• monkeyslikebananas2@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    14 hours ago

    I don’t understand why games don’t just boot off an image if they need kernel access. Just provide and boot up their own kernel and isolate their spyware.

  • x00z@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    15 hours ago

    I have a good middle ground: no monetary gain = no kernel level anticheat. Tournaments with monetary gain = kernel level anticheat. Pretty neat right?

  • Eyck_of_denesle@lemmy.zip
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    4
    ·
    16 hours ago

    Lemmy community loves to suggest server side anti-cheat as the solution but I have yet to hear 1 pvp game that has it implemented properly. What’s more insane is someone unironically suggested Cs 2 as an example. Absurdly disconnected from reality.

    Edit: I’m not supporting kernel lvl anti cheats. I’m merely pointing out how this community has somehow “solved” the problem and the developers are just too dumb to figure it out.

  • ozoned@piefed.social
    link
    fedilink
    English
    arrow-up
    85
    arrow-down
    1
    ·
    2 days ago

    Kernel anticheat is a virus. There are zero reasons a video fame should have full access of your system.

    • thingsiplay@lemmy.ml
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      16
      ·
      edit-2
      2 days ago

      There are zero reasons

      There is a reason. The idea is that a cheat probably have higher rights than the regular user and therefore would be undetectable by an anticheat system with regular rights. Doing it in Kernel mode means it has the highest power to detect even admin level cheats. That is the reason. Many anticheat systems are completely useless without Kernel mode, at least according to the devs (I don’t have numbers to compare them with or without Kernel mode, nobody has probably). So they don’t even bother if they cannot access the Kernel.

      Now I agree with you a videogame shouldn’t have this much power over my system. And it doesn’t even catch them all. But stating it has no reason whatsoever is wrong. I do not want shady companies like Riot to do whatever they want on my system.

      Edit: typo corrected, nothing to see here

      • pory@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 day ago

        This is why I hope that cheats end up being MITM attacks with ai slop in control. LLMs can easily do basic pattern recognition, so a device that can “look” at the screen for you and click on people’s heads would be trivial to produce with no software running on the actual game device. Get that popularized and the only excuse for rootkit anti-cheat evaporates. I’d rather live in the world where people cheat at video games than the world where the average gamer has 5 rootkits on their system just to protect “competitive integrity”.

        • Dremor@lemmy.worldM
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 day ago

          That’s actually what hardware cheaters do (no need for the LLM part). They got a second computer, reading the screen, and a “MITM” device between the controller and the computer running the game to auto-aim.

          No level of kernel anticheat can beat that.

          • bountygiver [any]@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            17 hours ago

            ya there’s a video about someone making a valorant cheat that just reads the pixels around the crosshair and knows when to shoot when you cross any enemy outline, to the computer it’s just a USB display output + mouse

          • pory@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 day ago

            Right, now get it “generally doable” on a device with phone level specs and universality (plus a three cent cable) and watch online competitive gaming crash to the point where there’s genuinely no rational argument for installing spyware. Force every game that cares to solve the serverside anticheat “problem” instead of mitigating “most cheaters” by mandating insane levels of system monitoring.

            • Dremor@lemmy.worldM
              link
              fedilink
              English
              arrow-up
              1
              ·
              17 hours ago

              They are talking about securing the inputs by basically adding tls beween the two of them, in order to make mitm a lot harder. A little bit more input lag, probably, but at least it will help defend agains prisoned USB devices.

          • thingsiplay@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 day ago

            Right, but it was never claimed to be. Running hardware cheats is extremely costly, compared to simple software cheats. I don’t have the numbers, but we can assume that most cheats are software cheats. And if we could at least (on paper, I know they don’t and never will) eliminate those its already a huge win. No anti cheat will or is even about to block all cheats and cheaters. Its only about to have less of them to a degree of integrity of fun for most players.

            It’s a similar calculation the developers and publisher make to block piracy as much as they can, knowing that they won’t block everyone. And I want to stress that I am not in favor of anticheats with the ability to operate on Kernel level rights. Absolutely not! I don’t understand why people downvote all my replies there, by just stating that companies have reasons from their perspective why they use it. Sorry for my little rant. :D

      • noobdoomguy8658@feddit.org
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        2 days ago

        Privileges and rights an application has has little to nothing to do with whether said application will be able to hide from an anti-cheat software or fool it or whatever. It’s more about being able to access different secure parts of the system, like memory, which is where everything lives basically, including game data that the cheats are supposed to manipulate in some advantageous way.

        This is what leads many to plea for server-side anti-cheat that doesn’t invade the privacy of the end user (the client).

        The games that use kernel anti-cheat are still largely infested with cheaters of many sorts. At this point, defending such deep access sounds like letting some security people live with you, totally at your expense, all the time, even in the bathroom and watching you sleep and masturbate and everything, in the name of safety, because they’ll supposedly be there when some criminal comes to do some crimes, only for them to turn the blind eye when that criminal comes with proper disguise and a gun.

      • ozoned@piefed.social
        link
        fedilink
        English
        arrow-up
        51
        arrow-down
        1
        ·
        2 days ago

        That’s not a justified reason. To each their own, but no game is worth compromising my entire system.

      • cybervseas@lemmy.world
        link
        fedilink
        English
        arrow-up
        35
        arrow-down
        2
        ·
        2 days ago

        A video game is not a test you take in an exam room with a proctor monitoring you.

        If these developers want to make billions and billions of dollars on slop micro transactions and loot boxes, they can figure out how to detect these things and run more of their infrastructure server side.

      • thingsiplay@lemmy.ml
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        6
        ·
        2 days ago

        I don’t know why you get down voted. It is not zero reason, there are reasons why Kernel anticheat is implemented. Yes, its incredible dangerous and invasive for the local player. Yes it does not catch all of them. But there is a reason why its being done.

  • warm@kbin.earth
    link
    fedilink
    arrow-up
    61
    arrow-down
    3
    ·
    2 days ago

    Anti-cheat should be server side. Cheats are done on external hardware now as kernel AC chased them into the undetectable zone, well played.

    No game is worth sacrificing your entire PC to play.

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      edit-2
      1 day ago

      There’s so many cheats that are only possible because the game’s net code is just weirdly implemented.

      Like wall hacks, why can I see this other player on the other side of the map, why you sending me their position.

      • PapstJL4U@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 hours ago

        Culling is already done to reduce wall hacks, but a) sound needs an origin and b) people notice the difference between 3 frames and 6 frames reaction (1f =16.6ms)

      • Alberat@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 day ago

        it’s for speed. if I tell you they’re out of sight now, but will be visible in 50ms, it’ll be faster than waiting 50ms to recv their new position that’s visible and waiting on network latency which could be another 50ms in addition

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 day ago

          Right but we’re talking about 100s of ms of human reaction time (faster reaction time is around 200ms for ultra pros). Wall hacks where you only get 100ms of warning aren’t much good. So they absolutely could do something with it.

          • LwL@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            15 hours ago

            100ms more is absolutely enough to be massive because it just subtracts from however long you need to recognize the other player after they become visible. Not to mention that in slower paced shooters, people might just remain stationary near a corner for very long, and you can’t magically know when they start to move. Also in games where you can die with one well placed shot it could be 10ms and still be a significant advantage because you just need to be faster than your opponent.

            Afaik valorant does try to not send any info that won’t be needed, that doesn’t mean it’s immune to wallhacks, it just limits their effectiveness.

          • [object Object]@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            14 hours ago

            They can see each other though, which means one player may get information about the enemy 100ms ahead of another. That would be quite an advantage in a lot of games, especially in Rainbow 6 Siege where TTK is super short.

              • [object Object]@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                9 hours ago

                Nvm, I though you were talking about letting players know of the enemy location only when they are visible, which won’t be easy to calculate without creating some game-affecting latency.

        • Sir_Thominick_IV@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          1 day ago

          I’ve been working on a PvP game for the last few months.

          Visibility checks aren’t needed in all cases. Most RTS/2D/2.5D games don’t have this problem, or it is minimal.

          For games that do need them, they tend to be AAA FPS, which have the budget to make simple changes like lag compensation.

    • thingsiplay@lemmy.ml
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      8
      ·
      2 days ago

      Server side anticheat can’t detect lot of client side anticheat. Ideally you want to have both, if you want to catch most cheaters. One is not a full replacement for the other method. Local anticheat has the advantage of being much cheaper for the developer / publisher.

      • Sir_Thominick_IV@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        edit-2
        1 day ago

        Depending on the implementation, client side anticheat isn’t needed at all. Take the game Speedrunners for example. There is zero need for the server to do anything other than accept player inputs, process them, and return them to the clients.

        So if coded correctly, where the server trusts nothing and does the math itself, it is impossible to cheat while having zero anticheat on the client.

        And that’s without there being any additional cost.

        • GoatSynagogue@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          17 hours ago

          That’s all well and good, but a smash brothers clone is very different to CoD or Battlefield in this regard.

          Client side anti-cheat is absolutely needed in FPS/TPS. Without it, server side anti-cheat would have to do far more and quietly be much harder to do.

      • warm@kbin.earth
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        2 days ago

        It’s more costly to the developer when I dont buy their kernel AC game.

        • thingsiplay@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 days ago

          Unfortunately we are in the minority. Most people don’t know the difference or even care. So like with physical media, they only care about the majority.

          • warm@kbin.earth
            link
            fedilink
            arrow-up
            2
            ·
            15 hours ago

            Sure, in the grand scheme of things, but per user, not getting $70 from me costs them more.

  • DarkCloud@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    2 days ago

    We’re really going to kill this planet running algorithms against algorithms and it’s the stupidest way to go.

  • Artwork@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    2 days ago

    To understand why the requirements keep escalating, follow the arms race. Cheats started in user space, so anti-cheat moved into the kernel to see them. Cheats followed into the kernel, and then below it into hypervisors - so anti-cheat added hypervisor detection and began demanding a verified boot chain. Every time the cheat drops a layer deeper, the anti-cheat has to demand more privilege and more hardware trust to keep watching. That is what TPM 2.0, Secure Boot, remote attestation, IOMMU enforcement, and now forced firmware updates actually are: anti-cheat chasing cheats further down the stack.

    Source

    -–

    Wonderful day!

    I’ve been into the subject a few times already, and just in case, if interested, in short, the TPM is a specific module with its own API in modern motherboards that has inside a key pair known as Endorsement Key (EK) which is a permanent unique identifier burned into the hardware. It’s used to create signed EK certificates.

    To clarify, similar to the asynchronous cryptographic we may see in the general TLS certificates in HTTP traffic ( “green” lock), the TPM , as mentioned, has API to create public keys from its private key inside.

    The private key is burned-in by the manufacturer inside the module, which is also normally protected from physical damage to be self-destruct, by its standard requirements.

    Systems like Denuvo may create and encrypt their own data using the public key, and send it to the TPM to decrypt, verify, and therefore identify the hardware on their servers as an identity.

    The Endorsement Key (EK) is an asymmetric key pair consisting of a public and private key stored in a Shielded Location on the TPM.
    The public part of the EK can be read from the TPM while the private part MUST never be exposed.
    The public key of the EK is included in the EK certificate…
    However, the EK provided by the manufacturer MUST be defined as a non-duplicable key.

    Source: Credential_Profile_EK_V2.0_R14_published.pdf

    Though, I believe, the TPM specifications were actually designed by Trusted Computing Group with privacy in mind to prevent the EK from being used as a “global tracking ID”, some vendors or organizations may use it for undefined reason, and hence please do consider the opportunities your operating system and motherboard provide.

    Also, if interested in experimenting, and haven’t yet, in Linux, TPM is accessed via character devices (created by the Kernel module), and normally support different operations to read/write to, and located at /dev/tpm*, though these devices’ permissions are set to root only in all the Kernels I’ve seen yet. There are CLI software packages as tpm2-tools for the protocol.

    • snugglesthefalse@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 day ago

      So I actually disabled TPM the other week because as it turns out it was preventing my pc from entering sleep a significant portion of the time, I think the GPU wasn’t being allowed to save the framebuffer anywhere because the drivers weren’t proprietary Nvidia ones.

  • CosmoNova@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 days ago

    Absolutely! It‘s completely insane already but apparently you can still get around it sometimes by starting the game offline, then going online once you‘re inside and play online matches like normal without anti-cheat. Like, all these risks they burden their customers with just to be sloppy with the execution and rendering it useless. That‘s not malpractice anymore that‘s malicious.

  • dan1101@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 days ago

    More enshittification, pvp gaming is going in a direction I won’t go. Maybe if I had a dedicated computer for it, but there are no games that are worth it to me right now.