Hacker News new | past | comments | ask | show | jobs | submit login
Call of Duty Adds Kernel Level Driver for Anti-Cheat (callofduty.com)
179 points by notbaab 14 days ago | hide | past | favorite | 321 comments

The whole "super intrusive anti-cheat" thing is really annoying to me as a non-competitive player, who just plays games like CoD, CS, etc occasionally with friends. And not just academically annoying, but practically too. I used to run Windows virtualised under Linux with a PCIe passthrough GPU. I remember having to re-install windows directly on my machine at a LAN party once because CS:GO couldn't be run in a VM anymore :(

I think there's a solution that would let wood-tier players like myself avoid this kind of intrusive software, whilst keeping higher-level play clean though.

- Implement server-side anticheat detection, that will ban things that look like bots. As other commenters have noted, bots are indistinguishable from good humans from the outside. So, the server-side detection would ban both bots and good humans

- Have _opt-in_ client side anticheat detection. If you have this enabled, then you're exempted from the server-side detection. So, you enable this if you're actually good.

Could even make this part of the ranking mechanics. Maybe you _can't_ enable the client-side anticheat until the server-side one thinks you're sus. Then you get prompted to turn on the client-side support and get a cool badge or something.

This isn't a high-level gameplay problem. I'm not sure what you play but in (CoD) Warzone, for example, just based on Twitch streams at least, almost every lobby has one or more cheaters/hackers in it now.

This is a bad enough problem that it actually threatens the integrity of the game and the continued support from more casual gamers such as yourself.

As for your particular case (running a Windows VM with PCI-e GPU passthrough), that's... such a niche corner case that you're you just don't factor in.

We can agree that cheating will never be truly eliminated. It's a question of degree and it requires a multi-level solution ie both client-side and server-side.. The server-side detection has to allow for checking by a human with all that entails. It sounds like this is what they're rolling out with CoD Vanguard (Ricochet). It'll be interesting to see how effective this is.

Probably the biggest problem for the likes of Warzone and Fortnite is that the game is free. It means getting banned and having to create a new account is essentially zero cost. What about paid-for and earned cosmetics I hear you ask. Well, those are hacked too so it doesn't really matter.

For me, it's already ruined the game. There's a type of player that every time they take a bad beat, they'll be like, "Oh, we've got a cheater!" I am not like that. At all. It requires an enormous amount of evidence to accuse someone of cheating.

But with Warzone, it was happening so often, I no longer give anyone the benefit of the doubt. I used to run into more than one blatant cheater per day. And now all my bad beats, I assume half of them are cheating, even if it's not exactly clear. It's ruined the game for me. I genuinely don't even bother to play anymore unless I'm playing with one of my friends.

There are definitely cheaters in (nearly) every match of every game.

I should know, because I decided years ago to take the path of "if you can't beat 'em..."

Once I did, it became painfully obvious how many people cheat. With x-ray, "wallhacks," or 3D "radar," with bounding boxes around all players, it became readily apparent who's aiming at and/or chasing players who shouldn't be visible, always choosing the route the opposing team is taking, without fail. And who on the other team always takes the route you take, chasing you through any maze with no problem, even turning around when (and only when) you try to flank them. Also anyone who out-scores you while cheating (particularly if you're "rampaging") is definitely cheating as well, because you're already doing better than is humanly possible. And believe me, you'll get out-scored plenty.

I would be glad to have functional anti-cheats, but it's just not possible in my experience. Cheats are available on day one of any game launch, or day 2 at worst. It's big business (clearly). Even kernel drivers like this have patched kernels to get around them.

For now, cheating makes games fun to play again. Aimbots aren't perfect anyway, and even if they were, nobody can look or shoot everywhere at once. You still have to manage ammo, you still have to reload, and you can still get the drop on people (cheaters) when their attention is focused elsewhere, and you still get killed while cheating. Sure, it sucks for the people who don't have cheats, but I'm not going to be one of those people as long as a large percent of other people are cheating too. Unless and until anti-cheating actually works, it's just evening the playing field as far as I'm concerned.

This sounds like the opposite of having fun to me.

So your solution to other people cheating is .... contributing to the cheating problem yourself? Wow.

You know it's possible to choose to -not- play a game, right? There are so many games available that don't have ridiculous cheating problems.

> As for your particular case (running a Windows VM with PCI-e GPU passthrough), that's... such a niche corner case that you're you just don't factor in.

I'm not saying it's not niche (it definitely is), but I just wanted to chime in and say I'm another one who does this.

I don't see any practical way they can detect qemu that can't be patched.

Here's one patch that supposedly works with battleeye: https://github.com/WCharacter/RDTSC-KVM-Handler

The current situation is that they could probably use server-side heuristics to detect players behaving oddly, review the case, and ban according.

But also I wouldn't be surprised if there were already bots using machine learning to autoaim based on video signal out of the PC with aiming done as a "real" HID mouse.

If we can train a car to drive, we can certainly train a computer to find and click faces in cod.

15 years or more ago when I was writing Star Wars Galaxies bots I spent most of the time making them do all sorts of dumb shit, making silly errors, clicking on the wrong buttons etc so they seemed human. The fact the bots were grinding 24x7 365 days a year without a pee break didn't seem to throw up any red flags luckily.

> If we can train a car to drive, we can certainly train a computer to find and click faces in cod.

But we can't really train a car to drive yet, and it seems unlikely that the full problem (i.e. Level 5) will be solved in the next decade or so.

I think my suggestion handles this situation though. If the cheaters are playing well enough that you can identify them as cheaters, then they would be getting flagged by my hypothetical server-side anticheat as "good" and so need to run the client-side software too.

Also I don't think "twitch streams" are a great sample of "normal level gameplay", most people there would be ranked comparatively highly in MMR I would have thought? That or I'm leaving tons of money on the table by not streaming my wood-tier CS:GO :D

I agree that matchmaking would be a factor if it were purely designed to create fair matches with an infinite number of available players would match cheaters against very good players, and the # of players vs skill level was fairly linear.

But limitations in available players in the queue (especially as skill goes up), "experience optimized" matchmaking (which psychologically manipulates you into playing more by feeding you wins and losses at the right time)...I'm not so sure.

I used to spend a significant amount of time playing a tactical shooter type game, and what I figured out was that the game would purposefully throw you soft games and hard games, especially when first partying up with people on your friend list.

One of the developers of the game publicly disclosed that their matchmaking algorithm took several dozen games to figure out how good you were. I tried creating a new account, and it took a very long time before I stopped being given opponents who could barely move, whereas I'm dodge-rolling, using my character's ult, using grenades, etc. It was so bad, I felt terrible and stopped using the secondary account. So cheaters (who keep creating new accounts) probably enjoy plenty of playtime. There were multiple cases of obvious cheaters running around achieving relatively high account levels, showing that anti-cheat measures took a long time to kick in.

Lastly: the anti-cheat software available for this relatively small game was incredibly sophisticated. Sure, you could set the hitbox detection and zero fuzz and go for all headshots, but that would make you jump off the page stats-wise, you're right. As long as you weren't super greedy, you could probably "on paper" look like just a fairly skilled player.

The other problem? The game had verystrong controller assist. So much so that many pro players abandoned the game fairly early on. It was very difficult to tell the difference between someone cheating and someone who was just good at controller play, because controller aim assist is intended to help casual players compete against MNK players. It's not intended to help very skilled controller users, who will absolutely decimate MNK players in a lot of types of gunfights (particularly close range stuff.)

For warzone, I don't believe that game has any sort of MMR, so the situation is a little different there compared to most other games people stream on twitch. Warzone seems to be especially bad, even when compared with other games in it's genre.

There's also another issue where some people play with devices like Cronus which are borderline cheats and essentially hardware scripts (better/no recoil control, scripted bunny hopping, that sort of thing).

Damn near all online games have some form of matchmaking algorithm, but the point of them is to maximize the time you spend in-game by learning your patterns. There's also matchmaking that intentionally puts you on a team with someone better tan you who has cosmetics you don't, so you hopefully associate being kickass with having that skin.

I wish I were making up that last one.

I feel like showing things like replays of the kill cam can help with this sort of thing. That should make things like wallhacks more obvious as they get flagged by other players.

Why don't they just have a special lobby for people who don't want to use anti-cheat? Protect the people who want to play fair games, and let the people who want to play with their friends and aren't worried about cheating (or hell, want to play with cheaters) play without anti-cheat? Seems like a win win?

Because the only people in this lobby will be cheaters lol. Most people don't care about running garbage-tier CoD kernel code on their machines... so I wind up having to because they do, because it's the default.

Although I concede that basically what I'm asking for here is for the default to be _my_ usecase...

Well this guy only wants to play with friends, so he doesn’t care if everyone else in the lobby are cheaters. He isn’t playing with anyone besides his friends.

And why do you care if a lobby exists that you are never going to go to? Why does it bother you if cheaters want to use cheats against each other? As long as you don’t interact with them, I don’t understand why you would care.

You may not have played in a lobby with cheaters, but they ruin the game for anyone else there. Warzone matchmakes you with ~a hundred people, so you can't play with just your friends, so if you have an anti-cheat off lobby your game will be ruined.

In my experience, people that cheat in games like this typically do it to get an edge over everyone else in the lobby. It's not the cheating itself they enjoy but the winning. If everyone in the lobby has the same advantage I doubt they would be content just enjoying the game like the rest of us.

There exist plenty of cheater servers where the point is competitive aimbot writing. The fun can come from many places.

CS:GO can already do this. You can start a server with VAC (Valve Anti Cheat) disabled.

Games like Call of Duty are a captured market at this point. They will be preordering next years release no matter what.

Worth noting, Warzone is free

3.5 million in revenue a day in skins, kind of free

> I used to run Windows virtualised under Linux with a PCIe passthrough GPU. I remember having to re-install windows directly on my machine at a LAN party once because CS:GO couldn't be run in a VM anymore :(

Have you tried running CS:GO on Linux through Steam on Linux? It's officially supported and for me it runs as well as I expect on low-end hardware. Are there any performance reasons to want to run in a Windows VM instead?

This was a few years ago at least, not sure it was an option back then? Or maybe the idea of futzing around trying to get the binary nvidia drivers working properly on Linux in the middle of a LAN party didn't appeal to me :D

I do worry that this push to ever-more-intrusive forms of anti-cheat will mean that games are less likely to run on Linux. If the source to your anti-cheat kernel module needs to be released under the GPL it's probably not going to be that effective for very long..

> - Have _opt-in_ client side anticheat detection. If you have this enabled, then you're exempted from the server-side detection. So, you enable this if you're actually good.

This is how it works in ARMA for instance (not sure if opt-in or opt-out though), the players can decide whether to install/uninstall the game's anti-cheat solution on their machine, and the people running the servers can decide whether they require the anti-cheat-solution to be installed. Since I almost never venture into multiplayer anyway, the decision for me was simple (uninstall the anti-cheat software).

> - Implement server-side anticheat detection,

This only works for "real" client/server games, not peer-to-peer games which usually only use centralized servers for matchmaking and some other non-gamplay-services.

> Could even make this part of the ranking mechanics. Maybe you _can't_ enable the client-side anticheat until the server-side one thinks you're sus. Then you get prompted to turn on the client-side support and get a cool badge or something.

That's somewhat similar to how FACEIT did it when I tried it for TF2. The serverside detection decided if you needed the client side detection.

Vanguard, riots anti-cheat, was one of the worst kernel anti-cheats system I had the displeasure if being forced to use.

My buddies started to play Valorant and they asked me to give it a try. I downloaded and installed it.

First major issue: Must start on boot and has to be running at all times. If you close it, you have to reboot the entire machine to play Valorant.

Second issue: (This has been fixed) All my VMs stopped working. I couldn't start any of them in my VMware Workstation.

Uninstalled Vanguard and Valorant shortly after. There should no reason an anti-cheats needs to run on boot.

"Wood-tier" is a new one for me, had to laugh. Thanks.

Server-side anticheat catches no cheaters...? What is even the point of developing it lol

Hint: game companies don't actually give a shit about cheaters, especially if they're giving them money.

The only point at which a company cares about cheaters is when the community starts to really get riled up about them and revenue drops.

COD Warzone has a full stats API and cheaters leap off the page. We're talking people with K/D ratios of, say, 10-20:1 or more. All they'd have to do is zap or flag those accounts automatically. But they don't care.

Just about any sort of public online game involving shooting has long stopped being fun for me because cheating is so rampant and blatant, and companies care more about policing talk on their discords and subreddits about problems with cheaters, than they do about addressing the cheaters.

Given that the solution provided here is actively trying to root out cheaters, I don't know how your initial "hint" statement even holds water.

The issue with any kind of wave of ban style action like you are suggesting is that the users can just create new accounts for free and continue to cheat. It greatly reduces the integrity of the overall matchmaking and game experience for everyone else.

If you think there is a better solution to ban repeat bots and cheats please provide it or at least offer a creative response to what COD is trying.

full disclosure, I don't like this solution, but having seen anti-cheat measures in a number of games, this seems to be the only one with real teeth for shooters

I also said:

> The only point at which a company cares about cheaters is when the community starts to really get riled up about them and revenue drops.

My point is not contraindicated by Activision releasing new anti-cheat software a year and a half after a game came out.

Activision likely saw falling player signups/playtime/cosmetics spending, did some surveys, and decided improving their anti-cheat was the way to go.

> If you think there is a better solution to ban repeat bots and cheats please provide it or at least offer a creative response to what COD is trying.

In another comment I pointed out that the games are full of cheaters so blatant their K/D ratios are better than the top pros in the game, sometimes by a factor of ten. It would be trivial for Activision to automatically ban them simply on that alone, or at least auto-flag them for a manual review. A K/D ratio of 1.0 is considered "good" for an average player. 2-3 would be world-class. The top player on one of the CoD:WZ trackers has a K/D ratio of twenty six.

Not to mention, prefacing an opinion with "Hint:" is rather obnoxious.

I think the idea would be to use the server side cheat detectio to decide which players need to be forced to install the client side cheat detection, basically.

You're right of course, if there's no $$$ to be made from people who won't buy the game if it has client-side anticheat, then why would they develop a whole second system just for people like me who don't want to run this crap, but want to play the game enough that they'll run it anyway?

The point is you literally CAN'T make a good decision about this server side.

While I don't particularly like this sort of anti-cheat, I think we should all be more worried about cloud gaming than anything else. It's been obvious for a while that the big gaming companies have it in mind, and the only reason it isn't as big as it could be, is due to tech limitations FOR NOW.

When (not if) cloud gaming truly takes off, and it will, we'll lose any and all control over our games. So long to modding, so long to messing with .ini files to get settings right, no decompiling games, no games preservation... The Netflix model approach, where we don't own anything, we're 100% reliant on them to provide us with the service, where servers can (and do) get shutdown at any moment after X amount of years of support.

A world where we don't own the games, just subscription services with extra fees for XP boosters.

The ultimate live service game that so many of the big companies love.

PS: Also means no more cheating by the standard methods.

I agree that your point on cloud gaming is probably valid for companies trying to maintain a rigid grip over software piracy when the companies still build things that can be stolen -- But I don't think it's strictly necessary for the development of anti-cheat systems.

In the next version of Windows, we're seeing a rapid acceleration in the amount of hardware/software fingerprinting and secure storage going on in home computing, with the introduction of the TPM 2.0 and UEFI requirements.

I am almost certain that Microsoft is progressing to be able to sell a completely hardware-protected memory address space to game developers, so that they no longer HAVE to worry about cheating. Because if everything from boot onwards is both signed and supports DRM, it's the perfect place to authenticate everything that happens afterwards.

This is interesting in that it will almost certainly lead to an explosion of DRM, DLC, and software sold via subscription models. And while this kind of thing will probably be initially well received by players hoping for decent anti-cheats, it will almost certainly lead to users forfeiting even more control to corporations over the final direction of the software programming.

(This kind of control may eat itself alive given enough time; we'll really only know after humanity has already gone that far!)

I'm really glad we have thoughtful people like you here. Gives me a little hope and motivation.

What's worse, MS and hw companies are joining efforts and may pressure Linux platforms as well (remember the story with the UEFI shim signature).

I am almost certain the MS store built into the Win11 will be this antichrist of consumer control. They have all the pieces. They just need to put them together in the coming years.

Cloud gaming would lose practical consumers' control much more than Netflix did. At the very least, one could always point a video camera at the screen to copy video (suppose for one's own records). But with games, there is no chance to do anything like this. Netflix had an interactive Black Mirror episode called Bandersnatch(2018) that I speculated at the time was appealing from a business perspective because copying interactive content is much harder than straight video.

I'm imagining a better world for both gamers and corporations. One where DRM and anti-cheat aren't included, you pay for the game you can run locally, and you pay a subscription for cloud gaming access which has exclusive access to a set of game/world servers.

Want to mod, LAN, or play casually? Play locally.

Want to play without cheaters? Choose your friends wisely or play on cloud gaming.

Lack of DRM drives interest in the game, which drives interest in cloud gaming subscriptions due to wanting cheat-free gameplay.

AFAIK cloud gaming hasn't shown any signs of "taking off" so far, despite many desperate attempts. I think we're safe for a while. And even if, there will be new game companies discovering that now free niche of "cloud free gaming". Some of the other problems you describe already exist for locally installed games though (e.g. most multiplayer games are useless when their matchmaking servers are switched off).

I fear with install sizes getting g bigger and bigger with no signs of slowing down, game streaming will become more attractive to more people in the coming years

A middle way would be to stream assets from the internet as needed, but run the game locally (basically the internet becomes the hard disk, and the hard disk just an additional cache level). This may require designing games for this asset loading strategy from the ground up though (on the other hand, this was always the case that games had to designed around the limitations of their storage device, especially in the game console world).

Relevant patent from Valve filed last year:


> AFAIK cloud gaming hasn't shown any signs of "taking off" so far, despite many desperate attempts. I think we're safe for a while.

Are you kidding? What's the most recent game you have that will let you set up a non-hotseat multiplayer game involving only computers you control?

I guess we're talking about different things then. I understand "cloud gaming" as Stadia, (or the older attempt Onlive), where the game is running on machines in datacenters and sends a video stream to the user.

That's pretty much what happens if you're running multiplayer through a third-party server, except that instead of sending video data, it's sending you game input and having you render the video locally.

But that's just the difference between downloading a starcraft replay file and watching it in starcraft, versus downloading a video of a starcraft game and watching it in a video player. One is a compressed video, and the other is also a compressed video, but with a different compression scheme.

>It's been obvious for a while that the big gaming companies have it in mind, and the only reason it isn't as big as it could be, is due to tech limitations FOR NOW.

I'll begin to worry when the speed of light increases, making gaming through streaming practical.

Indeed. Multiplayer network lag is one thing, but network lag between INPUT and SCREEN is preposterous.

There is sub 100ms input lag in good conditions with cloud gaming, and it goes as low as 60, and it will be better as more servers come online as everything from gets optimized for latency. Is it worse than PC with same games? Yes. Is it worse than game consoles? Not really. But it removes whole sets of "who shot first" problems, and if we are talking about actual latency for your decision to take effect(input lag+network lag) cloud might just be better in many scenarios.

This is kind of already happening with the Xbox Game Pass Ultimate. So you get hundreds of games to play, but you actually don't own any of them.

I understand you meant it in a different light but I thought I'd give it a mention.

Welcome to the wonderful world of SaaS, where even the last upsides of software have been replaced by a money extraction machine.

The thing it, users seem to prefer the "own nothing, pay little per month" approach.

In movies, everyone is now making their subscription services, that are really popular; while services for buying movies online existed for years and were not really all that successful.

You can buy movies on iTunes for maybe 15 years now and on Google Play for ... a while too; but it has never been as successful as Netflix, Disney+, HBO Max, Paramount Whatever, is now.

People just prefer the subscription model.

But maybe gaming is fundamentally different. Apple Arcade is not really successful, but maybe it's because Apple is being Apple, I don't know. Xbox... has a game pass thing? I don't really follow that that much

>while services for buying movies online existed for years and were not really all that successful.

>You can buy movies on iTunes for maybe 15 years now and on Google Play for ... a while too

I don't know about itunes, but the last movie I ""bought"" on google play couldn't be downloaded, I had to watch it through their interface and firefox on linux was not supported. I believe they don't offer the thing anymore as well, probably happened during one of their countless service mergers and shuffles. I can't find it anymore, anyways. 0/10 would not license a movie through google again.

Do you know what isn't going away? The files I ripped from blurays that stores are selling for about five bucks a pice, 12 if you take three. Unless I get an mkv I can play wherever I want for as long as I have it, I'm not buying.

Xbox Game Pass is a huge success, it seems. And tbf, that’s to be expected when you look at the game list it unlocks.

The tech is okish most time good. Geforce Now works fine even with FPS. Stadia is OK. You can get a decent PC on Paperspace for an OK price. All said it is not Great and you have to have a solid Internet connection but it works for casual gaming. Like an hour of Battlefield 1 or Red Dead Redemption on Stadia

Barring a revolutionary new material that effectively eliminates current levels of latency, cloud gaming is not happening anytime soon.

> In its initial rollout on Call of Duty: Warzone, the kernel-level driver will only operate when you play on PC. The driver is not always-on. The software turns on when you start Call of Duty: Warzone and shuts down when you close the game.

Oh that's good.

> Plus, the kernel-level driver only monitors and reports activity related to Call of Duty.

Oh, so in other words it reports everything since any software that might be used to cheat at call of duty is technically related to call of duty... Whenever I see this kind of vague verbiage it's never a surprise when it turns out the people who wrote it chose their words very carefully, to purposefully mislead people.

Edit: Oh, and they definitely say they monitor other software "that interacts with call of duty" later in the article.

You don't really have to put so much effort into dissecting their verbiage. It's guaranteed that any kernel anti-cheat is going to be invasive and inspect everything on the system while looking for cheats.

No, it's absolutely not guaranteed. Especially in competitive shooters, performance is paramount. They have a strong motivation to only look where they need to. And anti-cheat isn't a money-maker, so they're not going to be spending lots of money storing user data they don't have to.

Cheat software has to do things like nose around in the game's memory space that no legitimate program is going to do. It also contains in its memory space keywords common to cheat programs.

That sort of search isn't really invasive because generally anti-cheat software when it triggers takes an screenshot, and if you're playing the game, there's nothing personal on the screen. Maybe a process is fingerprinted as a known cheat package. Say your kill to death ratio or hit/miss is unusually good. Or you get reported by a higher than normal number of people. Or a human moderator pushes a request, for whatever reason. Or they get a hit on the 'greps' I mentioned, etc.

The goal is to see if you've got a screen overlay that betrays wallhacking (ie "glasswalling") or a cheat system's UI. That's all they care about.

I’ve heard of people being flagged for having things like a debugger open, or files with names that happen to match cheating tools. I don’t think it’s correct to present anticheat as just sitting around screenshotting the computer to find cheat UI.

> And anti-cheat isn't a money-maker, so they're not going to be spending lots of money storing user data they don't have to.

user data can absolutely be a money-maker

I don't think anyone is going to pay for K/D data from CoD.

Data can be if it's useful, this isn't useful to anyone outside the people playing the game.

I've actually had anti-cheat software flag programs as possible cheating tools and refused to run a game until I literally remove the suspected software from my computer (when it wasn't even running). So while what you say certainly makes sense, I don't think that it's accurate.

If you suspect a conspiracy or that you're being lied to, prove otherwise! You'll earn worldwide fame and press if you prove they're lying. Yeah, it's hard work, but it's not impossible, it's just difficult. You can disassemble the kernel driver with a variety of open source tools, inspect exactly what it's looking for, and publish that. It's what the cheat authors are going to do anyways, but they won't publish what they find, because they want to profit from the knowledge.

This is just an accident waiting to happen. If they can't identify cheats on the server side then I highly doubt that they are able to engineer this in such a way that it does not have negative security implications.

Historically anti-cheats are about as big a mess as AV engines in the kernel.

John McDonald did a talk at GDC 2018 about how Valve was starting to integrate deep learning into their server-side cheat detection.

IIRC, some of the process was automated, some was player-reported, and some was done through human review. As a gamer averse to both cheating and spyware, I found this very appealing. I wonder how their systems have evolved since then.

The original youtube clip (v=ObhK8lUfIlc) has been made private, but I think this is a copy of the same video:


VACnet catches the spinbotters and aimbotters! Actually really good at it too; everyone who did that now just cheats less hard.

The biggest problem was: It didn't auto ban, just sent to overwatch (players watch a past game and vote for cheater or not, fully anonymized). This resulted in a massive clog when some guys I knew generated around 10k free steam accounts (with $3.5 of proxies), began queueing a few dozen at a time, rage cheating. A hell of a lot of games can be botted with free accounts and a beefy (server IIRC) rig; I think he told me he had about 100 accounts running normally in 10 separate Competitive games all against his own bots(rendering at 2x2 resolution so it ran okay, with cheats injected). They all got sent to overwatch but because so many games were being put through overwatch, the queue got overloaded.

This is called Vertigo boosting, because the bots all queued for Vertigo, an unpopular map, to increase odds that only their own bots would be in the game (and, coincidentally, minimize collateral damage to legitimate players). (though it's normally to rank up accounts, not to spam ow queue)

Hi eso :p

This is how we end up with kernel level drivers rather than more measured approaches.

For sure in other games, yeah. Newell is opposed to kernel anti cheats, though, so probably not in CSGO. But other games now look at CSGO and make kernel AC's a selling point (literally Valorant's selling point), so yeah.

I think time will prove that Gaben made the correct decision by focusing Valve’s efforts on AI anti-cheat rather than following this kernel anti-cheat trend. It might be the only hope for a viable anti-cheat in the future if hardware based cheating becomes more commonplace.


Besides that, Riot is already losing the cat and mouse game with cheating in Valorant despite their kernel anti-cheat. There are publicly available cheats which have been undetected for months. Hardware ID spoofers are commonplace as well so cheaters are able to make new accounts and go back to cheating if and when they get banned. Even if kernel anti-cheats worked perfectly, they still wouldn’t be able to detect newer hardware based cheats which run entirely on a second PC leaving nothing for a kernel level anti-cheat to detect.

>Even if kernel anti-cheats worked perfectly, they still wouldn’t be able to detect newer hardware based cheats which run entirely on a second PC leaving nothing for a kernel level anti-cheat to detect.

If it got to this point, to continue your metaphor, the mouse is nearly extinct. The point is not to eradicate cheating, it's to stop the bleeding. Valorant cheats don't even have to do this btw (really only necessary for incredibly extreme cases, see lohousedev and sparkles' video)

Do you know how easy it would be to stop 90% of cheating, at least for a few weeks, in CSGO? It's so easy I figured it out by dumping cvars with a server plugin when I was 14. There is zero way for a legitimate player to have certain cvars set, only a cheat would; yet, cheating is still a massive problem in CSGO.

VACnet has been actually really good, so I agree that that's a better avenue. In addition I am still against kernel AC's (speaking as a legit player, not as an ex-cheater). But the cat-and-mouse game is effectively over if 95% of the mice die.

Valorant's cheating is NOWHERE NEAR csgo. Someone I know on Valorant's AC team actually said they're ramping up (vaguely) so fingers crossed?

yea but anyone who plays competitive you use kernel level anti cheat for CSGO...

Only with external third parties like Faceit/ESEA. Not normal matchmaking

As if it's hard to detect spinbotters. The problem at high level play has always been and always will be wallhacking/ESP. The fact that you can easily write a separate program that overlays this information, which only needs to read from memory, means that this problem is never going away. Playing any FPS outside of a LAN is a waste of time because of this.

>as if it's hard to detect spinbotters

Valve couldn't figure it out for years and years.

Subtle cheats are absolutely a problem, but far less of a problem for the average new non-prime or fresh trust-factor player than a rage botter

Couldn't figure it out or didn't figure it out? Valve has been notorious for neglecting the development of VAC and letting cheaters run rampant in Counter-Strike for over two decades. As we speak, there are probably public cheats in existence that won't be banned for at least another two years.

>Couldn't figure it out or didn't figure it out?

I've reported bugs to the VAC email and they were patched a few weeks later, so maybe they do try? I really can't think of a reason WHY they neglect VAC willingly..

>As we speak, there are probably public cheats in existence that won't be banned for at least another two years.

Yep, I used to help maintain a free one on github, the traffic was in the tens of thousands. Been UD for 2+ years (and it's a fork of another, which was UD for 2+). All because we use Java and VAC never started scanning the JVM.

How cant a server detect someone spinning a hundred times per second? Surely valve didnt even try

Did you report this person? They ruin the game for everyone else.

Absolutely nothing would happen. I actually did report a few of the accounts just to see what happened and to this day no ban

Not to say this isn't a worrying practice, but it's unfortunately industry standard. Almost every mainstream fps game has intrusive software, to the point where you're expected to be thankful that it's not a rootkit (which is not unheard of).

Then there's CS:GO, whose developers refuse to use intrusive practices to counter cheating. And the game is ruined by rampant cheating. (Neither for nor against. Just saying.)

Then there's PUBG (BattlEye) ruined by rampant cheating.

Then there's EFT (BattlEye) ruined by rampant cheating.

Then there's (was?) Combat Arms (multiple anti cheats over the years) ruined in-part by rampant cheating.

I wouldn't mind _that_ much if anti-cheats actually helped, but they don't.

If it's online, it's full of cheaters. One of the major problems (with steam) is the price of games in different regions. While a game might me cost me/you 20 dollars, it might sell in say Russia for 4.99. Add a popular steam sell to the mix and now we're buying licenses for pennies on the dollars, maybe even less than a dollar. We can cheat with these accounts or sell them to other cheaters for double the price we paid. Now cheaters can easily access new/fresh steam accounts and never worry about getting banned on their main account.

It's almost sad to see how badly anti-cheat software works. There are entire economies built around cheating. We used to combat this by being able to manage/run our own game servers with staff dedicated to the experience but very few games still support managing your own server. It will always be cat and mouse.

I'm still playing PUBG, though just FPP, and rarely run into what is obviously a cheater - maybe once every two months? But while things have got better, you're right, when things were really, really bad it hurt the game's community terribly.

I do think that anti-cheat helps, if the developers are mostly engaged with it, but it's a long fight over a long time. Most of the strategies to do with 'ban waves' - ie, not banning cheaters immediately - are pragmatic concessions to that reality.

I play PUBG fpp in Asia servers and there's cheaters every game. I get like 3-4 successful ban reports every time I turn on the game.

How is the performance of pubg now a days?

Combat Arms was the worst cheating I have ever seen or heard of, it was actually bonkers

EFT getting ruined by cheating is such a tragedy, too. Most immersive and, well, interesting and unique FPS out there (imo). I still play it though, and only encounter cheaters on certain high loot maps at this point (Reserve and Labs).

I've played a thousand hours of csgo and have ran into very few cheaters. I can't even recall a case in the past two years. I have checked my previous matches for future VAC bans and I think only 4 had them.

I'm pretty sure that cheating in online multiplayer games is such a problem that if you gave players the option of playing in a anticheat-only pool vs. a no-anticheat pool, after a few weeks/months almost everyone would be in the former.

CSGO's anti-cheat has many more issues than not being kernel-level. It's practically abandoned and doesn't even catch very blatant cheating (spin botting, etc).

A few months ago, their secondary system, "Trust Factor", was broken for an unknown period of time, which the communication to the community was a single tweet. During that period (probably a few weeks?), there was blatant cheaters in half the games I played.

I've moved to playing FACEIT (a third-party matchmaking service) recently, partly due to anti-cheat. I don't remember the last time I saw a cheater in FACEIT, while CSGO's matchmaking has cheaters in around 10% of my games (average skill player, ~2k hours over 7 years, high Trust Factor).

Faceit is really good for an anticheat. It's just that the skill floor is too high to encapsulate casual users, otherwise it would probably kill matchmaking. Cheats cost $60+ and cheat providers get killed often by detection waves

It seems like removing incentive beyond trolling is the best solution. Whose spinning up a cluster of bots if you can’t level up and sell digital loot? Market places for digital items has to be the dumbest thing ever in gaming. CS 1.6 was fun and the only thing you could customize was your graffiti spray, and there wasn’t a marketplace for them. You just added an image you liked.

CS:GO would need to separate Linux and Windows users for any reasonable attempt at creating a kernel level detection that works, wouldn't they?

Because of the steam deck that would be pretty bad business, so maybe it's less about intrusiveness and more about that valve can't, without destroying their hedge against a Windows monoculture in gaming.

This is not my experience as a frequent player. I rarely run into cheaters.

yea but any competitive play is done on kernel level anti cheat on CSGO.

The game is not ruined lol, just sounds like you couldn't make it to gold rank ;)

I've been a silver shitter since the Gaussian normalization of the ranks. I used to be MR2 back in the day. It doesn't (or maybe it does?) help that even the worst players are better than the average player 5 years ago. I think the trust factor walled garden is something special. Be polite for a long time and be rewarded with other polite players who don't cheat. My silver matches are great. People communicate, people play strats, no one knows smokes or can react sub 150 ms or snap headshots. I work a day job and have a home to maintain (not a house, I'm not rich), SO, and pet to take care of on top of other hobbies. Silver these days is not for losers.

Microsoft should implement an Xbox mode for Windows that has these protection features for all games. It will probably require some virtualization and performance degradation but it's better than each game rolling out their own half assed drivers.

How about no? This will just lead these companies to implement anti-cheat to protect the "integrity" of their single player games (and their MTX) as well. Say goodbye to mods and other forms of benign game hacking (particularly hacks that fix games like Dark Souls).

Rampant cheating in online FPS games is a problem right now. I've had more games ruined by cheaters than I can count.

So how about yes, let's focus on fixing the problem at hand, and if it's used for something else(like single player games) then I'll complain about it. Right now developers have my full support to use whatever methods they can to make sure the hackers stay out. The game can boot into its own OS for all I care.

By the time it becomes a problem, it'll be too late to reverse. You think publishers will willingly give up the ability lock down their games on PCs? It's been their dream for decades. I'd rather not give up what we can do with the software we've paid for (and I don't care what some piece of crap ToS says I can or cannot do with the software), just so you get less cheaters in online games.

But that's really not a great place to use this argument - this isn't surveillance infrastructure or encryption backdoors where yes, once it's built a) it will be used for nefarious purposes b) it's really hard to get rid of. Game sandboxing is already very easy to achieve(at least on windows) and doesn't require any special software to be developed or deployed. It's all part of the Microsoft GDK and is already used - a recent game that is deployed like that is The Ascent, which deservedly got into a lot of shit over it, because the Gamepass version runs poorly compared to the non-sandboxed version on Steam. Likewise, other games that have done this suffer for it and publishers shy away from it, just how aggressive DRM gets a lot of pushback and publishers either don't include it or are forced to remove it post launch.

That's why I'm not really worried about this tech "spilling" to single player games to protect MTX or anything like that, but I'd really really really like to see it deployed as aggressively as physically possible in online competitive games.

I think it's probably the correct argument to use.

As you pointed out, what the vast majority of gamers will respond to is performance. In order to get performance, you have to start cutting other areas like graphics. However, those are other important aspects - maybe particularly to marketing.

The reason it's not palatable enough to be widespread is because of it's technical limitations. If you throw enough resources at the matter to remove those limitations, you won't see all the pressure you're mentioning that keep companies from making maximal use of this kind of tech in all games all the time.

I'm pretty comfortable erring on the side of caution here. Cheaters are rather annoying, but at least it's a relatively contained problem with a fairly wide range of options for how I want to respond to it. Worst case, I can go try to find a smaller community or even just go play another game. Meanwhile, most every game being fully locked down in all the ways... I can't really do jack about that.

I think, honestly, the biggest issue in terms of cheating right now is a lack of responsibility from the companies involved in actually reading and acting on reporting - some companies in particular (EA) are extremely lax in actually dealing with human reports and their games suffer greatly for it.

Dealing with human reports is hard. People will report good players for cheating. People will report bad players for cheating. People will brigade reports. There's also a sense of scale; last I heard cod warzone had 100 million players. If even a _mild_ portion of those players actively use report systems, it's not feasible to manually evaluate them (and is also prone to bias and social factors)

You're saying it's not feasible to manually evaluate reports - but really what you're saying is that nobody wants to pay for it. Set up a very modest subscription model (like 2$/mo) to fund report checking for your game, possibly with a free tier that starts with low trust, and nuke people by credit card number.

> but really what you're saying is that nobody wants to pay for it

No, I'm saying it's feasible. It's not uncommon to hear of people being reported by their teammates in team games for just having a bad round, and in games with cross team chat (like LoL until very recently) people would request the enemy team to report for "feeding". The SnR is incredibly low when the report button is just used as "I had a bad game and am blaming someone else". The sheer scale of reports in a game like warzone (where there are 150 players per game, and each session takes ~30 minutes) where there are 100,000,000 people playing [0] isn't feasible. Technically yes, nobody wants to pay for it, but nobody wants to pay for it in the way that nobody wants to pay to send every player the hardware required to play the game.

> Set up a very modest subscription model (like 2$/mo) to fund report checking for your game, possibly with a free tier that starts with low trust, and nuke people by credit card number.

This is a terrible idea, for many reasons. $24/year in the US is much less than $24/year in India, the Phillipines, Brazil (which is where many F2P games are popular. You're also competing against games that _don't_ charge $24/year. There is already a secondary market for video game accounts, this just ensures that a secondary market appears for games with valid credit cards attached to them (and this sounds like _exactly_ the sort of secondary market you want to discourage from your game). Having this sort of protection also doesn't weed out cheaters; CS:GO is absolutely rampant with cheaters, despite having an actual price tag, and requiring a _phone number_ for verification (it's now F2P with a prime upgrade for ranked; it's no better). You're also competing against people who are willing to pay $50/month to cheat [1] in a F2P game, so asking them to pay $2 extra to play the game is not going to stop them.

[0] https://www.eurogamer.net/articles/2021-04-21-call-of-duty-w... [1] https://battlelog.co/store/product/315-mwwarzone-supreme-20-... - This is a cheat site,I make absolutely no claims about what is actually on the site, wouldn't recommend clicking this link.

Wouldn't that just kill a f2p userbased and just have cheaters go to gift cards?

Maybe the truth is that f2p is not sustainable in the long term, at least not for any game that has competitive elements?

Reporting is an awful method for cheat detection. The goal is to prevent cheaters from ruining customer games. If a customer has to report cheaters, they are already having a bad experience. Not to mention for most of these games there is 0 marginal cost to creating a new account.

Play with only/mostly your friends...?

Don't ruin my ability to run graphics mods on GTA, ha

This sounds like a job for virtualization. Run the game in a restricted environment and let the anticheat snoop that sandbox however it likes without digging through everything.

Surely they'd just ban you, since that means you could have a cheat hypervisor.

Would it be in a game company’s interest to implement anti-cheat for single player games? Mods and other forms of benign game hacking increase the popularity and longevity of games which presumably benefit profitability.

EA and Rockstar banned people from Battlefield 5 multiplayer and GTA online for having modded their single player games. Google for a few minutes and you'll come across plenty of horror stories and news items.

But of course the real reason they would love to prevent anyone from tampering with the game is so they can sell more single player cheats such as experience booster packs.

Both of those games have multiplayer components.

I would be more interested to hear about games such as god of war or horizon zero dawn, which have no online play at all, used anti-cheat.

They do? I googled it and it's full of "I accidentally left my mods on and connected to GTAO and got banned", not " I was banned for playing modded single player games"

Yep. https://www.rockstargames.com/newswire/article/25o2411812k47...

Banning on single player would be silly. But GTAO is another story. It's designed as a cash farm. You have to grind missions, buy shark cards or use cheats. So as I understand they will ban anyone if they detect it's using mods/cheats. But GTA anti-cheat systems are weak and sessions are P2P or at least were.

Yeah, listed some random hits for you below.

I don't personally play either game, but from what I've come across on the subject over the years, publishers seem to be a lot less difficult about it today compared to a few years ago. I recall reading about them denying a ban was due to mod use when they were wrong, being ridiculously vague about what modding was and what wasn't allowed, refusing to fully restore a player's character even after a ban was rescinded, etc.



Interesting edge case: https://www.pcgamer.com/gtav-modders-reportedly-banned-for-c...

If you leave a program running that you were using to make Michael's face into a school bus, in a perfect world that shouldn't be grounds to ban etc.

Unfortunately for you, that program is indistinguishable from one that replaces walls with transparent textures.

I don't think it's a question of "would", it's a question of "why", since that's what's going on right now. You can point to single player paid cosmetics as a profiteering aspect. Greedy executives who care about short-term quarterly sales numbers for bonuses and stock influencing maybe aswell? I wouldn't consider myself knowledgeable of the game industry, but that's one of my bets.

They could do that regardless. Anti-cheat already exists in many forms. They just don't because it adds work for little gain.

They could, but if Microsoft provides a native sandbox that publishers can default into without extra effort that effectively protects "their" property from meddling by nosy end-users, they absolutely will. It'll become a standard instead of some fringe practice. Right now the only real options are Denuvo and server-side processing. Microsoft is in a position now with W11 to change that in a fundamental way.

Windows should suspend background services and liquidate more physical memory for the game anyways. ie: Just get out of the fucking way.

Anticheat would just be icing on the cake of a dedicated game mode.

No thanks. If I can't cheat without a program knowing, I'm not really in control of my computer.

That’s kinda the point? Anti-cheat systems, DRM, and consoles are a way for software publishers to extend their trust boundary to your computer. You’re effectively lending out your hardware as edge computing to run the publisher’s software (i.e. the game or video player) in a way they can be reasonably sure it’s running unmodified.

I actually find this to be pretty darn reasonable.

It's not reasonable so long as your computer is used for more than just running their game. Which is almost always the case.

If people want anti-cheats so much for competitive online gaming, demand better consoles that can actually be on par with PC. We don't need this kind of stuff on an open platform.

I have to disagree. Anytime my computer does something I disagree with, or tries to prevent me from being completely in command of it, that's a bug at best and malware at worst.

It only works for XBox (for a while, before it's broken on each xbox generation) because the hardware security is focused against the owner of the device gaining control.

Windows 10 has anti-cheat built in but it's not documented or documented as part of the Xbox SDK that requires an NDA. See Settings > Gaming > Game Monitor.

Ironically, in XBox OS I'm pretty sure there's not a big distinction between usermode and kernel mode.

Everything is very much separated. It's actually a series of OSes running in a hypervisor.


https://www.youtube.com/watch?v=quLa6kzzra0 (for software discussion check around the 19:00 mark but the whole talk is incredible)

There is, it's windows with a different shell since 2013

These sorts of things always get circumvented, but I wish the CoD players fun during the 1-2 week gap where the cheaters are still figuring it out.

I've actually figured out the permanent solution to cheaters. Oddly enough, I worked it out in Pokemon Unite, which doesn't have a cheating problem as far as I know, but does have items that you can buy to boost your character stats. The solution is easy: play a game with a good ranking system, and don't get too sweaty about the whole thing. People who use non-skill based tools like cheating or paid boosts will shoot right up the rankings and leave you behind to play in peace. If somebody has a cheating tool that is so subtle that they play all the way down at my level, it is arguably not a real help anyway.

Having cheaters go up the rankings will invalidate peoples' internet points though. If developers undermine the perceived value of the Skinner Box rewards, players might disconnect the vacuum hose from their wallets.

I agree that going to extraordinary lengths to prevent software augmentation of gameplay is attacking the wrong thing. What does it matter, if people are still having fun?

But software augmentation doesn't just improve apparent skill, it can also distort gameplay. What if you're really skilled and you get matched with what amounts to a bot? Even if you're good enough to overcome the bot and win the game, it won't be the game you signed up to play.

The real problem here is "annoying play styles", something that humans are capable of indulging in without any software help. This is usually policed - ineffectively - by social pressure ("no camping!"). The real solution is an extension of the ranking system - a reputation system, which tracks sportsmanship. All of these problems ultimately stem from the practice of connecting vast numbers of anonymous strangers with each other - cheatbots simply aren't an issue when you play with your friends. This is a social problem.

I wonder if they could outsource this to the crowd. With things like Twitch, there are already lots of eyeballs on some of the higher-skill games. I mean you couldn't trust the twitch chat to actually do banning, but maybe they could flag things for in-house human review.

Independent of that and completely niche -- a game where they specifically themed it as some sort of 'gladiatorial combat,' and ranked the players based on crowd response could be cool. I definitely wouldn't want that in every game, but it could be a neat spin-off.

> The solution is easy: play a game with a good ranking system

A lot of games do this, and the cheater’s response is to deliberately lose a bunch of games so that they drop down to the lower leagues, where they can more effectively harass the noobs

This ought to be detectable server-side (freeze a player's rank if you see a sudden dip over more than a couple games, or maybe have a ranking system that is always increasing). It is also a problem independent of cheaters.

I have a different solution. Shadowban. Let them play against each other and bots. Decrease network performance. In rng based situations, roll low most of the time.

It's a cat-and-mouse game, where the mice basically have infinite time to spend on anti-anti-cheat... and dare I say it, countless young people probably got their head start in learning about computers, programming, reverse-engineering, etc. by playing this "meta-game". I know some people who were otherwise completely uninterested in the typical STEM courses at school, but highly skilled at the sort of low-level knowledge required to defeat anti-cheat systems, and thus started their career in software development.

I don't doubt any of that but what I don't understand is where these guys are getting all their accounts from. I feel as though if I were making a hack for a game, I'd get numerous accounts banned in the process (which means needing to buy more and more copies of the game).

A youngster getting into reverse engineering surely does not have deep enough pockets to spend several hundreds of dollars on buying the game over and over.

CoD warzone is free to play. The paid accounts I always assumed were either hacked or bought with stolen credit card numbers.

COD Warzone and a few others in the free to play category are just that... free to play and quite easy to create new accounts for

Self-taught but that's how I got started early on


Same, started learning on Cheat Engine and flash games, and it made me interested in the whole memory editing thing.

Too bad now you have to learn how to decompile a kernel driver and how to bypass that just to try and make a basic trainer.

Crazy, you described my whole career path.

Hi. Have we met or something?

The only realistic solution to this problem is to move the audio and video rendering server-side and stream final output to clients from the edge.

You have to attack this from an information theory perspective. If the client receives the information in any manner whatsoever, you must assume it is being used in the most adversarial way possible.

The AI problem is more complex, but that's more a function of how deep the gameplay is than how good the hacker is. Time constraints make pure machine vision bots subpar for fast-paced games that also have a complex tactical element.

Sorry to say. There are cheat solutions that can ingest video and emulate keyboard/mouse over usb to pretend to be the user. The kernel driver cheat detection might be able to detect this by only supporting keyboard or mouse device IDs on a whitelist? The cheaters could pretend to be one of those too.

We can barely make cars drive themselves with pure vision. I don't think one of these bots is going to make it out of silver league in competitive overwatch. Maybe for a game like counterstrike where it's 100% hitscan you have a stronger argument for machine vision pulling the trigger on an AWP placed on a corner.

Complexity and pacing of gameplay is going to eventually have to be one hedge against AI. It's effectively a continuous captcha.

Such cheat is more of an aim assist, never intended be a full bot. And it would surely give you an advantage in overwatch, which i believe also has snipers/hitscan weapons in it.

Such cheat is more of an aim assist, never intended be a full bot. And it would surely give you an advantage in overwatch, which i believe have snipers/hitscan weapons in it.

I have no idea how well these things work right now, but they likely will get better over time.

Terrible bots can still spoil fun, for some of these people that is the only goal.

Are these widespread? Easily available? Because yhats the difference. For any major gane you can google and enter your cregit card details and have a kernel level cheat installed in less than 10 minutes.

There are cheat systems that run on a *different computer*. It is not a battle that can be won.

> 3. Protecting Your Privacy. In its initial rollout on Call of Duty: Warzone, the kernel-level driver will only operate when you play on PC. The driver is not always-on. The software turns on when you start Call of Duty: Warzone and shuts down when you close the game. Plus, the kernel-level driver only monitors and reports activity related to Call of Duty.

The whole thing is that, if you don't want other kernel drivers touching Windows before yours loads, you have to load yours first (at least, I believe that was a point of contention last time). It'll probably be in the same light as how Riot Vanguard works in that it loads pretty early at boot, but only sends data to the server when you open the game.

If this happens enough, then a Windows gaming PC becomes a very expensive console. If all I do on my PC is game, then it doesn't really matter if it's got a rootkit (or kernel-level anti-cheat driver) or not. But, that's an expensive console. $600 - $2,000, depending on how nicely you want to game. A lot of the big popular online game culture really isn't fun anyway, so I'm not sure it's much of a loss.

Online gaming doesn't necessarily mean competitive PvP. Co-op tends to be a lot less toxic.

Indeed, but then there is less need for anti-cheat in co-op.

That's very true, but once an anti-cheat solution is deployed, it tends to be deployed universally for online gaming. So those who mostly or exclusively play co-op still have to deal with intrusive anti-cheat systems, for no tangible benefit to them.

I already use my Windows system like this. Between the anti-cheats and Microsoft's push for telemetry in Windows, I just don't feel comfortable using my Windows as my own private system. So I don't.

2k will barely get a decent video card these days, cards aren't selling at MSRP

I just got a pretty good low end pre-built PC for ~$600:

Nvidia GTX 1650s

Ryzen 5 3rd Gen

Not amazing by any stretch, but definitely good enough to play most games.

Client-side anti-cheat is pointless, it just captures the low hanging fruit.

Kernel level drivers are also kind of useless, easy to circumvent, easy to reverse engineer.

Building a capable computer vision bot that can play World of Warcraft, Diablo and CS:GO is trivially easy to do these days. We're talking a few hundred lines of Python to build a working prototype that will track and kill and take objectives.

I have a computer vision Diablo 3 bot of less than 2,000 lines of Python that can run Rifts and and grind high level Grifts with complete success, including boss encounters and adds.

My World of Warcraft computer vision bot, long since retired, was under 8,000 lines and was sophisticated enough to get me some contract work with Blizzard to write machine learning algorithms to hunt for bots in the game world.

Couple weeks ago someone posted just this, using an HDMI capture card and a fake USB mouse/keyboard to send inputs back. Got nuked from the 'net pretty quickly, though it made it pretty obvious that with a 20$ HDMI->USB dongle and a microcontroller you can circumvent any anti-cheat, because there is nothing to detect: it's just a PC, with a monitor, and a mouse, and a keyboard.

How does one go about computer vision bot, for WoW for example? I was entertaining the idea for a while. Do you use neural net? How do you train it? How do you solve navigation in 3D world?

Those are some very big questions that cover things such as CNN, body pose estimation, temporal memory, SLAM, VIO and a slew of other techniques to figure out what is going on before being fed back to a very simple behaviour tree.

The most annoying one to me is that a bunch of these kernel mode anti-cheat systems also go after the VFIO gamers who don't want to run Windows on bare metal. They consider running Windows in a VM "cheating".

The problem is that running Windows in a VM is an easy way of getting around current Anti-Cheat software. You can write a cheat that runs on the host OS and reads/writes game memory by directly accessing the guest memory. Even worse, the guest OS has no real way of detecting if you're doing anything malicious so it kind of just has to assume that you're trying to cheat if you're running a VM.

These anti cheats have no other choice than become more and more restrictive to the user. Cloud gaming for everyone coupled to a game controller relying on a secure cryptoprocessor may put a end to cheating in the large.

It won't. There are already people using AI image recognition running on a separate PC to aimbot.

What's the point of a "secure cryptoprocessor" in a controller when you can de-solder the buttons and trigger them via another MCU? Do you make them like POS terminals that self destruct when they are opened? I can just use a servo to press the buttons.

With the release of YOLOv5, the rat race for cheater free games just got even more one sided.

And it does absolutely nothing to prevent actual cheating (look at Valorant and other games with similar anti-cheat) and adds more fuel to the fire that is privacy concerns.

This is an arms race that game developers won't win, it's just whack-a-mole.

They should invest instead in server-side models for detecting cheating, then it can't be circumvented and you don't need to bother learning all the different ways they can produce inhuman inputs.

"They should invest instead in server-side models for detecting cheating"

Which is already the case and can't work for all use cases. how the server knows that you see behind walls exactly? And ML / heuristic stuff is very limited as well.

Detecting cheating, client or server side is very complicated and not even close to be a solved problem.

I once had an unusually good match in a popular FPS game, triggered some statistical tripwire, and received an automatic ban for 48 hours. "Just in case". Streamers and pro-players often have their accounts whitelisted from this system, because it would be laughable to happen publicly and show off just how 'security theater' it truly is.

Streamers and pros use cheats. Google "streamer caught cheating" and there's page after page of news items about people cheating even in tournaments, while streaming.

They're "whitelisted" because the game benefits from streamers who look like they're great at the game, and because competition for pro players is actually fairly stiff (in part because there aren't many pro players, because it's so hard to make money at it...but also because being competitive at a game usually means dedicating your training and play time to that game.)

Aim fatigue is a problem for pro players and it usually sets in around an hour or two...so when you see a streamer playing really well hour after hour, they're almost certainly employing some level of cheating. It might be really subtle, they might only 'flip it on' when they really have to. But it's there, and at 30-60fps and stream compression it can be really hard to spot even if you're a seasoned player in the game.

Most cheats replicate things humans can do. They correct issues people have with their aim or reaction times.

Inhuman inputs are a thing of the past. Kids these days can do some pretty wild stuff at high levels of play.

Still, I think it's worthwhile research and engineering to attempt. Technology and techniques developed can likely be used to secure other types of systems.

Somehow, I think inflicting a rootkit on consumers that don't understand how intrusive it is, especially when a significant number of them are children, is not going to end well.

This is malicious and a massive overreach.

Every Korean game already does this and most people really don't care. For example: League of Legends, Valorant, Black Desert Online, all have very intrusive anti-cheat already and is the norm.

You always see huge backlash on the internet, but you never see low player counts.

The only FPS I play is NS2 and cheating seems like less of a problem than what people are describing in these comments. I wonder if it's because you play on community-run dedicated servers and not some opaque matchmaking system. This allows admins to kick cheaters at their discretion.

This is the equivalent of forums vs. Facebook. The moderation on well-run forums is better than what Facebook can offer because it's done by real humans.

I understand the desire for powerful anti-cheat, but this is such an intrusive way go go about it. And it's increasingly pointless since you can't detect cheats which are running on a second PC [0].

Instead, this sounds like a great application for machine learning. Train an algorithm to identify a wide suite of cheats using data passed to the server. It wouldn't work for P2P, but if your competitive matchmaking uses P2P then you have bigger problems.

[0] https://www.tomshardware.com/news/impossible-to-detect-cheat...

Has Microsoft signed off on the kernel driver? Has it passed Static Driver Verifier? Has any third party inspected the driver for security problems? will the vendor contractually commit to the driver not being a backdoor?

I just bought Back4Blood ... and then got a refund when I realized it required admin to install kernel level services for DRM. So disappointed as L4D and L4D2 are some of my favorite games ever.

So the endgame would be a type-1 anti-cheat hypervisor I guess?

nah, you'd just get nested virtualisation cheating hypervisors

Yeah I actually almost worked with a ESEA cheat provider that did exactly this. It was a hypervisor that ran the kernel-AC within it. It really subverted my expectations, if you will ;)

mind blown

Can anyone tell me why Fortnite doesn't seem to have as bad of a problem as CoD?

My son plays both, but CoD really sucks. It is so obvious when someone is cheating.

Fortnite has a decent anticheat, which also runs in Kernel. The skills to evade a solely usermode monitor isn't that hard, since you can literally just watch api calls and defend against some memory forensics. This is made harder for the cheat dev due to things like Discord running dynamic code, which looks EXACTLY like shellcode/cheat payload. Especially in a world with limited customer support, and even more limited on anyone who can help, false bans are a big concern.

DKOM(reading/modifying kernel structures directly) is alot harder to detect, and also alot more undocumented. To the point it takes someone in the field to make a cheat and bypass, vs someone with a decent level of application dev experience. And there's not many Kernel developers, and there's also such a limited amount of forensic/malware analysts that can code anything beyond powershell.

I think Fortnite uses a projectile bullet model while Call of Duty is all hitscan, but I could be mistaken. It’s been years since I played a CoD game.

Call of Duty uses projectile bullet models.

There were bots for Quake 3 Arena that accounted for projectile speed and enemy player movement. I believe Fortnite uses some kind of bloom in accuracy though.

> It is so obvious when someone is cheating.

It is not always very obvious, at least on CSGO... there are some experienced/smart cheaters.

Huh...that seems a bit excessive.

If I write a cheat for your game that operates on the kernel level, how would you detect it from the game that runs in user space?

Yes, it's an impossible fight. Give up early and just detect the supernatural aim server-side or have a working report system.

> detect the supernatural aim server-side

Not possible. Sure, it might be possible to detect a player instantly snapping to the center of an opponent's head and clicking, but cheats could easily make the aim move over the course of several frames, and make the target off of the center of the head by a couple pixels to simulate someone just being really good.

I've watched some really good gamers in person. People's ability to quickly flick their mouse and pop shot to a target only 1/4" inch wide on their screen in a tiny fraction of a second is insane to me.

So being able to differentiate between a cheat that tries to behave like a god-like player (rather than simply aiming to a head in a single frame) and an actual god-like player is not possible.

> a working report system.

Also not possible because of the sheer number of reports. There are people that will report 100% of the time they lose a firefight, even if a replay makes it very obvious that the person they lost against was not cheating.

And again, even with a replay, it can be impossible to differentiate between a cheater and a really good player, except in the case of OBVIOUS cheats, like shooting through a wall with 100% accuracy, or firing into nowhere and scoring hits on targets a mile away.

At best, you could ban people from using the report system when it's obvious they're abusing it, but evaluating reports has to be a manual process, but manual processes doesn't scale when you've got a player base of 7 figures or more.

But if a cheater really is subtle enough to be indistinguishable from a highly skilled player, is it really a problem? I mean, I guess it's "unfair" to genuinely skilled players but come on, it's just a game.

It is because losing in a competitive gaming is not fun. That's why those games take care to match you with players that are 'as good' as you.

To be fair, so are football, baseball, etc. And if you get caught cheating in those, it's a pretty big deal.

Or increase the role of aim and reflex when determining rank.

Should also reduce smurfing somewhat - you'd only be able to dominate a match once with a given account.

Never thought about that approach before, that is super interesting. Tying it entirely to rank isn't the best, but placing you in lobbies on an axis that is independent (but correlated with) rank would achieve the same effect without clogging high-ranks with cheaters and giving cheaters a reward.

Then the cheaters organically get placed in lobbies with other cheaters, ruining the fun for them. If the system doesn't work the best right out of the box, that's fine, because you are still gravitating those cheaters upwards in rank, which will most guarantee that they get reported from other players.

I've tried to write a bot for a website and it caught naive bots and just put them in the same lobby as other bots. If wasting time of abusers is your goal it's a pretty effective strategy.

It's very similar to shadow banning

Plenty of games have a server-side checking system that works on reports and statistical checking and it's a bit of a joke, like you say, it's an impossible fight. A pro-player of an FPS game is statistically so far beyond even fairly hardcore players that they trigger that constantly, so quite a lot of the most popular pro-players have their accounts and their alt-accounts whitelisted by the devs or the esports tournaments that host private servers. Which, of course, undermines the system entirely.

The problem with "a working report system", by which I take it to mean you have actual humans reviewing reports, does get you somewhere, but it doesn't touch 'humble' cheats, ie: rather than headshotting everyone 100% of the time, a cheat that lowers your recoil 15%. For an already very good player, -15% recoil in CS:GO or PUBG is a crazy, crazy advantage... and yet you couldn't notice it by looking at a video.

Even though it's an impossible fight to win completely, I don't think the answer is to "give up early".

1. Not all cheats are aimbots. In a game like Warzone where you are playing with 99 other plays, wallhacks are a very valuable cheat. There are server side mitigations, but they aren't perfect in very situation

2. Ideally you want to prevent cheaters from playing a single game. Reporting cheaters does nothing as legitimate customers still have to deal with cheaters and cheaters will just make new accounts.

The point of most anti cheat is not %100, but a significant enough reduction. If you make it super annoying and expensive to cheat, it's not going to happen that much in practice.

Next will be cheats that run in hardware themselves ... I wonder if it's possible to flash a video card to force wire framing ...

I mean, this is already happening! Have a Google for "Hardware CS:GO aimbot" and there are some crazy things people are doing to cheat in video games. Stuff that attaches to the CPU, ones that attach to the mouse to fake input that way, it's really quite ingenious. The market for these devices is enormous.

I guess radar cheats where the ethernet cable to split to a second computer could also be considered a hardware cheat, since it's running between an airgap.

Definitely already exists. I've seen external aimbots that monitor what's on screen and input specific keyboard/mouse commands.

Incredibly difficult to detect, you basically need to model the way users behave differently from bots... but at the high end of competitive play people tend to approach more bot-like behaviors.

I seem to remember some detection algorithms that worked off "reacting faster than humanly possible" - but of course the bot writers tune for that.

This is already a thing and somewhat-common, everything from PCIE devices to aimbotters purchasing EV codesigning certs in their own name.

From what I understand there are already cheats that work at the hardware level (read video output, modify mouse input) with all software running on another machine.

A writeup from an esports org on hardware cheating: https://blog.esea.net/esea-hardware-cheats/

If cheats have to be ML + hardware level and cost a few hundred dollars, that's pretty much mission accomplished for most companies.

100% this. Coming from someone who made one myself :p if everyone had to do it to cheat, cheating would be OVER at a casual level, and a minor issue at semipros/pros (even irl tourneys can be hacked! see forsaken).

But why would it cost hundreds or dollars? I can see why a DIY solution might, but if there's demand for it, surely it can be packaged as a plug-and-play device, and manufactured at scale for a lot less?

Camera + beefy computer + input device, maybe an external motor based thing if controllers are crypto locked by manufacturers in the console case.

Even if you made a specialized item it would still cost a lot mostly due to the ML requirements. Maybe smartphone + a specialized input device would reduce the 'cost', but you still need to buy a several hundred dollar cell phone.

I can't see that taking off at scale, but certainly in the semipro level it would be used.

Besides, I know like 90% of cheaters are 14 year old kids who used the first google result because it's so easy to. Any resistance and that'll stop a majority

By not relying on client side protections to prevent hackers from messing with your game... This is just another flavor of the DRM fight and its not effective.

You wouldn't. But it's my computer and it's supposed to serve me, not you.

Easy: code your game correctly and check for impossibilities server-side. But that costs money in development and infra.

> Easy: code your game correctly and check for impossibilities server-side. But that costs money in development and infra.

Do you have any experience developing networked multiplayer games? I do it for a living, and it's not that easy, at all. In a situation where I shoot at your head on my screen, but you were already around the corner on your screen, what happens? This happens _all_ the time due to latency, and has nothing to do with development costs or infra. There's no way to avoid the problem when you have people with varying levels of connection quality, and different distances to the game server.

Could you expand on "code your game correctly"? Let's say I'm playing your (correctly coded) game and I've got an aimbot, that snaps onto someone's head, how do you detect/stop that from the server-side (the only place you can trust)?

You look for aim that is too perfect. E.g. humans nearly always overshoot their target before correcting, aimbots never do (unless they are trying to imitate humans)

Great, so now we'll adjust our aimbot to slightly overshoot the target, and swing back. Give it a little bit of randomness. A random delay of 50-100ms. Make it flat out miss a small percentage of the time.

It'll still be better than 99.99% of human beings at clicking on heads, and will still win you 99% of fights against non-cheaters.

Now what do you do, in your correctly coded game?

Keep in mind, as a cheat developer, I can keep moving these goal posts.

This is exactly right.

I actually think the worst thing about the suggestion you're replying to is that it is an over-generalisation. "Most players will do X", "they nearly always do Y"... yeah, okay, but what about the 10% who don't? The 1% or the 0.1% who don't? What about the ones who do as you describe, except for 5% of the time when they don't, or when they get lucky? I've hit genuinely lucky shots in a game, accidental good plays, for the receiving player they probably thought I was cheating, and yet I wasn't. The potential for false-positives is horrible, and you end up outlawing legitimate behavior based on a poor understanding of play.

It's not the impossibilities I'm worried about. Those are easy to see and report. It's the slight corrections which look "natural" but are actually the work of cheats "assisting" players.

If the hackers are no longer rampantly ruining the game and rendering it effectively unplayable as someone instantly headshots everyone on sight; if the hackers or botters have become indistinguishable from other competent players, then... Well, excellent! Mission Accomplished. All you have remaining is a matchmaking problem, which they're already, separately trying to solve.

(As an aside, we already have games using built in assistance/cheats as an accessibility feature to level the playing field for people using certain hardware or controllers e.g. games with PC and console crossplay, so perhaps there's some approaches and lessons from that which we can apply here as well.)

The only thing at stake then is the integrity of leaderboards or tournament brackets, which is a problem that already had some different, separate approaches to solve. But IMO that a problem is absolutely subservient to the integrity and playability of the base game.

"if the hackers or botters have become indistinguishable from other competent players, then... Well, excellent! Mission Accomplished"

"... that a problem is absolutely subservient to the integrity and playability of the base game."

If you use hacks/cheats to help you play higher than your natural skill/ability, doesn't that ruin the integrity of the game? The mission is not accomplished in this case. Instead it's just tricky to determine who's hacking.

Headshotting everyone on-sight also sounds like the old days of hacks in games. In my experience, there is more nuance to the way these cheats are used these days. Most people aren't trying to be obvious about it.

On the server.

It's really not given the state of how bad cheating is in CoD. This is sorely overdue and has been requested by the userbase for some time. While it is a pretty significant change, it's for the betterment of the user experience.

> for the betterment of the user experience.

Giving Activision kernel level access on a private device, what an improvement.

It's the logical conclusion. The clients machine is inherently untrusted. So how do ensure integrity? Best you can do is try to get to try to get as few layers between you and the machine as possible.

It's essentially the same problem as DRM, which generelly can only hope to prevent piracy for a few weeks. The solution of the movie industry there was to add there garbage directly to the hardware.

Aside: are there any good tutorials that provide an overview on how to write such an anti-cheat?

No tutorials to link you to, but there's significant overlap between anti-cheat systems and anti-virus/anti-malware systems, which makes sense when you consider their aims. Searching for academic papers about anti-virus approaches to dealing with networking, memory and filesystems will be helpful.

riot had a good white paper on their valorant anticheat and why they designed it to be a kernel level anticheat

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact