The truth of online game cheating

Axlerod

TAC Moderator
Joined
Jan 31, 2015
The truth of online game cheating

I am a full time software developer and been an overall computer geek since forever. I have also developed several different types of cheats (trainers, aimbots, walls, whatever). No, I don't cheat in online games (I am highly competitive and I think cheating ruins online games and is pathetic). I create 'cheats' for the sake of being a better programmer. I have extensively researched how cheats are programmed and how anti cheat system works -- to some extent I have some merit to speak of this.
With that being said, I am here to dispel false information out there about cheating and hacking in general. This information applies to any game. When I get into conversations with people about cheats/hacks, it seems many people are misinformed. They seem to not understand the severity of cheating, as well as the massive, almost impossible vertical incline anti-cheat needs to climb to ever be on par with actually stopping cheaters -- I am here to tell you about the unfortunate truth and how cheating will always be here to stay.
The main thing to understand here is how anti-cheat works. When you understand this, it becomes clear how cheating is impossible to get rid of.
Anti cheat works in 3 main ways.
1. Signature detection - The detect of certain patterns of bytes in memory, checked against a database
2. Heuristic analysis - Behavior and stat analysis (is this player suddenly winning every game with 10/1 KD, all headshots etc)
3. User reports
1. Signature detection

This is the primary method in which anti cheat functions and cheats are detected. And its the main reason why cheating is is prevalent and can't be stopped. This works very similar to anti-virus. Let me explain a typical cycle.
  1. Hack is developed
  2. Cheater is detected
  3. If available, the hack signature is entered into a database
  4. Now this signature is entered into this database and is always being checked for
This is almost exactly how anti virus works. The virus is let out into the world, its eventually detected. The rouge code is contained, analyzed and entered into a database. When this signature is detected, the anti virus software quarantines that file. The cycle continues.
But here is where things fall down for anti-cheat, specifically step #3. Lets assume a cheater is caught and banned - great, but how is it possible to stop other people from using the same cheat? Well, anti cheat needs to have the signature of the cheat (exactly how antivirus is working). But think about how incredibly difficult that information is to get, its not like they have the 'file' just sitting there.
One of the only ways to actually get the signature is from a memory dump from that users computer, good luck getting that! Even then with that dump, its incredibly challenging to sort thru and actually get a signature. You need to be qualified and know your stuff. Not only that, but even after expelling a ton of resources to fish out a signature and enter into a database, its incredibly easy to modify the code and create another variant of the cheat (junk code, function changes, etc) that masks the signature into a new one.
This is an uphill battle and frankly cannot be solved.
Okay, so lets spitball here for a bit and think of some other ways anti cheat can get signatures. Well, for one, they could just scour the web and download any public cheats they can find off sketchy Russian/Chinese sites and ban those signatures -- cool, this gets rid of bunch cheating script kiddies and other people who cant code, probably ~80-90% of cheats out there, but the real problem still exists. This is a band-aid solution.
Private cheats
This is why its impossible to ever stop cheating. Private cheats. If I create a 100% homebrew cheat (meaning all custom code, no copy-paste, not borrowed function libs or dlls), its 100% impossible for anti cheat to detect me using signature analysis alone. By creating a 100% unique signature, the cheat has effectively circumvented anti cheat's primary method of cheat detection. Methods #2 and #3 are the only other ways now, which I will get into. However, this is the primary evidence that suggests cheating is an unsolvable problem. You can cut out 80-90% of the people who aren't developers, but the remaining people exist in a sort of bubble outside any actual way of getting caught.
Careful cheaters cannot be detected and essentially exist above the rules.
2. Heuristic analysis
This stuff can get pretty complicated, but its a simple concept. This is behavioral and statistical analysis. Lets say you're the average player. You've set a baseline of your performance. Sometimes you have excellent games and spike above that baseline, great, that's normal. You can also improve as a player and over time improve your baseline, that is also normal. You can also totally suck a bunch of games in a row because you let your little cousin player and lower your baseline. That is also normal. Whats not normal is suddenly winning all your games, getting insane KDR, super long range kills, etc.
This is what, in a nutshell, heuristics analysis is. Of course this is very straight forward stat analysis, and anti-cheat is clever and actually go into some insane tracking and analysis that I cant even wrap my mind around (very advance statistics and mathematics). They also track things like how your mouse is moving (they can detect macros, such as AHK) and can determine if you're using aimlock by tracking how you're moving your mouse (example, its unnatural to move your mouse X distance in repeating increments, like a program would do it). There's a whole other plethora of things that make the system pretty insane.
The downside to this is that its waiting for a cheater to make a mistake. A careful cheater who understands this wont trigger these flags. They'll slowly raise their baseline as expected, and wont make big jumps in their game play. They make sure to lose a few games here and there, sprinkle some wins, and overall "game" the system. People do this.
3. User reports
This is pretty straightforward and there isn't a whole lot to say about this... overall though, a careful cheater won't spark anyone's attention.
The conclusion that can be drawn (one that I came to long ago) is that cheating is here to stay. The primary means of detection can be circumvented by custom/homebrew cheats, and a careful cheater wont trigger any flags. Cheating and hacks aren't going anywhere - most likely forever there exists games to cheat on.


 

NetRngr

TAC Moderator
Joined
Sep 26, 2016
It works almost identically to antivirus software it just checks for different stuff.
 

Axlerod

TAC Moderator
Joined
Jan 31, 2015
Yes, what really blew my mind is a recent study, there are as much as 37% cheating in games now. Whether is a full blown aimbot or esp down to macro or video software. It has just gotten way out of hand.
 

NetRngr

TAC Moderator
Joined
Sep 26, 2016
I wouldn't necessarily classify a macro as a cheat, maybe some macros but that's still pushing the limits of the term cheat. If you dont want something to be done in a game say a macro to fire a pistol 5 times in rapid succession simply put in a delay. I remember back in the day of UO of using a macro to mine. If you put a mind numbing task into your game rest assured a macro will be used to accomplish the task. On the video side I can see how the latest thing is unfair and should be labeled as a cheat but simple video enhancement such as move vibrant colors crisper definition meh. Reshade in its stock form simply has configured profiles that adjusts your video cards color spectrum and other settings all with one click. You can do the same if you know how in the supplied driver set so on that front again Meh. Reshade wouldn't exist if game designers would not put such god awful color palates and try and wash out the graphics reducing sharpness.
 

RabidRebel

TAC Moderator
Joined
Nov 16, 2017
I'd agree that not all macros are cheats. Setting up a button to, let's say, perform a complex button series to change a gun setting isn't necessarily cheating. For example, in Recon, you have to equip your pistol, ADS, and hit a button to remove the silencer. The series could be mapped as a macro to make this change seamless at th start of a match.

Where we are getting into trouble is people using them to perform unnatural and humanly impossible feats in PvP shooters. Can some of it be coded out with in-game delays? Sure. Might it make the game feel clunkier or not as responsive? Likely. The Division shows an example of this. People used to spam roll to avoid hit reg in the dark zone. Ubisoft modded rolling to require a few second delay between each. Now you get an awkward gap where it seems like you could roll but cant because of an invisible timer. They also suffered from folks making movement macros that gave them extreme advantages on hit reg detection just by moving unnaturally rapidly back and forth.

We are now seeing this in Siege where Ubisoft has already said they have data supporting button spamming from macros. People have peak/shoot macros that can move faster than any human can see or hit reg may detect. They can squirm around with rapid crouch/prone/stand macros to avoid hits. They have ones that all but eliminate away and recoil. I've seen some that will fire your gun, switch to a side arm and rapidly fire that to empty without any hesitation. It has become an arms race as to who has the best macro software and the best setup. Like ESP, it isn't going to win you every fight, but it does sway the odds heavily in your favor. My hands physically cant move that fast to perform these functions. Even if they could, I would at least likely make a mistake or two. After all, I'm human.

I'm not sure where you draw the line, but one needs to be drawn. I'm human and want to play against humans. I dont want to deal with macros that perform functions faster than my neurons can fire. We need game code that limits the possible response times. We need consequences for those abusing these in PvP environments. We are beyond people just having a macro to spam a resourcing mining key in an MMORPG. These are now elaborate, scripted, functions that are complex enough to rise to the level of hacks.
 

Axlerod

TAC Moderator
Joined
Jan 31, 2015
I figure it is like this, if a game gets released and it is in the game, then it is all fair.

If you have to use a mechanical or software tech in addition to what the publisher releases then it pretty much is a cheat. Whether it be a mild or major cheat, it is still a cheat.

With that said, I do consider that not all macro's are major game changers. Especially with the level some of these guys are going through to not get caught.
 
Top Bottom