Beating cheaters

[pscheaters]

The first step to beating any opponent in any game is learning and understanding everything about them. To do this requires giving your opponent a certain degree of respect, regardless of how much you dislike them or how low they seem to stand relative to the norms of civilised society.

In my other non-PlanetSide-related life, I am a postgraduate research student with plenty of prior industry experience. My specialisation is in information security and a bit of forensics. Game hacking is simply a side-interest because some of the techniques are common to infosec. And to put a cap on the chest-beating, what I know pales in comparison to many lecturers and professionals who specialise in this field.

To keep this short, I will focus on 2 of the harder forms of cheating techniques to beat, because of technical, resourcing, legal, constitutional or reputational hurdles. This is my personal view and if you are aware of other advanced techniques, please let me know (I am interested, but buffer overflow do not count unless ...).

My 2 personal favorite game hacking techniques are:
1. memory injection
2. datastream hacking

Memory injection is designed to change the behaviour of the game client in order to provide an unfair advantage. Most aimbots these days are based on memory injection techniques. Because it is piggy-backing on the main game client program/process, it uses the game's main process register and unless you know what you are looking for, you'd never find it. It can tamper both static data values in memory (easier to detect) and also change program steps and behaviour entirely (much more advanced and requires reverse engineering).

I would like to diverge into [ABC] because it is one of the cleverest service models I have come across. [ABC] basically provides a client that is locked to one PC (which maximises their revenue because it makes pirating or sharing the cheats difficult). Additionally, none of the cheat programs are actually saved as a physical file on your PC. This beats file validation checks that most game clients perform these days. What the [ABC] client does is download the program into memory and waits for your main game process to start. As soon as it has detected that the game process has started, it will inject the cheat code into the main game process.

This link, (R Kuster 2003, "Three Ways to Inject Your Code into Another Process"), amongst others, provide an excellent discussion into how memory injection is done:
[Link Removed]

The other advantages of [ABC]'s model is that it serves to protect its customer base and their apparent "digital assets" in the game world. Every single time a cheat is being used, the user has to authenticate and download a copy of the cheat that resides only in memory.

Soon as some unfortunate customers are banned, [ABC] is able to centrally disable the distribution of the cheat in order to "protect" the existing customers that are yet to be banned from the banhammer. To counter this, some GM's in certain games (e.g. EVE Online, CCP) tend to collect evidence over a period of time and then ban a spate of accounts in one hit. I am certain SOE already knows who are the PS1 hackers.

I have also seen [ABC] constantly evolve their cheats and the speed at which they are able to evolve suggests that [ABC] actually have a bank of various working cheats for certain games. The cheats are not themselves completely original which suggests that netvortex ([ABC]'s maintainer), himself or his team, is particularly skilled at reverse-engineering and machine language programming. He picks up a working cheat that has been released and adapts it for [ABC]'s distribution model. Like viruses, the faster cheats are able to evolve makes it harder for game developers to stay in pace.

Also, looking at netvortex's post on [ABC]'s PlanetSide, he is also extremely smart to make his cheats not obvious and not easily abused, so that [ABC]'s do not register so highly on the grief-scale that game developers are forced to release a countermeasure. Once countered, it creates additional time, work and costs for netvortex to evolve or develop a new cheat.

The other more insiduous side to [ABC]'s model is that he can pretty much run anything on your computer by changing the code that you will download and run (how sure are you that its the PlanetSide cheat code?). He has your computer's GUID and if I were him, I'd log IP numbers that you regularly use as well. In order to avoid being IP-identified by netvortex, I've had to make this post from a netcafe, but I am pretty sure he can still identify me if he really wants to. Yes, please do not disrespect these people. Infosec people of any-colour hats are scary and operate in a much different world than the one you assume to know.

Putting myself in netvortex's shoes, [ABC] is simply an amazingly profitable business proposition. It is something he is good at and he is simply cashing in on it. There is clearly a demand for it and he is simply supplying the goods and services to meet that demand. He does not care about what people think and most likely, do not have the time to read all the [ABC] forum-bashing (and there is plenty of that to go around).

It is also important to remember that game developers are bound by certain legal, constitutional, reputational and privacy constraints. Being outed as spying on gamer's PC even in a limited form is particularly bad for business because of the current tendency of media to demonise and whip up a complete brown-snow-storm over it.

I believe [XYZ] uses the same model (please correct me if I am wrong). [ABC] on its own provided plenty of data and amazingly eye-opening insights into the current state of game hacking.

Ok need to catch my breath after all that. I will post more about datastream hacking in my next post.

[Raymac]

And go fuck yourself.

[Furret]

So are you gonna get to the part where you suggest how to beat them or are you not done glorifying cheaters yet?

[pscheaters]

Originally Posted by Furret

So are you gonna get to the part where you suggest how to beat them or are you not done glorifying cheaters yet?

Yes I will come to this but I have to admit that I do not have all the answers yet. Going to take a short break from forum posting for now.

[pscheaters]

Datastream hacking, especially passive techniques, are near impossible to detect. The spying/snooping/listening code just have to be able to sit somewhere in the route between your game client and the game server and in-so-doing, does not even have to reside on the same PC.

This form of hacking is synonymous to what is commonly referred to as man-in-the-middle attacks in infosec.

Passive datastream hacking is usually designed to provide the user additional intelligence or information that they are not supposed to have, for example, the infamous radar hacks.

To minimise detection, ideally it should be run on a router PC displaying information on a different monitor. A classic example of this is Excalibur in Dark Age of Camelot.

Active datastream hacking is when the datastream is manipulated or duplicated. For example, the cheaters single bullet can be duplicated into 2.

Fortunately, many game servers these days implement datastream encryption and server side validation constraints.

This form of game hacking technique are not common these days because of the additional hardware and system configuration requirements. It is also necessary to program a new client to display the snooped information. The most undetectable variant of DAOC Excalibur required a Linux PC set up as a gateway router with its own display.

I think these days, you can get away with having everything on the same PC and perhaps even using same monitor/display via DirectX overlays but this makes the cheat much easier to detect.

DAOC GM's had to create fictitious stealthed targets and observe the behaviour of the suspected radar hacker in order to catch them out. Again, this is very costly in terms of time and manpower for the game developers to deal with such cheaters.

[ColRipper]

Personally, my favorite way to beat cheaters is with a baseball bat. This method is effective for any kind of cheating, not just planetside cheating.

[Peacemaker]

Ban hammer incoming!

[FastAndFree]

This could very easily pass as viral marketing. No matter the context, you are advertising how good these cheats are and disclosing the name so anyone who read this could go and find it. It is fortunate that probably the only people who are still around to see it are not interested in getting such an advantage
At least you warned about the dangers too, but I am sadly spiteful enough to wish for anyone who tries it to get what's coming for them.

Profit-oriented cheat distribution services might make it harder to get rid of cheaters in general, but do they make it harder to get rid of them from a specific game? After all, now you just have to make it not profitable to sell cheats for your game so they focus on the rest instead.

Why are we even talking about this? It should not be our task to look for cheaters. And hopefully in PS2 it won't be

[Death2All]

wat

[CidHighwind]

Originally Posted by DeeTwoEh

wat

^^^

[Fate]

Sounds like an ad for [nameremoved]. I really don't understand why people cheat. The whole reason to play is for the challenge. When you cheat you remove any challenge that was there in the first place, just making the game more stagnant and less interesting.

[morf]

As long as the game client runs on the player's machine, there will always be cheaters. Sure you can take measures to detect it, and ban the offenders. Companies have entire departments devoted to this. But cheating is a profitable business, so you end up in this arms race where as the detection methods get more sophisticated, so do the cheats.

The only way to 100% get rid of cheaters would be to put the game client in the cloud (i.e. OnLive) - but that's not happening anytime soon.

[SuperMorto]

Why call yourself PSCheaters? Hmmmm, that provides a good link for google!

And there is no such things as being beat from a cheater!

[NewSith]

Wow! Cheating is cool! I'm gonna go buy some now. Wrap up two, please...


On serious note:

1. I'm with Raymac on this.
2.

I would go so far as suggest warn and counsel instead of ban.

What is the point of this in F2P game?
3. The only real solution is a spyware-anticheat that keeps FILES and HEX-code checked and replaced in real time.

[Justaman]

Originally Posted by NewSith

Wow! Cheating is cool! I'm gonna go buy some now. Wrap up two, please...


On serious note:

1. I'm with Raymac on this.
2.

What is the point of this in F2P game?
3. The only real solution is a spyware-anticheat that keeps FILES and HEX-code checked and replaced in real time.

Doesn't do anything to people who use hacked versions of the "spyware" as you call it, as their's just say everything is A-OK at all times.

There is no way to use anything that requires trust of the client side.

The only way to stop someone from cheating is to not send them the network data, that would let them "cheat".

There is no anti cheat software on earth that cannot be hacked/rendered useless. If it exists on the client end, it can be altered.


Never trust anything that is transmitted from the client side, regardless of what its from. And never tell the client more than you intend them to know. Don't expect that in this day and age simply putting graphics(an in game wall?) and some software(anti-cheat programs?) between the players is enough to stop a cheater.

Sony trusted the client end when it came to PlayStation 3 security. Look where that got them. XD