Years ago for educational purposes I decided to venture down understanding how easy/difficult it was to create a hack for Counterstrike.
After just a few hours of watching YouTube tutorials and translating what I could grasp from C/C# into JavaScript (the only language I knew at the time), I had a working Node.js executable that edited memory offsets (using data from hazedumper[1]), letting me see enemies through walls and auto-fire as soon as they entered my crosshair.
I obviously only tried it out on an alt steam account for fear of the infamous VAC ban, but no such ban happened. I only toyed with it for a few weeks as I then grew disinterested but that definitely left a sour taste in my mouth for the "effectiveness" of VAC if a script kiddie like me at the time could throw together something custom in just a few hours, I'm sure it'd be much easier now with ChatGPT...
I'll never understand what people actually get out of cheating in games. I'll admit I've tried it a few times just for giggles (way back in the Age of Empires II/MSN Gaming Zone days), but the novelty quickly wears off and then it's just not even fun anymore.
There must be some very interesting psychology behind this.
Nextgrid · 1h ago
In games where available weapons/gear depends on some global "level", this could be a way to get your desired weapons without having to grind for weeks/months. I guess a silver lining of "pay to win" games is that you can now pay to avoid that.
I remember trying to hack the levelling-up mechanism on Crysis 2 - it worked by sending your post-game stats (client-side) to a master server, so editing those stats in memory before that happens would work (there seems to be no tracking of stats on the game server side - even though they could've had the game server relay that to the master server).
Memory is fuzzy but I think I managed to level up to a stage where I got the weapons I wanted. For my defense this kind of "cheating" only "cooked the books" on the leaderboards and did not give me any actual advantage in-game.
Workaccount2 · 2h ago
For a lot of them, they aren't cheating, they are compensating for bad teammates, bad servers, other cheaters, bad hit reg, bad sound effects, bad whatever they can dream up.
Cheating is "this is my actual skill level if there wasn't so much bullshit happening to me"
Of course this is all a lie, but it's what they tell themselves.
eszed · 2h ago
My perception of the psychology is a malformed competitive drive. Competition is fun! But when it gets someone to the place of "Must win at all costs" it can be life-destroying. For the video game cheats, I think it starts out as "Must beat the other players", but then that gets (mostly) boring once they are actually are beating the other players, and it shifts to "Must beat the anti-cheat system."
endemic · 1h ago
> There must be some very interesting psychology behind this.
It feels good when you win! If you cheat, that just means you're smarter than the other player.
ipsento606 · 1h ago
even if everyone only tried it for a week, that still means there will always be a certain number of cheaters in games, because new players are always joining
kevingadd · 32m ago
One anecdote: I "cheated" at EVE Online by writing an elaborate set of modding tools. Most of it was automation for really finicky tedious stuff like drone management, or automation for things like broadcasting your current target to other players in your party. I also hacked in workarounds for bugs in the official client. It enhanced my experience with the game a lot. On the other hand, lots of players were just botting.
I also maintained a browser addon for a while that had 100k+ weekly active users that added various features to a browser-based game. Eventually that game had such bad problems with botting and cheating that they had to introduce an anti-cheat system, and we basically got into a little arms race for a year or so where they'd add a new detection system and I'd circumvent it. Similar to the EVE Online modding it was things like workarounds for bugs in the game, improved UI, keyboard shortcuts, etc. Eventually they drew a line in the sand and said anyone using addons of any kind would get a permanent ban, so that was that.
I think the vast majority of cheaters are just in it to ruin other people's fun but sometimes people are violating ToS for a better or different experience with the game. It's unfortunate that the prevalence of malicious cheating means that anti-cheat technology also has to basically ban modding for fun.
mschuster91 · 2h ago
> I only toyed with it for a few weeks as I then grew disinterested but that definitely left a sour taste in my mouth for the "effectiveness" of VAC if a script kiddie like me at the time could throw together something custom in just a few hours, I'm sure it'd be much easier now with ChatGPT...
The thing is, VAC doesn't immediately ban you. Or anyone else. It's looking for suspicious patterns across hundreds if not thousands of players and collecting evidence over weeks if not months to make sure they got relatively low false-positive rates and don't end up banning people for a Windows update gone wrong... and additionally, it raises the iteration time for cheat developers as well, and that's the true point. Show cheaters immediately that they're spotted and the only thing you enter is an immediate arms race.
Your way of writing a cheat was probably detected but since no one else used it, VAC didn't trigger.
david422 · 1h ago
Blizzard's battle.net used to do that. They'd ban in waves. I imagine immediate bans would make it much easier for cheat authors to figure out which cheats were detectable and which weren't.
Ekaros · 2h ago
I haven't followed recently, but what I have understood is that clear known old public hacks can result immediate ban. For newest hacks they will gather cohort and then do them in wave. Thus making it harder to evade detection or notice what exactly was detected this time.
jmuguy · 4h ago
Arriving at college back in 2001 my roommate and I setup a CS server. A lot of the freshman were getting their own computers for the first time, and had not ever played computer games before so we basically kickstarted a CS community. I think it took about a month before a lot of them started cheating. It is kind of ridiculous how much of a plague cheating is on competitive gaming. Back then we would just observe the players and then ban their IPs. Which was luckily enough given how the campus network worked.
rimunroe · 3h ago
Back in 2000-2005 I was very active in a community centered around 20 or so modded Counter-Strike servers which I volunteered as an admin on. We were generally good about having at least one admin on each server at any given time to deal with cheaters. Occasionally someone wouldn’t be around though.
There was a period of time lasting about a month or two where a player with a name like BELT SANDER or ANGLE GRINDER or TABLE SAW hung around. They were pleasant and unremarkable, but they frequently used new Steam accounts and switched IPs.
This person definitely wasn’t supposed to be an admin, but if they were around when someone was cheating and no actual admins were there, they’d somehow elevate their own permissions and ban the offending player. We tried to figure out what was happening and to see if we could somehow stop them, but we never did manage it. They were somehow gaining rcon access to the host server. After a while we just shrugged our shoulders. They didn’t seem to be harming anything, other than our peace of mind about our security. Overall they were actually really helpful for stopping late night/early morning disruptions.
malwrar · 3h ago
I used to write cheats for CSS & other Source games. Not sure if the original CS would have the same vuln, but iirc you used to be able to use an INetChannel::ReceiveFile function with path traversal to grab the server config. There were a few cool hacks around the file path filtering logic they added in my era that (combined with ::SendFile) enabled a fun period of arbitrary RCE on Source servers.
I knew one person who made a wormable payload for a game I won’t disclose which used that method. The methods are in engine.dll so it’s symmetric, clients would infect servers, which in turn infects more clients, etc. Around then was when I decided to start gaming from a VM lol.
hnlmorg · 2h ago
> Around then was when I decided to start gaming from a VM lol
How?
Maybe I’m getting my dates mixed up but CS was released in the late 90 / early 90s and consumer virtualisation wasn’t nearly good enough to game in for another 10 years.
Consumer CPUs didn’t have virtualisation extensions and GPU paravirtualisation wasn’t available either in the early 2000s.
VMWare wasn’t even any good for just running Windows
2000 (I mean, it was seriously impressive tech for its time, but it was dog slow even for just basic basic things). So you’d be stuck with Xen for anything serious. And that wasn’t trivial to get set up back then.
Plus given the lack of drivers for virtualised hardware like soundcards and network interfaces, you’d likely be stuck with full fat emulation for those devices.
debugnik · 2h ago
They said Counter Strike: Source, that's 2004-2013. I'm still curious though, if it worked at all performance must have been awful.
hnlmorg · 1h ago
Ahhhh, that makes a lot more sense. Thanks
cyberax · 2h ago
VMWare supported OpenGL passthrough well enough for the early Source games.
WilcoKruijer · 1h ago
This exploit has its origin in the Quake engine. I remember exploiting the same thing in CoD4 (2007) and I believe even the release version of Black Ops I was vulnerable. It was known as the ‘q3dirtrav’ vulnerability.
CobrastanJorji · 1h ago
I love this story. Feels like a modern take on one of those old "hidden master" stories where offending the quiet old man turns out to be a disastrous idea.
bob1029 · 4h ago
I am not a fan of the signature-based techniques used by VAC, et. al.
I've lost a few steam accounts to accurate but unintended (i.e., not actually cheating) detection of debugging tools attached to totally unrelated processes on the same machine. Having anything open like cheat engine or Tsearch while you join a lobby is a guaranteed ban no matter what. Ethical hacking and malicious hacking are indistinguishable from the perspective of this kind of machine-wide blind signature detection.
Statistical techniques can dramatically reduce false positives in cases like this. If someone at Valve had taken 10 seconds to review my stats during the detected interval, they should have been able to conclude I was not a threat to fair play.
qualeed · 4h ago
>If someone at Valve had taken 10 seconds to review my stats
It seems super reasonable when it's a one-off thing for your own account. When you think about making it into policy and scaling it up to 1000s of interactions, it quickly becomes unreasonable.
>Statistical techniques can dramatically reduce false positives
For a period of time, anyways. Until the statistics get gamed by the cheaters (e.g. adjust accuracy of your auto-shoot from 100% to 85% or whatever).
stoorafa · 2h ago
Computation isn’t likely prohibitive when using the bedrock of predictive models, linear regression, especially w some optimization. Could also vary observation time so you only need a prediction once every ten minutes or whatever
The real issue is the cost of false positive detection of cheating is negligible since the vast majority of positives are probably true positives—it’s the cost of doing anti-cheat business (minimal)
But yes cheats would be modified to just below thresholds of detection
qualeed · 1h ago
>Computation isn’t likely prohibitive when [...]
I think this might be in reply to my first comment about scaling? If so, I just want to clarify that I was thinking more along the lines of scaling the customer service/ban appeal side rather than infrastructure.
If, for example, every ban had a component of someone at Valve taking 10 seconds to review in-game stats at the time of the ban, and then making a determination of whether or not those stats seem reasonably non-cheater-ish (pretty hard policy question in itself), the process would slow to a crawl.
handoflixue · 44m ago
You could just do a basic automated review of stats. If someone has a 50% win rate and a 20% accuracy, they're probably not cheating - what's even the point of cheating if you don't win more often than chance?
bob1029 · 1h ago
> adjust accuracy of your auto-shoot from 100% to 85% or whatever
Sure - looking at K/D, accuracy, etc., is an important factor in a statistical model.
Statistics can also include: Map name, player transform on the map, keyboard and mouse events, GPU utilization, audio playback events, etc. These are all very high information time domain signals that can be correlated with the same from any other player.
After a certain point, I don't think it matters if it is publicly known what your signals are. The amount of information becomes overwhelming in aggregate. You can impose the curse of dimensionality on the cheater.
qualeed · 1h ago
>Statistics can also include: Map name, player transform on the map, keyboard and mouse events, GPU utilization, audio playback events, etc. These are all very high information time domain signals that can be correlated with the same from any other player.
I don't think these are the type of stats the parent was referring to when they said "If someone at Valve had taken 10 seconds to review my stats".
But sure, those are all examples of statistics to start logging, analyzing, and cross-referencing. (I would argue most of the statistics you listed are of little to no use in identifying false-positives (or good cheaters), but I understand the point you're making with those examples.)
It would maybe reduce the false positive rate by some amount at an increased monetary (and complexity) cost to themselves. I think it would be well past the point of diminishing returns though. Setting up all the infrastructure, policy, processes just to reduce false-positive rates by a few percent, maybe?
I think I'll stand by "that's unreasonable" and "cheaters will game the statistics".
black3r · 2h ago
signature detection can also make a false positive if running under Wine or in a VM (that's for example why you can't play League of Legends or Valorant with GeForce Now anymore since Riot revealed their new anti-cheat...)
psini · 4h ago
I understand the sentiment but I can't bring myself to think valve is to blame or should be doing more. Getting a case of "Yes officer, I have an NO2 bottle in my trunk, but what it is plugged to is not actually the air intake for my car but something entirely unrelated, if you just take 2 hours to dig around and take it apart you'll also realize this"
MaxikCZ · 3h ago
Thats such a bad example. Ofc you can carry NO2 bottles plugged into something, if its not air intake of your car, and investigation should happen finding you not guilty.
mystified5016 · 3h ago
When you're accused of breaking the law, your accuser must prove you have broken the law. If they cannot, there are actions you can take to recoup your damages.
Valve can ban you for any or no reason with no means of recourse or refund.
Totally the same thing, yeah.
kube-system · 2h ago
You're right that they're not the same thing. The government has a legal monopoly on the use of force. Valve sells games.
duskwuff · 4h ago
> To be continued
Unfortunately, doesn't look like the followup post (about analyzing the VAC DLLs) has been written.
SirFatty · 3h ago
Maybe Valve sent Moose and Rocco to have a conversation with the author (Caddyshack reference).
koakuma-chan · 2h ago
Can you even get a VAC ban these days? I feel like it just destroys your trust factor but doesn't actually ban you, and to be honest that seems to be pretty effective for isolating honest players from cheaters.
snickerdoodle12 · 4h ago
Remote Code Execution like loading DLLs from a server and executing them sounds like malware.
rvnx · 3h ago
It's "just" an automatic update, like Chrome, etc.
It's one entry-point among others for RCE. If tomorrow NSA wants to gather any files on your computer, all they need to do is to ask Google to push an update for you through Google Omaha.
Valve could also have such partnership in theory, through VAC, though unlikely in practice.
gruez · 3h ago
>If tomorrow NSA wants to gather any files on your computer, all they need to do is to ask Google to push an update for you through Google Omaha.
They could in theory, but has this actually happened in practice? Pushing a rogue update isn't exactly a novel idea, but despite decades of government document leaks and APTs being analyzed, there's scant evidence that any government pressured a company to push a rogue update. Same goes for other threat models like "government pressuring CAs into issuing a certificate".
the8472 · 3h ago
For CAs that'd likely get them kicked out of browser trust stores if someone detects it. And if it becomes known that a corporation pushes government-malware updates then that corporation would lose trust too.
So playing that card means moving the entire planet into a lower-trust equilibrium where everyone has to defend against that.
In a better-coordinated world the conclusion from that would be "let's not do that", alas on this Earth TLAs have shown that they're willing to burn the commons, forcing a response like RFC 7258.
andrecarini · 3h ago
I'm really curious about this but searching for "Google Omaha" doesn't return anything related and the linked FOIA request is... just a request, which I assume anyone can write whatever they want in the request.
gruez · 3h ago
The request itself isn't very damning either. It just make references to vaguely worded "partnerships", and apparently uses that to imply that Google is handing over data. Even if we take that at face value, it says nothing about OP's claim, which is that NSA can ask google to serve backdoored updates.
tonyhart7 · 28m ago
how is this any different than the Google sells your data to Ads centre????
snickerdoodle12 · 1h ago
I get chromium & firefox from my distro's repos
keyringlight · 2h ago
I'm surprised there haven't been more events of mods and tools being used as trojans. For all the concern about anti-cheat/DRM, PC gamers seem very selective over what sources of code they're running on their computers they scrutinize. There's an awful lot of users with "just enough" levels of knowledge where I think a tempting enough release with the right timing for a hot game could get a lot of installs.
charcircuit · 1h ago
What do you mean? There have been ton of stealers and RAT mods for games (and even for normal mobile apps too). It's absolutely a problem and a ton people fall victim to them.
phoronixrly · 3h ago
The other day I mentioned that it's not OK for games to be proprietary software and/or use unethical software like DRM (which tbh anti-cheats are as well). I got accused that I wanted game developers to starve to death.
zeta0134 · 3h ago
I'll chime in here as a game developer: my upcoming release will be an NES cartridge[0] and probably a Steam app. I'll be adding no DRM, because I generally trust that folks that weren't going to pay aren't going to be converted by its presence, and that honest folks want to support my work. Whether the storefronts I release on add their own is up to them, and frankly I don't care.
Separately though, anti-cheat is another ball of wax entirely, and I have extremely mixed feelings in this field. Generally I favor "cheat detection should be serverside, don't trust the client" from a general security perspective, but... I can totally see a valid case in there, somewhere, for more rigorous clientside checks. Somewhere along that line though is rootkits and malware, and... well, no, please tell me up front that you loaded your game engine with these things so I can save my money and purchase something else, thanks.
[0] Using a custom mapper, which will help initially to discourage low-effort bootlegs at the very least. It's open source though, and will not be too difficult to add to emulators, at which point the dumped ROM should play fine on them.
Sohcahtoa82 · 1h ago
> Generally I favor "cheat detection should be serverside, don't trust the client" from a general security perspective, but... I can totally see a valid case in there, somewhere, for more rigorous clientside checks.
Yeah...
The simple fact is, it's simply not possible to have completely server-side cheat detection simply because you'll be relying purely on heuristics which could very well be wrong. It's just not going to be possible to tell the difference between a cheater and a really good player.
For any cheat detection to work, it has to be client-side.
zeta0134 · 1m ago
And the counter is fairly straightforward: any client-side cheat detection has been broken. You can't trust the client. It doesn't work, your server just thinks it works because it's lying to you now.
Client-side cheat detection can work for tournaments, but it's way simpler there: the tournament provides the hardware, and the players aren't permitted to install anything. This doesn't irritate me quite as much from a security perspective of course, because I am not about to log into my banking site on the presumably insecure tournament device. It's also imperfect: a sufficiently motivated pro player might bypass whatever locks you installed on the thing, especially if they get to spend any time with that device unmonitored.
Even better than that, tournaments have a way better cheat detection method anyway: point a camera at the player's hands. It's suddenly really, really obvious if they're cheating!
altruios · 3h ago
that's where you turn and say: well, the game developer executives however...
In all seriousness, DRM/anti-cheats => rootkits/rats. Don't fall for it. Demand better.
AndriyKunitsyn · 3h ago
Can't say for DRM, but there's much bigger demand to play a multiplayer action game without experiencing cheating than demand for a similar game that's not a rootkit. Cheaters are nasty. Devs make rootkit anti-cheats simply because there's no better alternative, not because they're evil.
altruios · 1h ago
We need to define nebulous terms like 'better'... to a company that's synonymous with what is 'cheapest' to their bottom line. To a player, that's a more effective anti-cheat.
To my understanding, the latter is much more effectively solved server-side, but is more costly for the company to run.
I'd rather play a game with server-side anti-cheat than player-side-anti-cheat.
dathinab · 2h ago
now think about in kernal anti cheat doing that ....
eGQjxkKF6fif · 4h ago
When VAC was originally introduced, CPUs only had 32bit architecture, not that 64bit hindered anything; but you could inject cheats in a near infinite amount of way, or have cheats read from memory directly, or have cheats do things especially through video drivers. Hell, glitching your nvidia drivers and setting things like Negative LOD Bias would allow you to see through textures in some cases (wall hacks)
It's been a cat and mouse game since the dawn of gaming and e-sports.
Fun fact: CS 1.6 competetive had what was called "Organner" when teams switched over from CAL to CEVO (first paid e-sports online league) and as well as ESEA which is acclaimed for its anti-cheats; the pro players you see/saw such as n0thing, summit-1g (not saying he did cheat, he wasn't pro in CS1.6, 1g was a pug team that meant 1st generation and a lot of us were in it) -- but everybody in the pro scene around that did cheat, or had cheaters on their team.
n0thing was banned from CAL rigorously for cheating in CAL-Premier and rejoined with complexity after ringing for other teams in CS1.6 matches (ban evading). he's admitted to cheating in CS 1.6, and found fame with Counter-Strike 1.6'd Evil Geniuses organization which encompanied the old compLexity roster.
These dickheads went on to make fortunes; not to say that they weren't good in their own respects, but people such as n0thing openly admit, and will admit if you ask them on the stream if they cheated in 1.6 to get to where they're at.
You could inject cheat codes through your mouse drivers at LANs and if you set a low FOV aimbot, it was undetectable: IE triggers when you aim at their chest, aims up to hit the head; and had advanced net code modifiers to land bullets in places you weren't aiming all together.
Knowing this, completely ruined the pro scene and wanting to watch these matches and personalities all together. To know how many legitimate players out there were passionate about these games, looking to go pro, and really enjoy competing at the highest levels couldn't because the skill gap was so significant, and then even more so because pro players had undetectable cheats.
Still to this day it is virtually impossible to detect hacks, however games such as DotA2 make it signifcantly harder to cheat by only sending frames/updates when it should; rather than old games sending all player data. I believe Valorant has a decent system but all in all; I helped run the leagues and the level and problem at which cheating was occurring, was known about, and not being able to prove what you know, would make you SICK if you ever enjoyed competing in e-sports.
henrebotha · 4h ago
Yet another reason why fighting games are the superior competitive scene. The only "cheat" you could realistically see at an offline event is macros, and the chances of a macro increasing your win rate are slim to none. And there are so, so many good offline events. Online there are more potential ways to cheat, but nobody really cares. Just blacklist the player and move on.
nyanpasu64 · 16m ago
Reminded of the Super Pichu story where someone modded his ISO of Melee to increase Pichu's stats during a Melee tournament.
You can inject cheats directly in to the Xbox's back then directly through the fight sticks
You'd know though if somebody was cheating so not sure how crazy the SF scene had cheats but check out tool assisted; when I originally saw it I just put my head down
Hikikomori · 1h ago
Csgo added it a few years ago as well. Works in fps games with simple maps.
sim7c00 · 4h ago
nice write up! clear and informative. i was surprised to learn they roll it all in user mode, even though its not unbeatable its pretty good anti cheat, especially considering no kernel stuff (which can take shady or impractical turns for some other anti cheat ..)
delusional · 4h ago
> Being banned from all “GoldSrc” games
This isn't true, or at least it wasn't back in the day. The logic Valve seemed to follow was that VAC was "engine" bans. If you got banned in a GoldSrc game, you'd be banned in all games using that engine, but you'd be allowed to continue playing source games. The same was also true in the opposite case.
More importantly, this meant that getting banned in Modern Warfare 2, wouldn't get you banned in any other game, since no other games were released on that engine.
eGQjxkKF6fif · 4h ago
It would show on people's accounts though and in in Counter-Strike scrims and matches if somebody had a VAC ban on their record/profile you just kicked them if you could and found a new team to play.
So while engine specific, people still judged you, especially in pubs (public servers)
Been a _long_ time since I've played. Fucking cheaters.
After just a few hours of watching YouTube tutorials and translating what I could grasp from C/C# into JavaScript (the only language I knew at the time), I had a working Node.js executable that edited memory offsets (using data from hazedumper[1]), letting me see enemies through walls and auto-fire as soon as they entered my crosshair.
I obviously only tried it out on an alt steam account for fear of the infamous VAC ban, but no such ban happened. I only toyed with it for a few weeks as I then grew disinterested but that definitely left a sour taste in my mouth for the "effectiveness" of VAC if a script kiddie like me at the time could throw together something custom in just a few hours, I'm sure it'd be much easier now with ChatGPT...
[1] https://github.com/frk1/hazedumper
There must be some very interesting psychology behind this.
I remember trying to hack the levelling-up mechanism on Crysis 2 - it worked by sending your post-game stats (client-side) to a master server, so editing those stats in memory before that happens would work (there seems to be no tracking of stats on the game server side - even though they could've had the game server relay that to the master server).
Memory is fuzzy but I think I managed to level up to a stage where I got the weapons I wanted. For my defense this kind of "cheating" only "cooked the books" on the leaderboards and did not give me any actual advantage in-game.
Cheating is "this is my actual skill level if there wasn't so much bullshit happening to me"
Of course this is all a lie, but it's what they tell themselves.
It feels good when you win! If you cheat, that just means you're smarter than the other player.
I also maintained a browser addon for a while that had 100k+ weekly active users that added various features to a browser-based game. Eventually that game had such bad problems with botting and cheating that they had to introduce an anti-cheat system, and we basically got into a little arms race for a year or so where they'd add a new detection system and I'd circumvent it. Similar to the EVE Online modding it was things like workarounds for bugs in the game, improved UI, keyboard shortcuts, etc. Eventually they drew a line in the sand and said anyone using addons of any kind would get a permanent ban, so that was that.
I think the vast majority of cheaters are just in it to ruin other people's fun but sometimes people are violating ToS for a better or different experience with the game. It's unfortunate that the prevalence of malicious cheating means that anti-cheat technology also has to basically ban modding for fun.
The thing is, VAC doesn't immediately ban you. Or anyone else. It's looking for suspicious patterns across hundreds if not thousands of players and collecting evidence over weeks if not months to make sure they got relatively low false-positive rates and don't end up banning people for a Windows update gone wrong... and additionally, it raises the iteration time for cheat developers as well, and that's the true point. Show cheaters immediately that they're spotted and the only thing you enter is an immediate arms race.
Your way of writing a cheat was probably detected but since no one else used it, VAC didn't trigger.
There was a period of time lasting about a month or two where a player with a name like BELT SANDER or ANGLE GRINDER or TABLE SAW hung around. They were pleasant and unremarkable, but they frequently used new Steam accounts and switched IPs.
This person definitely wasn’t supposed to be an admin, but if they were around when someone was cheating and no actual admins were there, they’d somehow elevate their own permissions and ban the offending player. We tried to figure out what was happening and to see if we could somehow stop them, but we never did manage it. They were somehow gaining rcon access to the host server. After a while we just shrugged our shoulders. They didn’t seem to be harming anything, other than our peace of mind about our security. Overall they were actually really helpful for stopping late night/early morning disruptions.
I knew one person who made a wormable payload for a game I won’t disclose which used that method. The methods are in engine.dll so it’s symmetric, clients would infect servers, which in turn infects more clients, etc. Around then was when I decided to start gaming from a VM lol.
How?
Maybe I’m getting my dates mixed up but CS was released in the late 90 / early 90s and consumer virtualisation wasn’t nearly good enough to game in for another 10 years.
Consumer CPUs didn’t have virtualisation extensions and GPU paravirtualisation wasn’t available either in the early 2000s.
VMWare wasn’t even any good for just running Windows 2000 (I mean, it was seriously impressive tech for its time, but it was dog slow even for just basic basic things). So you’d be stuck with Xen for anything serious. And that wasn’t trivial to get set up back then.
Plus given the lack of drivers for virtualised hardware like soundcards and network interfaces, you’d likely be stuck with full fat emulation for those devices.
I've lost a few steam accounts to accurate but unintended (i.e., not actually cheating) detection of debugging tools attached to totally unrelated processes on the same machine. Having anything open like cheat engine or Tsearch while you join a lobby is a guaranteed ban no matter what. Ethical hacking and malicious hacking are indistinguishable from the perspective of this kind of machine-wide blind signature detection.
Statistical techniques can dramatically reduce false positives in cases like this. If someone at Valve had taken 10 seconds to review my stats during the detected interval, they should have been able to conclude I was not a threat to fair play.
It seems super reasonable when it's a one-off thing for your own account. When you think about making it into policy and scaling it up to 1000s of interactions, it quickly becomes unreasonable.
>Statistical techniques can dramatically reduce false positives
For a period of time, anyways. Until the statistics get gamed by the cheaters (e.g. adjust accuracy of your auto-shoot from 100% to 85% or whatever).
The real issue is the cost of false positive detection of cheating is negligible since the vast majority of positives are probably true positives—it’s the cost of doing anti-cheat business (minimal)
But yes cheats would be modified to just below thresholds of detection
I think this might be in reply to my first comment about scaling? If so, I just want to clarify that I was thinking more along the lines of scaling the customer service/ban appeal side rather than infrastructure.
If, for example, every ban had a component of someone at Valve taking 10 seconds to review in-game stats at the time of the ban, and then making a determination of whether or not those stats seem reasonably non-cheater-ish (pretty hard policy question in itself), the process would slow to a crawl.
Sure - looking at K/D, accuracy, etc., is an important factor in a statistical model.
Statistics can also include: Map name, player transform on the map, keyboard and mouse events, GPU utilization, audio playback events, etc. These are all very high information time domain signals that can be correlated with the same from any other player.
After a certain point, I don't think it matters if it is publicly known what your signals are. The amount of information becomes overwhelming in aggregate. You can impose the curse of dimensionality on the cheater.
I don't think these are the type of stats the parent was referring to when they said "If someone at Valve had taken 10 seconds to review my stats".
But sure, those are all examples of statistics to start logging, analyzing, and cross-referencing. (I would argue most of the statistics you listed are of little to no use in identifying false-positives (or good cheaters), but I understand the point you're making with those examples.)
It would maybe reduce the false positive rate by some amount at an increased monetary (and complexity) cost to themselves. I think it would be well past the point of diminishing returns though. Setting up all the infrastructure, policy, processes just to reduce false-positive rates by a few percent, maybe?
I think I'll stand by "that's unreasonable" and "cheaters will game the statistics".
Valve can ban you for any or no reason with no means of recourse or refund.
Totally the same thing, yeah.
Unfortunately, doesn't look like the followup post (about analyzing the VAC DLLs) has been written.
It's one entry-point among others for RCE. If tomorrow NSA wants to gather any files on your computer, all they need to do is to ask Google to push an update for you through Google Omaha.
https://epic.org/wp-content/uploads/privacy/nsa/foia/NSA-Goo...
Google and NSA have a "partnership".
Valve could also have such partnership in theory, through VAC, though unlikely in practice.
They could in theory, but has this actually happened in practice? Pushing a rogue update isn't exactly a novel idea, but despite decades of government document leaks and APTs being analyzed, there's scant evidence that any government pressured a company to push a rogue update. Same goes for other threat models like "government pressuring CAs into issuing a certificate".
So playing that card means moving the entire planet into a lower-trust equilibrium where everyone has to defend against that. In a better-coordinated world the conclusion from that would be "let's not do that", alas on this Earth TLAs have shown that they're willing to burn the commons, forcing a response like RFC 7258.
Separately though, anti-cheat is another ball of wax entirely, and I have extremely mixed feelings in this field. Generally I favor "cheat detection should be serverside, don't trust the client" from a general security perspective, but... I can totally see a valid case in there, somewhere, for more rigorous clientside checks. Somewhere along that line though is rootkits and malware, and... well, no, please tell me up front that you loaded your game engine with these things so I can save my money and purchase something else, thanks.
[0] Using a custom mapper, which will help initially to discourage low-effort bootlegs at the very least. It's open source though, and will not be too difficult to add to emulators, at which point the dumped ROM should play fine on them.
Yeah...
The simple fact is, it's simply not possible to have completely server-side cheat detection simply because you'll be relying purely on heuristics which could very well be wrong. It's just not going to be possible to tell the difference between a cheater and a really good player.
For any cheat detection to work, it has to be client-side.
Client-side cheat detection can work for tournaments, but it's way simpler there: the tournament provides the hardware, and the players aren't permitted to install anything. This doesn't irritate me quite as much from a security perspective of course, because I am not about to log into my banking site on the presumably insecure tournament device. It's also imperfect: a sufficiently motivated pro player might bypass whatever locks you installed on the thing, especially if they get to spend any time with that device unmonitored.
Even better than that, tournaments have a way better cheat detection method anyway: point a camera at the player's hands. It's suddenly really, really obvious if they're cheating!
In all seriousness, DRM/anti-cheats => rootkits/rats. Don't fall for it. Demand better.
To my understanding, the latter is much more effectively solved server-side, but is more costly for the company to run.
I'd rather play a game with server-side anti-cheat than player-side-anti-cheat.
It's been a cat and mouse game since the dawn of gaming and e-sports.
Fun fact: CS 1.6 competetive had what was called "Organner" when teams switched over from CAL to CEVO (first paid e-sports online league) and as well as ESEA which is acclaimed for its anti-cheats; the pro players you see/saw such as n0thing, summit-1g (not saying he did cheat, he wasn't pro in CS1.6, 1g was a pug team that meant 1st generation and a lot of us were in it) -- but everybody in the pro scene around that did cheat, or had cheaters on their team.
n0thing was banned from CAL rigorously for cheating in CAL-Premier and rejoined with complexity after ringing for other teams in CS1.6 matches (ban evading). he's admitted to cheating in CS 1.6, and found fame with Counter-Strike 1.6'd Evil Geniuses organization which encompanied the old compLexity roster.
These dickheads went on to make fortunes; not to say that they weren't good in their own respects, but people such as n0thing openly admit, and will admit if you ask them on the stream if they cheated in 1.6 to get to where they're at.
You could inject cheat codes through your mouse drivers at LANs and if you set a low FOV aimbot, it was undetectable: IE triggers when you aim at their chest, aims up to hit the head; and had advanced net code modifiers to land bullets in places you weren't aiming all together.
Knowing this, completely ruined the pro scene and wanting to watch these matches and personalities all together. To know how many legitimate players out there were passionate about these games, looking to go pro, and really enjoy competing at the highest levels couldn't because the skill gap was so significant, and then even more so because pro players had undetectable cheats.
Still to this day it is virtually impossible to detect hacks, however games such as DotA2 make it signifcantly harder to cheat by only sending frames/updates when it should; rather than old games sending all player data. I believe Valorant has a decent system but all in all; I helped run the leagues and the level and problem at which cheating was occurring, was known about, and not being able to prove what you know, would make you SICK if you ever enjoyed competing in e-sports.
You can inject cheats directly in to the Xbox's back then directly through the fight sticks
You'd know though if somebody was cheating so not sure how crazy the SF scene had cheats but check out tool assisted; when I originally saw it I just put my head down
This isn't true, or at least it wasn't back in the day. The logic Valve seemed to follow was that VAC was "engine" bans. If you got banned in a GoldSrc game, you'd be banned in all games using that engine, but you'd be allowed to continue playing source games. The same was also true in the opposite case.
More importantly, this meant that getting banned in Modern Warfare 2, wouldn't get you banned in any other game, since no other games were released on that engine.
So while engine specific, people still judged you, especially in pubs (public servers)
Been a _long_ time since I've played. Fucking cheaters.