I'm surprised they haven't taken a look at hardware-based cheating. At that point, the gaming companies may be forced to raise the white flag. After all, what man can make, man can subvert if determined enough.
+5 ROOTKIT OF VENGEANCE defeats forces of gaming good
Security boffins Joel St. John and Nicolas Guigo have developed a rootkit-like gaming cheat system they say bests anti-cheating mechanisms. The iSec Partners hackers say the anti-cheating platforms in use by the world's most popular games cannot stop cheating and actually increase the attack surface open to hackers. In a …
COMMENTS
-
Friday 10th April 2015 07:30 GMT GregC
Re: "Fully streamed"
They say games may need to be "fully streamed"
They can, frankly, fuck right off.
I don't really care either way about people cheating at games (and, at least for single player games, don't understand why anyone thinks it's a big deal), but I've said it before - the day that I can't just play a game, on my own, without needing to be always online is the day I stop buying new games.
-
Friday 10th April 2015 07:38 GMT Anonymous Coward
Re: "Fully streamed"
Indeed they can, it's bad enough games needing to sign into some online service let alone the whole sodding thing coming from one, and given most ISPs inability provide any kind of decent connectivity out in the sticks I couldn't agree more.
On the more technical side, where are their examples of vulnerable systems? I haven't read their PDF but did a quick search for Valve Anti-Cheat, no mention of it. I doubt very much properly written games like Valve's Source games (CSS/HL/Team Fortress/L4D etc.) are affected by this where the game processing is done on the server and the client effectively does the rendering.
I'm with you though, I've been burnt enough with games that require some online component only for it to be shut down making the game useless.
-
This post has been deleted by its author
-
Friday 10th April 2015 10:23 GMT Dr. Mouse
Re: "Fully streamed"
Eventually gaming will become a matter of who has the best equipment, and the best AI, with little or no human interaction. The skill will be in developing the best AIs yourself. Just like real war.
I don't see this happening. Humans like to pit their skills against each other, and this will not change. People will still try to "cheat" with AIs etc, but the majority of people who play games do so because they enjoy it.
I do believe there will be a class of gamer who develops and uses their own AI, but this will be a minority. The class of people who enjoy doing this is a minority, and I don't think that will change. It is just like in life in general. The majority will just get on and do stuff. It is the minority who search for and develop new, more efficient ways of doing things.
On the subject of developing your own AI, I have never viewed this as cheating. There is a vast amount of skill in it. In my view, the ones who are cheating are the ones who just download and install software. However, I know this is a minority view, just like it is a minority view that card counting is just playing Blackjack well.
-
-
Friday 10th April 2015 07:51 GMT jake
"kernel driver providing a rootkit-like functionality to hide activity"
There's your first problem ...
"of its user-mode process"
There's your second problem.
Bottom line? It ain't gonna work. More layers of abstraction at the user level always means more vulnerability overall. IMNECTHO.
"The pair popped"
There is that "popped" meme again. I work system security. Never heard it in the real world. Allow an aging, jaded sysadmin to ask a real question: Where did this meme originate? And why? From time immemorial, the actual term is "cracked". Or do kids these days think they have invented something new?
-
This post has been deleted by its author
-
-
Friday 10th April 2015 09:49 GMT Peter Gathercole
Re: "kernel driver providing a rootkit-like functionality to hide activity"
I'm seriously losing faith in the people that work in computing.
Who in their right mind will take a concept like 'push/pop', which have traditionally been used to work on a stack or a fifo or other buffer-like construct (maybe), and then applies it to an array?
Looking at the Perl document referenced, it looks like it is used on a one-dimensional array, like an argument vector, but that still appears to me to be a serious misuse of a previously used term!
-
Friday 10th April 2015 14:53 GMT desht
Re: "kernel driver providing a rootkit-like functionality to hide activity"
"Who in their right mind will take a concept like 'push/pop', which have traditionally been used to work on a stack or a fifo or other buffer-like construct (maybe), and then applies it to an array?"
That's just how Perl arrays work. They can also be stacks or queues, and efficiently, too: pop/push/shift/unshift generally work in O(1) time (other than potential reallocation for expanding data structures): http://www.perlmonks.org/?node_id=17890
The way Perl does stuff might offend some purists, but it works, and it's convenient. *shrug*
(And they are one-dimensional arrays, but each element can hold anything, including references to other arrays or hashes).
-
Saturday 11th April 2015 14:47 GMT Vic
Re: "kernel driver providing a rootkit-like functionality to hide activity"
Who in their right mind will take a concept like 'push/pop', which have traditionally been used to work on a stack or a fifo or other buffer-like construct (maybe), and then applies it to an array?
In Perl, it means you can take an array type and use it like a stack. It's exactly the concept you expect - just that Perl doesn't worry too much about the base types used...
Vic.
-
-
Friday 10th April 2015 10:48 GMT jake
Re: "kernel driver providing a rootkit-like functionality to hide activity"
Y,y,y ... I know what the heap and the stack are, and how to use them. I wrote my own C compiler decades ago. Somehow, I doubt the kids using "popped" are using it in this context.
Gut feeling is that it's an illogical and computer illiterate extension to BASIC's "peek" and "poke".
-
-
-
Friday 10th April 2015 08:19 GMT Crisp
If professional gamers are really worried about cheating
Then why don't they use a LAN disconnected from the outside world using machines all built to the same spec with the same hardware and no cheat programs on any of them.
It would be fair because they would all be using standardised equipment.
-
Friday 10th April 2015 17:56 GMT Jellied Eel
Re: If professional gamers are really worried about cheating
Some do, ie tournament players play at the event. But to get to the tournament, or become a pro-player you need to get ranking. Which may get boosted by cheating. But then they should be found out if they play in a tournament without their cheat crutches. Or the cheats might have some financial reward, so gold farming, dupes etc. Or they could just be anti-fun, so aimbots or wallhacks in shooters.
So there's a bit of an arms race. Developers create anti-cheat systems like punkbuster or VAC which can already be rootkit-like. Cheaters come up with lower level designs to bypass those, increasing security risks. Not like cheaters who'll happily download random hacks off the Internet are probably too concerned about their security. But to counter this new threat, anti-cheat systems are going to have to become even greater potential security risks.
And to what end? I recently installed some game and discovered it also installed punkbuster for me, and set it to run at startup. All because the game had some online/multiplayer functionality I never intended to use. Or 7 Days to Die just updated. When I click play on that, it gives me an option for a VAC & non-VAC version. So remember which one to click if you want to use the built in cheats in your own sandbox..
So we end up with a situation where we may have to accept installing one rootkit to 'protect' ourselves against another. And we'll have to accept that the good rootkit won't be doing anything privacy or marketing related, and won't be a security risk.
-
-
Friday 10th April 2015 08:26 GMT clocKwize
People have been using kernel drivers to hook core system functionality and expose features via some API to a user land app for years. This isn't news..Even down to the "double paged memory" thing mentioned, which is definitely based on http://phrack.org/issues/63/8.html "shadow walker" released in august 2005. I used to hack games. Its all about finding inventive ways of modifying another application without using any of the same methods as anyone else has released in to the wild (and therefore patched) so if you can totally hide the memory you've changed (at least in the view of the game) you're almost unstopable.
-
Friday 10th April 2015 09:11 GMT DrXym
Streaming does have its advantages
There's nothing more frustrating than to play a game and be constantly picked off by someone not because of skill on their part but simply because they've got better broadband or a PC which lets them get a higher frame rate.
A relatively thin client software could ensure that everyone in the game gets the same graphics, the same framerates and has similar latencies.
And of course it stops cheats.
-
-
Friday 10th April 2015 10:42 GMT DrXym
Re: Streaming does have its advantages
"Everyone can have an equally poor experience..."
Not necessarily at all.
"Game will never get moded so everything will be like them dead games - titanfall & evolve as opposed to the moddable CS:S and L4D".
That doesn't counter my points at all. And nor was I arguing that streaming was better than local play in all aspects, just in particular ones.
-
-
-
Friday 10th April 2015 11:18 GMT DrXym
Re: Streaming does have its advantages
"And why when you have a ps4 do you want to stream it and add latency and use controls not designed for the game (GAIKAI)"
Latency is already a fact of life for multiplayer and that's why things can suck for someone caught on a bad connection or who didn't spend a fortune on a top end PC.
So saying "because latency" misses the point that it's already a problem. Yes, streaming introduces its own latencies but it removes them in other areas. It's also transparently obvious to anyone watching the scene that it's not just Sony who have an eye on streaming. Steam do too, first "in-home" although it's not hard to see that expanding to out of home as well.
-
-
Friday 10th April 2015 12:17 GMT Cuddles
Re: Streaming does have its advantages
"There's nothing more frustrating than to play a game and be constantly picked off by someone not because of skill on their part but simply because they've got better broadband"
...streaming. If people having better broadband is a problem now, a solution in which quality of broadband is the only relevant factor really isn't going to help. If your internet is so bad that it can't keep up with the small amount of data transferred by client-side games, how is it going to cope when the entire game needs to be streamed? Your solution means that instead of people with bad internet potentially having a sub-optimal experience in some games, they won't have any experience with any games at all.
"Latency is already a fact of life for multiplayer and that's why things can suck for someone caught on a bad connection or who didn't spend a fortune on a top end PC."
Nonsense. Connection latency is a problem in keeping clients and servers properly synchronised to each other so everyone sees the same things happening at the same time. The price of your PC is utterly irrelevant to that. It's a function of your internet connection, not your GPU. However, streaming games introduce an entirely new latency between the controller and the game, and that certainly is not a fact of life as things stand. Streaming doesn't fix the connection latency because there will still be just as much lag between an event occurring and your local client knowing about it (in fact more, since as noted above there needs to be more data transferred), but it adds additional latency in places that no current games have it. It's just a terrible idea from start to finish.
"A relatively thin client software could ensure that everyone in the game gets the same graphics, the same framerates"
Fuck everyone else in the game. If I can afford a better PC that can display better graphics and higher framerates, why should I be punished just because other people can't? Do you plan on taking away my house and car as well just because not everyone can afford their own? Forcing everyone to live in tower blocks and take the bus everywhere would ensure that everyone has the same quality of living, but no-one actually thinks that's a good idea - even communist dictators who claim to advocate such things make it clear that it's only a good idea for everyone else, not themselves. What is so special about computer games that mean we should all be dragged down to the level of the lowest common denominator? It would be great if we could all live in mansions with nice cars, fast computers and good internet, but in the absence of such a utopia, taking all the nice things away from people who have them in the name of equality is not the way to do things.
-
Saturday 11th April 2015 10:54 GMT DrXym
Re: Streaming does have its advantages
"...streaming. If people having better broadband is a problem now, a solution in which quality of broadband is the only relevant factor really isn't going to help. "
Maybe read what I said in the first comment eh?
"Nonsense. Connection latency is a problem in keeping clients and servers properly synchronised to each other so everyone sees the same things happening at the same time. The price of your PC is utterly irrelevant to that."
I didn't say "connection latency". I said latency. Latency is lots of things.
"Fuck everyone else in the game. If I can afford a better PC that can display better graphics and higher framerates, why should I be punished just because other people can't? "
Yeah, that's the ticket - the person who spends the most should have the advantage right? Screw all those other people expecting to play a game on a fair and level playing field. With that attitude maybe EA should sell aimbots for $1000.
Frankly you're the reason multiplayer sucks right now.
-
Thursday 21st May 2015 12:42 GMT NumptyScrub
Re: Streaming does have its advantages
Fuck everyone else in the game. If I can afford a better PC that can display better graphics and higher framerates, why should I be punished just because other people can't?
I just buy the developers, and they write the game to always put me in top spot regardless, because it is not cheating if it is all part of the legitimate game code. That's how you pay to win :P
You are saying that you should be able to pay to win, right? That's how I'm interpreting your statement anyway... ^^;
-
-
-
Friday 10th April 2015 09:38 GMT Peter Gathercole
Confusing paper
I'm a little confused. I understand that this is a client-side attack on the games, and as such, it's pretty obvious that it is possible to modify the client machine, which is totally in the cheater's control, to do all sorts of things to manipulate the game and prevent the anti-cheat code operating. After all, with this level of access, you could do anything, including (for open systems) running their own kernel. There ain't no way that a user-land anti-cheat system is going to prevent that.
But looking at the paper, at one point they are talking about Direct3D and DLLs, which is mainly Windows terminology, and then they dive of to describe a Linux attack. Maybe they are trying to show that problem spans OSs, although I did not see a reference to that.
There is another way of preventing this type of attack, although it brings back something that I was hoping was dead.
If the hardware/OS/games are created using the generally hated (at least here) concepts proposed by Trusted Computing Group (previously known as the TCPA and the previous Microsoft Palladium project), it would be possible to implement a hardware and software stack that would prevent client side privileged access to the system unless it was signed by a recognised key. This would at a stroke prevent almost all of this type of client side attack, but at the same time would wrest almost total control of a machine from it's owner, making it a data appliance rather than a PC.
Because the detail in the paper is so scant, it looks to me like it is a scaremongering piece to bring security back into focus, to try to allow vendors of software to take more control of the PC away from it's owners.
Where's the tin-foil hat. I think I need it now.
-
Friday 10th April 2015 22:17 GMT Charles 9
Re: Confusing paper
"If the hardware/OS/games are created using the generally hated (at least here) concepts proposed by Trusted Computing Group (previously known as the TCPA and the previous Microsoft Palladium project), it would be possible to implement a hardware and software stack that would prevent client side privileged access to the system unless it was signed by a recognised key. This would at a stroke prevent almost all of this type of client side attack, but at the same time would wrest almost total control of a machine from it's owner, making it a data appliance rather than a PC."
You will note how little you hear of the Trusted Platform Module outside of tightly-controlled settings such as businesses who need the control for their own reasons. Simply put, it's a non-starter on the consumer (and gamers are a subset of consumers mostly) end. If the only practical solution is to implement a system that isn't accepted by your customers, your market is basically a dead end. Either people won't buy your games because they're full of cheats or people won't buy your games because they won't buy the "secure" hardware needed to run them.
-
-
Friday 10th April 2015 10:07 GMT auburnman
Why is this still an issue?
It's high time multiplayer games distributed anti-cheat software so that the clients are all watching the OTHER clients in a match and came to a consensus about kicking/banning automatically after a certain number of stikes, eg:
-Client_123 suspects client HACKAHACKACODECRACKA be added to suspected cheater watchlist (headshot through wall)
-Client 124 suspects client HACKAHACKACODECRACKA of cheating (6 headshots within 6 seconds)
-Client 125 suspects client HACKAHACKACODECRACKA of cheating (Client 125 player actor dealt 1600 damage to client HACKAHACKACODECRACKA player actor which did not enter death state)
-Consensus reached to kick client HACKAHACKACODECRACKA.
Multiplayer inherently requires the game clients to tell each other what they are doing, it's ludicrous that no-one is using this to automatically catch the signs of abuse
-
Friday 10th April 2015 10:27 GMT Danny 14
Re: Why is this still an issue?
some people are just good though. I used to run GTFO TF2 servers and we had plenty of hack reports on certain players, thing is, we also used to run LAN events and those players turned up - they really were that good. What was funnier was a time we got an admin call for someone who was at the LAN event....
-
Friday 10th April 2015 14:30 GMT auburnman
Re: Why is this still an issue?
Of course you get players that are just good being called hackers*, but there is massive scope for the game client to pick up things that are really obvious exploits like repeatedly getting headshots through walls, surviving attacks that are supposed to be 1 hit kills, using powers their class/level shouldn't have access to to name a few; all of which you see these days and it seems like sweet FA is done about it.
*Oh to be the lucky little shit who thinks someone with an 18-10 KD ratio is hacking - they've clearly never played against an actual hacker in their life
-
Friday 10th April 2015 17:29 GMT Triggerfish
Re: Why is this still an issue?
Our servers, if someone was suspected cheating it meant more than one admin would have to review (that way no accusations of favouritism for our clan, or regulars on the server). But we did have a couple of pro player who liked to drop in because we had well run and decent CS servers, with low tard tolerance from admins. Watching them guys play its easy to see how they get hack accusations, they could join one side take the team to a victoy and then switch side a couple of points from said victory and bring the other team up, and it wasn't like we were bad players ourselves.
-
-
Friday 10th April 2015 12:42 GMT Zacherynuk
Re: Why is this still an issue?
I've thought this too - it may involve bringing some things back to the client side though.(Depending on the game)
Certainly I find it odd that, say an Arma 2 server, can't be configured to easily spot somebody duping / warping / fast travel / messing with loadouts etc... even monitoring cross hair snapping and similar things you look out for when recording footage as an admin about the wield the ban-hammer.
-
-
Friday 10th April 2015 10:19 GMT Anonymous Coward
surely its possible to run games in their own digitally signed VM.
The game and anti cheat software all rolled into one image that runs on some cut down OS. any tinkering with it and it would connect for online play. Stream is probably geared up to do something like this they dish out a player and games come preinstalled on these images. After all BF4 patches are freaking massive these days so a little more wont make any difference.
-
Friday 10th April 2015 10:50 GMT karlkarl
I think streaming is a good idea as long as *we* are the ones who stream it. We might take a bit of a performance hit because we will need to render the scene based on the number of clients connecting to the server but I imagine many more gamers will be happy with this rather than any of that cloud bullshit.
Plus if only the OpenGL commands get sent through and the individual clients render it themselves. it isnt that bad since much of OpenGL is retained on the graphics card these days rather than being sent through each loop (Full disclosure... I am working on something similar for my PhD).
-
Friday 10th April 2015 12:43 GMT breakfast
Maybe cheatable games are not even that fun
Games that can be cheated with bots and auto-aim are a fairly specific subset of very twitch-based game. It seems possible to me that as time and game design move on, the goals of a game may become more creative and less about who has the fastest reactions, at which point the ability to cheat becomes less useful and the ability for server-side validation is increased because the need for instantaneous communication is reduced.