Amazing video! I like how it explores the history of cheating and how anti-cheat software hasn't gotten rid of cheaters, but only made them less obvious.
Wall hacking is obvious to other players, but a program that pulls the trigger when crosshairs are over an enemy isn't. That leads to people thinking that cheating doesn't exist because nobody is flying around the map only getting headshots. People are willing to install this rootkit to their machine because their lobbies don't have cheaters. But they still do. It's that their lobbies don't have obvious cheaters.
Also an interesting point that Riot has done little to deal with smurfs in their games. Now players are more likely to think they got matched with a smurf rather than a cheater.
From my experience with fighting games, people are also prone to mislabeling others as smurfs when they just know one or two more things about the game that give them an edge. I've observed replays in Street Fighter 6 that people claimed were smurfs, but they were absolutely playing at the level their rank said they were.
The only way to stop it is to stop letting people play with strangers and to go back to local LAN sessions, or for games to be private only with temporary invite codes that have to be shared manually, with a maximum number of users allowed.
Online anonymity really has ultimately harmed us as a species and conferred little if any benefit.
There are plenty of ways to curb cheating. It still happens in fighting games too, but the way the genre works makes it far less prevalent. FPS games these days are largely designed around things that are hard for humans but easy for computers to do while looking like humans. Just spitballing, but if aiming was less of a concern, like it might be in the likes of old James Bond games or Metroid Prime, there are other ways to build competitive strategy around an FPS besides how well you can get your tiny crosshair to line up over a tiny target. Otherwise though, I'm with you on it being inevitable. There's no way to truly stop it.
I'm a fan of projectile-based objective-based shooters like Tribes. It's a shame they are not more popular. Just the nature of the game design makes aimbots nearly useless.
It's frustrating how much trouble people will go to to cheat in a game that's supposed to be fun.
For many people the challenge of breaking it is the fun. Just like lots of very wealthy people who don't have to steal will steal for the fun of it.
Stranger Things have happened, for sure.
Most of the fun for the people breaking anti-cheat is the actual breaking of anti-cheat, not the cheating itself. It's the script kiddies who use the already completed work with little to no effort involved who are doing most of the actual cheating.
Most of the fun for cheat devs (that sell cheats) is the thousands they get off of children and neckbeards paying stupid amounts for their cheats.
Ironically enough, those that sell cheats are more often cheating the cheat devs that wrote the script in the first place, not being able to do so on their own.
Yeah I could see the appeal of breaking the anti-cheat code. But the actual cheaters find the cheats, often pay for them, install what could easily be malware, and take the risk of getting banned for using them. I don't get the appeal.
It's much more frustrating to see "anti cheat" and game developers forcing us to install a bad OS and a rootkit, for the benefit of fewer 10 year olds cheating. How about you develop server side anti cheat, instead of slowing down games by 25%?
Cheats are too sophisticated for that. Server doesn't have enough data.
It's getting to the point where even the client might not, by using a 2nd device with image recognition for example.
They've all got server side anti cheat too.
Server side AC is there to stop people doing actions that are impossible, not to stop possible actions from being automated. Server AC can stop people from moving too quickly, for example. The server knows your position, velocity, and the amount that velocity can change in a tick. It can prevent anything from going above this. It can't tell if you clicked on someone's head really quickly, or accessed memory you shouldn't be allowed to access.
Which, as this video shows, client side AC can't either. So there is absolutely 0 benefit to these invasive solutions, effectively making Server side AC the only sensible solution to game developers who are actually interested in safety (instead of syphoning of user data)
Pretty much every game has server side AC. They aren't mutually exclusive. I'm certain Valorant is varifying data on the server and not accepting any packets a user sends without question.
More like to flex their programing skill
Client-side anti-cheat doesn't make any sense. The player will always control the client if they really want to (and they have every right to do so).
AI-supported server-side cheat detection should be where it's at. I doubt it'll be much worse than the half-baked "solutions" we currently have.
Running essentially part of a game in ring 0 is completely unacceptable. Vanguard even runs when the game does not. It's just cocky the publishers pretend like their anti-cheat is secure. Someone finding an exploit in the anti-cheat can use it to own systems running it.
If a CCP-comtrolled company wants kernel-level access, the game should be banned. Full stop.
But if a non-CCP controlled company wants kernel level access, then I would love to give them that control!
Both are bad. One is objectively more bad.
Which one is objectively more bad and how?
The real solution is designing around the problem. Pretend everyone has an aimbot and make aim matter less.
Players want to pull the trigger the moment their crosshairs touch the enemy? The game could just... do that. It's only an instant-win button if, for some reason, bullets are perfectly accurate when you just whipped your mouse around to land on a guy.
These games already add inaccuracy for movement. Why not for mouse movement? If you're holding an angle and someone walks into it, yeah, you should definitely hit them; you correctly predicted what they'd do. If you're smoothly tracking to align with someone, you should have great odds. If you did a 360 no-scope, get real. Why would that be any more accurate than leaping around wildly and hip-firing a submachinegun? A rifle bullet will be more accurate out the barrel, but you've expressed no precise control over where the barrel is pointed.
But if you'd just add everything to the game that a cheat would do, then you'd have no game left. Aimbot, wallhack etc. for everyone? What's left of the game then?
Positioning, prediction, economy, teamwork, movement? Basically - ask any hardcore FPS player what they do besides click on heads. (And then watch them twist in pretzels to insist that clicking on heads is the heart and soul of the game and there'd be nothing left if that was changed in any way.)
Wallhacks can stay forbidden. They're detectable through gameplay. Especially when the server can straight-up lie to players about enemies just around a corner or off in the distance. Dummies can even be sent to the renderer, if they're all masked by cheap occlusion queries. The client does not need to know until a player is nearly onscreen.
I watched this video yesterday. Holy fuck it was so good for someone who only had 3k subscribers.
I actually believed that kernal level anti cheats stopped all cheating. I had never considered the lengths people would go to.
I actually believed that kernal level anti cheats stopped all cheating.
This is what allows AC devs to continue working on their useless code that only makes a mess out of everyone's PCs and getting money with it. Same with DRM devs.
All software has bugs, so you'll never have a 100% effective anti-cheat. It's going to be an arms race between cheaters and game devs, and the cheaters will always find a way.
All kernel-level anti-cheat does is introduce security vulnerabilities to your system and delay the inevitable.
There will also always be external methods to cheating, like screen recording based.
MSI is releasing a monitor, with cheating built in... Granted it only "highlights" things but still.
Fascinating. I work with FPGAs and previously with openCV on a Pi-based platform. The DMA hacks are a technical tour de force.
So, what's next? Mouse and keyboard DRM?
Also, not sure how'd cheaters would cheat in lan games nowadays.
Great video btw
I've always wondered why not just ban their key from the platform entirely? Or is it free to play?
The anti-cheats are there to detect the cheats, not necessarily stop them (though they usually do that too, at least the basic ones). When they're detected, they can ban accounts or whatever. They usually do this in waves to prevent cheat developers from knowing exactly when their cheats were detected and what triggered the anti-cheat.
Most games suffering from cheaters are at least partially free. LOL, Valorant, COD, CSGO, Fortnite, Overwatch, Various MMOs.
Getting a new bot-leveled account for any of these games costs somewhere from 0.30€ to 5€. Ban one account and they just use the next one for pretty much free.
Most of these games do account ban waves every few weeks to months, but if its this easy to create new accounts that's useless. IP bans aren't possible anymore since public IPs are dynamic and change every few days to weeks. Hardware bans, while technically possible, can still be circumvented easily by spoofing your mac-address and serial numbers.
The only way to minimise cheating would be linking your Social security number (or the equivalent for your Country) with your account, which leads to a lot of privacy issues. And even that isn't foolproof. LoL in Korea already uses this system and still has issues with a lot of trolls, scripters and wintraders.
Because having a low barrier of entry and smurfing is part of the business strategies of these sort of games.
Amazing video! I like how it explores the history of cheating and how anti-cheat software hasn't gotten rid of cheaters, but only made them less obvious.
Wall hacking is obvious to other players, but a program that pulls the trigger when crosshairs are over an enemy isn't. That leads to people thinking that cheating doesn't exist because nobody is flying around the map only getting headshots. People are willing to install this rootkit to their machine because their lobbies don't have cheaters. But they still do. It's that their lobbies don't have obvious cheaters.
Also an interesting point that Riot has done little to deal with smurfs in their games. Now players are more likely to think they got matched with a smurf rather than a cheater.
From my experience with fighting games, people are also prone to mislabeling others as smurfs when they just know one or two more things about the game that give them an edge. I've observed replays in Street Fighter 6 that people claimed were smurfs, but they were absolutely playing at the level their rank said they were.
The only way to stop it is to stop letting people play with strangers and to go back to local LAN sessions, or for games to be private only with temporary invite codes that have to be shared manually, with a maximum number of users allowed.
Online anonymity really has ultimately harmed us as a species and conferred little if any benefit.
There are plenty of ways to curb cheating. It still happens in fighting games too, but the way the genre works makes it far less prevalent. FPS games these days are largely designed around things that are hard for humans but easy for computers to do while looking like humans. Just spitballing, but if aiming was less of a concern, like it might be in the likes of old James Bond games or Metroid Prime, there are other ways to build competitive strategy around an FPS besides how well you can get your tiny crosshair to line up over a tiny target. Otherwise though, I'm with you on it being inevitable. There's no way to truly stop it.
I'm a fan of projectile-based objective-based shooters like Tribes. It's a shame they are not more popular. Just the nature of the game design makes aimbots nearly useless.
It's frustrating how much trouble people will go to to cheat in a game that's supposed to be fun.
For many people the challenge of breaking it is the fun. Just like lots of very wealthy people who don't have to steal will steal for the fun of it.
Stranger Things have happened, for sure.
Most of the fun for the people breaking anti-cheat is the actual breaking of anti-cheat, not the cheating itself. It's the script kiddies who use the already completed work with little to no effort involved who are doing most of the actual cheating.
Most of the fun for cheat devs (that sell cheats) is the thousands they get off of children and neckbeards paying stupid amounts for their cheats.
Ironically enough, those that sell cheats are more often cheating the cheat devs that wrote the script in the first place, not being able to do so on their own.
Yeah I could see the appeal of breaking the anti-cheat code. But the actual cheaters find the cheats, often pay for them, install what could easily be malware, and take the risk of getting banned for using them. I don't get the appeal.
It's much more frustrating to see "anti cheat" and game developers forcing us to install a bad OS and a rootkit, for the benefit of fewer 10 year olds cheating. How about you develop server side anti cheat, instead of slowing down games by 25%?
Cheats are too sophisticated for that. Server doesn't have enough data. It's getting to the point where even the client might not, by using a 2nd device with image recognition for example.
They've all got server side anti cheat too.
Server side AC is there to stop people doing actions that are impossible, not to stop possible actions from being automated. Server AC can stop people from moving too quickly, for example. The server knows your position, velocity, and the amount that velocity can change in a tick. It can prevent anything from going above this. It can't tell if you clicked on someone's head really quickly, or accessed memory you shouldn't be allowed to access.
Which, as this video shows, client side AC can't either. So there is absolutely 0 benefit to these invasive solutions, effectively making Server side AC the only sensible solution to game developers who are actually interested in safety (instead of syphoning of user data)
Pretty much every game has server side AC. They aren't mutually exclusive. I'm certain Valorant is varifying data on the server and not accepting any packets a user sends without question.
More like to flex their programing skill
Client-side anti-cheat doesn't make any sense. The player will always control the client if they really want to (and they have every right to do so).
AI-supported server-side cheat detection should be where it's at. I doubt it'll be much worse than the half-baked "solutions" we currently have.
Running essentially part of a game in ring 0 is completely unacceptable. Vanguard even runs when the game does not. It's just cocky the publishers pretend like their anti-cheat is secure. Someone finding an exploit in the anti-cheat can use it to own systems running it.
If a CCP-comtrolled company wants kernel-level access, the game should be banned. Full stop.
But if a non-CCP controlled company wants kernel level access, then I would love to give them that control!
Both are bad. One is objectively more bad.
Which one is objectively more bad and how?
The real solution is designing around the problem. Pretend everyone has an aimbot and make aim matter less.
Players want to pull the trigger the moment their crosshairs touch the enemy? The game could just... do that. It's only an instant-win button if, for some reason, bullets are perfectly accurate when you just whipped your mouse around to land on a guy.
These games already add inaccuracy for movement. Why not for mouse movement? If you're holding an angle and someone walks into it, yeah, you should definitely hit them; you correctly predicted what they'd do. If you're smoothly tracking to align with someone, you should have great odds. If you did a 360 no-scope, get real. Why would that be any more accurate than leaping around wildly and hip-firing a submachinegun? A rifle bullet will be more accurate out the barrel, but you've expressed no precise control over where the barrel is pointed.
But if you'd just add everything to the game that a cheat would do, then you'd have no game left. Aimbot, wallhack etc. for everyone? What's left of the game then?
Positioning, prediction, economy, teamwork, movement? Basically - ask any hardcore FPS player what they do besides click on heads. (And then watch them twist in pretzels to insist that clicking on heads is the heart and soul of the game and there'd be nothing left if that was changed in any way.)
Wallhacks can stay forbidden. They're detectable through gameplay. Especially when the server can straight-up lie to players about enemies just around a corner or off in the distance. Dummies can even be sent to the renderer, if they're all masked by cheap occlusion queries. The client does not need to know until a player is nearly onscreen.
I watched this video yesterday. Holy fuck it was so good for someone who only had 3k subscribers.
I actually believed that kernal level anti cheats stopped all cheating. I had never considered the lengths people would go to.
This is what allows AC devs to continue working on their useless code that only makes a mess out of everyone's PCs and getting money with it. Same with DRM devs.
All software has bugs, so you'll never have a 100% effective anti-cheat. It's going to be an arms race between cheaters and game devs, and the cheaters will always find a way.
All kernel-level anti-cheat does is introduce security vulnerabilities to your system and delay the inevitable.
There will also always be external methods to cheating, like screen recording based.
MSI is releasing a monitor, with cheating built in... Granted it only "highlights" things but still.
Fascinating. I work with FPGAs and previously with openCV on a Pi-based platform. The DMA hacks are a technical tour de force.
So, what's next? Mouse and keyboard DRM? Also, not sure how'd cheaters would cheat in lan games nowadays. Great video btw
We got a solution https://www.youtube.com/watch?v=ne9bmMX82iY
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=ne9bmMX82iY
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Incredible video. I wish the creator much success in the future :)
Here is an alternative Piped link(s):
https://piped.video/watch?v=RwzIq04vd0M
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
I've always wondered why not just ban their key from the platform entirely? Or is it free to play?
The anti-cheats are there to detect the cheats, not necessarily stop them (though they usually do that too, at least the basic ones). When they're detected, they can ban accounts or whatever. They usually do this in waves to prevent cheat developers from knowing exactly when their cheats were detected and what triggered the anti-cheat.
Most games suffering from cheaters are at least partially free. LOL, Valorant, COD, CSGO, Fortnite, Overwatch, Various MMOs.
Getting a new bot-leveled account for any of these games costs somewhere from 0.30€ to 5€. Ban one account and they just use the next one for pretty much free.
Most of these games do account ban waves every few weeks to months, but if its this easy to create new accounts that's useless. IP bans aren't possible anymore since public IPs are dynamic and change every few days to weeks. Hardware bans, while technically possible, can still be circumvented easily by spoofing your mac-address and serial numbers.
The only way to minimise cheating would be linking your Social security number (or the equivalent for your Country) with your account, which leads to a lot of privacy issues. And even that isn't foolproof. LoL in Korea already uses this system and still has issues with a lot of trolls, scripters and wintraders.
Because having a low barrier of entry and smurfing is part of the business strategies of these sort of games.