this post was submitted on 08 Nov 2024
294 points (98.7% liked)

PC Gaming

8800 readers
216 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] dontgooglefinderscult@lemmings.world 8 points 1 month ago (2 children)

That's super easy. Aim hacks hit the same point. Record the event with the exact point aimed at to cause the guy (assuming hit scan system instead of projectile), and compare the last x number of hits. If the last x hits are all the same location(s), suspend or flag for human review depending on resources.

Alternatively, track last x seconds before the fire button was pressed, compare to last several shots.

Scripts do not behave like humans, they aim predictably. After x number of shots, you can always programmatically detect them.

[–] untimed@lemm.ee 7 points 1 month ago (1 children)

First of all, I‘m not a fan of kernel level anti cheats either. I think your point shows the never ending cat and mouse game that game developers have to deal with. Implement what you described, catch a few cheaters. Now cheats developers add pseudo random deviations within the hitbox to their aim hack. From what I understood, the kernel level anti cheats aimed to abstract and attack at the single point that all cheats have in common. I am not up to date but I believe that single point is code, that is being injected into the game process, or another program messing with the allocated memory of the game process. At least that would make sense to me as to why such an intrusive implementation of anti cheat is necessary.

Anyway, in my opinion the gains do not justify it.

[–] dontgooglefinderscult@lemmings.world 5 points 1 month ago (1 children)

To your first point pseudorandom variations don't actually change the method of detection or it's effectiveness. Heuristic pattern matching as described will work until the movement and shots are no longer accurate enough or fast enough to matter.

To your second point, all anticheats do that. Kernel level anticheat looks at the running memory of all other programs. That's the difference. It can detect and scan anything that is open on your machine. Got a Firefox tab open with your bank details? Kernel level anti cheat knows it. Running obs and streaming? Hope obs has active encryption for your stream key in memory, because the anti cheat can grab it otherwise.

If it just looked at the memory of the affected game literally no one would have a problem with it, that's all anticheats.

Kernel level anticheat means you trust the entirety of your computer and everything running on it to at least the game publisher, if not an additional anticheat company.

[–] Sas@beehaw.org 5 points 1 month ago

Interestingly enough valve has tried your method of catching cheaters your way by pattern matching with a neutral network in csgo. Sadly they never got to the confidence level where they made it automatically ban people because they didn't want to catch really good players in the crossfire. Instead they send them to overwatch, a system where sufficiently good players could judge the case and determine if the person is cheating.

But also there's many different types of cheats and that will only gets you so far. Information plays a big role in cs so wall hacks can go undetected if the player masks then which they do since they know they're probably watched. There's also subtle aim bot for that reason that doesn't snap your aim to your enemy precisely but corrects your manual aim by just correcting it a tiny bit.

As the other user described, it is an arms race and so far the cheaters keep finding ways to trick the algorithm after each ban wave. I still admire valve for not going kernel level with their anti cheat and trying the complicated and interesting route instead. However i think that is because valve tried kernel level when it was still resisted by gamers so they got big backlash at the time and went back to regular anti cheat.

I think what worked best for me was trust factor, which rates the trustworthiness of your steam account and since i have a legit account I've not played against cheaters since they implemented it and until i stopped playing. It sucks for new players with new steam accounts tho as they get matched with a lot of cheaters.

[–] GetOffMyLan@programming.dev 2 points 1 month ago (1 children)

Bots just get around that by adding random amounts. We learnt this with RuneScape lol

Also in a fast paced FPS they aren't going to hit the same spot from the same position repeatedly.

[–] dontgooglefinderscult@lemmings.world 0 points 1 month ago (1 children)

I covered that, there is no real RNG. It will always be able to be programmatically detected over enough shots.

To your second part, yes, they will. They aim at the same point. Even if there's variance in the points there won't be enough variance in moving to the points that they'll be able hide the unnatural movement.

[–] GetOffMyLan@programming.dev 4 points 1 month ago (1 children)

Again this happened in RuneScape with the auto clickers. Every time they get better at detecting them the hackers get better at hiding them. You just start throwing on a few miss fires and they're back to square one. It really isn't as simple as you describe or they would do it.

[–] dontgooglefinderscult@lemmings.world 0 points 1 month ago (1 children)

That's a different threat vector, but was also eliminated in other games. RuneScape devs, let's face it, are really stupid.

For auto clickers, and the like, just make sure whatever is happening is possible for a human to do, auto clickers are faster than humans so they're easy to catch. If they're using it to move, that's a predictable thing that can be fixed by changing the terrain slightly like wow did to catch and ban a few million bots at a time.

Kernel anti cheat would not be effective against that vector anyway, as memory isn't changed in most cases.

[–] GetOffMyLan@programming.dev 2 points 1 month ago* (last edited 1 month ago) (1 children)

They don't have to be faster than humans though. Again it's the whole cat and mouse thing.

Kernel level anti cheat could detect the app sending the mouse messages or detect non hardware messages and would have rendered them absolutely useless. Could also detect things reading apps pixels which is how they functioned.

Incorrect, it would detect it once, and then obfuscation is developed never again.

The cat and mouse game goes on, but now every single player is vulnerable to a history of malicious attacks they wouldn't otherwise be.