TR Forums

Recently there has been some discussion about game cheats in the comments of TR articles so you might find this new article from PCGamer interesting. If you don't know the extent to which people cheat then you will definitely find it eye-opening. For me it didn't cause any real surprise - I've played DayZ - but it is further validation.

Will no one rid me of these turbulent Counter-Twits?

[/Henry II]

My hardcore gaming days have long since passed me by. With not even a fraction of the time that I used to devote to <insert game of the year here>, I have moved to offline gaming simply because I can carve out a small slice of time and game without the chat bitchfest, without the haxx0rs, without the urge to hang on for just one more rubber match round to determine the best team. It's a helluva lot less stressful.

We all knew these cheats exist, we all knew if you paid for them you got what you paid for. Nothing new garnered from the article, but it did flesh out the details and behind the scenes work involved with it. Many thanks for the link, OP. Hopefully we don't get a comment bitching about bringing it up, when a simple google search would show it for anyone who actively pursues that path.

There's absolutely nothing "new" there, nothing that 100's of 1000's of actual players don't already know
And that article writer is a very narrow-minded person. "Ultimately, the most effective anti-cheat strategy is to make cheating feel unnecessary. That means either more sophisticated, accurate matchmaking or some kind of handicap system" - that is not true, cheaters will always exist as long as the multiplayer games will. Simply because some people just find such activity amusing, especially if non-cheating players notice their behavior and start giving them extra attention (which most of the non-cheating players do) Not to mention it is impossible to implement any automatic "matchmaking" into games which either rely on "large scale open world PvP" (in case of MMORPG games) or on large traditional FPS game servers which any player can join (like BF4's 64-player servers) and where legitimate players can still earn high score and enjoy different activities even if they have poor aiming skills with standard weapons.

The most effective anti-cheat strategy is first of all creating a custom (without wasting money on third-party useless tools like PunkBuster or FairFight) client-side detection tool similar to current commercial antimalware programs (with daily updates and ability for users to submit suspicious files for analysis, so someone can buy a subscription to one of the paid cheating frameworks and just keep submitting new versions of these as soon as they appear), with equally rapid response time to "0-day" cheat releases and second of all keeping your game priced accordingly, without all these nonsense $5 sales for CS:GO (when many cheaters purchased dozens of keys for themselves or for resale to other cheaters) or going "f2p" from the very beginning like Sony did with Planetside 2 (where you could just keep creating new accounts and changing your non-static WAN IP address every time you got banned, for FREE... which is what I was doing when I got utterly bored by that game ). Unfortunately NONE of the game developers takes cheating issues seriously enough (not even Valve) and as long as they don't - cheating will continue to be a serious problem in all popular multiplayer games.

I agree, his conclusion was not well considered. You could massively prevent cheating by restricting running code during gameplay to the OS, it's services, signed drivers and signed code. Brute force and not very user friendly (you'd probably need to dedicate a user account) but it would make a nice opt-in option for users and servers.

It's hard for me to tell how much cheating goes on in WoW pvp. In the first year or two, rumors of speed hacks and so forth were very prevalent. I don't see much of that any longer. Also in those days, they used "Glide" to farm gold in game. There were mass bannings when Blizzard caught on to that.

Then when arena came out, people would pay money to get arena points at early times in the morning (4AM server) so the games could be controlled.

The latest is not speed hacks or anything like that but simply bots. People set up their character in battleground random games to just travel some path and attack the first enemy they see. It makes it hard for the team to mark them afk and get them kicked out if they get in combat. If people bot their way through BG's they can get epic gear with very little effort. There is the free honor gear as well as conquest (play enough games and you'll win some, even botting).

Using bots in MMORPG game is not really "cheating"... They might be actual bots, or they might be live players from one of the Asian services who sell in-game currency, gear/items or whole characters And they are easy to combat if the developer is willing to make few changes to existing in-game systems. Blizzard just too lazy to care (they could run their own service similar to EVE's PLEX system in an addition to paid "boost to lvl90" system they finally implemented) and the garbage in-game economy/crafting/PvP system is too irrelevant to be seriously affected by farming/leveling bots

Hacks are for n00bs

I knew about this. This is why I generally play offline, with friends only, or in games that don't lend themselves to this sort of manipulation. For example, I'm currently playing a lot of War Thunder, and any gripes or compliments aside, I'm not really seeing any way to implement client-side hacks. Spotting and other player info is determined server-side as are location/orientation and trajectory/hit/damage. Sure, you can make all sorts of things appear to happen on the client side, but if the server discards them and no other players see it, who cares?

As others already said, not any big suprises, but it was a decently well written piece.

Actually, the core conclusion isn't that bad... "Ultimately, the most effective anti-cheat strategy is to make cheating feel unnecessary."
Better matchmaking is not a bad ide'a except in some respects, but it's only part of and being mean's to an end, and I think matchmaking at all can be problematic, especially if you want to allow people joining favorite servers playing against other people manually joining servers. But for matchmaking games, not a bad idea.

Only way I can imagine people not being able to wall hack is to always use some form of server side sandboxing of the information in the game itself. Wallhacking is a client side hack using information in the game to show players through overlays. What if the server never gave that info to the client unless the client was authorized to have it. As in, server-side line of sight checking, if that checks out, then you get to see the enemy, as long as you dont have line of sight, you don't get the info at all client-side. The problem with that approach is that it takes a radically different way of doing things and probably requires a whole lot of extra coding and complexity server side since you will have to simulate actions, Sounds, lights, shadows of players, together with objects more closely to still supports throwing grenades around corners, etc.

Another problem is latency since today many games have compensating algoritms that try to "equal" the playing field. And decent player back in quake days could easily compensate for extra latency themselves, but two equal players, the ones with the best latency always won, and that is often gone from the game but with the price that everything feels a bit loose.

The problem is that bad players cheating smart is raising their level, and in doing so, become "better" as to equal good players. The thing is that a smart cheater will probably be quite indistinguisable from a really good player without a serious effert in analysing of patterns including screens, game data, etc And that is unfortunately a manual process, because it's extremely hard to automate at the higher levels. I would deem it as hard as to have a computer playing chess against a master, doable, but pretty hard. Top percent of players in some games like quake, cs, etc is good. They instantly know when things spawn, where to expect enemies at certain times, especially in some maps there is a flow to the game where you definitely know where people will be and the timing of it. Look at de_dust on CS for instance, any decent CS player will have that info down, same with good quake players.

Look at games like BF, they are different since they don't have as much precision to them and are more chaotic, but if you play a whole lot and employ good tactics, you will be called a cheater regularly because many people wont have the ability to distinguess that from a bad player with one that could be using a WH. I'm a very decent player in BF, but then, I spent probably upwards of a couple of thousand hours on the series and regularly think about tactics and the meta game and mental side of it, and study which tactics that would work, peeking, pre-firing around corners where there's a high likelyhood of enemies being, using surround, throwing nades to get sound ques, listening to footsteps, etc. Most info is there, but as I've heard, many people complain not being able to hear footsteps in headphones, while I on my surround, hear them perfectly well, including direction, that gives me a fair bit of advantage right there. Together with BF4's sync bug's and client side hit detection where you can be visable on somebody elses screen while you dont see them on yours, it's hard to distinquish a cheater from somebody having lag and actually having a legitimate kill as far as current construction is. Often, you probably dont know when you are the one killing somebody that though they were safe behind a corner, etc. So that is definitely things that need to be tightened up.

JohnC wrote:

The most effective anti-cheat strategy is first of all creating a custom (without wasting money on third-party useless tools like PunkBuster or FairFight) client-side detection tool similar to current commercial antimalware programs (with daily updates and ability for users to submit suspicious files for analysis, so someone can buy a subscription to one of the paid cheating frameworks and just keep submitting new versions of these as soon as they appear),...

Except since it's still a negative sum game. You will impact the big mass with something made for catching a very small minority, and still play and cat and mouse game that you basically can't win without radically changing something about the plattform. And considering there is a ton of money involved, there will be real incentive to fool that single piece of software. And considering, at least the PC platform, I'm not sure that you can write such a piece that are in any way foolproof while at the same thing not making it a dedicated platform for gaming alá console based on pc hardware with custom OS, etc.

You dont think the gaming companies already has people buying cheats and looking into them trying to stop this. While I don't know enough about fairfight to deam it either workable or not, and people i know working within anticheat for some publishers are under NDA and very tight lipped about how it works, you are definitely right in that PunkBuster is pretty much a bust in many situations. WIth active adminning and admins taking client side screenshots, it has potential, but I've never seen it perfectably workable except for some veryfied hacks. Although when playing both BC2, BF3 and 4, you constantly see globally banned people using aimhot/multihacks trying to enter servers. So at least it weeds out the blatant cheaters which is always something.

The thing is, a new client would't neccessarily be a good solution since it will invariable not be foolproof, it will have a certain percent of false positives. And it will most likely have performance impacts on your system. To be fully effective it would also have a need to hook deep into things, possibly leading to stability issues and incompatibility issues, just like different anti-malware and AV programs has today. Working within a company doing security monitoring as a core business has it's benefits, and let me tell you this, what actually catches threats, is not signature information from vendors. Of everything that goes through the engine, less then 25% of the advanced threats are detected by signatures, so things like anti-virus and IDS solutions are easily fooled by themselves as a single product. What you need is aggregate data and massive correlation and heurstics on behaviour. Those things together is where you can distinguish the malware from just badly coded but legitimate software and eliminate false positives to a much higher degree.

While your eyes are open, maybe you can point them here to get them even WIDER!!!!

http://www.mpgh.net/


It's a never ending battle against the little bastages. If games were written like medical grade software or satellite control systems then these 'holes' and 'exploits' wouldn't be so prevalent.
It's just more greed to kick out the product in the cheapest means. I am pretty sure Black Ops 2 made a whole lot more money for its programmers than satellite #324 floating in orbit 45 miles up.

coal subscriber.

Aphasia wrote:

You dont think the gaming companies already has people buying cheats and looking into them trying to stop this.

Not really, no. At least not actively enough. I use cheats, I know certain private ones still work without any issues on FairFight and Punkbuster-protected games and I've never "lost" a single BF4 account so far
It's a little bit different situation with Valve's games like CS:GO because they use additional (and more effective) methods of manually reporting a player and an Overwatch system with "community moderators" as well as excellent replay system BUT their automated VAC system is still EXTREMELY slow to react to certain private cheats

Aphasia wrote:

The thing is, a new client would't neccessarily be a good solution since it will invariable not be foolproof, it will have a certain percent of false positives. And it will most likely have performance impacts on your system. To be fully effective it would also have a need to hook deep into things, possibly leading to stability issues and incompatibility issues, just like different anti-malware and AV programs has today.

You assume the "worst case scenario" outright, which you shouldn't do Such system does not have to have any negative impact, just like a good antimalware program (I've been using Kaspersky's Antivirus products for few years, have 0 stability/incompatibility issues so far or any negative performance issues and Kaspersky Labs reacts VERY rapidly to all the samples I've sent them, both legitimate and "false positives"). Same goes for "false positives" - yes, they will happen but if properly supported the program can quickly stop detecting "false positives" and the bans caused by these can be easily and automatically reversed (just like what happened to some legitimate BF4 users when PunkBuster started to issue mass bans due to actual "false positive" a few months ago). It would still be a much, MUCH better way compared to trying to keep the live admins 24/7 on your server and trying to rely on their highly SUBJECTIVE opinions.

You sir, are a bastage!!!!


coal subscriber.

Hey, I hate cheaters as much as anyone else, especially when I play myself without cheats It's just hard to resists to NOT join them especially when gaming companies are still EXTREMELY ignorant to the whole issue, and I'm a strong believer that the more people will use (and expose through other means) existing cheats/exploits = the (hopefully) more rapidly game companies will react to them... at least non-EA companies

JohnC - then you arent one of the "rage" ones as the article defined it as. Although I'm really interrested in both the why and how, as in which types and what for as compared to not using them.

Well, Fairfight is fully server side and seems to be rulebased against a database on behaviour, actions and statistics, so that will never do anything that doesn't mark you too different. In theory, it could probably be able to detect wall hacks, but in a game like BF4, with the current problems, I don't know if only a WH will markedly change the performance compared to a really good player.

As for punkbuster, yeah, it's pretty much a bust in some situations. Although considering it's widespread use, I don't know why all the big publishers just don't pour a bit of money into them and put out a good product. That could be what you want since it's already on the clients. You are entirely correct in that you don't want to rely on subjective opinions, because that would make it neccessary to wet decent people out to judge on that, and considering the current crop of admins that have servers, they range from very competent to PFY's kicking you for killing them too many times.

With false positives, most AV companies are pretty good, it's their livelyhood after all. As for game companies, unless it's en masse, I can't belive that they will have a good priority on it, because it is outside of their core business. And even the experienced companies have problems. I mean McAfee managed to flag svchost.exe as malicious on Win XP sp3 a couple of years back. That's as big of a blunder as it get's, but it does happen. The problem with cheat's that unless very explicit, depending on their use, many tools that can be used for them, have very valid uses. Dedicated wallhacks for a single game is one thing, that could probably be stopped, but the rest... look at autohotkey, very valid util for tons of things, but can as well be used to make no-recoil and aim compensation scripts.

Aphasia wrote:

JohnC - then you arent one of the "rage" ones as the article defined it as.

Well, that depends on the game In Planetside 2 I wasn't afraid of being more obvious and using speed modifier/teleport functions (where you can move at 10x speed or instantly teleport behind people's backs if you're shooting at them or below the ground or above some tower) because it was extremely easy to re-create new account and it didn't cost anything (except a 5 minutes of lost time). In paid games - that depends on a price of the game. That's why I initially said that developers who want to treat cheating seriously should not discount their game to ridiculously low amounts or go completely "f2p" from the very beginning, especially if they don't have a good (none of that Punkbuster/FairFight garbage) automated anticheat tools ready with a very rapid response to new threats.

If you have to cheat you're missing the point, IMO.

It's like sport - in a fair competition when you beat an equal you get a feeling of joy, pride, an endorphin rush - whatever. It feels good.
When you beat someone by cheating don't you feel dirty, isn't the victory hollow?

I mean, cheating in major sports events is one thing because there's prize money, fame, and an audience to worship the victor(s)
Cheating online there's no money, nobody cares, and everyone who thinks you're cheating resents your presence on the server in the first place.

So, uh, what's in it for you? Where's the motivation?

Exactly, I would love to hear more about the why part.

For me personally, I don't get the why, since I see a good game as a contest, and if I would have an unfair advantage, any victory would not be from my skill. That said, any advantage included in the game is fair for me, so I tend to use the map a ton in hardcore in bf4 while many others just cry hacker when I turn around and stop their flank dead, then i tell them about the map, most people have no clue it's even there. Although there are very few games where I can't take the top spot in a decently fair amount of rounds, no matter if others are caught hacking or not, that doesn't seem to impact my own scoring, at least not in a game like bf4. Although at time you defínitely wonder how people can suddenly spawn behind you or see you come out when you are running silent and dont show up on the map, etc.

I don't cheat. I'm too stubborn/poor/skilled/whatever. However, there have been many, many occasions where I would have loved to have the intelligence aspect, just so I could better judge if someone else is just stupid good or if they've got something extra.

Also, just chiming in with more info, the server-side line of sight thing? Many games do that already. Not FPSes in general, though, because the pace is too fast. In your average FPS, computing sightlines and passing them to the clients would be a problem for CPU and latency both. When I'm playing War Thunder and an enemy plane or tank suddenly pops into view because the server suddenly noticed I could see them, it's a little jarring. The same thing happening at the same time steps in BF4 would mean the invisible man put two in your head before the server decided you could see him.

Forge - yeah, and latency on top of the processing power would definitely be an issue in fast paced games. A prime example would be RTS games like star craft where you had local map-view hacks so you could do away with the fog of war for instance.

As for BF4, I guess it will never happen, although it might not not be that much more intensive on smaller maps considering how meaty the server needs to be to run a 64 player BF conquest large game with destruction, synced waves on water maps, etc, I guess that's why they don't do it, but if they could, it would make it that much harder to do client-side wallhacks. But considering that the sync issues is what's plaquing BF4 (often faultily described as netcode issues) it might be harsh to rebuild it. That said, main netcode and tickrate is the same for bf3 and 4 so it's all the extra things from bf4 that have been a problem.

Aimbot DRM? I loled hard.


I wasn't aware there was so much money involved and always thought it was just people doing it for the lulz, but I also don't play multiplayer games so it isn't a very large blip on the radar. I agree that matchmaking is the only reasonable way to cut down on cheating. When it comes to the digital underworld, there are two axioms that most companies like to ignore and it always comes back to bite them:

1. The hacker will always get through.

2. Neither you nor your competitors employ the smartest guys in the room; they are beyond your control and do it for fun, not money.

Draconian anticheat and DRM just encourage #2 to redouble their efforts, because now it's not just for the lulz but also political.

Of course, when an aimbot is no longer only something that a guy in the basement made for the lulz, but a business model that makes somebody money, then they will try to protect their investment, which in this case, means a subscription/drm, because if the software was free, they wouldn't get any money. And keeping it working with paid people not doing it for the lulz, costs money.

As for the axioms... both of those will leave the countermeasure up to a couple of feasable things...

1. Make it impossible to cheat (as in, not worth the effort). A fully server side hit POV/Hit detection would be one of these option since hacking a server would be something entirely different then tapping into client data.
2. Make it unneccessary to cheat. No actual gains from it, as in matchmaking so anyone cheating, obviously or obfustacted, will be put up against others of equal measure, and thus have gained nothing for it.

People might still do it for the challange, but when that challenge suddenly goes against different laws and risks you jailtime, or the effort costs more then what you might gain, the people doing it should be quite a bit less.