> Since cheat authors will not be able to get their drivers signed by Microsoft
Why not? Presumably Microsoft will decline if you say outright "this is for cheating", but if you make a kernal driver that happens to have a feature for executing commands from user space for a benign reason, i don't think they would decline to sign it. There are a few million windows drivers, there are plenty of situations where a weirdly specific driver has a valid use case.
Tuna-Fish · 4h ago
> if you make a kernal driver that happens to have a feature for executing commands from user space
That's basically the one thing that's outright banned, no discussion possible. As far as Microsoft is concerned, there are no benign reasons to do that, and any software attempting to do it is treated as malware.
OneDeuxTriSeiGo · 6h ago
Windows is beginning to enforce quite strong kernel mode address space isolation and security. They've also started cracking down on drivers to the point of effectively banning all printer drivers (unless you disable a bunch of security settings with big warnings on them), instead pushing those printer companies to shift entirely to Microsoft's native IPP everywhere driver.
dist-epoch · 6h ago
If you succeed, some anti-cheat company will eventually detect it and Microsoft will ban the driver. And not sign further ones.
OneDeuxTriSeiGo · 6h ago
And of course Windows 10 on include a retroactive driver blacklist and it's nontrivial to disable it.
hbosch · 8h ago
I am not sure Secure Boot, TPM, or kernel-level anti-cheat still manage to accurately detect hardware with direct memory access. DMA hardware can still circumvent all of these things, and they only cost a few hundred bucks. The question in my mind remains: why would you pay ~$300 for DMA hardware and then ~$10-100+/month for an active private cheat? Is it worth it to look cool online to random strangers before you eventually get algorithmically detected or mass-reported and manually banned, just to create a new account and start all over? Even for those cheaters who buy high level accounts, what is the endgame of spending all that money and recycling the process?
chc4 · 8h ago
If you have a secure and attested boot chain, then anti-cheats can also start depending on things like DMA protection[1] to be enabled or other CPU features to protect against rogue hardware doing DMA attacks. At the professional level tournaments are already whitelisting what hardware is allowed for competitor machines - I doubt that they'll start doing that for the average joe gamer lobbies anytime soon, but they do have the option to start blocking people who have anomalous PCIe DMA mappings etc. and steadily raise the bar.
Competitive gaming can be serious business. For example, in Fortnite, the top player in each major region can receive between $27k and $180k from the FNCS tournament, depending on the region.
slumberlust · 4h ago
Are those earnings from private matches on their own hardware? A lot of what I see into he moba space is the PC is provided at the event/toruney and it's mostly being your own peripherals.
sdairs · 8h ago
Sadly, for the people who cheat, it is, indeed, worth it. :/
wmf · 6h ago
Isn't DMA defeated by IOMMU? I assume Windows 11 has IOMMU on.
trod1234 · 8h ago
There will be people that cheat regardless of what any game company can do. Racing to the edge is not the way to stop this.
If you haven't noticed, these solutions create the platform to both test, and control your digital life without your knowledge following a classic surrogate/hegelian pattern. How much do you trust the credibility of entities behind these game companies. Would you trust them with your life?
This should be carefully considered food for thought for anyone that values their future.
polotics · 7h ago
could you enlighten us by explaining what you mean by: a classic surrogate/hegelian pattern.
ps. on such nonstandard posts I check out previous posts by the same author. your writing style is quite something, are you misunderstood often?
trod1234 · 4h ago
Sure thing, a surrogate is something that we equate as the same thing but is not the same thing, and it carries negative connotation because the differences causes loss to the owners.
A Hegelian pattern being a circular pattern that abuses the contrast principle (a psychological blindspot), and also includes a long historical context with regards to socialism/communism. For example, I'm sure you've heard of shock doctrine. That's a Hegelian pattern.
For an example of surrogates, your cell phone is a surrogate for the original telephone, also your computer, and any number of other add-on devices. They perform multiple functions, but the primary purpose has been superseded by secondary purposes of control, data collection. A digital soldier quartered in every house, that follows you everywhere you go informing on you to the highest bidder.
A car today is not a car, its a computer which performs the function of transportation, and may be a platform for assassination, but also allows granular tracking of your movements like an animal on a leash.
The fact that most people aren't aware of all the ways their agency has been taken matters little. Industry in cooperation with government, fueled by money-printing have excluded any option through oligopoly, except total compromise/dependency, in furtherance of control. History knows how runaway money-printing ends.
Are you aware your TPMS sensors in your tires passively beacon a unique ID for each tire everywhere you go? That collection of sensors is sufficient to uniquely identify you in conjunction with a few other things in the car remotely, everywhere. Its a weak broadcast, but there are remote sensor networks everywhere, including roaming sensor networks (Tesla's, Public Transpo, etc). All that data collection is mined and added to a secret big-tech dossier you have no control over.
The ODB-II uplink through the telematics unit may even allow a remote control takeover of your car, while you are driving it. Tricking the car into adverse road-condition programming causing an accident.
Bulk data collection of radio-frequency data is either freely available (wigle) or has a very low buyin which allows granular historic tracking for everyone in a geographic region, and there are groups that know about this, and use this towards Zersetzung style gang-stalking (criminal harassment). Just like the lex-luthor sponsored monkey bots on social media. /s
> are you misunderstood often.
I'm not misunderstood by rational people who can reason, avoiding fallacy, and tying their arguments to things that are objective; I'm fine with disagreement, I just can't abide by toxic dissembling and other manipulative tactics the more malign people use.
There are some real existential problems we need to deal with, and when you can't communicate sufficiently so people recognize because of channel jamming, language corruption, and other malign rhetoric, momentum will carry us right to extinction.
A civilization based on total control, is a society that will be extinct in short order.
There are quite a few people online these days, though I dare hesitate to call them actual people because they are delusional, hopelessly complacent, malevolent, or just blind waiting at the chance of being either of the previous 3.
The things I talk about are things people have been conditioned from a young age to believe are impossible, despite objective indicators to the contrary (i.e. lies so big it would rearrange their world), with real science behind it; that has largely been suppressed with the end goal being towards control of the masses.
An indoctrinated willful blindness is a big problem today, I'd say that is probably one of the top things that prevents most people from organizing to make everyone's lives better. The blind are easily manipulated by those with ill intent.
My main goal in bringing attention to things is to hopefully get people to pay attention, and take appropriate action. The ones that aren't paying attention often throw their lot in with the people seeking chaos for profit; survival be damned.
I want an advantaged future for my children. Not the disadvantaged hellscape we see today. To make significant change, you need like-minded people all working towards that direction, and to do that you need to be able to communicate adverse issues in time to act.
With respect to the anti-cheat, once software is on your computer at that privileged level, they can perform an Eclipse attack on you, and you won't be able to know its happening.
MITM is two dimensional involving a single path, Eclipse covers all possible path nodes to such information; and its quite possible to do this without having nation-state backing given the state of IT security at the lowest levels of abstraction.
dist-epoch · 6h ago
It is possible to prevent DMA attacks with encrypted memory/confidential computing. Just like you can run secure VMs that the host can't mess with.
People pay more than $300 for cheats, some are sold in the $1k+ range
devmor · 8h ago
It’s not a profit/loss evaluation. The people doing this have money to waste. It’s the same as spending money to go out drinking to them.
strstr · 8h ago
Cheating will slowly look more and more like trying to hack your own machine.
Secure Boot+TPM combined with decent firmware will make cheating a lot harder. If the firmware ensures random devices don’t get BME set before the IOMMU is properly, attestably, configured, you are basically now stuck looking for bugs in the TPM and UEFI if you want to shove yourself beneath the OS unnoticed. These are full of bugs, so that will work for a while, until it doesn’t.
Popping windows will probably work for some time, but HVCI will make this a pain once ubiquitously required.
And you have to do all of this while also not being detected for aberrant behavior. Eventually, the analog hole might end up being easier, lol.
mjg59 · 7h ago
Which OSes are actually imposing DMA restrictions on internal cards? That feels like something that would impose noticeable overhead, but I guess I can imagine a special mode that enforces this for competitive gaming...
kbolino · 7h ago
It's not a global on-off switch. With a proper IOMMU, the hypervisor/operating system can lock out specific devices from DMA access, or confine them to specific address ranges.
strstr · 7h ago
Allegedly some of the anticheats are configuring the IOMMU through Windows APIs (vanguard, faceit, and a smattering of chinese anticheats). It’s hard to find good public information though. They do some mix of blocking access and deliberately leaving some pages as bait (and monitoring iommu d-bits/faults)
themafia · 7h ago
> will make cheating a lot harder.
It can never make it impossible.
> These are full of bugs, so that will work for a while, until it doesn’t.
You're forgetting that vendors have to implement this into a pretty complicated system already and that configuration space is constantly changing due to new CPUs and other hardware coming into existence. There will always be holes due to emergent configuration and implementation issues.
> but HVCI will make this a pain once ubiquitously required.
Then there will be new pressure to get at the underlying keys that protect the system. When you consider the size of the keys vs. the size of the reward for liberating them it's obvious how this is going to play out.
> And you have to do all of this while also not being detected for aberrant behavior
For tournaments I don't understand the problem. Every other modern non computer based sport has this issue. They understand they can't be perfect, and any attempts to do so would ruin the nature of the competition itself, so you're better off recording as much data, video and audio from the player as you possibly can. That way if there are any accusations later you have the data to consider them.
This is a race to a corporate controlled future for no particularly good reason.
ohdeargodno · 6h ago
>Then there will be new pressure to get at the underlying keys that protect the system.
just decap your CPU no big deal it just destroys it.
Unless you do something stupid and expose, for some reason, a function from the TPM to return the private key (something that basically noone has done in the past 15 years), you're not breaking those keys. It hasn't been broken on a PS5, on an Xbox One, on an iPhone, on the vast majority of Android phones.
>Every other modern non computer based sport has this issue. They understand they can't be perfect
In every single popular online game right now, hop in on a game, there is a very high chance that one of the players is cheating. From regular scripting in DotA, to aimbotting, to whing, to anything you can imagine. For players, this leads to a frustrating experience. And frustration leads to players leaving the game. Unlike someone cheating at football, which you can personally physically grab and beat the shit out of for ruining the game for others, the best you can do online is leave. For developers, players leaving and a reputation of having cheaters means that your future attempts at making any money through the online portion of your game is dead.
themafia · 3h ago
> you're not breaking those keys.
You inferred break but I meant leak. As the financial incentives increase so does the pressure on the physical part of the system. Which historically has always been the weakest and is often exploited.
> hop in on a game
Do you mean public lobby? And you're willing to completely sacrifice your control over your own computer to have a pleasant public gaming experience? Aren't there other ways to solve this problem? In particular by moving it away from the monopolized server/lobby model we currently have?
> And frustration leads to players leaving the game.
It sounds like the game lacks capabilities if this is what is happening. In previous eras I would have just left the server and told the client to ignore it forever. Then servers which allow cheating either intentionally or due to bad management do not get played on.
> Unlike someone cheating at football
Think F1 and Nascar. They have cheating problems. There's millions of dollars on the line. Of course they do. Yet.. they seem to manage just fine without resorting to violence. Which I think is the more apt comparison because the lead for this story is how it impacts tournaments and other scenarios where monetary rewards are up for grabs.
> at making any money through the online portion of your game is dead.
Then you need to provide a service that is worth the money. Punting on the problem and insisting that gamers submit to these types of hardware schemes that don't actually address the totality of the problem is ridiculous. I don't see how it's a problem for them not to profit. Why should they? What is their "stewardship" worth here exactly?
zb3 · 6h ago
> you're not breaking those keys. It hasn't been broken on a PS5, on an Xbox One, on an iPhone, on the vast majority of Android phones.
Because NSO/Mossad has a different way to get into these phones. When finding software exploits will no longer be viable, we might see some new interesting attacks..
ohdeargodno · 6h ago
The different way is called a hammer and your hands. They don't have magic tools to break encryption.
We're barely finding out software ways to attack the Xbox360 and it requires rowhammer level of fuckery. Hardware attacks are in the vast majority of cases destructive or relying on some side effects. If you don't leave JTAG pins on your board, they're pretty much never reliable.
zb3 · 5h ago
I think you're not up to date regarding what NSO/Cellebrite can do.. "different way" might mean exploits or even other more "humint" methods.
But these companies/agencies don't care about gaming though, so it's not relevant to cheating..
dist-epoch · 6h ago
> When you consider the size of the keys vs. the size of the reward for liberating them it's obvious how this is going to play out.
It's not. The keys for XBox were kept safe for more than a decade now. And not for lack of trying.
zb3 · 6h ago
> And not for lack of trying.
It depends on who tries.. I bet these were just not of interest to Mossad/NSO :)
gausswho · 8h ago
Can't help but feel like this is Microsoft leaning on devs to make the general PC multiplayer gaming experience so onerous that they'll choose to get an XBox instead.
thewebguyd · 8h ago
Been wondering that myself. The kernel level anti-cheat has gone so far, it's all an attempt to turn an untrusted platform (someone's computer) into a trusted execution platform (a console).
I don't like it, the idea of software mandating a very specific computing environment or else it refuses to run. It takes agency away, and will bleed into other types of software beyond just games (which we already see on mobile).
I like gaming on PC, but I will continue to refuse to install/play any game that requires this level of anti-cheat. There has to be a better way than forcing users to install what is effectively a rootkit to play.
seanhunter · 7h ago
Microsoft’s corporate strategy is almost the exact opposite of this though. It’s that “everything is an Xbox” ie they are massively shifting away from the special-purpose hardware to anything being an xbox if it runs windows. I would be somewhat surprised if microsoft-made consoles even exist in a generation or two’s time.
jakebasile · 7h ago
I'm convinced it is as well. It also stops these very popular games from running on Linux which is finally mounting a concerted push into PC gaming thanks to Valve.
bullen · 2h ago
> I fully suspect that some anti-cheat providers will simply prevent access to the game if you use one of those.
How would they be able to detect that the TPM is discrete?
gjsman-1000 · 2h ago
As the article says, every TPM has its own signature and public key from the manufacturer, making it fairly easy to say if it isn’t Intel and it isn’t AMD, it’s discrete.
bullen · 2h ago
But the article also says you can replace that public key, also they are from the motherboard, not CPU manufacturer.
I think it's going to be yet another failure like Nintendo and Sony have been struggling with for decades.
If you start requiring things, people will take out their soldering iron.
And this time they are trying to brick hardware we built ourselves, if you are still using a discrete header TPM your computer is from 2016, and then odds are you built it yourself!
FineWolf · 1h ago
> But the article also says you can replace that public key, also they are from the motherboard, not CPU manufacturer.
No. The article does state that EKs come from your fTPM, which is part of your CPU package.
Without replacing your CPU, you are not replacing your EK, or `EKpub`.
Unless you install a discrete TPM, who's `EKpub` won't be signed by Intel or AMD; thus easily detectable as a discrete TPM.
gjsman-1000 · 1h ago
Nonsense - Nintendo’s OS, according to reverse engineers, is currently bulletproof. The contributor who rewrote the entire kernel, and secure monitor, as open source said they have “zero bugs”… in 2020. The problem was NVIDIA’s boot code and inability to detect glitching; but the OS design was impeccable.
Now that the Switch 2 inherits NVIDIA’s completely redesigned boot processor with formal verification, written in entirely memory-safe languages used for rockets and trains (ADA SPARK), with lockstep booting (two cores executing instructions simultaneously and verifying their work), and voltage monitoring / glitch detection as the cherry on top; Switch 2 won’t be cracked in the next decade, possibly two.
jakogut · 6h ago
Qemu is capable of running secure boot enabled operating systems with swtpm emulating a physical TPM. There's also vDRM, virgl, and Venus for accelerating graphics workloads in guests, along with a proof of concept Windows driver.
How exactly do anti-cheat vendors intend to prevent this kind of setup from being effective?
ThatPlayer · 5h ago
Emulating a physical TPM doesn't always help when you cannot get a valid certificate signed by AMD/Intel. These are stored on the TPM and cannot be easily dumped. You'll want to passthrough your PC's TPM to the VM rather than emulating one.
By blocking KVM. Enable or fake hyper-v? Block various qemu drivers. Don't use any of the qemu drivers? Side channels to detect KVM. Stronger hyper-v purity integrity. Detect nested hypervisors, which will have poor performance anyway.
If you arent virtualizing disk drives and get banned. They will get serial banned, along with your other non virtualized hardware. GPU, monitors, ram, motherboard, keyboard, mice, headset serials. Yes, these are really all collected. No myth.
Some people think server side anticheat can help. It can to a degree. Then some things will always be possible client side. Game devs need more subtle client side integrity checks inside the game, not only ones that purely check the integrity of your overall system.
It's a losing battle, especially on games using the most popular engines like unreal and unity.
strstr · 6h ago
In practice, it’s essentially infeasible to make a non-detectable virtualization stack. Timing is really really hard to match (as is everything else). You can edit the binary that’s doing the detection, but this is time consuming. Every new feature they push costs you time and will poison your hardware id.
You can go further by, say, requiring fTPMs that are on the SoC (super common these days for most recent consumer CPUs). If you can’t boot into linux without the PCRs reflecting your virtualization stack being in the boot chain, you’re cheat is quite detectable.
FineWolf · 3h ago
The post does cover that briefly.
> If the TPM is virtualised (vTPM), the EKpub and EKcert validation will fail, as the EK won’t be signed by AMD or Intel.
Using `swtpm` will not give you the ability to create quotes of your PCR that are signed by an Endorsement Key that is itself signed by Intel or AMD.
It will be very obvious that you are using a self-generated key, possibly from a virtualised TPM.
Passing through the host's TPM will lead to multiple boot events being recorded, which will be flagged as an anomaly.
SamInTheShell · 6h ago
This is a hill I'm willing to die on: Failure to do proper server side checking is carelessness in the face of making a quick buck.
I distinctly remember being a kid bypassing this type of software back when it was just Game Guard at the top. There's nothing that's going to stop kids from doing it today.
It's an arms race doomed to failure until these game devs stop being lazy and just put in the sweat required to get their houses in order.
Server side checks. That's it. User input is tainted evil and you can't trust it. Anything less than server side checking is insecure.
>Server side checks. That's it. User input is tainted evil and you can't trust it. Anything less than server side checking is insecure.
Cool. Noone will play your game. Every single thing that makes a game feel not even just good, but playable, like basic prediction no longer works. Peeker's advantage gets multiplied tenfold. Players with high sensitivity get rolled back because you decided that their .1s flick was not right.
And the funniest of all that ? The cheaters that are just sending mouse & keyboard events still get to play, because they can pretend to play exactly like you want them to.
>I distinctly remember being a kid bypassing this type of software back when it was just Game Guard at the top. There's nothing that's going to stop kids from doing it today.
With none of the respect: ok grandpa, time to get you a chamomile and time to go to bed. It's not kids pulling out cheat engine, it's physical hardware that does DMA with $100/month subscriptions. The most basic, not-even-officially-considered-a-cheat piece of hardware is something like a Cronus, that does recoil control and scripting, on console. That's not a rare piece of equipment: a large part of the higher ranked players are using one or similar. That's the _basic_ cheating device now. Nobody is talking about shitty spinbots.
EDIT: editing to not fall into a deep thread with you whining:
>you resign to insults
no, I called you old because you're referring to an anti cheat that runs on Rappelz and MapleStory (and that is notoriously known for being terrible). The only way it could have been more telling would have been referring to WON or QuakeWorld.
>can't because you lack the skills required.
sorry, who's doing insults ?
I've enumerated a short list as to why it doesn't work. But if you want more: here: nothing on that article works any more with server side verification of everything: https://developer.valvesoftware.com/wiki/Source_Multiplayer_.... Rollback ? Lagcomp ? Basic hitreg? Nope, broken, because you just wanted to verify everything server side instead of assuming a set of known good information. You don't acknowledge either _what_ you verify server side. I'll give a quick little hint: it's because there's nothing useful you can verify. The basic stuff is already verified: player state is kept in sync, and you can't say that you have 300 bullets in your 20 bullets magazine.
Trusting the client is necessary, because even a 10ms ping means that you're a frame behind, and nobody will play that.
SamInTheShell · 5h ago
> ok grandpa, time to get you a chamomile and time to go to bed
So you resign to insults because you're either incompetent in code or think you know something I don't. You would be better served to make a case for a counter argument, but can't because you lack the skills required.
Edit: Good developers figure out how to make better code, while some developers are just doomed to mediocrity. ¯\_(ツ)_/¯
spookie · 5h ago
Server side check for what?
My dude, we are at the point where AI's are trained on images resembling the enemy player (you know the ones appearing on your screen, good luck not showing those) and a little programme rolls a mouse around and clicks heads.
We ONLY have this problem BECAUSE the game publishers want to OWN the server infrastructure themselves.
In the old days you had dedicated servers where one of the players, at least, had full control over that server. Any sus behaviour would be met with rods from god right into the cheater's home router location. I'm being really theatrical here but really this worked, and was sustainable. Mods were able to fight the criminals in their small servers. A distributed cyber police if you will.
Today, we rely on a singular company (the one who published or developed the game) to be able to automagically pinpoint sus behaviour across a million servers and NOT have collaterals.
We had the perfect scheme to handle them, we have just lost to greed. No amount of client or server side shenanigans will ever be enough to fight cheaters. You need actual humans in there.
SamInTheShell · 5h ago
Genuine question, why are people confused on what user input is here?
Suppose the game is a solo game primarily with additional multiplayer features. The agreement there is simply that they enter multiplayer with a valid game state (edit: you validate on join).
Upon entering multiplayer, monitoring begins. Player moves, is it valid? Player shoots gun. Is this valid? Ray cast reached target and does damage. Was that valid?
Did you track the player state during the replication streaming? If no, then there are user input validation gaps.
To be completely fair, most people aren't out writing their own game engine to account for this stuff and it's a lot of work to do that. None of the major game engines on the market do this.
In large database systems, log replication occurs all over the place and validation takes place (some systems better than others for sure). Difficult to implement, sure, but when you know, track, and monitor the state; you can validate and respond.
ThatPlayer · 5h ago
> Player moves, is it valid?
The problem isn't whether or not it's valid. It is whether or not it is a human doing it, or an aimbot. This isn't unique to games, websites/browsers do the same thing: scraper and other bots all give valid inputs, but not always human ones. That's why captchas exist, and those only detect "only-bots", not a bot assisted by a human or vice-versa.
> Ray cast reached target and does damage. Was that valid?
This one is very hard to replicate because of latency. By the time I see and shoot at an opponent at position A, on the server the opponent will be at position B. And on the opponent's computer, position C. In the time it takes for my packet to reach the server, the opponent is now at position D.
So my "shoot gun" network message not only has to include my current timestamp, but also my current position of the opponent. Because of latency, my opponent's position on my client wouldn't even be the last packet I got (A-1), but rather A-1 interpolated based on how long it took for the packet to reach my client. You have to trust the client on what it thinks is a valid position for the opponent, because no one wants to play a game where you can't hit the opponent. This leeway gives you a lot of room to fudge inputs.
These differing game states also leads to peaker's advantage in games.
SamInTheShell · 4h ago
Everything other than the isHuman part is absolutely detectable. It's just a matter of building a system for it.
The ability to detect isHuman just seems to be on chopping block as far as I can tell. There is little to no barrier remaining today to prevent people from leveraging AI to get around this entire problem. There's a few outlier solutions that work for now, but AI does two things really well given time: solving classification and regression problems.
What can still be done is maintaining short lived replication logs and pattern analysis in this space. There is no reason that a player's actions can't be logged, analyzed, and responded to. It doesn't even need to be real time, it can just be latent. The server doesn't need to rely on reported timestamps for the analysis part, because the server can use it's own timestamping upon arrival to at least see how far apart the order of operations occur.
I know it's not an easy problem space to be in, I don't envy it, but I can't agree with the sentiment that it's impossible knowing how these systems are already designed in larger engines.
ThatPlayer · 4h ago
> the server can use it's own timestamping upon arrival to at least see how far apart the order of operations occur.
The server's timestamp isn't going to be representative of the user's actual input when you're using UDP. Especially over consumer wifi which is hardly the most consistent network, but is still used by a majority.
SamInTheShell · 4h ago
It sure doesn't. Any reason you couldn't just slap a TCP connection on top of it to make your replication log for analysis though?
As I mentioned in my last comment, someone would need to design a system to better deal with this type of stuff. The way things are stem from decades of decisions made, starting with more design constraints than we have today.
ThatPlayer · 4h ago
TCP still doesn't solve timing of packets not matching the timing of the inputs because of jitter, retransmission, and other overheads. You would still have to rely on user client reported timestamps to tell how far apart actions are taking place.
SamInTheShell · 3h ago
Seems like a non issue to me, time is just relative. Analysis on receipt is still possible, because you can calculate latency.
I'd recommend checking out Leslie Lamport's work, you can probably derive some ideas. I'm not be prescriptive here because this isn't a space I plan to work in to solve problems since it's just games. Entertainment isn't really my thing, I tend to lean heavily into systems and security knowledge which has served me well broadly.
thomastjeffery · 6h ago
Check for what?
This is the question that anti-cheat conveniently dodges.
The real problem is that "cheating" is practically undefinable. What players really need is moderation. There is no relevant difference, from a player's perspective, between playing against a cheater or playing against a legitimately skilled person. If someone is not fun to play with, then that needs to be managed somehow.
The most effective strategy is for players to moderate the servers they play on. This has recently become impossible, because game studios have chosen to monopolize server hosting while also abdicating the responsibility of moderation. Anti-cheat is nothing more than a lazy implementation of automated moderation.
There's a reason that Battlefield 4 is still going strong, while Battlefield One (which came out just after 4) is unplayable. That reason is player-hosted servers.
SamInTheShell · 5h ago
Moderation is a fine suggestion. This idea could actually be implemented in such a way that other player clients do detection and reporting behind the scenes. Suppose a ton of clients see one user violating rules of the physics engine. Automated reporting on that can be observed as a trend and a ban would make sense.
Having argued about this specific topic in the past, I agree that going so far as to do checks on player movement is difficult and even expensive if you're validating physics for every user.
What concerns me more is the increased risk of RCEs when developers skip fundamental security practices because "the anti-cheat handles it" for them.
firesteelrain · 8h ago
What prevents crackers from bypassing the TPM check?
bpye · 7h ago
For online/multiplayer features the server could require a valid TPM quote - this is mentioned in the article.
firesteelrain · 7h ago
Ok I didn’t understand
dist-epoch · 6h ago
The TPM provides a cryptographic signature that can't be faked. If you bypass it, you won't have access to that signature.
firesteelrain · 6h ago
Right I think I realized for online only games or online required as long as the server side isn’t compromised.
miohtama · 6h ago
How about Steam Deck? It's kind of Linux and likely future of Linux gaming?
SamInTheShell · 6h ago
I wont play anything that doesn't work through proton or wine. This is how I vote with my dollars these days.
lousken · 4h ago
what would need to happen for companies to implement things server side properly and do checking there?
wmf · 1h ago
Even 100% server-side checking can't prevent cheating. It just means cheaters will be indistinguishable from a person playing perfectly.
bigyabai · 8h ago
It doesn't matter. The new Battlefield was hacked within 24 hours of the beta using the same DMA GPU-spoofing hardware you could buy from China for the past decade. It's not a palatable notion, but you cannot really have PC gaming without some level of cheating taking place.
jakebasile · 8h ago
The solution existed starting in the late 90s through the early 2010s. You have a server browser with community run servers who are administered by people who play on the server. Admins notice cheating, the cheater gets banned. You find a server that you like and it turns into an ad hoc community.
Of course that doesn't maximize shareholder value the way skill based matchmaking or revenue based matchmaking does. So the incentives are again misaligned between devs and players, so nothing will get solved.
dekrg · 6h ago
People and the internet have changed since those times. It' not the 90s anymore grandpa.
The majority of players do not want to search for a server to play a game they've paid for, especially without knowing whether the server they join is any good or if they even a a low lag server near them. They just want to start the game, hit play, and have fun with the game.
Also as "fun" as having dick sucking servers for streamer would be (your so called communities), you are forgetting the other side of your so called solution : a server admin would have to manually ban a cheating streamer, essentially calling them out publicly as a cheater to all their rabid fans who believe the streamer simply has godlike aim and knowledge of player positions.
kbolino · 7h ago
> The solution existed starting in the late 90s through the early 2010s [...] the cheater gets banned.
This attitude also reflects the naivete of the 1990s. You can't ban a person. You can ban an IP, you can ban "all known Tor exit nodes" or "all known VPNs" or "all known public cloud IPs", you can ban whole countries by IPgeo, you can ban anything somebody has to provide to log in (an email address, a phone number, a credit card number, etc.), but these can all be evaded. The only truly effective banning tools are private, invite-only servers or reputation/incentive systems where the cheater loses something really valuable that a ban evasion can't recover.
Yasuraka · 6h ago
Why ban IPs or emails if you've got a perfectly valid user ID tied to a >60 bucks license.
kbolino · 6h ago
For many cheaters, $60 is nothing. Either because they have money to burn, or because they're not getting it legitimately in the first place.
ohdeargodno · 6h ago
No. For the vast majority of games, they're either free to play, or less than 20 bucks.
In addition: people pay over $100 per month for these cheats, plus the initial hardware investment. The 60 bucks license doesn't matter. You just hop to another server.
Spunkie · 6h ago
The 60 bucks license doesn't matter. You just hop to another server.
That's the entire point and why community moderation servers work. Why would a hacker keep coming back to a well moderate private server where they only get 5-10 minutes of play time before their account/license get banned when they can instead go to another unmoderated server and not worry about it?
kbolino · 6h ago
Because the unmoderated servers are full of other cheaters.
Some companies have tried a strategy of quietly shunting cheaters off to cheater ghettoes but the cheaters figure it out pretty quickly. With some limited exceptions, the cheating we're talking about is motivated by a desire to gain an advantage over legitimate, non-cheating players.
eurleif · 6h ago
The problem with "you don't need to outrun the bear, only to outrun your friend" is that either you or your friend are going to get eaten. All other things being equal, it would be preferable to have a strategy where no one gets eaten.
mjevans · 6h ago
It depends on how the community's web of trust is setup.
Need to go in person to a meetup to get your account on the allow list? Better have real good fake ID to avoid a person ban.
kbolino · 6h ago
Yes indeed, but this is basically a particular kind of "private, invite-only server".
stoltzmann · 6h ago
>but these can all be evaded
And then they'll be banned again and again.
There's only a limited amount of IPs available to cheaters, it won't be long before they burn through all of them.
kbolino · 6h ago
Well, some of them are smart enough not to immediately log back in and spam "I'm the guy you just banned! Ban me again!" in global chat. And the admins, even paid ones working for big corporations, have finite patience and time.
Detecting cheating is not always trivial. Cheat bans often have to happen in waves rather than immediately in order to frustrate the cheaters and obfuscate how they were detected.
Sure, the cheater will eventually run out of IPs. But you might as well save both yourself and the cheaters some time and hassle and just add 0.0.0.0/0 and [::]/0 to your IP banlist right now. You will effectively end up with the same result if you're willing to chase every cheater across the address spectrum.
Spot IP bans aren't totally worthless but they're probably the least effective of the techniques I mentioned.
ohdeargodno · 6h ago
>There's only a limited amount of IPs available to cheaters, it won't be long before they burn through all of them.
No ? Even if it takes 5 minutes to get noticed (which only happens on the most absolutely blatant cases of cheating), rotating through a few VPNs can easily get you a few thousand different IPs. That's over three consecutive days of cheating. And that's just for a single server. In addition, IP bans means that you potentially nuke hundreds of people: between CGNAT & people playing on shared phone connections, a single IP can be allocated many times.
In addition: this kind of maintenance wears down server owners and admins. Every times, it's more time spent banning someone. Every time, it's players on the server making reports while you're not there, and hoping you have tools that allow you to verify it. Every time, it's players leaving your community, because there's a cheater.
ThatPlayer · 6h ago
This ignores that most anti cheat like this started on community run servers. Because players don't want to have a second job as moderators, they just want to play the game.
This is true even in current day community servers. Modded GTA V FiveM had additional anti cheat before it was added to the original game. CS2 community servers Face-IT and ESEA have more anti cheat, not less.
Spunkie · 6h ago
As someone that was there at the time and also funded and ran many servers myself I can attest that this is and will always be the only real solution to hackers.
But also judging from the other responses you got, the younger gaming community at large have let their brains rot out of their ears and have been thoroughly brainwashed that this can't possibly be a solution.
TGower · 6h ago
It's less about upfront prevention and more about removing cheaters from the playerbase over time. TPM hardware ban means you'll have to buy a new CPU in addition to a new copy of the game in order to play again after getting caught cheating.
Even if the only impact was to make cheaters go out and buy hardware cheating devices, the added friction over just downloading a software package would be worth it.
dark-star · 7h ago
Can you not simply enroll your own keys in your TPM and still boot with custom-signed drivers that circumvent all this? I mean, yeah, it's a lot more work but it would still work I guess?
gizmo686 · 7h ago
This is where measured boot and remote attestation come in. You can run whatever software you like; but will only be able to attest to running what you're at actually running (baring an attack on the TPM or some other trusted component earlier in the chain).
The remote game server would then need to decide if it wants to let you connect given your inability to attest to running a trusted configuration.
I've seen this setup work in very controlled conditions. But given how diverse the ecosystem is, someone is going to put out a buggy system, and too many legitimate users will buy it for most games to be willing to blacklist it.
strstr · 7h ago
That’s not intended to be possible for any reasonable TPM with a trustworthy ekcert.
dist-epoch · 6h ago
Then your "secure fingerprint" would change, and the game servers will lock you out.
neilv · 9h ago
This is another way for cheaters to screw over everyone.
Why not? Presumably Microsoft will decline if you say outright "this is for cheating", but if you make a kernal driver that happens to have a feature for executing commands from user space for a benign reason, i don't think they would decline to sign it. There are a few million windows drivers, there are plenty of situations where a weirdly specific driver has a valid use case.
That's basically the one thing that's outright banned, no discussion possible. As far as Microsoft is concerned, there are no benign reasons to do that, and any software attempting to do it is treated as malware.
1: https://learn.microsoft.com/en-us/windows/security/hardware-...
If you haven't noticed, these solutions create the platform to both test, and control your digital life without your knowledge following a classic surrogate/hegelian pattern. How much do you trust the credibility of entities behind these game companies. Would you trust them with your life?
This should be carefully considered food for thought for anyone that values their future.
ps. on such nonstandard posts I check out previous posts by the same author. your writing style is quite something, are you misunderstood often?
A Hegelian pattern being a circular pattern that abuses the contrast principle (a psychological blindspot), and also includes a long historical context with regards to socialism/communism. For example, I'm sure you've heard of shock doctrine. That's a Hegelian pattern.
For an example of surrogates, your cell phone is a surrogate for the original telephone, also your computer, and any number of other add-on devices. They perform multiple functions, but the primary purpose has been superseded by secondary purposes of control, data collection. A digital soldier quartered in every house, that follows you everywhere you go informing on you to the highest bidder.
A car today is not a car, its a computer which performs the function of transportation, and may be a platform for assassination, but also allows granular tracking of your movements like an animal on a leash.
The fact that most people aren't aware of all the ways their agency has been taken matters little. Industry in cooperation with government, fueled by money-printing have excluded any option through oligopoly, except total compromise/dependency, in furtherance of control. History knows how runaway money-printing ends.
Are you aware your TPMS sensors in your tires passively beacon a unique ID for each tire everywhere you go? That collection of sensors is sufficient to uniquely identify you in conjunction with a few other things in the car remotely, everywhere. Its a weak broadcast, but there are remote sensor networks everywhere, including roaming sensor networks (Tesla's, Public Transpo, etc). All that data collection is mined and added to a secret big-tech dossier you have no control over.
The ODB-II uplink through the telematics unit may even allow a remote control takeover of your car, while you are driving it. Tricking the car into adverse road-condition programming causing an accident.
Bulk data collection of radio-frequency data is either freely available (wigle) or has a very low buyin which allows granular historic tracking for everyone in a geographic region, and there are groups that know about this, and use this towards Zersetzung style gang-stalking (criminal harassment). Just like the lex-luthor sponsored monkey bots on social media. /s
> are you misunderstood often.
I'm not misunderstood by rational people who can reason, avoiding fallacy, and tying their arguments to things that are objective; I'm fine with disagreement, I just can't abide by toxic dissembling and other manipulative tactics the more malign people use.
There are some real existential problems we need to deal with, and when you can't communicate sufficiently so people recognize because of channel jamming, language corruption, and other malign rhetoric, momentum will carry us right to extinction.
A civilization based on total control, is a society that will be extinct in short order.
There are quite a few people online these days, though I dare hesitate to call them actual people because they are delusional, hopelessly complacent, malevolent, or just blind waiting at the chance of being either of the previous 3.
The things I talk about are things people have been conditioned from a young age to believe are impossible, despite objective indicators to the contrary (i.e. lies so big it would rearrange their world), with real science behind it; that has largely been suppressed with the end goal being towards control of the masses.
An indoctrinated willful blindness is a big problem today, I'd say that is probably one of the top things that prevents most people from organizing to make everyone's lives better. The blind are easily manipulated by those with ill intent.
My main goal in bringing attention to things is to hopefully get people to pay attention, and take appropriate action. The ones that aren't paying attention often throw their lot in with the people seeking chaos for profit; survival be damned.
I want an advantaged future for my children. Not the disadvantaged hellscape we see today. To make significant change, you need like-minded people all working towards that direction, and to do that you need to be able to communicate adverse issues in time to act.
With respect to the anti-cheat, once software is on your computer at that privileged level, they can perform an Eclipse attack on you, and you won't be able to know its happening.
MITM is two dimensional involving a single path, Eclipse covers all possible path nodes to such information; and its quite possible to do this without having nation-state backing given the state of IT security at the lowest levels of abstraction.
People pay more than $300 for cheats, some are sold in the $1k+ range
Secure Boot+TPM combined with decent firmware will make cheating a lot harder. If the firmware ensures random devices don’t get BME set before the IOMMU is properly, attestably, configured, you are basically now stuck looking for bugs in the TPM and UEFI if you want to shove yourself beneath the OS unnoticed. These are full of bugs, so that will work for a while, until it doesn’t.
Popping windows will probably work for some time, but HVCI will make this a pain once ubiquitously required.
And you have to do all of this while also not being detected for aberrant behavior. Eventually, the analog hole might end up being easier, lol.
It can never make it impossible.
> These are full of bugs, so that will work for a while, until it doesn’t.
You're forgetting that vendors have to implement this into a pretty complicated system already and that configuration space is constantly changing due to new CPUs and other hardware coming into existence. There will always be holes due to emergent configuration and implementation issues.
> but HVCI will make this a pain once ubiquitously required.
Then there will be new pressure to get at the underlying keys that protect the system. When you consider the size of the keys vs. the size of the reward for liberating them it's obvious how this is going to play out.
> And you have to do all of this while also not being detected for aberrant behavior
For tournaments I don't understand the problem. Every other modern non computer based sport has this issue. They understand they can't be perfect, and any attempts to do so would ruin the nature of the competition itself, so you're better off recording as much data, video and audio from the player as you possibly can. That way if there are any accusations later you have the data to consider them.
This is a race to a corporate controlled future for no particularly good reason.
just decap your CPU no big deal it just destroys it.
Unless you do something stupid and expose, for some reason, a function from the TPM to return the private key (something that basically noone has done in the past 15 years), you're not breaking those keys. It hasn't been broken on a PS5, on an Xbox One, on an iPhone, on the vast majority of Android phones.
>Every other modern non computer based sport has this issue. They understand they can't be perfect
In every single popular online game right now, hop in on a game, there is a very high chance that one of the players is cheating. From regular scripting in DotA, to aimbotting, to whing, to anything you can imagine. For players, this leads to a frustrating experience. And frustration leads to players leaving the game. Unlike someone cheating at football, which you can personally physically grab and beat the shit out of for ruining the game for others, the best you can do online is leave. For developers, players leaving and a reputation of having cheaters means that your future attempts at making any money through the online portion of your game is dead.
You inferred break but I meant leak. As the financial incentives increase so does the pressure on the physical part of the system. Which historically has always been the weakest and is often exploited.
> hop in on a game
Do you mean public lobby? And you're willing to completely sacrifice your control over your own computer to have a pleasant public gaming experience? Aren't there other ways to solve this problem? In particular by moving it away from the monopolized server/lobby model we currently have?
> And frustration leads to players leaving the game.
It sounds like the game lacks capabilities if this is what is happening. In previous eras I would have just left the server and told the client to ignore it forever. Then servers which allow cheating either intentionally or due to bad management do not get played on.
> Unlike someone cheating at football
Think F1 and Nascar. They have cheating problems. There's millions of dollars on the line. Of course they do. Yet.. they seem to manage just fine without resorting to violence. Which I think is the more apt comparison because the lead for this story is how it impacts tournaments and other scenarios where monetary rewards are up for grabs.
> at making any money through the online portion of your game is dead.
Then you need to provide a service that is worth the money. Punting on the problem and insisting that gamers submit to these types of hardware schemes that don't actually address the totality of the problem is ridiculous. I don't see how it's a problem for them not to profit. Why should they? What is their "stewardship" worth here exactly?
Because NSO/Mossad has a different way to get into these phones. When finding software exploits will no longer be viable, we might see some new interesting attacks..
We're barely finding out software ways to attack the Xbox360 and it requires rowhammer level of fuckery. Hardware attacks are in the vast majority of cases destructive or relying on some side effects. If you don't leave JTAG pins on your board, they're pretty much never reliable.
But these companies/agencies don't care about gaming though, so it's not relevant to cheating..
It's not. The keys for XBox were kept safe for more than a decade now. And not for lack of trying.
It depends on who tries.. I bet these were just not of interest to Mossad/NSO :)
I don't like it, the idea of software mandating a very specific computing environment or else it refuses to run. It takes agency away, and will bleed into other types of software beyond just games (which we already see on mobile).
I like gaming on PC, but I will continue to refuse to install/play any game that requires this level of anti-cheat. There has to be a better way than forcing users to install what is effectively a rootkit to play.
How would they be able to detect that the TPM is discrete?
I think it's going to be yet another failure like Nintendo and Sony have been struggling with for decades.
If you start requiring things, people will take out their soldering iron.
And this time they are trying to brick hardware we built ourselves, if you are still using a discrete header TPM your computer is from 2016, and then odds are you built it yourself!
No. The article does state that EKs come from your fTPM, which is part of your CPU package.
Without replacing your CPU, you are not replacing your EK, or `EKpub`.
Unless you install a discrete TPM, who's `EKpub` won't be signed by Intel or AMD; thus easily detectable as a discrete TPM.
Now that the Switch 2 inherits NVIDIA’s completely redesigned boot processor with formal verification, written in entirely memory-safe languages used for rockets and trains (ADA SPARK), with lockstep booting (two cores executing instructions simultaneously and verifying their work), and voltage monitoring / glitch detection as the cherry on top; Switch 2 won’t be cracked in the next decade, possibly two.
How exactly do anti-cheat vendors intend to prevent this kind of setup from being effective?
https://www.reddit.com/r/linux_gaming/comments/1mkb3s8/under... talks about an example of a timing check that games use to detect running in VMs. There's additional checks besides this, but give you an example of how it's possible to block VMs.
If you arent virtualizing disk drives and get banned. They will get serial banned, along with your other non virtualized hardware. GPU, monitors, ram, motherboard, keyboard, mice, headset serials. Yes, these are really all collected. No myth.
Some people think server side anticheat can help. It can to a degree. Then some things will always be possible client side. Game devs need more subtle client side integrity checks inside the game, not only ones that purely check the integrity of your overall system.
It's a losing battle, especially on games using the most popular engines like unreal and unity.
You can go further by, say, requiring fTPMs that are on the SoC (super common these days for most recent consumer CPUs). If you can’t boot into linux without the PCRs reflecting your virtualization stack being in the boot chain, you’re cheat is quite detectable.
> If the TPM is virtualised (vTPM), the EKpub and EKcert validation will fail, as the EK won’t be signed by AMD or Intel.
Using `swtpm` will not give you the ability to create quotes of your PCR that are signed by an Endorsement Key that is itself signed by Intel or AMD.
It will be very obvious that you are using a self-generated key, possibly from a virtualised TPM.
Passing through the host's TPM will lead to multiple boot events being recorded, which will be flagged as an anomaly.
I distinctly remember being a kid bypassing this type of software back when it was just Game Guard at the top. There's nothing that's going to stop kids from doing it today.
It's an arms race doomed to failure until these game devs stop being lazy and just put in the sweat required to get their houses in order.
Server side checks. That's it. User input is tainted evil and you can't trust it. Anything less than server side checking is insecure.
Cool. Noone will play your game. Every single thing that makes a game feel not even just good, but playable, like basic prediction no longer works. Peeker's advantage gets multiplied tenfold. Players with high sensitivity get rolled back because you decided that their .1s flick was not right.
And the funniest of all that ? The cheaters that are just sending mouse & keyboard events still get to play, because they can pretend to play exactly like you want them to.
>I distinctly remember being a kid bypassing this type of software back when it was just Game Guard at the top. There's nothing that's going to stop kids from doing it today.
With none of the respect: ok grandpa, time to get you a chamomile and time to go to bed. It's not kids pulling out cheat engine, it's physical hardware that does DMA with $100/month subscriptions. The most basic, not-even-officially-considered-a-cheat piece of hardware is something like a Cronus, that does recoil control and scripting, on console. That's not a rare piece of equipment: a large part of the higher ranked players are using one or similar. That's the _basic_ cheating device now. Nobody is talking about shitty spinbots.
EDIT: editing to not fall into a deep thread with you whining:
>you resign to insults
no, I called you old because you're referring to an anti cheat that runs on Rappelz and MapleStory (and that is notoriously known for being terrible). The only way it could have been more telling would have been referring to WON or QuakeWorld.
>can't because you lack the skills required.
sorry, who's doing insults ?
I've enumerated a short list as to why it doesn't work. But if you want more: here: nothing on that article works any more with server side verification of everything: https://developer.valvesoftware.com/wiki/Source_Multiplayer_.... Rollback ? Lagcomp ? Basic hitreg? Nope, broken, because you just wanted to verify everything server side instead of assuming a set of known good information. You don't acknowledge either _what_ you verify server side. I'll give a quick little hint: it's because there's nothing useful you can verify. The basic stuff is already verified: player state is kept in sync, and you can't say that you have 300 bullets in your 20 bullets magazine.
Trusting the client is necessary, because even a 10ms ping means that you're a frame behind, and nobody will play that.
So you resign to insults because you're either incompetent in code or think you know something I don't. You would be better served to make a case for a counter argument, but can't because you lack the skills required.
Edit: Good developers figure out how to make better code, while some developers are just doomed to mediocrity. ¯\_(ツ)_/¯
My dude, we are at the point where AI's are trained on images resembling the enemy player (you know the ones appearing on your screen, good luck not showing those) and a little programme rolls a mouse around and clicks heads.
We ONLY have this problem BECAUSE the game publishers want to OWN the server infrastructure themselves.
In the old days you had dedicated servers where one of the players, at least, had full control over that server. Any sus behaviour would be met with rods from god right into the cheater's home router location. I'm being really theatrical here but really this worked, and was sustainable. Mods were able to fight the criminals in their small servers. A distributed cyber police if you will.
Today, we rely on a singular company (the one who published or developed the game) to be able to automagically pinpoint sus behaviour across a million servers and NOT have collaterals.
We had the perfect scheme to handle them, we have just lost to greed. No amount of client or server side shenanigans will ever be enough to fight cheaters. You need actual humans in there.
Suppose the game is a solo game primarily with additional multiplayer features. The agreement there is simply that they enter multiplayer with a valid game state (edit: you validate on join).
Upon entering multiplayer, monitoring begins. Player moves, is it valid? Player shoots gun. Is this valid? Ray cast reached target and does damage. Was that valid?
Did you track the player state during the replication streaming? If no, then there are user input validation gaps.
To be completely fair, most people aren't out writing their own game engine to account for this stuff and it's a lot of work to do that. None of the major game engines on the market do this.
In large database systems, log replication occurs all over the place and validation takes place (some systems better than others for sure). Difficult to implement, sure, but when you know, track, and monitor the state; you can validate and respond.
The problem isn't whether or not it's valid. It is whether or not it is a human doing it, or an aimbot. This isn't unique to games, websites/browsers do the same thing: scraper and other bots all give valid inputs, but not always human ones. That's why captchas exist, and those only detect "only-bots", not a bot assisted by a human or vice-versa.
> Ray cast reached target and does damage. Was that valid?
This one is very hard to replicate because of latency. By the time I see and shoot at an opponent at position A, on the server the opponent will be at position B. And on the opponent's computer, position C. In the time it takes for my packet to reach the server, the opponent is now at position D.
So my "shoot gun" network message not only has to include my current timestamp, but also my current position of the opponent. Because of latency, my opponent's position on my client wouldn't even be the last packet I got (A-1), but rather A-1 interpolated based on how long it took for the packet to reach my client. You have to trust the client on what it thinks is a valid position for the opponent, because no one wants to play a game where you can't hit the opponent. This leeway gives you a lot of room to fudge inputs.
These differing game states also leads to peaker's advantage in games.
The ability to detect isHuman just seems to be on chopping block as far as I can tell. There is little to no barrier remaining today to prevent people from leveraging AI to get around this entire problem. There's a few outlier solutions that work for now, but AI does two things really well given time: solving classification and regression problems.
What can still be done is maintaining short lived replication logs and pattern analysis in this space. There is no reason that a player's actions can't be logged, analyzed, and responded to. It doesn't even need to be real time, it can just be latent. The server doesn't need to rely on reported timestamps for the analysis part, because the server can use it's own timestamping upon arrival to at least see how far apart the order of operations occur.
I know it's not an easy problem space to be in, I don't envy it, but I can't agree with the sentiment that it's impossible knowing how these systems are already designed in larger engines.
The server's timestamp isn't going to be representative of the user's actual input when you're using UDP. Especially over consumer wifi which is hardly the most consistent network, but is still used by a majority.
As I mentioned in my last comment, someone would need to design a system to better deal with this type of stuff. The way things are stem from decades of decisions made, starting with more design constraints than we have today.
I'd recommend checking out Leslie Lamport's work, you can probably derive some ideas. I'm not be prescriptive here because this isn't a space I plan to work in to solve problems since it's just games. Entertainment isn't really my thing, I tend to lean heavily into systems and security knowledge which has served me well broadly.
This is the question that anti-cheat conveniently dodges.
The real problem is that "cheating" is practically undefinable. What players really need is moderation. There is no relevant difference, from a player's perspective, between playing against a cheater or playing against a legitimately skilled person. If someone is not fun to play with, then that needs to be managed somehow.
The most effective strategy is for players to moderate the servers they play on. This has recently become impossible, because game studios have chosen to monopolize server hosting while also abdicating the responsibility of moderation. Anti-cheat is nothing more than a lazy implementation of automated moderation.
There's a reason that Battlefield 4 is still going strong, while Battlefield One (which came out just after 4) is unplayable. That reason is player-hosted servers.
Having argued about this specific topic in the past, I agree that going so far as to do checks on player movement is difficult and even expensive if you're validating physics for every user.
What concerns me more is the increased risk of RCEs when developers skip fundamental security practices because "the anti-cheat handles it" for them.
Of course that doesn't maximize shareholder value the way skill based matchmaking or revenue based matchmaking does. So the incentives are again misaligned between devs and players, so nothing will get solved.
This attitude also reflects the naivete of the 1990s. You can't ban a person. You can ban an IP, you can ban "all known Tor exit nodes" or "all known VPNs" or "all known public cloud IPs", you can ban whole countries by IPgeo, you can ban anything somebody has to provide to log in (an email address, a phone number, a credit card number, etc.), but these can all be evaded. The only truly effective banning tools are private, invite-only servers or reputation/incentive systems where the cheater loses something really valuable that a ban evasion can't recover.
In addition: people pay over $100 per month for these cheats, plus the initial hardware investment. The 60 bucks license doesn't matter. You just hop to another server.
Some companies have tried a strategy of quietly shunting cheaters off to cheater ghettoes but the cheaters figure it out pretty quickly. With some limited exceptions, the cheating we're talking about is motivated by a desire to gain an advantage over legitimate, non-cheating players.
Need to go in person to a meetup to get your account on the allow list? Better have real good fake ID to avoid a person ban.
And then they'll be banned again and again. There's only a limited amount of IPs available to cheaters, it won't be long before they burn through all of them.
Detecting cheating is not always trivial. Cheat bans often have to happen in waves rather than immediately in order to frustrate the cheaters and obfuscate how they were detected.
Sure, the cheater will eventually run out of IPs. But you might as well save both yourself and the cheaters some time and hassle and just add 0.0.0.0/0 and [::]/0 to your IP banlist right now. You will effectively end up with the same result if you're willing to chase every cheater across the address spectrum.
Spot IP bans aren't totally worthless but they're probably the least effective of the techniques I mentioned.
No ? Even if it takes 5 minutes to get noticed (which only happens on the most absolutely blatant cases of cheating), rotating through a few VPNs can easily get you a few thousand different IPs. That's over three consecutive days of cheating. And that's just for a single server. In addition, IP bans means that you potentially nuke hundreds of people: between CGNAT & people playing on shared phone connections, a single IP can be allocated many times.
In addition: this kind of maintenance wears down server owners and admins. Every times, it's more time spent banning someone. Every time, it's players on the server making reports while you're not there, and hoping you have tools that allow you to verify it. Every time, it's players leaving your community, because there's a cheater.
This is true even in current day community servers. Modded GTA V FiveM had additional anti cheat before it was added to the original game. CS2 community servers Face-IT and ESEA have more anti cheat, not less.
But also judging from the other responses you got, the younger gaming community at large have let their brains rot out of their ears and have been thoroughly brainwashed that this can't possibly be a solution.
Even if the only impact was to make cheaters go out and buy hardware cheating devices, the added friction over just downloading a software package would be worth it.
The remote game server would then need to decide if it wants to let you connect given your inability to attest to running a trusted configuration.
I've seen this setup work in very controlled conditions. But given how diverse the ecosystem is, someone is going to put out a buggy system, and too many legitimate users will buy it for most games to be willing to blacklist it.