See details Show less
Search
New topic

Do you know what a cheaters, or companies, intent is?

by EvoCyberNation
Reply

Original Post

Re: Do you know what a cheaters, or companies, intent is?
★ Guide
AzGoshawk

March 2019

@Jungle-Beard wrote:

The main thing to understand here is how anti-cheat works. When you understand this, it becomes clear how cheating is impossible to get rid of.

Anti cheat works in 3 main ways.

1. Signature detection - The detect of certain patterns of bytes in memory, checked against a database

2. Heuristic analysis - Behavior and stat analysis (is this player suddenly winning every game with 10/1 KD, all headshots etc)

3. User reports

1. Signature detection

This is the primary method in which anti cheat functions and cheats are detected. And its the main reason why cheating is is prevalent and can't be stopped. This works very similar to anti-virus. Let me explain a typical cycle.

  1. Hack is developed

  2. Cheater is detected

  3. If available, the hack signature is entered into a database

  4. Now this signature is entered into this database and is always being checked for

This is almost exactly how anti virus works. The virus is let out into the world, its eventually detected. The rouge code is contained, analyzed and entered into a database. When this signature is detected, the anti virus software quarantines that file. The cycle continues.

But here is where things fall down for anti-cheat, specifically step #3. Lets assume a cheater is caught and banned - great, but how is it possible to stop other people from using the same cheat? Well, anti cheat needs to have the signature of the cheat (exactly how antivirus is working). But think about how incredibly difficult that information is to get, its not like they have the 'file' just sitting there.

One of the only ways to actually get the signature is from a memory dump from that users computer, good luck getting that! Even then with that dump, its incredibly challenging to sort thru and actually get a signature. You need to be qualified and know your stuff. Not only that, but even after expelling a ton of resources to fish out a signature and enter into a database, its incredibly easy to modify the code and create another variant of the cheat (junk code, function changes, etc) that masks the signature into a new one.

This is an uphill battle and frankly cannot be solved.

Okay, so lets spitball here for a bit and think of some other ways anti cheat can get signatures. Well, for one, they could just scour the web and download any public cheats they can find off sketchy Russian/Chinese sites and ban those signatures -- cool, this gets rid of bunch cheating script kiddies and other people who cant code, probably ~80-90% of cheats out there, but the real problem still exists. This is a band-aid solution.

Private cheats

This is why its impossible to ever stop cheating. Private cheats. If I create a 100% homebrew cheat (meaning all custom code, no copy-paste, not borrowed function libs or dlls), its 100% impossible for anti cheat to detect me using signature analysis alone. By creating a 100% unique signature, the cheat has effectively circumvented anti cheat's primary method of cheat detection. Methods #2 and #3 are the only other ways now, which I will get into. However, this is the primary evidence that suggests cheating is an unsolvable problem. You can cut out 80-90% of the people who aren't developers, but the remaining people exist in a sort of bubble outside any actual way of getting caught.

Careful cheaters cannot be detected and essentially exist above the rules.

2. Heuristic analysis

This stuff can get pretty complicated, but its a simple concept. This is behavioral and statistical analysis. Lets say you're the average player. You've set a baseline of your performance. Sometimes you have excellent games and spike above that baseline, great, that's normal. You can also improve as a player and over time improve your baseline, that is also normal. You can also totally suck a bunch of games in a row because you let your little cousin player and lower your baseline. That is also normal. Whats not normal is suddenly winning all your games, getting insane KDR, super long range kills, etc.

This is what, in a nutshell, heuristics analysis is. Of course this is very straight forward stat analysis, and anti-cheat is clever and actually go into some insane tracking and analysis that I cant even wrap my mind around (very advance statistics and mathematics). They also track things like how your mouse is moving (they can detect macros, such as AHK) and can determine if you're using aimlock by tracking how you're moving your mouse (example, its unnatural to move your mouse X distance in repeating increments, like a program would do it). There's a whole other plethora of things that make the system pretty insane.

The downside to this is that its waiting for a cheater to make a mistake. A careful cheater who understands this wont trigger these flags. They'll slowly raise their baseline as expected, and wont make big jumps in their game play. They make sure to lose a few games here and there, sprinkle some wins, and overall "game" the system. People do this.

3. User reports

This is pretty straightforward and there isn't a whole lot to say about this... overall though, a careful cheater won't spark anyone's attention.

The conclusion that can be drawn is that cheating is here to stay. The primary means of detection can be circumvented by custom/homebrew cheats, and a careful cheater wont trigger any flags. Cheating and hacks aren't going anywhere - most likely forever there exists games to cheat on.

You just copied it from internet. So, nothing new.

Message 11 of 11 (112 Views)
Reply
New topic