesting they tolerate it completely. Just that they make the game slightly "cheatable" then counteract it enough for there to be a known controversy.
No one is intentionally making it possible to cheat in their games. Cheaters and cheat detection/prevention are in a constant arms race. You can't just allow a little cheating. The people that develop cheats will share them and those cheats become more widespread.
Your whole argument is also based on the idea that there is no such thing as bad publicity. This is incorrect. If your game gets a reputation for being full of cheaters then people will leave your game and probably not come back. If the first time you hear about a game, all you hear is that it is full of cheaters are you going to head out to the store to buy a copy?
How is it different than today? The game is slightly cheatable (scripters exist) and they are counterating it and getting some publicity out of it.
Being so good at anti-cheat that there is nothing to talk about seems like something so far away it's not worth thinking about.
But that said, I doubt the gains from allow "controversy" around cheating would outweigh the benefit of not having any cheating in the game. Not having cheaters is it's own talking point. Withing the competitive gaming community, cheating is already a major talking point and having little to no cheating is already a major selling feature.
That seems like a good "wonder", definitely not deserving of downvotes.
I'm pretty sure I want to play games in which there is no cheating though.
You could do handicapping, so in an FPS rather than allowing wallhack lower players get a call from control "someone is closing on your position [from the North"]". Or new players are 'fresh' and can move faster. You need to weight it very carefully though.
Yeah the downvote has become the "disagree" button sadly. I remember playing GTA-V on PS3 and early on people figured out some sort of (seemingly) underflow attack where they got billions of in-game cash, traded and gave it away, and were eventually wrangled in by the mods. I wasn't harmed by this, I thought it was ingenious of whoever found it, and got a good chuckle at the moral judgements the pregame messages displayed, for a game whose theme is utter debauchery. Other "cheats" where people found holes in solid objects and glitched to hiding places were pretty clever too.
I think cheating is kind of funny as long as it's not widespread or required to play the game enjoyably. I think anyone who gets offended about it is taking their video games way too seriously
I'll go on the record that I downvoted because I'm so tired of the constant drone of comments suggesting self-sabotage as a would-be dark pattern. If someone actually put a lot of effort into developing the idea, that might be interesting, but I just don't feel like "What if you shoot yourself in the foot for the publicity?" by itself is a substantial comment. It's a fill-in-the-blanks theory so unlinked to any particular phenomenon that it gets applied to everything.
For another example, somebody yesterday suggested that Amazon intentionally broke their website on Prime Day for the publicity. I downvoted that too. I do disagree, but more than that, I just don't think they add anything.
I don't know how you could possibly get that from "I'm so tired of the constant drone of comments suggesting self-sabotage as a would-be dark pattern." What I'm saying is that without a lot more development, there's nothing to suggest that this putative dark pattern actually exists. There is no reason to believe that self-sabotage is a beneficial act, but people constantly suggest it as one based on some magical thinking around "publicity." It has more in common with a conspiracy theory than anything else.
It's done all the time in the entertainment industry so it wouldn't be surprising to see it leveraged here. And even if its not being employed overtly, another way of interpreting my message is that these companies receive a net positive just by being in the "controversy" whether they intended to or not.
I have heard a lot more about the PS4 platform from all the clever hacks people have come up with than I have about the 360 or xbone, and if I were to buy a console it would likely be a PS4.
GTA V's online mod is the reason why it's still on 5th place by current users in Steam. R* is selling virtual cash for it, so this type of cheating is hitting their revenue.
Cheating is incredibly toxic in the community, even a whiff of it and people start labeling each other scripters etc. Riot does a lot of work to make their community suck less, lots of player leave or drop engagement because the community is toxic. With that in mind I'd imagine the optimal amount of cheating is less than what they can achieve.
We must have encountered very different online games and communities. Plenty of MMO's seem to have survived well known and endemic cheating without any additional toxicity in the community. No more toxic than the fake outrage when someone loses a loot roll in a dungeon or a pvp round. The "communities" and games usually seem brimming over with toxin with or without cheating. It's a good part of why I now avoid anything multiplayer.
Few seemed to actually care if the srever's elite guilds were using no wall hacks to get loot or someone was running with 6 chars receiving identical input, or botting their dailies overnight.
The toxicity comes from the focus on competition and the lack of repercussion when misbehaving. A guild kicks you out if your negativity annoys too many or the wrong members, whereas matchmaking has an infinite supply of teammates to abuse.
I agree with you that adding cheating to the cocktail of toxicity would probably not be significant enough to lose a large group of players. However cheating may yield a competitive advantage too large to be overlooked by the players.
Personally I used to get more annoyed by queuing for a matchup and someone dropping so we're in a team one short, or by poor matching than cheating which was usually more of an eye-roll moment for me.
Resolution would have required GMs using a (temporary) ban hammer to bring some repercussion to all the toxic reports in the chat logs, not just headline anti-cheat sweeps and very rarely during tournaments. The resulting toxic anarchy seemed the obvious and inevitable result of games ignoring just about every behaviour. Which is why I voted by removing my wallet. :)
See you removed your wallet though, they'd rather you didn't remove your wallet at all, they'd rather you vote by reporting toxic players and keep your wallet around. ;)
They will spend a few weeks/months detecting cheaters, but do nothing.
Then, they will ban many users of a given cheat at the same time. This creates press, which helps the message of "you will be banned if you cheat" spread further than if they had immediately banned each offender.
I'm not sure Blizzard does ban-waves for press. From what I've heard, they (and many other developers) ban in waves so it's harder for cheaters to establish causality. "I did this thing and got banned, therefore avoid doing this thing."
In CS:GO, if you play a lot of the non-rotation maps (hostage etc,) and are high MMR you will quickly learn who is cheating. Many of them are the same people on many accounts, and you will learn who they are quickly. Personal experience.
It's bad enough that cheaters, after getting banned, will come to the game forums or reddit and make a ton of noise about getting banned "for no reason". All too often, you'll have a few people (though most of them probably on puppet accounts) that jump on the post and spread lies about Riot banning people for insignificant infractions, when the real cause was cheating.
I sorta miss the way cheat codes and exploits were seen back in the long ago days when I started gaming. They were fun little easter eggs and things to mess around with if you got stuck and couldn't progress past a certain point. Or just weird things to have fun with. Of course, pretty much everything was single-player, so it didn't impact anybody else if you wanted to turn on no-clip mode to get around some pain-in-the-ass jumping puzzle in Half-Life, or spawn a nuke-launching spaceman in Age of Empires. And the hours and hours spent button-mashing trying to get new and unusual finishing moves in Mortal Kombat...
>We don’t share the state of other players if it doesn’t need to be shared, so we can avoid common cheats like “map hacks” (revealing all players on the map).
>We let the server’s game simulation make the authoritative game decisions and generally don’t trust the information received from the client, which helps prevent common cheats like “god mode” and “disconnect hacks,” barring any overlooked exploits.
>Our network protocol has been obfuscated, and we change this obfuscation regularly so that making a network-level bot is much more difficult.
I hope they are proud of doing the obvious. That's like having a webpage and bragging about escaping strings that you insert into a SQL table...
The first is not all obvious. Oftentimes, it's simpler to share entire game state to all clients, and let the client obfuscate information based on the player's context. Especially for building a better player experience for interpolation/network lag correction when the server connection may fail to keep up.
Additionally, it's non-trivial logic to determine what "needs" to be shared: eg, what do you do with a champ that's outside vision but using an ability that enters your vision? There are important and difficult design, architectural and logic decisions to be made at every level from the game data models to the server-side simulations to the clients handling of it.
It might seem obvious, but a lot of current PvP game engines still maintain global state of all players on the map and trust position info sent from the game client to all other clients. This has been the status quo going all the way back to the beginning of online gaming.
Riot's engineering blog is typically aimed at developers and engineers of all skill levels. They try to make all of their topics approachable. If you're a seasoned veteran, you probably won't get a lot of technical insight from these posts.
These things seem obvious but are often not feasible for certain types of games (eg FPS) due to either latency or just the rate of events the server would have to resolve. This is why you're often stuck having to trust the client and implement complex checks for tampering.
A lot of this information is written so that it's easier for laypeople to read and understand. Stuff like that may be obvious to developers and sysadmins like many of us, but to the common League player it might not be. Also, I doubt that they want to give away something more specific that would give a clue on how to beat their systems.
The first point is actually something that game developers have failed to do in many cases. For example if they want client syncing to require transferring very little data, they may only send player inputs across the wire, meaning that each client needs to know everything, even if the final decision about game state is made by a server.
Yeah, the same many developers haven't escaped strings they inserted into SQL tables, leading to SQL injections. Does this mean if I don't do that I have a right to brag about it? If I wrote a post saying "look at me, I escape strings" the response here would be "cool story bro". This isn't any different.
Great writeup, and nice that they mention telemetry only once and work more with obfuscation than the usual process scanning, document scanning, blacklisting and reporting all back to shady servers, etc.
It's scary that one can easily get nasty anticheat software installed, even when playing only single player(!) games.
GOG should really be everyone’s first lookup when buying a game. They likely won’t have the new release you’re looking for, but when they do, you actually get the standalone executable.
I feel like the industry would be better off being transparent about anti-cheat strategies and maybe even embracing open-source. Protecting "secret sauce" is basically admitting their anti-cheat are largely through obfuscation and can be defeated by knowing any details.
Agreed. Definitely not trying to say encryption is a poor strategy. But it does seem obfuscation is most of their anti-cheat techniques.
But the larger point I was trying to make is that all these studios are very secret about anti-cheat but they all seem to be fighting the same battle. Makes me wonder if the industry would be better off with cross-studio collaboration and open-sourcing anti-cheat libraries (that won't be defeated by knowing the details).
> open-sourcing anti-cheat libraries (that won't be defeated by knowing the details).
This doesn't make any sense. Anti cheat rely on the fact that it's not known. There is no such a thing as open source in the anti cheat world. It's all very secret for a good reason.
I'd curious to know what strategies make secrecy a necessity. I come from a WebDev background and open-source libraries are almost always always secure and safer then your own (due to the sheer amount of developers and ingenuity working on one repo). Admittedly, game development is a different beast and has to deal with far more client-code so I'm admitting my ignorance here.
The attack surface is not only on the game but on the operating system that the client controls. I mean the game is just a process, the process runs on your computer, you control the computer so you can do anything.
The attackers are literally already able to run arbitrary code on the same machine, which is normally game over from a security perspective. Your secure webdev libraries also break under the same constraints.
Or you could design the game mechanics so that client-side cheating offers little advantage... but that would probably require doing more than ripping off a popular mod of another game.
That's literally impossible. The entire point of the game is to have client-side input and for that input to be generated by a human and not a computer. There's no way to move that to a server.
> Or you could design the game mechanics so that client-side cheating offers little advantage
Not possible in any sort of real-time game that involves reacting quickly to what your opponent does, or a game where user input precision is paramount.
I mean, that idea basically eliminates all first-person shooters, where aimbots run rampant.
> I mean, that idea basically eliminates all first-person shooters, where aimbots run rampant.
Indeed, mechanics that reward mechanical skill are more susceptible to abuse.
From the article:
> For example, some common techniques we see include helping players dodge skillshots, zoom out farther than they normally could, or perform perfectly executed combos to smash their opponents’ faces.
Scripting perfect combos can be mitigated by introducing more delay (i.e. backswing after using abilities/attacking), zooming out by giving the client less information about the game state. I can't think of anything that helps with dodging and skillshots.
Increasing the server tick rate would help with that. AFAIK Starcraft, Dota2 and LoL all use 30Hz. FPS games usually use higher tickrates. Some fighting games enforce a constant amount of (input and network) lag to make the connection quality unimportant (up to a point).
But anti-cheat is largely obfuscation. Unless the host system is locked down (i.e. game consoles, systems with TPM-based verified boot), any state the game has access to is also going to be accessible to attackers.
You can limit what state the game itself has access to, but that's just one class of attack. It won't prevent aimbots, for instance.
It's the same reason why secure DRM is so hard. If the user has root, it's not a level playing playing field for developers.
Given the state of toolkits like OpenCV one might even imagine an aimbot which scans the HDMI output or a webcam picture taken from your screen and does aiming or grinding!
That's good point and their random debuggers are definitely a clever obfuscation technique. And also not trying to say encryption is a poor strategy. The larger point I'm trying to make is that its possible being so secret about anti-cheat is to the industry's disadvantage. Feels like there is an opportunity for many studios to collaborate on anti-cheat tools and techniques (perhaps with open-source). For example, is Riot Game's packer/unpacker a specific solution to their codebase or could it be abstracted and open-sourced? This is a industry-wide problem and studios should be competing for the most creative and fun games, not the best anti-cheat.
It is a very simplified comment, but behind that you can expand the topic to include many advantage a blockchain can provide during multiplayer games.
EDIT: yes it is a very unpopular topic, but deep down many of you who are developers, know that blockchain can solve many of these issues with cheater.dll
Blockchain is all I work on and you seem to not understand my suggestion.
cheater.dll needs to be loaded in memory along with the game. Correct, right? If the original build of the game has already generated an encryption key that is stored on a server or a distributed ledger using your account, then tampering with the origonal build in memory will result in generating and invalod key thus changing the ledger or the stored key on the server, and not matching the ledger. If this happens then it invalidates your build and the distributed ledger would need to updated, but since that is not allowed in this instance all ledgers would reject your change and flag the block and the account. Making it easier to find who attempted a change. Sure this can be done on a server but because of the tamper proof inherited by a distributed ledger it would make it harder for this code to be shared. The cheater can still change the code but it would not be able to share it.
How would it invalidate the build? How would the server find out the build was tampered with? Why would my hacked game add anything to a blockchain? I've followed blockchain tech closely since '13 and your comment makes no sense.
Yeah I know a few more of those people and I don't understand how they're convincing innocent people that they need blockchain and that they should pay you money to implement 'the future'.
> If the original build of the game has already generated an encryption key
I'll take that to mean "if the server already generated a key, unique for each purchase, that is put in the game and also stored on the server."
> then tampering with the origonal build in memory will result in generating and invalod key
No, why? You never explained how you got from "distribute license key with game" to "invalid key when you modify the memory".
> thus changing the ledger or the stored key on the server
?!?!?! There are so many steps missing in your "explanation". Who says the game has internet? Who says the cheater didn't block the license servers? Who says the cheater didn't emulate what should have happened alongside his modified version and is submitting that to the server? Who says the cheater didn't cut out the licensing part altogether?
This is making zero sense so far.
> If this happens then it invalidates your build and the distributed ledger would need to updated, but since that is not allowed in this instance all ledgers would reject your change and flag the block and the account.
So... other game clients would see that your key is invalid, is that it? Not the licensing server hosted by the developers, but the other clients would be doing the blocking?
Alright, let's say it were so: there is a blockchain with all the license keys and your license key is computed as a hash of all your RAM memory contents. You submit this hash of your memory to other game clients when you communicate with them. Every network packet needs to contain this, or else they will refuse to process the packet at all. Other clients can look up valid keys in the blockchain.
Then firstly, you don't need a blockchain. What you're looking for is a relational databa -- scratch that, you need json -- oh wait, not even that. No, what you're really looking for is a plaintext file. What in the world does blockchain have to do with publishing valid license keys?!
Secondly, you have a huge list of valid license keys published, ready to be picked up by cheaters. Don't you think anyone is just going to look at that list, be it in blockchain format or in json or in plaintext, and replace their signature field with one of those keys?!
Thirdly, your RAM continuously changes. It's not as if you can play without getting a new signature a few million times per second, with each write operation to RAM. But let's say we only do it once per frame, so 60 times per second. Then you need to know what all the possible states are going to be... you know what, this is making zero sense. Tying some key computed from your game state to a license is nonsense.
I would think you're a troll but your messages seem just a little bit too long for it, it seems like too much effort... but I kinda do think you're a troll. The more I think about what you're saying, that's the only logical explanation.
sharing the altered code. If you share the code and its invalid it can be traced back to your account. Which you can only create if you are part of that chain as a registered user. That fingerprint changes as soon as someone tries to use their account and tries to validate against the chain. It does not stop the cheater, but it stops it from spreading the cheat and it is easy to identify the cheater.
You may still have to ban them from certain elements of your game, like player economies (auction house, etc). But the more legitimate their experience looks the better.
The idea is that instead of fully banning them and triggering the next iteration of the arms race, you trap and release them into a competitive arena for cheaters. It's actually fun for them to compete with each other at who can cheat the hardest and no one else gets hurt. We hooked them up with a community rep. They found bugs and generally improved our security. Everyone won.
There's no way to win with an adversarial approach to cheating IMO, not when you let the client run on their machine