Anti-cheat ideas

[ImorallySourcedElectrons]

29 minutes ago, Thomas A. Fine said:

Universality: sure it doesn't help if you buy this mouse, but your opponent doesn't.  I suppose any such hardware-based solution is dependent on 100% adoption, at least within some context.  e.g. games that have casual and competitive play might require such a mouse for competitive, or they might add a third "secure" category for those that want to join.  Within that category, you get the desired assurances.

Well, to actually get into the more technical side of the issue: there's no way to establish a clear chain of trust with your proposal, both at a hardware level and a software level. You can attack the hardware by directly interfering with the sensor (heck, even for an e-sports event you could modify a mouse to the point where it would be undetectable that this was done to it without internal inspection), you can attack the driver, you can attack the code that verifies your signed data, etc. You must assume the operating system itself is hostile when you wish to implement security at this level and have any chance of achieving the desired outcome.

 

Heck, the only reason hardware security works for consoles is because it's basically a secure enclave on a macro scale with complete control of both hardware and software, but even there they had to start implementing cryptographical protection between the individual elements on the circuit board to prevent people from getting in, and any sort of arbitrary software execution (even if the software is handled as unsafe) usually leads to people finding cracks in the armour and making their way in. Now imagine what you can do when you can strap in a debugger and run through the code instruction by instruction and check what happens in the memory. And HASP dongles are basically security through obscurity in most instances, so don't expect that technology to come to the rescue.

[Thomas A. Fine]

14 minutes ago, ImorallySourcedElectrons said:

Well, to actually get into the more technical side of the issue: there's no way to establish a clear chain of trust with your proposal, both at a hardware level and a software level. You can attack the hardware by directly interfering with the sensor (heck, even for an e-sports event you could modify a mouse to the point where it would be undetectable that this was done to it without internal inspection), you can attack the driver, you can attack the code that verifies your signed data, etc. You must assume the operating system itself is hostile when you wish to implement security at this level and have any chance of achieving the desired outcome.

 

You can't attack the driver.  The mouse generates signatures.  They're forwarded to the remote server which verifies them.  Any tampering breaks the signature.  The hostility of the operating system is irrelevant.  Hacking the game software is irrelevant.  You either send the signed mouse data to the server confirming the mouse motions, or you don't.  You could break in to the server and hack that, but at this point we're talking about committing felonies to cheat.

You CAN attack the sensor by directly interfering with it.  One possible mitigation would be building in an accelerometer within the tamper-proof envelope that confirms, in broad terms, that the detected mouse movements are matched with real-world accelerations, and refusing to sign movement data if this doesn't happen.  So if you put the mouse on something that faked the visual indications of motion it would fail.

 

Even THEN, you could defeat it.  But, it's a matter of effort and cost.  You couldn't do it on a widespread basis. Whatever you did would require extensive and careful physical modification.  It would be one-off.  And I seriously doubt you could do it in a way that would pass visual inspection, in the case of a an in-person competition.

[ImorallySourcedElectrons]

2 minutes ago, Thomas A. Fine said:

You can't attack the driver.

Why? The software has to request the signatures from the hardware through the operating system, and the software cannot verify the driver - and those HASP developers sure have tried. So if you figure out how to generate said signature, writing a custom driver is a very trivial way to completely bypass your system altogether without ever touching the hardware.

 

For added fun, you're going to have to implement this as a separate USB device, because otherwise you'll lose compatibility with older USB HID standards, which would cause havoc with things like UEFI/BIOS mouse support, which means I don't even have to mess with the regular mouse driver to imitate the security features most likely.

 

7 minutes ago, Thomas A. Fine said:

The mouse generates signatures.  They're forwarded to the remote server which verifies them.  Any tampering breaks the signature.  The hostility of the operating system is irrelevant.  Hacking the game software is irrelevant.  You either send the signed mouse data to the server confirming the mouse motions, or you don't.  You could break in to the server and hack that, but at this point we're talking about committing felonies to cheat.

Again, what prevents me from reverse engineering or gaining access to the method that generates the signatures? All it takes is one mistake by one supplier at any point along the way to compromise your entire system, lest we forget about the entire AACS fiasco. And even then, when the community who wants to bypass said system is big enough, they'll brute force it if necessary, a classic example of that is the TI calculator firmware key.

 

This would also completely eliminate the ability of third parties to run dedicated servers with your anti-cheat system, lest you wish to release the server side code - which would once again enable attacks, making it defacto useless if your game would require something like server side mod support.

 

31 minutes ago, Thomas A. Fine said:

You CAN attack the sensor by directly interfering with it.  One possible mitigation would be building in an accelerometer within the tamper-proof envelope that confirms, in broad terms, that the detected mouse movements are matched with real-world accelerations, and refusing to sign movement data if this doesn't happen.  So if you put the mouse on something that faked the visual indications of motion it would fail.

You're thinking too high-tech, just solder some wires to it and hook up an MCU that's acting as another device and implement a small USB hub inside the mouse. Have the cheat software talk to the custom USB device when inputs are required. And if I can attack the optical sensor, why can't I attack the accelerometer? Or are we now also making special accelerometers that encrypt the data they send to the MCU that handles the interfacing? Because unless if you implement some intricate handshaking mechanism there and then agree on continuously modifying the "key", this one is also quite easy to open attack by learning and data repetition. But now we're into "a couple of million USD worth of ASIC development" territory.

 

44 minutes ago, Thomas A. Fine said:

Even THEN, you could defeat it.  But, it's a matter of effort and cost.  You couldn't do it on a widespread basis. Whatever you did would require extensive and careful physical modification.  It would be one-off.  And I seriously doubt you could do it in a way that would pass visual inspection, in the case of a an in-person competition.

Cost is the exact reason why this is never ever happening, even where the solution (HASP dongles) can cost hundreds of euros/dollars and be as intrusive as you can possibly imagine, they failed. Now you have to implement even better security at a fraction of the cost and widely deploy it to a massive crowd that will already be out to break the system to be able to use their favourite keyboard and mouse. Best case scenario they try to brute force it like happened with the TI calculator firmware - which is a significant threat if we're talking about a couple of million people with access to the latest generations of GPUs - worst case scenario someone screws up or leaks before it's even brought onto the market, and you have a driver that imitates your hardware solution launching on the same day as your first game.

 

And to cover the next most likely angles: 

• Disabling support for multiple HID devices of the same type is also impractical, because this would also prevent something like a laptop with a trackpad and external mouse from working.
• The cheat device can easily hide its identity as something entirely different.
• Detecting USB hubs would pretty much eliminate the ability to use cheap motherboards. 
• If you ban the keys that were leaked, you're most likely going to brick a lot of expensive hardware for a lot of people, requiring extensive recalls. And now you're also running centralized key management servers.
• The server sending challenges to the hardware would only be a temporary stay of execution most likely.

It sounds nice conceptually, but there are massive problems implementing this sort of system if the user has no interest in keeping the system secure. These sort of issues is also why we don't blindly trust things like smart card readers attached to computers.

[Poinkachu]

1 hour ago, Thomas A. Fine said:

But, it's a matter of effort and cost.  You couldn't do it on a widespread basis. Whatever you did would require extensive and careful physical modification.  It would be one-off.  And I seriously doubt you could do it in a way that would pass visual inspection, in the case of a an in-person competition.

From my experience of more than 10 years of online gaming... when there's money involved, they will do it. Even more so if the amount of money is huge.

Then after they've become consistent in doing the mods, they'll try to find a way to do it faster, then either sell the finished products or provide a tampering service.

 

GameSharks, Jailbreaks, etc.

 

But yeah, adding a lot of stuffs into the mouse gonna add some weight & price.

[Thomas A. Fine]

30 minutes ago, ImorallySourcedElectrons said:

Why? The software has to request the signatures from the hardware through the operating system, and the software cannot verify the driver - and those HASP developers sure have tried. So if you figure out how to generate said signature, writing a custom driver is a very trivial way to completely bypass your system altogether without ever touching the hardware.

This is an incorrect understanding of what I'm suggesting.  The signatures would be generated inside the mouse.  The OS and drivers are not involved.

 

30 minutes ago, ImorallySourcedElectrons said:

For added fun, you're going to have to implement this as a separate USB device, because otherwise you'll lose compatibility with older USB HID standards, which would cause havoc with things like UEFI/BIOS mouse support, which means I don't even have to mess with the regular mouse driver to imitate the security features most likely.

It would most likely appear to be a separate USB device, that generates signatures.  This means the mouse itself will behave 100% like a normal mouse with no changes.  And it doesn't matter that it's a separate channel, because the signatures generated must match BOTH the actual mouse data that was generated, AND the on-file manufacturer's public key database.

 

30 minutes ago, ImorallySourcedElectrons said:

Again, what prevents me from reverse engineering or gaining access to the method that generates the signatures? All it takes is one mistake by one supplier at any point along the way to compromise your entire system, lest we forget about the entire AACS fiasco. And even then, when the community who wants to bypass said system is big enough, they'll brute force it if necessary, a classic example of that is the TI calculator firmware key.

You could physically strip down a mouse, and if you got past the tamper-proof tech without destroying it.  At this point there's no downloadable easy product that thousands of people would use.  It's one-at-a-time, expensive individual solutions.

 

There's no way to "brute force" this.

30 minutes ago, ImorallySourcedElectrons said:

This would also completely eliminate the ability of third parties to run dedicated servers with your anti-cheat system, lest you wish to release the server side code - which would once again enable attac

So release the server side code.  Signature verification is basic and stone simple. And the vendors public keys would have to be public in the first place.  The algorithm is as public as web server certificate verification.

30 minutes ago, ImorallySourcedElectrons said:

You're thinking too high-tech, just solder some wires to it and hook up an MCU that's acting as another device and implement a small USB hub inside the mouse. Have the cheat software talk to the custom USB device when inputs are required. And if I can attack the optical sensor, why can't I attack the accelerometer?

Tamper proof packaging typically encases the package in some sort of potting compound.  Which may have wires embedded that can't be cut or shorted without permanently destroying the internal circuitry.  There's other things that make it difficult.  So stripping down to the bare board is extremely difficult, and many mice would be sacrificed along the way.  Without bare board access, the only way to fake an acceleromter is with... acceleration. So now we're back to a robot arm to move the mouse around. Expensive.  Won't work in person.  Drastic reduction in cheating.

30 minutes ago, ImorallySourcedElectrons said:

Cost is the exact reason why this is never ever happening

The technology to build in secure tamper-proof digital signatures is coming.  Whether it will really end up in  mice or not, I don't know, but it is going to be produced, because of the need in cameras and audio recorders, to protect against photoshopping and deep fakes.  It will move into consumer products, it will be widespread, and it will be cheap.

[Thomas A. Fine]

Here's an example of a real product that internally produces digital signatures to be able to detect after-the-fact tampering.  We will only see more and more of this in the future.  It will become commonplace and cheap.

https://petapixel.com/2022/08/08/sonys-forgery-proof-tech-adds-crypto-signature-to-photos-in-camera/

[NF-A12x25]

2 hours ago, Thomas A. Fine said:

But if you had to get a drill and a microscope and buy a gaming mouse and carefully drill through the potting compound and insert probes and have a one in 20 chance of being able to bypass the tamperproof defenses of the device, so that you could cheat... you've raised the bar to the point where it's now a rarity.  Would someone do it?  Yes.  But you would not have the experience of going online and getting pwned over and over again by cheaters.

any “tamper proof” mice and keyboards would necessitate a mechanism so sensitive that it’d probably be triggered by hard movements and would certainly shorten the lifespan of the device. Also, you’re fucking over literally everyone who builds/mods their own keyboards (very large portion of the community) and mice (smaller but still significant portion of the community)

 

Bottom line, terrible idea no matter how much you try to justify it. A better option is a ring 0 anticheat, but even those often interact badly with certain non-cheating related software (say, certain mouse drivers). Take Valorant’s Vanguard for example. It renders the game very difficult to cheat on, but people still complain about it because it runs at ring 0, sometimes screws with software that’s totally harmless, etc

Honestly this reads like copege from someone who gets shit on too often in online games. Maybe try other games that aren’t as toxic or have kernel level anticheats.

[Thaldor]

55 minutes ago, Thomas A. Fine said:

----

You do realize that the amount of games your "encrypted periphery" would bring any kind of improvement are like: Let's say within a decade there's around 10 or 20 really massive online games that pull a lot of population, from those only like 5 really suffer from cheating and the rest have mitigated it already by themselves, from those 5 probably 4 won't give 2 cents about the game or directly/indirectly will profit from cheating. There's probably 100 more minor games but they never live long enough that someone would spent extra 20 animal belts for the mouse and the keyboard to play only them. And even then we are talking like 10-20% probably even less of games released in the decade.

 

Now you must also include the price. From those 10-20 games in a decade most will be free-to-play and they run on potatoes because that is the way to get the massive amount of players to make the whole thing profitable. The thing about that consumer mass is that that 20 US dollars extra for a mice just doubled or even quadrupled the value of their mouse. If you went by the normal regional pricing to make sure most of the people even have the dough to pay for such a luxury item you would end up with the problem of value, because now your encrypted mouse would be competing with price with the flagship mices from everyone else, like we would be probably talking about 150 USD to offset the losses coming from places where that 20 USD is a lot of money (like if we take direct game prices for let's say Forspoken which costs 79,99€ or $69,99 or 65,77€ and then you go to Argentina and it costs 4099 ARS$ or 19,45€, 1/4th of the price) because unlike with a digital game that doesn't cost anything to reproduce, package and transport, your mouse will have costs per unit.

 

here you also need to understand one thing. The main target of your product should be the top of the players which then could influence downwards and at that point you really need to make a GOOD product, not just some couple bucks worth Chinese piece of garbage with Raspi slapped on top of it. Or start to sponsor them with more money than Razer, Logitech, MSI and others do so they would use their products.

 

Yeah yeah, I heard you the first time you said that "that's why every manufacturer should be in it". Want to guess what? The manufacturers cannot even get common ground about ARGB-connector pin layout but have currently at least 2 different types which do use the same headers but the pins are different and unless the MB manufacturer was nice enough and made their MB support both of them, you ain't going to use both of them but the one that your MB manufacturer supports. That was only something which is kind of regulated and standardized, want to guess how many softwares can actually control every single keyboards RGB lighting? AFAIK, none, some of them have even gone out of their line from time to time and hindered competitors softwares from working because that is a wonderful idea. And you think suddenly they all would shake their hands and agree to support one single system that none of them developed? And no, IEEE or any other standardization organization that could bend every manufacturer to support it aren't interested about gaming enough to make some gaming specific standards, they have way more important things to use their time than games.

 

Lastly the developers still would need to give their part and you can go and look how much, for example, Wargaming cares about bots in World of Bots.... I mean World of Tanks. They don't or if they do the bots multiply way more rapidly than they are removed. Sarcastically you could also say they really care about players since their main marketing point is how many active players they have, as in completely and totally "not" including the bots. Or how much EA cares about customer feedback, and without any hint of sarcasm I will add that the only customer feedback EA listens is the customer wallet. So you can guess how many developers would be lining up to support your encrypting mouse only from their customer feedback from the subreddit, forums or random dudes YT channel which all combined probably consist like 20% of the playerbase and probably if you drop the inactive ones <5%. You could of course pay for them to support it but at that point we aren't talking about some pocket change amounts and every cent of those will be reflected to the price of the mouse.

Fast edit before submit: You brought in the tamper proofing, forget the $20, it will be more like $50 at least probably closer to $100, so we are talking about halo products. Also right to repair says "hi".

[NF-A12x25]

1 minute ago, Thaldor said:

Also right to repair says "hi".

this is definitely my biggest concern. Any sort of tamper-proof mechanism always bites the consumer right in the ass and often fails at what it was actually intended to do.

[Poinkachu]

29 minutes ago, Thomas A. Fine said:

Here's an example of a real product that internally produces digital signatures to be able to detect after-the-fact tampering.  We will only see more and more of this in the future.  It will become commonplace and cheap.

https://petapixel.com/2022/08/08/sonys-forgery-proof-tech-adds-crypto-signature-to-photos-in-camera/

I don't know whether or not Sony continued that plan since I can't seem to find anything about it on google aside from 2022 articles stating that Sony has a forgery-proof tech applicable only to Alpha 7 IV only for business and needs to apply for license first.

 

Considering the current world we live in, there ought to be one or two review about the actual thing in real world application. If Sony continued the project that is.

[Thomas A. Fine]

2 hours ago, Thaldor said:

Fast edit before submit: You brought in the tamper proofing, forget the $20, it will be more like $50 at least probably closer to $100, so we are talking about halo products. Also right to repair says "hi".

I can't imagine what would make this cost $100 more. Plenty of mice have the processing power to do this already, and there's even at least one mouse out there with accelerometers.  Sure it's pricey, but it's not really insane compared to other high end gaming mice.  The only new thing is tamper-proof encapsulation of the electronics, and this is not alien technology either.

 

And it's surprising that people who are tech savvy don't understand economies of scale.  Once a product like this exists and people buy it, it will only get cheaper over time.  And, as I said, this sort of tech is coming with or without a mouse that digitally signs stuff.  I'd be surprised if it cost more than $20 to add this to a mouse early on, and later, when tamper-proof digital signature encoders become more ubiquitous, I'd be surprised if it added two dollars.

 

Regarding right to repair: mouse repairs are almost entirely focused on the mechanical aspects of a mouse.  When it is the electronics, it's extremely rare that a repair involves more than soldering a broken connection (at least, in something simple like a mouse).  How many actual repair people are hooking a mouse up to a diagnostic equipment to replace a bad chip on the board, instead of just replacing the entire electronics package or just throwing it all out?

 

But also the tamper-proof measure of encasing in potting compound would actually make them much more safe from harm if you drop them or whatever.  If a relatively standard package was used, it may well become possible to entirely move your tamper-proof electronics module to a new mouse body, eliminating a bunch of e-waste and reducing cost and leaving behind only plastic to be recycled from the old body.  The requirement to put all the electronics in a single package could actually be a win overall.

[Mark Kaine]

4 hours ago, Caroline said:

the extremely toxic gaming community is why I don't play online games,

i mean sure thats a thing, but i typically don't see it as that big of an issue... i just started playing Overwatch few weeks ago, and yes, there's definitely some toxicity where im actually wondering how these players arent banned because its very obviously a reoccurring issue thats easy to detect...  but! honestly ~ roughly this happens every 10th game or so and its not even as bad as it sounds,  usually someone shuts them up real quick or you just mute them, no one really cares that they suck at the game and are extremely salty about it, its just a bit hilarious and embarrassing (for humanity) so idk happens everywhere basically, not just games? 

 

4 hours ago, Caroline said:

P2W

Does OW have p2w? i dunno,  i have seen people say that, but i don't see how... it has terrible monetization,  but thats about it and probably hurting the publisher more long term because everyone sees how predatory / overpriced  it is. 

 

 

Played a similar game recently also which there wasn't much toxicity at all, especially once i went onto the asian server (funny enough) i actually had a lot of people helping out and teaching the game -- and i actually won tons of games it was fun (game is called Naraka, basically a battle royale hack n slash...)

 

 

I think the main issue with OPs ideas is that none of them would work or are feasible and actually create even more problems than there already are (and probably even make it easier to cheat...) 

 

Im not saying there aren't cheaters, there obviously are, but i do feel that games with dedicated modern anti cheat do a pretty good job, or in other words dont play games where these issues are rampant  -- gotta say worst i saw was years ago on playstation 3, some games where basically unplayable due to cheaters, and these games obviously didn't have a dedicated anti cheat either.

 

 

but honestly? depending on what you play the cheating issue isn't that big, and most people in OW are actually friendly in my experience, for example . (same as with that Chinese hack n slash game...)

 

ps: honestly from my observations, i suspect most games with cheat problem and the resulting toxic "community" are Valve games, like csgo etc, basically avoid these, because Valve literally thrives on this , and you should mostly be good.  and yes, you just have to look at Steam forums to see where the toxicity comes from... 

 

 

 

 

 

 

 

[oali24]

15 hours ago, SansVarnic said:

I presume your joking but just in case.

Absolutely not. Ever heard the phrase "if you want it done as wrong as possible involve the government?" or if you want it done better don't involve the government", "how can we fail more? ask the government".

 

No I have not ever heard of such a saying ever in my life. That the government doing things is innately bad, if the government is bad they will be a bad government if the government is good they will be a good government.

[SansVarnic]

37 minutes ago, oali24 said:

No I have not ever heard of such a saying ever in my life. That the government doing things is innately bad, if the government is bad they will be a bad government if the government is good they will be a good government.

Your young but that is ok, you will understand later. But for now, I'll leave you with this, never trust the government to do something that you can do better for yourself. 

 

11 hours ago, oali24 said:

how is that involving the government, that is just private companies using identification documents, I don't think you would argue that identification documents should not exist?

If you use a government id, you have to utilize the data base maintained by the gov to ensure its accuracy of the data, thus you are involving the gov. Once ou open the door, it doesn't really ever close.

Edited March 5, 2023 by SansVarnic

[Loki0111]

I tried to propose my idea of having every GPU include a built-in claymore which could be remotely triggered by a positive hit on online anti-cheat. The hardware developers were not as impressed by this idea as I expected them to be.

[jagdtigger]

7 hours ago, TechlessBro said:

This is why anticheat needs to be a OS or AV level problem.

If its SW it can tricked, evaded, or straight up disabled and replaced with a fake sending "all ok" responses. If you want cheaters gone you have to throw actual manpower at it and not the cheap kind.....

[ImorallySourcedElectrons]

8 hours ago, Thomas A. Fine said:

This is an incorrect understanding of what I'm suggesting.  The signatures would be generated inside the mouse.  The OS and drivers are not involved.

Ok, so how do these signatures magically end up on the server? Your program is not allowed to talk to the hardware directly, it does not have the level of access to do so and demanding that level of access would open up massive security holes. So your game will have to talk to a driver, and that driver will have to go and fetch that data from the USB device, which will then provide it to your software (and good luck with the timing on that one given USB), which will then have to send it to the server. So that really is a significant vulnerability with hardware based security systems. And even variants where the server sends additional data that is uploaded to the mouse to work as part of the verification/encryption scheme would not help with this, because that is also fairly trivial to implement in software if necessary.

 

Meanwhile, if I'm familiar with the encryption scheme I can write my own driver implementing the same hardware interface, and I can simply grab the data from the standard HID driver, generate the desired signature, and pass it on to your program. In fact, even if your device directly starts talking to the next level up in the food chain, I can still implement my own virtual USB host controller and work through that. That's why I am saying you cannot trust the operating system in this entire exercise, it is actively working against you, even if you make it as aggressive, intrusive and draconian as you want. All you've done is pretty much ensure that every antivirus would scream in terror, turn yourself into the next Sony, and probably made Ubisoft look good in comparison.

8 hours ago, Thomas A. Fine said:

It would most likely appear to be a separate USB device, that generates signatures.  This means the mouse itself will behave 100% like a normal mouse with no changes.  

The fact that it's a separate device makes it way easier, it means your HID and verification data won't be in sync.

 

8 hours ago, Thomas A. Fine said:

It would most likely appear to be a separate USB device, that generates signatures.  This means the mouse itself will behave 100% like a normal mouse with no changes.  And it doesn't matter that it's a separate channel, because the signatures generated must match BOTH the actual mouse data that was generated, AND the on-file manufacturer's public key database.

This literally leads to the same flaw that did in AACS, you're sharing private keys with millions of devices, and you can't revoke them because that'll piss off a large swat of customers: https://en.wikipedia.org/wiki/AACS_encryption_key_controversy 

 

8 hours ago, Thomas A. Fine said:

You could physically strip down a mouse, and if you got past the tamper-proof tech without destroying it.  At this point there's no downloadable easy product that thousands of people would use.  It's one-at-a-time, expensive individual solutions.

Just one person has to do it to extract the key for that particular manufacturer, and that's assuming it doesn't leak. We're talking about a competitive market (e-sports) with some tournaments where people make millions, so there's plenty of financial incentive to just bribe someone to break the system. And giving each device its own unique key would be a nightmare, because now you got to run a centralized service that has a database of these public keys. And even then there are serious security concerns with this approach, which is why smart cards work the the way they do.

 

8 hours ago, Thomas A. Fine said:

There's no way to "brute force" this.

Except it really is if there's enough incentive, this is literally what took out TI's (at the time reasonably secure) firmware protection.

 

8 hours ago, Thomas A. Fine said:

So release the server side code.  Signature verification is basic and stone simple. And the vendors public keys would have to be public in the first place.  The algorithm is as public as web server certificate verification.

Which gives me the necessary information to really start attacking it, because now I don't have to risk getting banned to try out if my signature generation code works.

 

9 hours ago, Thomas A. Fine said:

Tamper proof packaging typically encases the package in some sort of potting compound.  Which may have wires embedded that can't be cut or shorted without permanently destroying the internal circuitry.  There's other things that make it difficult.  So stripping down to the bare board is extremely difficult, and many mice would be sacrificed along the way.  Without bare board access, the only way to fake an acceleromter is with... acceleration. So now we're back to a robot arm to move the mouse around. Expensive.  Won't work in person.  Drastic reduction in cheating.

The technology to build in secure tamper-proof digital signatures is coming.  Whether it will really end up in  mice or not, I don't know, but it is going to be produced, because of the need in cameras and audio recorders, to protect against photoshopping and deep fakes.  It will move into consumer products, it will be widespread, and it will be cheap.

This one is always fun to read about as someone who works in electronics packaging:

• Glob tops and potting compounds can be dissolved, it's just that most hobbyists don't have the patience to wait a day or two to do it properly. And in any case, you can just go after the bond wires in most instances: measure electrical continuity between the package pads and a drill bit, and slowly advance the drill bit downwards until you reach the bond wires. (You can do the same with a fine tip soldering iron by the way with some IC packages.) Flip-chipping would buy you a couple of additional hours of protection at most, since it'd take more time to get rid of the underfill.
• The "embedded wires that can't be cut" generally works by including said data in SRAM in combination with a battery, once the power is cut, the data in the SRAM is lost. This requires inclusion of a battery, if the battery depletes after a couple of years you have an expensive brick of a mouse. Good luck getting that one past lawmakers who are already complaining about phone chargers causing massive garbage piles.
• "So stripping down to the bare board is extremely difficult,": It really isn't, that's a Tuesday thing.
• "and many mice would be sacrificed along the way.": Realistically speaking, maybe three?
• "Without bare board access, the only way to fake an acceleromter is with... acceleration.": The only way you're going to prevent faking the accelerometer data is by making it a monolithic die together with the optical sensor and the USB device, something which has profound technological issues. And even then one could still go after the mouse buttons to make auto-clickers.
• "So now we're back to a robot arm to move the mouse around. Expensive.  Won't work in person.  Drastic reduction in cheating.": We're really not, your entire assumption is based on the fact that we cannot tamper with the hardware, but we can. Additionally, you can externally influence accelerometers, depends a bit on the operational principle but, for example, some of the early capacitive MEMS ones were incredibly sensitive to external electric fields.
• "The technology to build in secure tamper-proof digital signatures is coming.  Whether it will really end up in  mice or not, I don't know, but it is going to be produced, because of the need in cameras and audio recorders, to protect against photoshopping and deep fakes.  It will move into consumer products, it will be widespread, and it will be cheap.": I have yet to see a method that will actually stand up to serious attacks if the attacker has access to the hardware that generates the data.

9 hours ago, Thomas A. Fine said:

Here's an example of a real product that internally produces digital signatures to be able to detect after-the-fact tampering.  We will only see more and more of this in the future.  It will become commonplace and cheap.

https://petapixel.com/2022/08/08/sonys-forgery-proof-tech-adds-crypto-signature-to-photos-in-camera/

May I suggest you read https://c2pa.org/specifications/specifications/1.2/specs/C2PA_Specification.html#_overview ?
This has the same issue as signing digital documents, if the person doing the signing has malicious intent it ain't going to stop them from signing the data. The chain of trust is everything with these sort of applications, and I do not see how you're going to establish it and maintain it.

 

6 hours ago, Thomas A. Fine said:

I can't imagine what would make this cost $100 more. Plenty of mice have the processing power to do this already, and there's even at least one mouse out there with accelerometers.  Sure it's pricey, but it's not really insane compared to other high end gaming mice.  The only new thing is tamper-proof encapsulation of the electronics, and this is not alien technology either.

 

And it's surprising that people who are tech savvy don't understand economies of scale.  Once a product like this exists and people buy it, it will only get cheaper over time.  And, as I said, this sort of tech is coming with or without a mouse that digitally signs stuff.  I'd be surprised if it cost more than $20 to add this to a mouse early on, and later, when tamper-proof digital signature encoders become more ubiquitous, I'd be surprised if it added two dollars.

 

Regarding right to repair: mouse repairs are almost entirely focused on the mechanical aspects of a mouse.  When it is the electronics, it's extremely rare that a repair involves more than soldering a broken connection (at least, in something simple like a mouse).  How many actual repair people are hooking a mouse up to a diagnostic equipment to replace a bad chip on the board, instead of just replacing the entire electronics package or just throwing it all out?

 

But also the tamper-proof measure of encasing in potting compound would actually make them much more safe from harm if you drop them or whatever.  If a relatively standard package was used, it may well become possible to entirely move your tamper-proof electronics module to a new mouse body, eliminating a bunch of e-waste and reducing cost and leaving behind only plastic to be recycled from the old body.  The requirement to put all the electronics in a single package could actually be a win overall.

Putting separate dies in a single package won't provide sufficient protection, manufacturers learned that the hard way. You're talking about making one hell of an ASIC that includes MEMS, a fairly bright light source, a camera, and complex digital logic in one monolithic die, which is then packaged in an entirely custom manner to enable acting as an optical sensor for a mouse. That's a multi-million euro project right there, and folks have probed chips at home to extract security keys for media devices so you're not even guaranteed that'd save you. It's very easy to say that we should implement hardware security, but I don't think you grasp the technical side of what you're proposing, you're seeing hardware as an impenetrable black box, while I'm seeing hundreds of attack vectors.

 

And as to repairing mice, folks replace switches all the time: https://www.google.com/search?q=replacing+mouse+switches+reddit&oq=replacing+mouse+switches+reddit

[Mark Kaine]

9 hours ago, Thaldor said:

You do realize that the amount of games your "encrypted periphery" would bring any kind of improvement are like: Let's say within a decade there's around 10 or 20 really massive online games that pull a lot of population, from those only like 5 really suffer from cheating and the rest have mitigated it already by themselves, from those 5 probably 4 won't give 2 cents about the game or directly/indirectly will profit from cheating

That's the thing, what even are these games that need these kind of cheat protections...? I don't see that every game has this issue, just those where the publishers either don't care or directly profit from it (Rockstar and Valve come to mind for example) 

 

That OP thinks 1 false detection = ban for *all* games is a good idea is proof enough how delusional this idea really is - that's besides the technical issues with a 1 size fits all "crypto solution" would come with.

 

 

But, no, seriously,  what games? Why is something intrusive like this needed,  even for games and players that don't have this issue in a widespread form?

 

 

@Thomas A. Fine Seriously,  what games are we talking about and do you really not understand the implications of such a proposal?  Just because it can be done (technically,  somehow) doesn't mean its a good idea or that its foolproof... 

You also are aware that there a legit use cases for something like e.g. CE, right?

 

Really the problem im having here is you want this "all in one solution" even for games and people who don't play games with rampant cheat issues to begin with,  and thats the people who will suffer from your "solution" the most... the cheaters will just keep cheating  - your idea is not foolproof at all.

 

 

 

36 minutes ago, ImorallySourcedElectrons said:

That's a multi-million euro project right there, and folks have probed chips at home to extract security keys for media devices so you're not even guaranteed that'd save you. It's very easy to say that we should implement hardware security, but I don't think you grasp the technical side of what you're proposing, you're seeing hardware as an impenetrable black box, while I'm seeing hundreds of attack vectors.

 

That's exactly the problem with OPs idea, they think they thought it all throu, but of course did absolutely not and such a proposal would create way more issues than solve them... its always the same with these overly technical "solutions"  average folks will suffer and the one's its aimed at laugh their asses off, literally... 

[oali24]

9 hours ago, SansVarnic said:

Your young but that is ok, you will understand later. But for now, I'll leave you with this, never trust the government to do something that you can do better for yourself. 

 

If you use a government id, you have to utilize the data base maintained by the gov to ensure its accuracy of the data, thus you are involving the gov. Once ou open the door, it doesn't really ever close.

I lived in a city of 5 million people  with no government run transport of any kind until 2019, and when they finally opened a public transport system so many people who would absolutely never even considered taking a bus would take it because it was  so much better than driving themselves in traffic. I have seen what it is like to have a government that does not do anything and it is aboslutley tragic.

[Zodiark1593]

Tl,dr: it turns out, that securing your game, from the user, within a system explicitly designed to allow the user to run w/e code they want, is really damn hard, if not impossible. 
 

Could probably cut down on wallhack-type cheats by keeping as much of the game logic as possible, on the servers, while only sending over rendering instructions. But unless the server hardware also handles culling (a task normally designated for the GPU), model data will still be accessible. 

[SansVarnic]

10 hours ago, oali24 said:

with no government run transport of any kind

I still do, it's all privatized.

Anyhow, the local gov is usually more effective at such things, I like the example, but it misses the target of the point I was making to you.

 

Let's call this a draw, we are derailing from the main topic of discussion.

[andrewmp6]

I use to admin servers for my old gaming clan,Anyone running a cheat i wouldn't ban them.I drove the nuts by random kicks and switch them back and forth to each side of the time.Once i got them mad they left the server and never came back.I kept a list of names ip and gamer id numbers.A few did change names but stood out easy.

[Thomas A. Fine]

14 hours ago, ImorallySourcedElectrons said:

[A whole bunch of stuff that shows he doesn't understand public key signatures]

Each mouse has a unique private key built in, in a tamper-proof way.  This seems to be a central piece that explains a lot of your confusion.  This is not rocket science.  Plenty of devices today are encoded with unique IDs.  Perhaps most.

 

The other half is publick key lookup.  Again, not a hard problem.  And a necessary service that (as I keep repeating) is only going to be more commonplace.

 

These are both things that companies do, now, today.  It isn't "a nightmare".  It's just normal business.

 

That unique private key does the signing inside the mouse, inside a tamper-resistant** package.  That signed data is now bulletproof.  Intercepting it does no good.  There's no man-in-the middle attack.  The software between the mouse and the game server is irrelevant, whether it is OS or driver or the game software or the server software.  Any modification of this data makes the signature invalid.  And there's no way to generate a valid signature without that key in the mouse.

 

There's no issue with malicious intent, because only the mouse can sign data.  Mice don't have malicious intent.

 

There's no issue with reused private keys, because they're not reused.   (And if a single mouse was successfully hacked, and that private key ended up in the wild, detecting multiple accounts using it is trivial).

 

**Yes a number of times I've said "tamper-proof".  But in deference to Linus, who gets super-peeved about "waterproof" rather than "water resistant", I should probably say "tamper-resistant".  I'm not saying there are no possible attacks.  But I am saying that such a system could not be subverted by a piece of software that thousands of people could download.

 

There are no guarantees.  I've said this repeatedly.  This is about mitigation.  This is about reduction.  The same reason we use locks on doors, and most of us use cheap locks.  Because they work at drastically mitigating what would be rampant theft if nobody anywhere had locks.

 

14 hours ago, ImorallySourcedElectrons said:

The fact that it's a separate device makes it way easier, it means your HID and verification data won't be in sync.

There's no need for perfect synchronization.  While mouse movements do need to be responded to in real time, signature checks can happen on a delay, of seconds or minutes or even longer if that's what the game devs wanted to do.

 

[Thomas A. Fine]

17 hours ago, Mark Kaine said:

Seriously,  what games are we talking about and do you really not understand the implications of such a proposal?  Just because it can be done (technically,  somehow) doesn't mean its a good idea or that its foolproof... 

This was all brought up because of the Tarkov story.  (Note: I don't play, I just thought I'd start a lively discussion about anti-cheat.  And it has been... lively.)  This is certainly not the only game.  But Linus and Luke seemed to think it's a fairly common issue in many games.  I don't have a list.  But lots of games have suffered from issues.

 

17 hours ago, Mark Kaine said:

Really the problem im having here is you want this "all in one solution" even for games and people who don't play games with rampant cheat issues to begin with,  and thats the people who will suffer from your "solution" the most... the cheaters will just keep cheating  - your idea is not foolproof at all.

I never said any of this.  I have repeatedly said the opposite.  No solution is ever foolproof.  This is about mitigation.  I have even given examples not just of whys to bypass this, but of things it won't cure (like the larger problem of X-RAY and HUD info systems).  The mouse idea, maybe one of the best ideas I threw out there, because it would actually be much more difficult to get around, is only one aspect of what has to be a larger cheating mitigation system.

[mononymous]

On 3/4/2023 at 6:27 PM, leclod said:

From my experience, it's no fun to cheat, not lasting fun anyway.

Which is exactly the reason why I cheat. I'm just there for the quick dopamine rush and I move on to the next gaming experience.