Beating cheaters

[pscheaters]

The first step to beating any opponent in any game is learning and understanding everything about them. To do this requires giving your opponent a certain degree of respect, regardless of how much you dislike them or how low they seem to stand relative to the norms of civilised society.

In my other non-PlanetSide-related life, I am a postgraduate research student with plenty of prior industry experience. My specialisation is in information security and a bit of forensics. Game hacking is simply a side-interest because some of the techniques are common to infosec. And to put a cap on the chest-beating, what I know pales in comparison to many lecturers and professionals who specialise in this field.

To keep this short, I will focus on 2 of the harder forms of cheating techniques to beat, because of technical, resourcing, legal, constitutional or reputational hurdles. This is my personal view and if you are aware of other advanced techniques, please let me know (I am interested, but buffer overflow do not count unless ...).

My 2 personal favorite game hacking techniques are:
1. memory injection
2. datastream hacking

Memory injection is designed to change the behaviour of the game client in order to provide an unfair advantage. Most aimbots these days are based on memory injection techniques. Because it is piggy-backing on the main game client program/process, it uses the game's main process register and unless you know what you are looking for, you'd never find it. It can tamper both static data values in memory (easier to detect) and also change program steps and behaviour entirely (much more advanced and requires reverse engineering).

I would like to diverge into [ABC] because it is one of the cleverest service models I have come across. [ABC] basically provides a client that is locked to one PC (which maximises their revenue because it makes pirating or sharing the cheats difficult). Additionally, none of the cheat programs are actually saved as a physical file on your PC. This beats file validation checks that most game clients perform these days. What the [ABC] client does is download the program into memory and waits for your main game process to start. As soon as it has detected that the game process has started, it will inject the cheat code into the main game process.

This link, (R Kuster 2003, "Three Ways to Inject Your Code into Another Process"), amongst others, provide an excellent discussion into how memory injection is done:
[Link Removed]

The other advantages of [ABC]'s model is that it serves to protect its customer base and their apparent "digital assets" in the game world. Every single time a cheat is being used, the user has to authenticate and download a copy of the cheat that resides only in memory.

Soon as some unfortunate customers are banned, [ABC] is able to centrally disable the distribution of the cheat in order to "protect" the existing customers that are yet to be banned from the banhammer. To counter this, some GM's in certain games (e.g. EVE Online, CCP) tend to collect evidence over a period of time and then ban a spate of accounts in one hit. I am certain SOE already knows who are the PS1 hackers.

I have also seen [ABC] constantly evolve their cheats and the speed at which they are able to evolve suggests that [ABC] actually have a bank of various working cheats for certain games. The cheats are not themselves completely original which suggests that netvortex ([ABC]'s maintainer), himself or his team, is particularly skilled at reverse-engineering and machine language programming. He picks up a working cheat that has been released and adapts it for [ABC]'s distribution model. Like viruses, the faster cheats are able to evolve makes it harder for game developers to stay in pace.

Also, looking at netvortex's post on [ABC]'s PlanetSide, he is also extremely smart to make his cheats not obvious and not easily abused, so that [ABC]'s do not register so highly on the grief-scale that game developers are forced to release a countermeasure. Once countered, it creates additional time, work and costs for netvortex to evolve or develop a new cheat.

The other more insiduous side to [ABC]'s model is that he can pretty much run anything on your computer by changing the code that you will download and run (how sure are you that its the PlanetSide cheat code?). He has your computer's GUID and if I were him, I'd log IP numbers that you regularly use as well. In order to avoid being IP-identified by netvortex, I've had to make this post from a netcafe, but I am pretty sure he can still identify me if he really wants to. Yes, please do not disrespect these people. Infosec people of any-colour hats are scary and operate in a much different world than the one you assume to know.

Putting myself in netvortex's shoes, [ABC] is simply an amazingly profitable business proposition. It is something he is good at and he is simply cashing in on it. There is clearly a demand for it and he is simply supplying the goods and services to meet that demand. He does not care about what people think and most likely, do not have the time to read all the [ABC] forum-bashing (and there is plenty of that to go around).

It is also important to remember that game developers are bound by certain legal, constitutional, reputational and privacy constraints. Being outed as spying on gamer's PC even in a limited form is particularly bad for business because of the current tendency of media to demonise and whip up a complete brown-snow-storm over it.

I believe [XYZ] uses the same model (please correct me if I am wrong). [ABC] on its own provided plenty of data and amazingly eye-opening insights into the current state of game hacking.

Ok need to catch my breath after all that. I will post more about datastream hacking in my next post.

[Raymac]

And go fuck yourself.

[Furret]

So are you gonna get to the part where you suggest how to beat them or are you not done glorifying cheaters yet?

[pscheaters]

Datastream hacking, especially passive techniques, are near impossible to detect. The spying/snooping/listening code just have to be able to sit somewhere in the route between your game client and the game server and in-so-doing, does not even have to reside on the same PC.

This form of hacking is synonymous to what is commonly referred to as man-in-the-middle attacks in infosec.

Passive datastream hacking is usually designed to provide the user additional intelligence or information that they are not supposed to have, for example, the infamous radar hacks.

To minimise detection, ideally it should be run on a router PC displaying information on a different monitor. A classic example of this is Excalibur in Dark Age of Camelot.

Active datastream hacking is when the datastream is manipulated or duplicated. For example, the cheaters single bullet can be duplicated into 2.

Fortunately, many game servers these days implement datastream encryption and server side validation constraints.

This form of game hacking technique are not common these days because of the additional hardware and system configuration requirements. It is also necessary to program a new client to display the snooped information. The most undetectable variant of DAOC Excalibur required a Linux PC set up as a gateway router with its own display.

I think these days, you can get away with having everything on the same PC and perhaps even using same monitor/display via DirectX overlays but this makes the cheat much easier to detect.

DAOC GM's had to create fictitious stealthed targets and observe the behaviour of the suspected radar hacker in order to catch them out. Again, this is very costly in terms of time and manpower for the game developers to deal with such cheaters.

[pscheaters]

Originally Posted by Furret

So are you gonna get to the part where you suggest how to beat them or are you not done glorifying cheaters yet?

Yes I will come to this but I have to admit that I do not have all the answers yet. Going to take a short break from forum posting for now.

[ColRipper]

Personally, my favorite way to beat cheaters is with a baseball bat. This method is effective for any kind of cheating, not just planetside cheating.

[Peacemaker]

Ban hammer incoming!

[FastAndFree]

This could very easily pass as viral marketing. No matter the context, you are advertising how good these cheats are and disclosing the name so anyone who read this could go and find it. It is fortunate that probably the only people who are still around to see it are not interested in getting such an advantage
At least you warned about the dangers too, but I am sadly spiteful enough to wish for anyone who tries it to get what's coming for them.

Profit-oriented cheat distribution services might make it harder to get rid of cheaters in general, but do they make it harder to get rid of them from a specific game? After all, now you just have to make it not profitable to sell cheats for your game so they focus on the rest instead.

Why are we even talking about this? It should not be our task to look for cheaters. And hopefully in PS2 it won't be

[Death2All]

wat

[CidHighwind]

Originally Posted by DeeTwoEh

wat

^^^

[morf]

As long as the game client runs on the player's machine, there will always be cheaters. Sure you can take measures to detect it, and ban the offenders. Companies have entire departments devoted to this. But cheating is a profitable business, so you end up in this arms race where as the detection methods get more sophisticated, so do the cheats.

The only way to 100% get rid of cheaters would be to put the game client in the cloud (i.e. OnLive) - but that's not happening anytime soon.

[Fate]

Sounds like an ad for [nameremoved]. I really don't understand why people cheat. The whole reason to play is for the challenge. When you cheat you remove any challenge that was there in the first place, just making the game more stagnant and less interesting.

[pscheaters]

Not really advertising for [ABC]. The reason why I brought up [ABC] is because my current thinking on how to beat game hacking is actually to use [ABC]'s same distribution and application service model to distribute anti-cheat and cheat detection code.

Like [ABC], the anti-cheat code is only downloaded to memory (not to file) and run when the client receives a specific request from the game server (why limit cheat detection to game activation trigger). This also allows the anti-cheat code to be precision-targeted on specific suspect players.

If for some reason the game is rejecting the anti-cheat code, it is possible that the game is already compromised.

This gives the game developers a few advantages:
1. the anti-cheat code is not sitting in a file on the client somewhere that allows cheat developers to reverse-engineer and develop counters
2. with this live code model, the game developers are able to evolve their anti-cheat as fast as the cheat developers ... whoever evolves faster wins this "arms" race
3. the anti-cheat code is run client-side on the suspected cheater(s) which takes the load off server-side performance
4. it does not have to be run all the time and on every one, which benefits client-side performance
5. it is more resource-efficient than hiring round-the-clock GMs to moderate the games, fight cheat with anti-cheat tools that collects all the data/evidence you need for you

Finally, this will sound controversial. I would go so far as suggest warn and counsel instead of ban. It goes with my system of belief that rules should first seek to rehabilitate people into becoming better citizens than outcast them or condemn them forever to a life of crime. Introduce a 3-strike rule so that the punishment is commensurate with the crime and repeat offenders get increasingly severe punishments meted out. Why do this? When players are rehabilitated, it starts to sap the demand for cheats. When you kill demand, you also kill the supply. In the end, everyone benefits from the experience of a healthy player base.

The ideas I am suggesting here are not new and may have already been considered or even implemented by PS2's development team. It is just that no game seem to have pulled it off successfully and there are many of us that want to see PS2 succeed where many other games have failed.

[Bags]

Originally Posted by pscheaters

Finally, this will sound controversial. I would go so far as suggest warn and counsel instead of ban. It goes with my system of belief that rules should first seek to rehabilitate people into becoming better citizens than outcast them or condemn them forever to a life of crime. Introduce a 3-strike rule so that the punishment is commensurate with the crime and repeat offenders get increasingly severe punishments meted out.

[SuperMorto]

Why call yourself PSCheaters? Hmmmm, that provides a good link for google!

And there is no such things as being beat from a cheater!