It’s just a skill issue on the part of the developers.
Making anti-cheat properly is hard. Writing a spyware that watches everything that happens on your PC and blocks any attempts of touching the game is way easier, but bypassing that is easy with solutions that have higher privledges, thus being invisible even for the anti-cheat. You can just fake calls or hide memory from the anti-cheat, or just edit the anti-cheat in itself.
The solution for that is to run anti-cheat in the highest possible permission - the kernel.
Now, you could just make another kernel-level program that would have the same permissions to defeat that, or just edit your OS (i.e Linux, or a VM) where your cheat lives outside and has even higher privileges than the anti-cheat.
This is where Windows comes in - the only way to run kernel code is to have it signed by Microsoft, and that certification process is extremely difficult and annoying, which puts a pretty big hurdle in front of cheat developers. It’s the easy way out.
You could also somehow reverse-engineer Windows and run a custom version to bypass this. And that’s where TPM comes in, which (if I understood it right) validates that your Windows is the official signed one, and thus the kernel anti-cheat is safe. You can’t have this kind of affirmation on Linux, and the lazy developers who don’t want to invest into actual moderation and proper anti-cheat solutions just resort to kernel anti-cheat rootkit and require TPM to be enabled.
There’s not much Steam can do about this, aside from locking up their OS with signign keys and certification for priviliged software, along with setting up the whole TPM so you can’t run modified versions, which isn’t really possible since they are based on Linux.
Oh, cool, so if I understand it right, you have a hardware that directly reads the physical memory, so you can access it unrestricted and undetectable from another PC, where the cheat runs, and then you use a HDMI fuser to merge the output of the game and the cheat that runs on the second PC on a single monitor.
That’s actually really clever, I love solutions like this. Not that I approve of cheating, I have 0 respect for people who (unconsesualy, as in all involved parties agree to it being allowed) cheat. But from the hardware/security point of view, it’s amazing.
Oh, cool. Tbh I haven’t really looked into cheats much, but I did briefly work in cybersecurity where I was doing malware development, where AV avoidance is basically the same problem as game cheats are dealing with, so I just extrapolated what I assumed works the same.
This is a cool piece of tech, I’ll look into it more. I like seeing new exploits, thanks!
Thanks for sharing them. I’d consider the second one completely unfair, while the first one is, well, that’s how I’d like to imagine the experience of occasional cheaters from now on.
It’s just a skill issue on the part of the developers.
Making anti-cheat properly is hard. Writing a spyware that watches everything that happens on your PC and blocks any attempts of touching the game is way easier, but bypassing that is easy with solutions that have higher privledges, thus being invisible even for the anti-cheat. You can just fake calls or hide memory from the anti-cheat, or just edit the anti-cheat in itself.
The solution for that is to run anti-cheat in the highest possible permission - the kernel.
Now, you could just make another kernel-level program that would have the same permissions to defeat that, or just edit your OS (i.e Linux, or a VM) where your cheat lives outside and has even higher privileges than the anti-cheat.
This is where Windows comes in - the only way to run kernel code is to have it signed by Microsoft, and that certification process is extremely difficult and annoying, which puts a pretty big hurdle in front of cheat developers. It’s the easy way out.
You could also somehow reverse-engineer Windows and run a custom version to bypass this. And that’s where TPM comes in, which (if I understood it right) validates that your Windows is the official signed one, and thus the kernel anti-cheat is safe. You can’t have this kind of affirmation on Linux, and the lazy developers who don’t want to invest into actual moderation and proper anti-cheat solutions just resort to kernel anti-cheat rootkit and require TPM to be enabled.
There’s not much Steam can do about this, aside from locking up their OS with signign keys and certification for priviliged software, along with setting up the whole TPM so you can’t run modified versions, which isn’t really possible since they are based on Linux.
Cheaters just sidestep the kernel entirely and use DMA hardware instead.
At the moment its rather expensive at ~$400 but prices will probably drop over time.
Oh, cool, so if I understand it right, you have a hardware that directly reads the physical memory, so you can access it unrestricted and undetectable from another PC, where the cheat runs, and then you use a HDMI fuser to merge the output of the game and the cheat that runs on the second PC on a single monitor.
That’s actually really clever, I love solutions like this. Not that I approve of cheating, I have 0 respect for people who (unconsesualy, as in all involved parties agree to it being allowed) cheat. But from the hardware/security point of view, it’s amazing.
Oh, cool. Tbh I haven’t really looked into cheats much, but I did briefly work in cybersecurity where I was doing malware development, where AV avoidance is basically the same problem as game cheats are dealing with, so I just extrapolated what I assumed works the same.
This is a cool piece of tech, I’ll look into it more. I like seeing new exploits, thanks!
That’s too complicated to teabag people in Battlefield, but what would I know about the scene I’m not a part of.
Well, now I’m interested how far it can go in professional cheating. Any vids about that?
Not necessarily cheating, but use of external cheaters like this guy using an AI and electric shocks to have it move his arm
Or this monitor for cheating in LoL
Thanks for sharing them. I’d consider the second one completely unfair, while the first one is, well, that’s how I’d like to imagine the experience of occasional cheaters from now on.