Fighting Online Game Cheating in Hardware

Monk writes "Multiplayer games these days have one problem. Cheating. Cheating is out of control because of failed attempts by software such as Punkbuster, and VALVe's Anti-cheat (VAC). Now it seems that could change change with Intel's own Anti-cheat Software/Hardware."

Add the cheats as features to the game

[Slim Backwater]

How about just adding cheats as elements to the game? Players like radar? Add it. The ability to see through walls? Auto aim, auto trigger? Make them power ups. Don't fight it, integrate it.

*sigh*

[Verte]

The Quake fiasco [catb.org] has already taught us plenty about this: don't trust the user.

Not in the game anymore

[Joebert]

Nobody seems to care how good a game is, "the game" is all about finding ways to cheat no matter which game you're playing.

Well, I'm not impressed.

[dannycim]

A friend of mine plays the Final Fantasy XI MMORPG on PlayStation 2. I rigged a little box with a bunch of timers, relays, the heart of a USB keyboard which can repeat timed sequences of game macros without supervision. It works wonders for some "skill-upping".

Intel's little trick wouldn't detect that as it involves no software at all, no injection of keyboard events. As far as the console is concerned, it's a keyboard, period.

I could go a whole lot more sophiticated and build a USB box that would emulate both keyboard and mouse events. Marry that with software that can "look" at the screen data and recognize patterns, and you'd have yourself an automated player.

Go ahead Intel, invent better traps. We'll invent better mice.

Re:gharr

[camken]

since none of you with mod points seem to get the joke, i'll explain it.. and i'll use small words..

i had a witty and thoughtful first post prepared.. but then i (my input verifier) realized that it (the witty and thoughtful post) wasn't (coming from the "proper" source), so i'm (stuck) posting this tripe instead (of what i'd intended)

now, for the explanation..
just what do you think will happen when things can be censored or monitored at the source of the input?
i'm using a rather innocuous example of a first post gone awry, but what happens when **insert nasty shadowy agency here** decides that they want to be able to scan encrypted data?
why.. get the data before it's encrypted, of course.. how do you do that? why, a key logger that 'allows' you to play a certain game, of course!
now, i'm not suggesting that the average gamer routinely inputs data that the government wants, or even that intel has any special interest in doing this.. but on the other hand, what happens when your biggest rival in the game has figured out how to tell your computer that it no longer recieves "intel approved input" and so your character simply stops responding to commands..

the point of all this is that if you're going to try to do things that make it harder to cheat, you'd better make damn sure it can't be misused.. i'm sure we've seen enough of the arguments on here over the last 5 years about how seemingly benign laws and technology get misused by with those with an agenda..
and i for one don't want to see it come to my games too, because my fear is that someone will think of something more nefarious than i can, and voila, he's already got the tools in place on literally THOUSANDS of computers worldwide. oh but wait. nobody ever attacks windows gamer boxes, right?

ok. thanks for letting me vent about that, i'm sorry the joke wasn't clear enough the first time, and that i had to have the discussion with myself instead of you folks.

have a nice day.

Re:there is no technological fix

[Dogtanian]

Anything designed by a man can also be broken by a man? I guess that means all strong crypto schemes were invented by females?

I was thinking along those lines too; not a good argument. He'd have been better off pointing out that the main problem with inventing "secure" peripherals is the same one that bedevils all "secure" devices- the owner still has to have the encryption/decryption key or technology in their possession.

At its crudest, what's stopping someone from wiring up the keyboard to.... anything they like?

It's not going to happen.

[Dogtanian]

wouldn't the next step to be switching games back to a boot system. Think how great it would be to not have worry about all the OS cycles being used. Booting into a game would allow the game ULTIMATE control over what software is run. If anything it could be used for tournaments.

That wouldn't work with anything other than a very fixed set of hardware. Even Amiga games frequently stopped working when newer machines came out with minor hardware updates (e.g. A500 to A500 Plus, not a major difference, but it still caused problems). They bypassed the OS back then simply because the speed advantage it gave easily outweighed the extra hassle and compatibility issues.

But technology has moved on. For one, hardware is far more complex these days. The idea of having to hit modern hardware from scratch sounds nightmarishly complicated.

For another, the PC philosophy is that you can use many different types of sound/video/etc hardware because they're supplied with drivers. If there was no OS, the game writers would have to write their own drivers for *every damn card that they expected it to run on*. And that's assuming that the makers were willing to release the specs to their cards anyway, which very often isn't the case.

In short, you'd have to duplicate the functionality of large parts of Windows XP, the sound and video drivers, DirectX, networking, blah blah blah.... all from scratch. You can see why this isn't going to happen just to stop a few kiddies cheating, especially since it would likely get cracked quite soon anyway.

Re:The problem with anti-cheat software..

[Catil]

As far as casual public server playing goes, there might be another solution: Statistics.
40% aiming accuracy? Too good. 5 headshots in a row? Too good. etc.
It wouldn't even have to have anything to do with cheating, actually. The message a detected player would recieve would be something like this: "Sorry, you are already too good for this server, it's low-skill only. You will be kicked in 5 seconds, so the noobs here will have more fun in a more even and fairer game. Feel free to play on our mid- or high-skill servers over here."

Re:Not in the game anymore

[qlayer2]

I play multiple online games, with punkbuster support- and the simple fact is that 99% of the people cheating are untrained dupes who download trainers which also contain a number of viruses, and they aren't doing it to get an advantage in the game. They are just doing it to get a rise out of the honest players. The 1% that are smart enough to write their own scripts and use it for an advantage, are usually terrible enough at the game that their "advantage" doesn't matter much anyways. Most respectable servers will boot these people in a short amount of time, and they have zero effect on anyone else. So why would I pay for a terrible hardware solution to a problem that doesn't affect me, or 99% of the population? If you want to force it on big money tournaments go right ahead, but the average game player has no need or desire for this type of product, and won't use it.

Mod me offtopic...

[SanityInAnarchy]

Is that a reference to the horrible, horrible, Chinese pirated Attack of the Clones (subtitled in english-chinese-english translation)?

That always cracks me up. Vader's "NOOOOOOOO" becomes "DO NOT WANT!!!"

Re:The problem with anti-cheat software..

[lena_10326]

And that *still* doesn't get rid of aimbots.

It would get rid of aimbots.

In order for an aimbot to work it needs access to the internal game state, particularly positions and velocities of objects in the game, which it can gleam by analyzing the data packets between server and client or by accessing in memory game data.

If all you have is a video stream, the aimbot has access to no game state. The best it could do is try to recognize objects on the screen by pixel patterns (screenscrape), which I doubt would work if everyone chose skins matching the background. It also wouldn't have access to positions of off-screen objects, which gives the aimbot its real advantage--shooting at people behind you or hidden underwater or in shadows. I think in that case any screenscraping aimbot would be more trouble than its worth as well as very inaccurate (obvious).

Re:The problem with anti-cheat software..

[Bombula]

And the high-skill servers will be like SNL's All Steroid Olympics. Why not? Same with MLB. Who cares if people cheat - as long as everyone is cheating, it's still a level playing field.

Re:there is no technological fix

[SanityInAnarchy]

Sibling is wrong that you'd have to duplicate XP. You'd have to duplicate Linux, because it'd be a HELL of a lot cheaper than licensing XP, or developing your own drivers.

But here's why that's a bad idea:

1. Modern OSes are fast. You're really not losing a lot of cycles to the OS, compared to what developers willingly throw away in order to make development easier -- many games have significant chunks of the game logic written in a scripting language.
2. It can be nice to multitask with a game. For example, I run my MMOs in a window, next to an IM client, a web browser, and a notepad. This is even nice with an FPS, for example, to have an ssh window open to control the game server with at a LAN party.
3. It'd be entirely too easy to run the whole thing in a hypervisor or emulator. Failing that, you could do tricks like a chroot in Linux... I'm sure Windows has tricks I don't know about, or maybe something custom. Notice how much cheating there is on Xbox Live, and they control the boot CD and the entire console.
4. It would be slow, unless you used the hard drive as a cache -- which kind of starts to defeat the purpose, as you could modify the files in the cache. If you use checksums to prevent that, you still have to boot from the DVD, which will take some time.
5. Any way you use to prevent someone from just burning a hacked version also prevents backup copies. But I guess that's "copy protection."
6. It would be difficult to patch. The patching system, if you had one, is yet another way someone could potentially hack it.
7. It would be difficult to use the hard drive, for caching, patching, or saving. Some people have weird BIOS RAID configurations, some people have real RAID, some people have SATA, some have IDE, some have two hard drives, some have many partitions. The only way this could possibly work is if you had a custom partition for that game, or a fixed directory on an OS partition -- the first requires you to repartition just to install a damn game, and the second requires you to have a specific OS installed.
8. At tournaments, there's no real need for custom hardware. Just clone a disk image around, and don't give any players access to the game before they start playing -- during which time they get no Internet access and no custom disks, except config files they've supplied ahead of time for scrutiny.

Let me tell you one thing it would be good for, though: LAN parties. I've been meaning for awhile to make a DVD of UT2004 (maybe minus a few maps), Quake3, Doom3, etc, probably based on Ubuntu, so that people who bring a crappy, spyware-infested computer to a LAN party at least have a chance of getting into the game with a decent framerate, without us having to format them and install a pirated XP (which we have done).

Currently, we ask that people bring their computers a day early -- even to a small, 10-person LAN party -- so we can check them out, and decide if we want them on the same subnet as our own, and maybe clean them up a little -- not to mention do mass-installs of whatever games we're playing.

But, even here, it's a backup, because it won't work for all games, and the ones it does work for almost certainly have Windows ports, or we can just install Linux partitions everywhere. It's a LAN party, so we can look over someone's shoulder and physically beat them if they cheat, and it's much faster to boot an OS off your hard drive and launch the game, because hard drives really are that much faster.

It's actually not a horrible idea, though. Someone founded a company based on it, but they didn't get very far. They were called "Gentoo Games".

Re:The problem with anti-cheat software..

[Shabadage]

No, that actually WOULDN'T work. 40% aiming accuracy is NOT too high, 5 headshots in a row ISN'T high either. I've been kicked off countless UT servers (Face specifically) because I'd just start snipin' fools from the tower. Then I'd get booted cause I was "cheating". No, it's called I played hours and hours of Face against God-Like bots thank you very much.
 
This would punish cheaters, sure; but it would also punish those who just happen to be good (on that map in my case).

Re:The problem with anti-cheat software..

[Kjella]

Except the people using aimbots and the like aren't interested in skills - they're interested in the feeling of being invincible, to tear through a map like a mean Rambo look-a-like. Put the cheaters together and they'd have no fun. So what they'd do is find ways to do it anyway, while the good players will get banned by any other name. What are you going to do, start banning people for winning too clearly? Sure, that's incentive... get too good and you get banned on every server except the garbage heap of cheaters, woohoo.

Re:The problem with anti-cheat software..

[Ash Vince]

I play americas army alot on the net. At one point I was out of work and pretty much played full time for 2-3 months. By then end of that period I got more hacking acusations than you can shake a stick at. I even got banned from a few servers. I have never cheated. The truth is that really good players get headshots first time, almost every time.

In the end I settled on playing on one or two public servers run clans. That way they knew who I was, trusted me not to be cheating and let me carve through people when I was on a good run. That way admin would usually explain to noobs I wasnt a cheat when the acusations started to fly.

I also changed my name to Nohax for a laugh but that was only after I got the hacking acusations.

The truth is though that human admins are the best anti hack method. If you got caught cheating on their servers you would probably get a lifetime hardware ban. That means your PC gets banned, not you account name or anything. I don't know how it works but it is effective as I have heard people complaining they downloaded a hack for a laugh and then could never play again until they bought a new PC.

Re:The problem with anti-cheat software..

[SanityInAnarchy]

Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

In order to defeat TCPM, you can:

1. Fool the TCPM chip itself into authenticating something that isn't properly signed. Probably can be made impossible.
2. Crack the authenticated software, while it's executing -- something like a buffer overflow. Difficult, and is impossible with perfect software. Perfect software is not impossible.
3. Crack the TCPM chip itself (or surrounding hardware), somehow, and steal the key. Might be made physically impossible in the future, physics permitting.
4. Crack the server at the other end, or fool it in some way. Could be made impossible.
5. Steal the key used to sign stuff for the TCPM chip. Requires actual data theft -- this key will NEVER be on your computer in any form.

#1 and #2 require you to have an actual TCPM chip. #4 is unlikely, and would be fixed. Only #3 and #5 really seem likely to produce a version that would work on a computer without a TCPM chip.

Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug.

The solution to this is, fix the bug.

Somebody moving all over the screen can be made impossible by having the client send velocity and direction updates, and the server send positional updates back. Or even if you send entirely positional updates, both ways, the simple solution is to have the server send positional updates back, correcting the client. So if somebody is moving at 105% speed, all that will happen is they'll jump back from lag. The faster their connection, the closer it will get to their screen vibrating, rather than them being jerked back a foot or two. And it will only look that way to them, so I can't see it giving them an advantage.

And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any)

Not even detect. Defeat, plain and simple.

Consider someone trying to create a godmode. Can't be done. You might be able to convince your own client that you have 100 health, but if the server says -37, that's what everyone else sees, and they also see your body blow up, and their score go up.

that leaves you with the cheats that cheat the User Input. Aimbots and the like

You forgot cheats with the display. Invisible or translucent walls, giant target boxes on people's heads, even things like adjusting the screen brightness.

And you're right, those you have to deal with by having competent admins. But you have to be careful here -- some people really are that good. One way to tell is go to a first-person view of that player, which can help, but not always.

As always, the surest way to tell is to know the people personally, have occasional LAN parties, and maybe form a team.

Or add lag to probable cheaters

[Anonymous Coward]

"..and their cheating fun ruined by us /kill'ing them.."

Another approach was prototyped a few years back by a research group in Australia, which involved adding latency to those presumed to be cheating... Enough to make the cheater think the network was playing up (encouraging them to go away) rather than pissing the cheater off (and inviting spiteful repeat attempts at disrupting the game). Not sure how good the scheme worked, though.

Look for IGLU under http://caia.swin.edu.au/genius/tools.html [swin.edu.au], or the README at http://caia.swin.edu.au/genius/tools/iglu-0.2-READ ME.txt [swin.edu.au]

Re:there is no technological fix

[rtechie]

Time and time again we've shown that to change human nature is very very difficult.

Nonsense. You may have noticed that people are no longer urinating in the streets, as was customary 100 years ago. Your average 3-year-old today behaves better than adults did a century ago. There's all that civil rights stuff too. Contrary to what some people seem to think, human behavior is in fact extremely malleable.

Online cheating is not "human nature". It needs to be considered "socially unacceptable" to cheat and there needs to be tangible punishments associated with doing it. Take the behavior of purchasing characters, items, gold, etc. for MMORPGs on Ebay. This is cheating, pure and simple. Using aim-bots is also cheating and Valve, Microsoft, and other online game providers should be zero-tolerance on this. They should stick in their bullshit license agreements that if they cheat on the service they have to pay a $50 "reactivation fee" EVERY time you cheat. And not just MMOs. If you cheat they block your CD key and you have to either purchase a new key or a new copy of the game. Sure a few whiners might sue, but I suspect that most cheaters are little brats and unlikely to defend themselves in court.

The reason they're not doing this now is that they fear lost revenue. As gamers we should pressure them to bring the hammer down.

Recent PB update is a rootkit

[rush22]

I was appalled at the recent PunkBuster update. Evenbalance has essentially installed a rootkit on my computer without my knowledge. The only reason I noticed is because my firewall suddenly lit up with warnings.

Normally, PunkBuster is a .dll file in your game folder. However, this recent update downloads two .exe files and places one in the game folder, and one in your Windows system folder. PB says these are necessary only for players who want to bypass admin rights for people who play BF1942 or ArmyOps. Apparently so many people are playing these games on their office network and can't log on as administrator on their own computer that Evenbalance has sent out a rootkit with their recent PB update. The programs are mandatory for everyone, though, regardless if you are the administrator. Any player attempting to play on a PB-enabled server without these files, or otherwise blocking these files with a security program, is kicked for "Losing Key Packets" (PB often has trouble with accurate error messages).

The executables are run upon startup of your computer, and run constantly in the background, regardless of whether you are playing the game. They also intermittently connect to the Internet and send data to Evenbalance's servers. Of course, the player has consented to this (and more) by agreeing to PB's voluminous EULA. In fact, if you read it carefully, players have consented to sending their entire hard drive and hardware information to Evenbalance at any time Evenbalance deems necessary.

Evenbalance will tell you, as support team member Glenn (or someone imitating him) says on a game forum I found: "We're not trying to hide anything or throw anything by the user without his knowledge. These services are doing nothing when a PB-enabled game is not being played, other than waiting to see a PB-enabled game launched. When a PB-enabled game is not being played, we're not scanning your computer or internet traffic or anything of that nature."

Though if you have any sort of firewall on your computer you'll know that that is either total ignorance of their own product or a total lie, as PnkbstrB.exe and PnkbstrA.exe do in fact connect to the Internet while the game is not being played. They also use a large amount of system resources for something that is only supposed to be a service waiting for a game to start.

PunkBuster offers people the option of uninstalling these files, with something called pbsvc.exe which gives you an "UnInstall" option. This doesn't seem to uninstall everything, as the PB files are not only still present but still load on startup despite the uninstaller's "Uninstall Finished!" message.

All-in-all, if PunkBuster cannot even get its act together to create an uninstaller, nor to inform its support team of what a rootkit they just installed on everyone's computer is actually doing, how can anyone expect PunkBuster to detect cheats and hacks? Private home-made hacks can already slip through PB's dragnet--the only ones they can catch are publicly available hacks Evenbalances finds on the Internet, the way a virus detector works, so I think it's pretty clear that the solution does not lie on the player's computer.

Instead I'd say it lies in the programming of the game itself. Wallhacks and radar, for instance, wouldn't work if the server did not send the locations of non-visible players. A difficult task perhaps, and for only one kind of cheat, but it is a real solution. And it doesn't involve uploading my hard drive to Evenbalance and granting them access to information which, as EvenBalance's EULA says, "includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed"

Re:It's not futile; it's extremely dangerous...

[rtechie]

So you can't "wrap the chip in software" like you suggested. Your software won't have the necessary private keys to produce authentic-looking reports from the TPM. You could definitely physically break open the chip and try to extract the private key. You might even be successful if you've got a lot of equipment and education. But that would have to be done on a PC-by-PC basis since each PC will have its own TPM and each TPM will have its own private key.

Two points:

1) There exist, right now, software emulators for the TPM.

2) How will "the internet" or individual services like Valve or ISPs determine the authenticity of the private keys?

This is a very key point. While it is likely there is a fixed format for the keys, I think it's every unlikely that there will be a secure method developed to distribute a list of which keys are valid. Key distribution is the Achilles heel of public key cryptography and it's weaknesses are glaringly apparent here. Look at the similar situation with AACS. As long as there are non-revocable keys and there is no secure means to distribute blacklists and whitelists this system will break if only ONE key is compromised.

Many people don't seem to get this. You can't sling private keys around to dozens of companies and thousands of engineers and not expect one of those companies to leak the keys, either though weak implementation or direct leaking. Secrets shared by thousands of people aren't secret.

Re:It's a reputation problem.

[Renraku]

Valve marked me a cheater on Half Life 2/Counter-Strike Source (which is all one account) and refuses to mark me as not-a-cheater. I had not played the game in six months, only to come back to find myself banned. They then said all bans were final, and refused to let me know what servers/times/dates/logs/etc (aka evidence) they had.

I guess I have to make a whole new account for when HL2 ep. 2 comes out so I can fucking play on secure servers again.

Re:The problem with anti-cheat software..

[apoc.famine]

You hit the nail on the head. We run our own UT2k4 server. We occasionally get decent players on. We also occasionally get people who magically get 6, 7, 8 kills in a row in on people that they can't see, or as they round corners. If someone seems just too good to be true, they get the banstick. Have we possibly banned people for just being super-good players? Possibly. But there are a couple hundred other servers for them to play on. Have we banned downright cheaters? Yep. My favorite was the kid in igib Hall of Giants - if you know the map, you'll know how amazing it is to get a "HOLY SH*T!" twice in a row. Yeah, that's 16 kills in a row, with a max of 3 seconds between each one. All the more impressive was that he did it from...the bottom of the map...and shot someone directly above him in the air immediately after shooting someone on the ground, and then immediately shot someone behind him and to the side. I was spectating for the second round of kills, and most of the people who died you couldn't see, due to the distance limitations. Many were nearly 180 degrees apart from each other at huge distances, but they were located and killed in the span of a second or so. Not overly hard to justify a ban for things like that.

Re:The problem with anti-cheat software..

[Anonymous Coward]

I like playing people much better than me so I can learn from them. This particularly applies to little tricks that only skilled players know (sooo, the shield gun also prevents falling damage huh...), but even basic stuff like reaction times get better when it really matters that I'm 5 milliseconds faster so I can actually get a shot off. And on the occasions when that shot hits and I win I'm happier.
But, of course, getting that tense and into the game isn't to everyone's taste. I also do like owning n00bs sometimes too, it's quite relaxing in a way and it's nice to know that I really have got better than I used to be.

Re:The problem with anti-cheat software..

[lena_10326]

No, aimbot cheaters use the advantage their aimbot gives them to turn what would usually be a strategic disadvantage into a comical sequence of headshots.

There are a set of aimbot strategies. Not just one. Camping in a remote spot with an aimbot is one, particularly in line of site of a respawn point. I've seen happen a thousand times. Ones that I can think of are aimbotting:

• from a "crow's nest"
• near a respawn point
• near a flag point, regeneration point, home base point, etc
• from upper level walkways shooting down or vice versa
• by lurking on the fringe and pegging off those fighting
• by blitzing a fight (as you mentioned)
• from the other side of an opaque surface (windows, water, foliage, very dark shadow, corner edge)
• by running the map and pegging off opponents randomly
• from the opposite side of the map when line of sight is possible
• by appearing to play "legitimately" to mask your cheat