this post was submitted on 08 Nov 2024
294 points (98.7% liked)

PC Gaming

8784 readers
387 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] GammaGames@beehaw.org 73 points 1 month ago* (last edited 1 month ago) (1 children)

Vizor explained that Ricochet uses a list of hardcoded strings of text to detect cheaters and that they then exploited this to ban innocent players by simply sending one of these strings via an in-game whisper. To test the exploit the day they found it, they sent an in-game message containing one of these strings to themselves and promptly got banned.

Vizor elaborates, "I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives."

This is insane, they had an automatic script to connect to games and ban random people on loop so they could do it while away

[–] renegadespork@lemmy.blahaj.zone 28 points 1 month ago (1 children)

a list of hardcoded strings

Violating a core programming tenet right off the bat. I wonder how much money Activision payed for this software...

[–] ramjambamalam@lemmy.ca 14 points 1 month ago

We and the hacker have no idea if this list is config driven or truly "hard coded" i.e. a const in the source code. It's hardly an indicator of violating a core programming tenet.