Now if only they could more clearly communicate when games are playable offline.

  • corroded@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    8
    ·
    1 month ago

    Why is kernel-level anti-cheat even a thing?

    If I was trying to prevent cheating, I’d hash the relevant game files, encrypt the values, and hard-code them into the executable. Then when the game is launched, calculated the hash of the existing files and compare to the saved values.

    What is gained by running anti-cheat in kernel mode? I only play single-player games, so I assume I’m missing something.

    • kevindqc@lemmy.world
      link
      fedilink
      English
      arrow-up
      51
      arrow-down
      1
      ·
      1 month ago

      Because there are kernel-level cheats

      What you proposed can very easily be bypassed without even needing kernel access by just editing the executable code that checks hashes to always return true

      • sp3ctr4l@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        1 month ago

        … Buuut you can still defeat Kernel level Anti Cheats.

        https://m.youtube.com/watch?v=RwzIq04vd0M&t=2s&pp=2AECkAIB

        Which means that you still have to end up relying on reviewing a player’s performance and actions as recorded by the game servers statistically via complex statistical algorithms or machine learning to detect impossibly abnormal activity.

        … Which is what VAC has been doing, without kernel level, for over a decade.

        All that is gained from pushing AC to the kernel level is you ruin the privacy and system stability of everyone using it.

        You don’t actually stop cheating.

        It is not possible to have a 100% full proof anti cheat system.

        There will always be new, cleverer exploitation methods, just as there are with literally all other kinds of computer software, which all have new exploits that are detected and triaged basically every day.

        But you do have a choice between using an anti cheat method that is insanely invasive and potentially dangerous to all your users, and one that is not.

    • SkavarSharraddas@gehirneimer.de
      link
      fedilink
      arrow-up
      17
      arrow-down
      2
      ·
      1 month ago

      Modern cheats for multiplayer games don’t modify local files (or attribute values in memory), since the server validates everything anyway. They’re about giving you information that’s available but not shown in the game (like see-through walls, or exact skill ranges), or manipulate input (dodge enemy damage, easy combos). Those cheat can run in kernel mode (or at least evade detection from user mode), so the anti-cheat needs kernel mode to be more effective.

      • ysjet@lemmy.world
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        2
        ·
        1 month ago

        since the server validates everything anyway

        Oh you sweet summer child.

        The server doesn’t validate shit, because that takes up CPU cycles on THEIR hardware, which costs them money. A huge part of kernel level anticheat is forcing YOU to pay the cost for anticheat, so they can squeeze a few more pennies out of it. And if your computer gets owned because they installed insecure, buggy malware on your system…? Well, they’ll just deny. After all, it’s kernel-level, how are YOU going to prove anything?

      • Katana314@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 month ago

        If server validation was still a common practice (as it should be) then cheats wouldn’t come in the form of speed hacks, teleportation hacks, or invincibility. The traditional thing in CS that was hard to prevent is aimhacks and wallhacks. I respect that those are hard to prevent, but they can be much less impactful in modern hero shooters.

    • ampersandrew@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      1 month ago

      They can prevent you from running cheats that other anti-cheats can’t detect. For instance, they could modify the value in memory so that your calculated hash always succeeds even when it’s modified. This doesn’t stop cheating though; it just means cheaters have to use cheat hardware that exists at a layer that even kernel anti-cheat can’t detect.

    • Maalus@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      1 month ago

      And then a game gets updated so the hashes don’t match and uh oh, everything is fucked. Oh, but we can change the hashes of the files in the executable! Yeah, so can they. People modding shit into the executable is basically a given. Let alone the fact that you’d need to sit through a steam “validation of files” length of time every time you’d need to launch a game (because validation works exactly as you have described).

      What is gained is that it has access to more information. Some cheats use an entirely different program / process that reads memory and outputs info that is available to the game but hidden from the player. Like a client needs to know where a person on the other team is to be able to draw their model. So you read that, you put a little box over where they are, and bang you have wallhacks.

      • unalivejoy@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 month ago

        I think the popular thing now is to mod your mouse so it clicks on the enemy player’s head.