Are you sure VAC doesn’t detect spin botters? Valve has implemented neural net based cheat detection trained from overwatch cases (players watching demos of reported players and judging if they were cheating). It’s a rather nice solution and doesn’t involve kernel mode drivers from a third party I don’t trust to make secure kernel mode drivers (a la battle eye or punk buster).
Yikes, I really don't want an effective random number generator deciding whether or not if I get to keep using the product I payed for. Refuting a cheat-accusation/action is pretty much impossible as is.
AFAIK, the ML piece only selects candidates to review for cheating. The overwatch volunteer(s) still need to watch your demo and judge if you're cheating.
I still get to see them play full games when I do overwatch myself. This should be a round 1 kick, instead they waste everyone’s time and ruin their experience. Same goes for obvious wall- and aimhacks. I see non obvious cheaters every 2nd game or so (players following but not tracing you through walls or soft aimlocks for example). VAC doesn’t do any process analysis as far as I know and as such, it will only ever be able to ban players after the fact (if it does even that, because „legit“ hacks will almost always pass due to overwatches high consensus requirements)
I think overwatch is just there for confirmation in most cases. That makes sense imho.
FWIW I tend to only see cheaters on casual. The TrustFactor thing seems to work fairly well, because (judging by Overwatch) the cheaters seem to be among their likes. It must suck for new (non-prime) accounts, though.
It does. My brother started playing recently and the matches I’s play with him were abysmal. Toxic players, bad communication, no organization, and cheaters relatively often. I bought him the game and it is indeed night and day. I personally just saw my first hacker in a prime lobby in the 300 hours I’ve played since prime became a thing.
I haven't seen a spinbotter for ~4 years, I have 500+ hours on CSGO, average 2 games a week. I think VAC is catching them. But it's also possible people don't rage-hack anymore, and prefer the self delusion of stealthy hacks.
It's very expensive to rage hack, mostly due to account age and phone number requirements. Sure, you can buy an account or play for 20 hours to get in good standings, in matchmaking - but VAC will evaporate you in a single match.
> Well, until they remove most of the ROP gadgets...
This is unfeasible. ROP gadgets essentially show up in "random" locations. Not to mention that they might also show up in code that Valve has no access to.
I've got no problem with people writing hacks for games; with the shit that gets released these days I expect it would often be far more rewarding than playing the game itself.
That said, authors should follow responsible disclosure, give the game company some time to respond before releasing.
> That said, authors should follow responsible disclosure, give the game company some time to respond before releasing.
Stack-smashing attacks have been around since at least 1988[1]. This cheat has less to do with the game itself and more to do with the computing architecture (i.e. stack-based). ROP is an active area of research and "code hardening" is a way to mitigate such an attack[2], but (from what I understand) usually comes with performance penalties.
I don't see your point. Do you think the authors shouldn't give responsible disclosure because the underlying mechanism has been around for a while? The company would obviously fix the area where false data is allowed to be injected, not systematically harden their entire codebase against any possible ROP-based attack.
There are going to be hundreds or thousands more, possibly outside of their code. They are easy to introduce in your code, fairly easy to find and hard to fix. It's more of an idea or PoC on how to write cheats than a specific exploit.
On another note it's not an exploit in the classic sense - if you own your game you're legally allowed to do what you want with it in most countries AFAIK. I'm not convinced responsible disclosure even applies here.
I don't think R.D. should apply when the exploit can benefit the device owner in gaining control over their device.
Rooting/jailbreaking/safetynet exploits (and exploits that can be used for rooting and jailbreaking) shouldn't go to google and apple first, they should go to the users first.
The same applies for bypassing anti-cheats or other modification prevention systems or other attestation systems.
Even when that benefit is at the direct expense of other users? Your device rooting example is different compared to online cheating in this respect and to me that's key.
> I've got no problem with people writing hacks for games; with the shit that gets released these days I expect it would often be far more rewarding than playing the game itself.
Hacks in singleplayer games are fun. Hacks in multiplayer games are not. If someone thinks the game is shit and unrewarding, they should just not play it and not ruin it for everyone else.
Sorry to disappoint, but stuff like the glowESP for csgo are around since the source engine released in 2004. Even normal cheats on github like charlatano are undetected, and that one is pretty popular.
It's not petty. Hacks in multiplayer games ruin the game for everyone else, and the hack developer hopes that the hack will stay undetected forever. That's not proud. It's more like "I hope you can use this to be assholes and ruin the game for all other players as long as the game exists."
Also, this is just a game, but if it was ransomware and the dev said "hopefully this ransomware will be antivirus undetected for ever", you'd probably have a different opinion, no?
Perhaps I'm just going with a more charitable interpretation. The hack developer came up with what he thinks is a new approach that fundamentally undermines the approach taken by anticheat developers, of course he hopes that his work wasn't in vain.
Yeah, I think it is petty to call him out for having a "bad attitude" because of this.
I’m completely out of the loop with respect to gaming and cheating nowadays, and I’m not the target audience of the readme, so pardon my ignorance: how is this used? Via exploits in the game? Injected locally by a more privileged process?
In csgo specifically you can either inject a DLL (simplest way would be LoadLibraryA, but there are more methods) or just getting a handle and read / write memory.
How this cheat does it I dont know. And I am too lazy to check :)
If you're interested in learning more about ROP, I highly recommend this fantastic writeup CTURT produced about hacking the PS4 (which, of course, used ROP). https://cturt.github.io/ps4.html I
45 comments
[ 3.6 ms ] story [ 94.0 ms ] threadyeah... until they patch it
https://youtu.be/ObhK8lUfIlc
FWIW I tend to only see cheaters on casual. The TrustFactor thing seems to work fairly well, because (judging by Overwatch) the cheaters seem to be among their likes. It must suck for new (non-prime) accounts, though.
https://kotaku.com/apex-legends-will-make-cheaters-play-agai...
> So hopefully this cheat will be VAC / PB undetected for ever
Well, until they remove most of the ROP gadgets or employ CFI?
This is unfeasible. ROP gadgets essentially show up in "random" locations. Not to mention that they might also show up in code that Valve has no access to.
That attitude really grinds my gears. I'd much prefer to see something like "here's how we think Valve could fix this permanently".
That said, authors should follow responsible disclosure, give the game company some time to respond before releasing.
Stack-smashing attacks have been around since at least 1988[1]. This cheat has less to do with the game itself and more to do with the computing architecture (i.e. stack-based). ROP is an active area of research and "code hardening" is a way to mitigate such an attack[2], but (from what I understand) usually comes with performance penalties.
[1] https://lwn.net/Articles/732201/
[2] https://cs.brown.edu/~vpk/papers/ccr.sp18.pdf
On another note it's not an exploit in the classic sense - if you own your game you're legally allowed to do what you want with it in most countries AFAIK. I'm not convinced responsible disclosure even applies here.
Rooting/jailbreaking/safetynet exploits (and exploits that can be used for rooting and jailbreaking) shouldn't go to google and apple first, they should go to the users first.
The same applies for bypassing anti-cheats or other modification prevention systems or other attestation systems.
Hacks in singleplayer games are fun. Hacks in multiplayer games are not. If someone thinks the game is shit and unrewarding, they should just not play it and not ruin it for everyone else.
They dont really do shit
Seems like the next logical step will be for one of the many people specializing in defenses to develop a "permanent" fix :)
Also, this is just a game, but if it was ransomware and the dev said "hopefully this ransomware will be antivirus undetected for ever", you'd probably have a different opinion, no?
Yeah, I think it is petty to call him out for having a "bad attitude" because of this.
How this cheat does it I dont know. And I am too lazy to check :)