Anti-cheat ideas

[ImorallySourcedElectrons]

4 hours ago, Thomas A. Fine said:

Each mouse has a unique private key built in, in a tamper-proof way.  This seems to be a central piece that explains a lot of your confusion.  This is not rocket science.  Plenty of devices today are encoded with unique IDs.  Perhaps most.

How does anything I say resolve to "doesn't understand how public key signatures work"? (Heck, why are you even limiting yourself to public key cryptography? There are far more elegant solutions to do this.) But instead you're just rehashing the statement "the mouse does it, so the computer can't do anything with it", which shows a gross misunderstanding of the value of cryptography: establishing a chain of trust. Let me rephrase it in a way that might demonstrate the issue: you've signed your mouse data, congrats, if I have the same key, what prevents me from implementing that algorithm in software? Exactly, nothing.

 

Additionally, you do realise that for several public key cryptography algorithms it's possible to derive the public key from the private key? Assuming you pick one where this is not feasible (and given the intelligence of the likes of Ubisoft this is not a given), you've just given me a device where I control the input, which generates a stream of encrypted data. Let's assume you're smart enough to also take into account the previous actions, because otherwise I could simply map the possible outputs and play parrot by repeating from a table, that still significantly weakens your encryption to the point where attacking it is a lot more trivial than you probably think it is. And none of this even assumes the fact that I would most likely have documentation available on how your system works.

 

Next, I think you don't quite understand how hardware interfacing works, let me just be quite blunt about this, you do not have direct access to the hardware from user mode. This is the number of layers you have to go through:

(Source: https://learn.microsoft.com/en-us/windows-hardware/drivers/usbcon/ )

If you don't see how this is a massive attack surface, then I'm at a loss for words. I can replace every driver in that stack if necessary, and you'd never be able to detect it, even if you went looking for if driver signing is enabled or not. So it's literally nearly impossible for you to figure out if what you're talking to is a physical or virtual device. Not even the HASP crowd manages it while targeting a small user group, and they have a far bigger incentive to figure out how to detect virtual devices than an anti-cheat system.

 

5 hours ago, Thomas A. Fine said:

The other half is publick key lookup.  Again, not a hard problem.  And a necessary service that (as I keep repeating) is only going to be more commonplace.

 

These are both things that companies do, now, today.  It isn't "a nightmare".  It's just normal business.

Congrats, you're now running vital infrastructure:

• Will you revoke keys because one server owner said a person cheated? What's the burden of proof? How will you handle counter claims?
• We're talking 128 MB of data per million devices, at a rate of about 200-250 million computers sold per year we can assume a roughly equal amount of peripherals, meaning your database increases in size by approximately 25 GB / year if this is rolled out on a large scale (which is necessary to make the hardware economical). You either got to provide a dynamic look-up service, or each game server has to store 25 GB times the number of years this system is running worth of key data and look through it upon each connection to itself. But no worries, even if it's a few gigabyte per year it's going to become quite problematic after a couple of years.
• You're now generating a couple of million keys, I sure hope none of your manufacturers are stupid enough to use sequential numbering schemes, and that everyone agrees on a good enough RNG scheme.
• How do you manage which manufacturers get access to add devices without running afoul of antitrust regulations?
• You've just potentially created a single DDoS target to take out online gaming for loads of people. But this would never happen ... right? (I'm seeing some Sony customers sitting in a corner with Xmas-induced PTSD.)
• Who pays for this entire system?

 

5 hours ago, Thomas A. Fine said:

That unique private key does the signing inside the mouse, inside a tamper-resistant** package.  That signed data is now bulletproof.  Intercepting it does no good.  There's no man-in-the middle attack.  The software between the mouse and the game server is irrelevant, whether it is OS or driver or the game software or the server software.  Any modification of this data makes the signature invalid.  And there's no way to generate a valid signature without that key in the mouse.

 

There's no issue with malicious intent, because only the mouse can sign data.  Mice don't have malicious intent.

I do not have to intercept your data and modify it, I can grab the mouse movement from the HID driver and encrypt it myself using the key I extracted or acquired somehow. You have no chain of trust to verify that the data the game is sending to the server is the data coming from the mouse.

 

5 hours ago, Thomas A. Fine said:

There's no issue with reused private keys, because they're not reused.   (And if a single mouse was successfully hacked, and that private key ended up in the wild, detecting multiple accounts using it is trivial).

Is it trivial though? How do you propose to do it? Who's the arbiter in this entire system? How do you deal with the legal liability if you essentially brick someone's device? You can't just magic your way out of those issues.

 

5 hours ago, Thomas A. Fine said:

**Yes a number of times I've said "tamper-proof".  But in deference to Linus, who gets super-peeved about "waterproof" rather than "water resistant", I should probably say "tamper-resistant".  I'm not saying there are no possible attacks.  But I am saying that such a system could not be subverted by a piece of software that thousands of people could download.

That's a false comparison, waterproofing a product is one thing, establishing a chain of trust for this system would be like trying to entirely waterproof the product, the store where it's sold, the logistics company that transports it, the factory where the product is made, and all the way up to whoever first makes/extracts the materials that go into the product.

 

Hardware security and tamper proofing buy time, nothing more, and often at great expense for very little effect. To give an example, those little 2FA smart card readers for internet banking were a perfect example, used to be they included some key that was held in an SRAM. Other than leading to a massive pile of waste, all it took was someone shining a flashlight down the card slot and going at it with a dremel to attach some probes. Keys were rapidly extracted using various attacks, ranging from abusing the "e-fuse" system in the chips through glitches, to power analysis, to folks decapping the chips and using SEMs. And there was relatively little value in doing all of that, since all it allowed you to do was use your own debit or credit card with a card reader of your own. And then we haven't even gotten to everything that's been done with game consoles and DVD players that have far more rigid security systems than anything you've proposed here. Hardware security is a pipedream if you can't limit physical access to the hardware.

 

And even if your magical thinking somehow worked in reality, your entire proposal would costs tens if not hundreds of millions to implement on an industry wide scale. Meanwhile, it only addresses one specific type of cheat. It ain't going to get rid of wall hacks, it ain't even going to get rid of auto clickers, and you've just implemented something that would allow draconian DRM (licenses tied to x computer mice like some have done with other hardware IDs), and massively limits reparability. However, how does this even prevent @mononymous from sitting around the corner with his wallhack, waiting for you?

 

It's a stupid idea, both technically and fundamentally, and I sincerely hope no one bothers to implement it.

[Mark Kaine]

5 hours ago, Thomas A. Fine said:

This was all brought up because of the Tarkov story.  (Note: I don't play, I just thought I'd start a lively discussion about anti-cheat.  And it has been... lively.)  This is certainly not the only game.  But Linus and Luke seemed to think it's a fairly common issue in many games.  I don't have a list.  But lots of games have suffered from issues.

yeah, i didn't mean a list just some examples... and tarkov is a good one i guess, my point is just because there's some shitty games that can't handle the issue shouldn't mean we need these drastic measures all games, because the negatives will far outweigh the positives (and there's no maybe in that sentence) 

 

5 hours ago, Thomas A. Fine said:

I never said any of this.  

you kind of did, what else would a "anti cheat mouse" (which is actually your proposal? ) do??

 

Thats why you're mostly getting negative responses here,  not that the subject wouldn't be worth discussing,  but a "one for all solution" is completely out of the question for the reasons others and i have outlined  -  maybe its not what you meant, but it sure sounded like that, "get *caught* in one game get banned for *all* games" wasn't that what you said? How can you not see the huge issues with such an approach (thats besides that it definitely isnt as easy or even possible as you seem to think) i honestly don't understand. 

 

(and also i think this would ultimately have drastic legal consequences as well, thats why probably even the most vile publishers wouldn't go that route currently) 

[Thomas A. Fine]

12 hours ago, TechlessBro said:

This will all end with streamed games. Nothing client-side except input.

 

Thanks g0at and Luke for pushing the snowball over the edge.

Streamed games will certainly be A thing but will never be THE thing.  The reason is latency.  The trend in networking is for ever higher speeds. It's a common misconception that, as networks get faster, latency goes down.  It may be true that network hardware gets faster, but a higher speed network really means there is more data on the wire at any given moment, more to transfer, more to buffer.

 

Dedicated networks could be made much lower latency.  But there's really no one trying to do that.  The real financial incentive is to pack more data onto each wire. And while, yes, this does make networks faster, again, it does nothing for latency.

[Thomas A. Fine]

10 hours ago, Mark Kaine said:

you kind of did, what else would a "anti cheat mouse" (which is actually your proposal? ) do??

When I call you on putting words in my mouth, and you simply repeat the offense, that doesn't actually bolster your argument.

Find any quote I made anywhere in this discussion where I claimed this mouse would be a one-for-all solution.  I dare you.  I double dog dare you.

[Thomas A. Fine]

10 hours ago, ImorallySourcedElectrons said:

Additionally, you do realise that for several public key cryptography algorithms it's possible to derive the public key from the private key?

SMDH.

 

Do you need a shovel, or have you dug yourself far enough down into a hole of not understanding cryptography?

 

It's a PUBLIC key.  It's called that because it is PUBLIC.  Re-deriving it from the private key is utterly irrelevant.  It gains you nothing because it is PUBLIC.  The point is to keep the private key private.  And you can NOT do the reverse: you can not derive the private key from the public key.

This is 100% the entire point of public key cryptography, and if you don't understand that, you don't understand anything at all.

 

Once something has been signed with the private key, that content becomes unalterable.  If you change the content it doesn't match the signature.  And no driver or OS or anything else can generate a new signature without that private key.

 

[Erioch]

You lost me at your first point.  If they could detect cheaters with any certainty, they'd be banning them already.

 

"Don't ban them, do {insert other thing}" is an argument I've seen since the early 2000's.

[Erioch]

Also, don't force legit players to pay extra (your 2nd point) for the priviledge.  We already sometimes pay for the game and then pay for a subscription.  

[ImorallySourcedElectrons]

36 minutes ago, Thomas A. Fine said:

SMDH.

 

Do you need a shovel, or have you dug yourself far enough down into a hole of not understanding cryptography?

 

It's a PUBLIC key.  It's called that because it is PUBLIC.  Re-deriving it from the private key is utterly irrelevant.  It gains you nothing because it is PUBLIC.  The point is to keep the private key private.  And you can NOT do the reverse: you can not derive the private key from the public key.

This is 100% the entire point of public key cryptography, and if you don't understand that, you don't understand anything at all.

 

Once something has been signed with the private key, that content becomes unalterable.  If you change the content it doesn't match the signature.  And no driver or OS or anything else can generate a new signature without that private key.

 

And have you actually thought for even one second about the possible attack vectors against the methods you are proposing? If you're generating millions of keys there's totally no chance of any pattern emerging, and definitely no chance of any collisions what so ever. Based on every belittling response you've given so far I'm going to guess it's a big fat no in this instance.

[IRMacGuyver]

I still think my idea is the best way to handle cheaters.  Us chatGTP to approach people and find cheaters in game. Like g0atmoth did with the "wiggle" thing you could have the bot go around doing that, interact with anyone that responds in chat, and then ban them once you have solid proof. 

[Erioch]

12 minutes ago, IRMacGuyver said:

I still think my idea is the best way to handle cheaters.  Us chatGTP to approach people and find cheaters in game. Like g0atmoth did with the "wiggle" thing you could have the bot go around doing that, interact with anyone that responds in chat, and then ban them once you have solid proof. 

So, just don't talk and you're unbannable?

[Thaldor]

On 3/5/2023 at 6:13 AM, Thomas A. Fine said:

I can't imagine what would make this cost $100 more.

Yeah, it was probably a bit... Low estimate actually for a total price hike because most likely there would be a per game subscription fee of some sort or then more complicated manufacturers subscription fee and probably hike in game prices because they would need to buy into multiple manufacturer ecosystems (because it's just a fact you cannot make everyone play in the same sandbox without at least one of them playing by their own rules).

 

What I mean is that you would need databases, HUGE databases for the proofing. If you didn't have a database from which every game would lookup if the peripheral (I make this change for a reason) is licensed and trusted, it would be like few months and someone would be selling devices that would drive the data through those modules and the system has been beaten. And that would be the expensive way, sooner or later people would just figure out the key generation method and start generating their own keys and all would be software based after that.

Pretty much like the basic CD-key system where every software on CD has their own generated CD-key but because the protection cannot be mega-/gigabytes of valid stored CD-keys to which it will check the inputted CD-key (note: every CD must include the same data, pressing every CD with changed CD-key data in the code would be stupidly expensive), so the protection takes the inputted CD-key and checks if it's validly generated CD-key which has the weakness that once we have 5-20 valid CD-keys, we can reverse engineer the generating algorithm and so we have unlimited amount of valid CD-keys. And BTW this is still how even surprisingly many online product activators work and there's merely just blacklist of known "leaked" product keys because that is cheaper than having every generated product key stored in a database and checked against it.

So, you will either need to have manufacturer database of assigned keys to which game developers will mirror their "gamer-keys" once and make their own databases of validated gamers or from time to time pretty much constantly, otherwise someone will just figure out the key generating and start making their owns and just passthrough their "peripheral data" through it.

 

The change for peripheral data instead of just mouse is probably pretty clear. If it was just mouse, I wouldn't use mouse data to cheat, I would map my mouse and keyboard through Xinput and I am using a controller, or I would just change my aim-bot being only horizontal precision and do it through keyboard. And with that said imagine the moment if this would become something massively used and then someone found out a way to process that data, oh boy, keyboards + encrypted check system with key presses validated at servers... If you don't know what keylogger is, this isn't it, this is a fucking massive skeletonkeylogger. Like imagine tapping into something like Logitechs validation server and logging like 2 days worth of key presses globally.

 

And before you say "it would be opt-in and only in games", that would make it more complicated which will make it even more expensive from the development standpoint. And that expense will be taken directly from the adoption amounts because again, while someone like I have the dough and will to pay $150 for Logitech G903 and another for G815, probably closer to 80% of all PC gamers have mouse and keyboard costing $50 per piece at max. Like while I don't keep Steam hardware survey very "all knowing" good and it's top 10 GPUs are like 20% Nvidia RTX and 20% Nvidia GTX cards from those the highest performing GPU is RTX 3070 and it is 8th in popularity and there's over double the amount of only GTX 1650s, first RTX 40 card is RTX 4090 way down with whooping 0.3%, top Intel and AMD cards are iGPUs with huge margins (like AMD iGPUs, "AMD Radeon Graphics" have 1.91% the next AMD card is RX 580 with 1.06%). And you think $20 extra for a mouse isn't a lot to ask for "fighting the cheating". People are already loving that certain devs try to jump the price of games by $10

 

Now we must also remember "the storm in the teacup". All of this is spanned from the "huge catastrophe of cheating in extremely popular game", like no, no and no, and one no just for the case it wasn't clear that the answer is no. From August 2022 numbers (link) Tarkov did make it to the top 5 of the shooter games which were watched (note: not cheated but watched "how to cheat" videos) but isn't even close to the top 10 most watched how to cheat in games. 1.9M views is pretty much nothing compared to 30M views on Minecraft or even the tail end #10 with 4.4M views Skyrim. Minecraft does have somewhat cheating problem so that's in the ballpark. The second game on our little list is Among Us and with it, your overly complicated and expensive peripherals are 100% useless snake oil because the #1 way of cheating in it is outside of the game communication, like what ya gonna do if I just have my friend sitting right next to me and we like use our mouths and ears to speak directly to each other? Encrypt and intervene our physical ability to speak?

Number 5, 8 and 10 are out of this conversation as they are mostly single player games, no need to and pretty much waste of resources to start fighting against that cheating and, oh boy, would gamers be "happy" about always online cheating protection on a single player game.

For number 6 we can get some juicy pre-chewed data (link), which sadly is from 3 years ago and PUBGs glory days are then and not last year. But at the more crowded days of PUBG there was around 4.3M accounts playing per week from which 116k were banned for cheating, so 2.something% of players were found out cheating. In last years watch numbers PUBG is #6 with 10M views, if we even say that 1/3rd of cheaters got caught then and we would presume the same playerbase the amount of people watching videos about "how to cheat in PUBG" and who really cheat is kind of terrible, from 10M views 300k would end up really cheating is just mere 3%. We could double that number and we still had pretty much a nothingburger, which we would get if we were to directly crash the numbers together and get that every PUBG player watched like 2 videos telling how to cheat in the game.

 

Why "the storm in a teacup"? Because it's a amount of noisy people making a lot of noise about a thing that might be around nothing or the real reason is just that someone is too lazy. Tarkov isn't one of the most played games and so the amount of cheaters maybe higher amount the players but generally there is also a lot less cheaters by amount when compared to something like Fortnite or Among Us or Minecraft. Cheating in them doesn't even break the LTT news bar, so that tells you probably something.

 

For your measures we also have the problem of the cheating methods, Fortnites most common cheat seems to be a "lag switch" which probably scrambles the network communications towards the server making it lag enough to kill the other player from lagging too much, so your probably $100-200 mouse wouldn't do a shit because the cheat is to probably generate a lot of traffic towards the server and stuff it like a thanksgiving turkey. "Pew pew, I'm firing my LOIC at your position", that's up to the developer to find a way to protect their game against that and notice it fast enough and no amount of expensive peripheral encrypting would protect them from it. Generally combating cheating through peripherals is pretty much lost fight from the get go especially with the high population games because most of those gamers aren't in the customerbase of expensive peripherals, there probably would be some kind of more serious discussion if you could stick all of that into a mouse that still costed less than $20 or more like $15 but good luck with that. And then the bigger part of cheating still lies within in-client processing (changing textures, client side object culling, model sizes, UI etc.) and general network communication (telling the server different positions, moving vectors, actions etc.). While aim-bot is easy to make and use and pretty common in every game possible, it's still way harmless compared to more serious cheating.

[Thomas A. Fine]

5 hours ago, TechlessBro said:

Read OPs Twitter before bothering to reply to this topic anymore.

 

Wait, you're not the same guy that was cluelessly yelling at me about software engineering, are you?

[Thomas A. Fine]

3 hours ago, Thaldor said:

Yeah, it was probably a bit... Low estimate actually for a total price hike because most likely there would be a per game subscription fee of some sort or then more complicated manufacturers subscription fee and probably hike in game prices because they would need to buy into multiple manufacturer ecosystems (because it's just a fact you cannot make everyone play in the same sandbox without at least one of them playing by their own rules).

 

What I mean is that you would need databases, HUGE databases for the proofing. If you didn't have a database from which every game would lookup if the peripheral (I make this change for a reason) is licensed and trusted, it would be like few months and someone would be selling devices that would drive the data through those modules and the system has been beaten. And that would be the expensive way, sooner or later people would just figure out the key generation method and start generating their own keys and all would be software based after that.

It would be a much smaller system than DNS.  With less frequent lookups since game servers could cache public keys they've seen basically forever.  That cache for a million players would be a few hundred meg.  The lookups would be fast (though speed doesn't really matter), and use extremely limited server resources.  A million lookups a day would be no problem even for something like a Raspberry Pi.  Vendors might pool their resources into a single verified service that handed out public keys.

And, again (!!!) this is coming, because mice or not, other devices like cameras are going to have a system like this in place, and will require a service to look up public keys.  (And in fact services for lookups like this already exist.)

 

As far as the later arguments about whether it would ever be needed?  The simplest answer is that products find markets based on user perception.  So the fact that you or I don't know exactly how serious a problem this is, is much less important than what people out there believe about it.  Do I know for sure there's a market?  Of course not.  But if there is, this is a viable product that people might buy.

[ImorallySourcedElectrons]

5 hours ago, Thomas A. Fine said:

Wait, you're not the same guy that was cluelessly yelling at me about software engineering, are you?

I presume that this is a stab aimed at me?

 

The only things you've demonstrated so far are:

• Your knowledge about hardware, hardware security, and hardware interfacing is woefully inadequate to design a system like this if you do not understand how many steps your payload has to go through before it makes its way to the server and how those steps provide opportunities to anyone wanting to break this system,
• You appear to assume cryptography is the magical sword that will solve the problem, failing to realise that you can't magically handwave away the many, many problems this idea faces:
  • This is not an instance where you can just invoke a library call and say the job's done. You're dealing with a hardware platform, and a fairly minimalistic one at that as well, the features that make particular forms of cryptography secure on a modern computer aren't necessarily present (or even replicable) on a small embedded system.
  • You are sending fixed length highly repetitive data that the attacker also has access to, and can even influence. And such a mouse has no viable good random source, making it very difficult to implement the standard padding techniques which might actually address this problem. In fact, it's very likely one could turn the random source into a non-random source.
  • You cannot implement hard timing constraints, nor do you have access to a clock source that the attacker cannot influence.
  • You are keeping a database of the public keys, which you propose is also publicly accessible, so now I can also verify locally if my attacks worked without ever having to risk having any hardware banned.
  • ...
• You fail to understand that this is just another form of protection through payment, if you make it cheap folks will just throw cash at the problem. If you make it expensive it ain't going to get rolled out. So I don't see any particular advantage of this system, folks already risk a €50 game purchase by cheating, so what stops them from risking a €20 mouse?
• Your proposal doesn't even come close to addressing the problem, and you casually ignore it whenever someone brings that up. But in reality, people using software that controls the game for them is a very minor subset of cheaters. Most cheats are far more insidious and have to be fixed server side (e.g., implementing server side culling for positional data to prevent wall hacks).
• You appear to think this is a software engineering problem, while it really isn't.
• And finally, you keep repeating yourself instead of providing actual counter arguments.

 

7 hours ago, Thomas A. Fine said:

And, again (!!!) this is coming, because mice or not, other devices like cameras are going to have a system like this in place, and will require a service to look up public keys.  (And in fact services for lookups like this already exist.)

And such services are entirely meaningless without a chain of trust, which is the problem you are casually ignoring here. All a signature tells you is that someone who had access to the key signed this version, if anyone who has the key has malicious intent you have no way to verify if the original information is correct or not. If you put that key in a safe (be it physical or electronic), it's only as secure as the safe itself. 

[Thomas A. Fine]

9 hours ago, ImorallySourcedElectrons said:

I presume that this is a stab aimed at me?

Nope.  Unless you are on Twitter, making ill-informed or bad faith arguments to me about how software engineering works.

 

9 hours ago, ImorallySourcedElectrons said:

And finally, you keep repeating yourself instead of providing actual counter arguments.

 

Counter-arguments to what?  Your bad faith claims that I said things that I never said?  That grows tiresome.

 

9 hours ago, ImorallySourcedElectrons said:

And such services are entirely meaningless without a chain of trust, which is the problem you are casually ignoring here. All a signature tells you is that someone who had access to the key signed this version, if anyone who has the key has malicious intent you have no way to verify if the original information is correct or not. If you put that key in a safe (be it physical or electronic), it's only as secure as the safe itself. 

Oh yeah, chain of trust is an impossible problem to solve, we should throw our hands up in the air and quit using secure web servers and ssh and encrypted email and all the protocols on the Internet that use encryption, and basically, you know, the just abandon the Internet.  I guess Yubikey and all the other companies like that should shut their doors.  Phone manufacturers should stop embedding private keys in tamperproof components in their cell phones.

 

This is why I don't want to argue all your "points".  They're not points.  They're nonsense.  Sure maybe there's a grain of truth to some of them, but in practical terms your sounding alarms about solved or easily solvable problems.  They all amount to "this can't work because it can't be made perfectly" and the cost is non-zero.

 

Utterly absurd.

[Akolyte]

It sounds like you know what you're talking about, but I wonder if anyone would be willing to implement that.  You have the problem of technical issues, false positives, and funding.  I'm sure if someone created a business case for this, if it was an e-sports company it would make sense, but for many companies, it would get rejected as there wouldn't be enough incentive for the business (better anti-cheat doesn't necessarily equate to more profit).

 

Unless you built a company dedicated to building anti-cheat software and selling it maybe?  But even then, you have the added complexity of potentially causing technical issues in multiplayer and the fact most development teams will find it too difficult to implement.  Besides, people will bypass it eventually, regardless of how complex it is - so eventually this cutting-edge solution will become like the other anti-cheats, attempting to keep up with the cheat developers. 

 

In my opinion, the best anti-cheat is a combination of the best software currently out there (that you can afford) combined with hiring a lot of really great staff to review reports and create an open community around your game that has a good rapport with the moderators.  

 

The reason I hold that belief is that spending a huge amount of time on the best anti-cheat could destroy game-play, exclude people and take money out of the game's budget, thus defeating the whole purpose of anti-cheat - to make your game fun and safe.  Foster a good community, and hire enough staff so every report can be actioned in a timely manner. 

[Mark Kaine]

8 hours ago, Akolyte said:

It sounds like you know what you're talking about

actually it doesn't,  he repeatedly refuses to refute any arguments made and is accusing others of "bad faith arguments" ironically. 

[Poinkachu]

Meanwhile gaming mouse companies still uses cheap Omrons on most of their expensive products.

[Touch My Hamm]

On 3/4/2023 at 2:28 AM, Thomas A. Fine said:

• Don't ban players.  Silently place them on cheaters-only servers.
  • This is about vendor incentives rather than player incentives.  Vendors continue to make money from cheaters, and don't have to be so adversarial.
• Input devices (mice, keyboards, gamepads) that generate private key signatures on data packets (based on embedded tamper-proof hardware to store the key), which are passed on to the server. Mouse movements that are not signed by a vendor-published public  key are a sign of cheating.
• Vendors should hire someone to cheat, so they know how to detect cheating, both at the user level (the wiggle), and at the lower software level (how does the code work, what mistakes might it make).
• Vendors should implement traps in their code designed to catch cheaters.
• Smarter tracking of mouse aiming statistics.
• It seems like a cartridge could be designed that makes it more difficult to cheat, without having to put the entire game processing engine (CPU/GPU) on the cartridge.  A tamperproof private key, and a fast encryption engine, for direct comms with the game servers that can't be intercepted or read from system memory.
• Anti-cheat needs to be a cross-vendor, cross-platform, cross game effort.  It could be prohibitively expensive to try to do some of these things one game at a time, but becomes much cheaper when that person you pay to cheat is learning about 20 different games.  it is also much more of a disincentive if getting banned on one game gets you banned on all the games.

1. This is done on many games.

2. This would add latency to inputs and not nearly as easy as software adding a line of code. It would be a complete rework on how Windows interacts with devices and drivers.

3. Vendors usually dont release information like that. But they do reverse engineer the software but "paying" for the software will only help the people they are fighting against.

4. Again this would add latency and how would you grade this? sometimes people have crazy shots is it based on %? The AI algorithm to calculate that on scale would be astronomical.

5. I am not sure what you are saying there?

6. Companies use anticheat that work for multiple games. "EasyAnticheat" being one of them, The issue with everyone using 1 company is that people creating the hacks then only need to worry about 1 anticheat that they program for the cheat to avoid which would make it easier to create hacks for other games.

 

There wont be a forever solution to hacking 100% as money is very lucrative. As long as people pay to cheat then there will be cheaters.

[PROGamer_199]

PSA: This is from my personal experience of developing cheats and anti cheats, I've been on both sides of the fence. 

 

Anticheat development is a cat and mouse game with the cheaters and the end users. You can't make an anitcheat that is too invasive and too hardware expensive, yet you need it to be efficient in catching external cheats, packet mods, etc.

 

As with cheaters, the incentive will always be there, you cannot make a perfect anti cheat, aimbot is easier to detect, but ESP hacks? Let's look at tarkov with external PC cheats where you use a second PC to capture packets and get radar / esp visuals. The cheat developers make a lot of money from this market and will always try to develop better and better cheats that are less detectable. The only way to make something "cheat proof" (something impossible) is server-side everything. Lets look at league of legends where the only cheats are some esp and aiming scripts for spells, but still, you can't escape cheats. 

 

The only way to make cheating less viable is to harden anticheats to make development more expensive, meaning more expensive cheats. CSGO cheags are as cheap as 3 euros a month, LOL cheats are as cheap as 60 a month. 20 times the price!

 

I can explain more if needed, as i said in the PSA, I've been on both sides of the fence, developing cheats and anti cheats.

[ImorallySourcedElectrons]

21 hours ago, Thomas A. Fine said:

bad faith claims 

About that...

21 hours ago, Thomas A. Fine said:

Oh yeah, chain of trust is an impossible problem to solve, we should throw our hands up in the air and quit using secure web servers and ssh and encrypted email and all the protocols on the Internet that use encryption, and basically, you know, the just abandon the Internet.  I guess Yubikey and all the other companies like that should shut their doors.  Phone manufacturers should stop embedding private keys in tamperproof components in their cell phones.

I would say the above is quite bad faith, or at the very least a sign of not actually understanding the concept of chain of trust when physical hardware is involved. 

 

Like Yubikey quite literally states that they do not consider physical attacks (aka where someone gets the yubikey) in their threat model: 

Quote

Attacks where someone gets physical access to your YubiKey has been outside of our threat model, and we have urged users to use common sense to prevent such attacks, such as keeping your YubiKey on your person on in a secured location, instead of leaving it in a publicly accessed computer – essentially the same measures used for the key to the front door of a home or office.

(Source: https://www.yubico.com/blog/improvements-physical-yubikey-attacks/ )

And this is against fairly simple and straight-forward attacks that do not physically alter the device (e.g. power analysis), which is quite mild compared to the attacks people have devised against HASP dongles, media players, and gaming hardware. Like I'm not joking when I say you can read out flash memory, programmable fuses and ROM with an SEM, and it ain't like SEMs are particularly rare or hard to come by.

 

21 hours ago, Thomas A. Fine said:

This is why I don't want to argue all your "points".  They're not points.  They're nonsense.  Sure maybe there's a grain of truth to some of them, but in practical terms your sounding alarms about solved or easily solvable problems.  They all amount to "this can't work because it can't be made perfectly" and the cost is non-zero.

It honestly sounds more like you fail to grasp the complexity of the issue and the weaknesses of the proposed idea. And sure, there are solutions (in the broadest sense of the word) to some of these problems, I even alluded to several of them, but practically implementing said solutions in a cost-effective way is a major hassle. Like physically shielding the memory inside a chip is by no means a trivial activity. Getting the cryptography up to spec and providing the correct hardware to implement it without weaknesses is far beyond the capability of most chip designers, heck just getting a good enough random number generator going will be a herculean effort given that most of the physical-device derived ones can be heavily influenced by heating/cooling the chip.

 

But if it's any relief to you, these are common misconceptions amongst software developers.

Edit: Fixed typo

Edited March 8, 2023 by ImorallySourcedElectrons

[Thomas A. Fine]

7 hours ago, Mark Kaine said:

actually it doesn't,  he repeatedly refuses to refute any arguments made and is accusing others of "bad faith arguments" ironically. 

Examples please? What arguments am I refusing to refute?

[Thomas A. Fine]

2 hours ago, ImorallySourcedElectrons said:

Like Yubikey quite literally states that they do not consider physical attacks (aka where someone gets the yubikey) in their threat model: 

Quote

Let's just take this as an example of you not getting it.

First off, I have said — REPEATEDLY — that physical attacks on such a mouse device would remain possible.  And that it is my belief that the mitigation gained in not having widely distributable cheats makes physical attacks fairly irrelevant.

Second of all, what Yubikey is talking about is physically gaining access to keys.  But that's because the Yubikey use case is about authentication.  The mouse use case absolutely is not.  I can give the mouse to my mortal enemy and it's not a problem, because there is no trust issue of the kind you keep trying to bring up.  The digital signature is an assurance that the data coming out of the mouse has not been tampered with, not that it comes form any individual personally.

 

I'm casually ignoring your "chain of trust" complaints because it is mind-bogglingly obvious that this is FAR EASIER to deal with than, say, web server certificate chain of trust, which is something that is normal and commonplace (though, more expensive, because identities of individual entities are being verified).

 

[Thomas A. Fine]

3 hours ago, PROGamer_199 said:

Anticheat development is a cat and mouse game with the cheaters and the end users. You can't make an anitcheat that is too invasive and too hardware expensive, yet you need it to be efficient in catching external cheats, packet mods, etc.

See?  You agree it is a mouse issue.  (LOL)

 

I agree with much of what you say though.  A mouse is one small component, and, as I said already, does not do anything to prevent the X-Ray, ESP, heads-up display information that is (perhaps) a larger problem.

 

I would note however that while everyone is correct to point out that server-side processing would solve this, and that this can make for some real lag issues, there is a reasonable possibility to have still have client-side collision processing, but do a much better job of not telling the client where every player in the game is and what they're doing.  You only need to reveal those players that are visible or nearly visible.  HUDs would then see players only a second or two before they were visible, which is still a cheat, but nothing like just seeing a map of everyone, or seeing through every wall at any distance.  Coarse visibility determinations can be made very efficiently on the server because they're probably already using some sort of space partitioning algorithm.  And I'm sure that some games already do this, but it is also clear that some games do not.

[Mark Kaine]

1 hour ago, Thomas A. Fine said:

Examples please? What arguments am I refusing to refute?

you didn't answer my questions the first time around,  i don't know why you would now. you also said i lay words in your mouth (i screen shotted it...) i don't think thats a good basis for a discussion at all, but for the sake of it... *again*... you said in the OP "get caught in one game,  get banned in all games" then you continued to say its "bulletproof" but somehow later in the same post its "tamper resistant..."

 

... small exert of "things you didn't say"

 

 

So simple question how do you prevent false detections?

 

And how do you, legally, justify this to be expected massive banwave of unsuspecting, likely innocent users?

 

And what kind of cheats would this "mouse" even prevent exactly in theory? i only saw you mentioning "aimbot"?  is that really worth all the likely issues with this kind of solution (and for who)? 

 

Of course there are a lot more questions about this kind of proposal,  but it would be a good start you answer these questions i guess.