25 comments

[ 3.4 ms ] story [ 61.7 ms ] thread
Some cheats are using PCIe FPGA boards to get access to game memory totally outside of the OS. The boards are controlled from a separate computer.
Isn’t it trivial to defeat this type of AC? Grant your program SeDebugPrivelege and open a handle to the AC process. Inject away. NOOP any memory scanning routines.
They've usually thought of that level of the arms race.
The... ring0 process?
That's a good point. It will be a bit harder, but not entirely impossible. Position independent code/memory layout will complicate any attempts to modify the AC.
How does that work with having say 2 copies of the same OS (Win) on the same computer? On 2 separate drives? If I have the game on one does the kernel access affects both or just one? Obviously I'm not an expert but I actually want to give a game a try but I'd not install just on its own as is. Apart from buying an other PC or waiting an eventual console release I wonder what else can be done
If you install Windows on two separate drives, each copy of Windows has its own kernel drivers, so the Valorant installer would only install the driver onto the drive you were currently using. As far as I know, you can't install multiple copies of windows onto the same drive (barring partitions).
You can only have one running at once, so presumably the game simply won't run if it's kernel-level countermeasures aren't in place.
It’s important to know that Riot Games is 100% owned by Tencent, making it a Chinese company.

This doesn’t even mean a grand conspiracy is required. They have an office in Shanghai, so it’s trivial for the CCP to persuade a couple employees and leverage this as a kernel level backdoor into hundreds of millions of western PCs.

If you think this is unfounded speculation, remember US intelligence was accusing Karspersky with distributing malware for Russian state backed cyber operations just a number of years ago...

Or the recent BGP hijackings on US ranges that are transparently obvious by China Telecom.

> "This isn’t giving us any surveillance capability we didn’t already have," Riot noted in its blog post (using language that isn't exactly comforting on its own). "If we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network."

So not only are they injecting kernel level code and running it from boot, but they're being flippant about the level of control this gives them and downplaying the security implications here.

This gives me serious pause, because I have work on my gaming machine too, some of which is confidential client information, and confidential personal information as well. It's getting to the stage that games, a distraction, can't be trusted to be on the same machine as anything else.

> It's getting to the stage that games, a distraction, can't be trusted to be on the same machine as anything else.

The iOS/macOS sandbox, for games purchased through the App Store/Apple Arcade, provides some degree of reassurance.

Unfortunately the continuing spat between Apple and Nvidia, and the lack of games available, make the Mac a path less travelled for gamers.

Which is a shame, I'd love to use it for more, but it's poorly supported.

I've been gaming on a Mac for years. There are many Windows-only games, but I don't really miss that operating system. Between native Mac ports and the Nintendo Switch/3DS, my gaming needs are well covered. When there's something I really badly want to try on Windows, I fire up CrossOver, Parallels, or Boot Camp, in that order.

Right now the GPU in my 2019 16" MBP (5300M) seems to be good enough for everything I want to play, and the 5500M is said to be even better. Of course the problem remains optimization for macOS which most ported games don't have.

Apple Arcade is actually a ray of hope, even for core gamers. There's some good stuff on it, give it a try.

Right now I'm going to remove anything Riot-related I find on my macOS installation.

Apparently, the anti-cheat system is also blocking VMs from running the game https://twitter.com/RiotSupport/status/1248402073269309441
I've seen that happening with other anti-cheat system in other games.
That's pretty basic as far as anti-cheat goes. This can be done on the application level.
I wonder if this also prevents running the game if you have Hyper-V or Hyper-V based technologies (Windows Defender protection, Container support, WSL2) installed. That would be a real bummer - because you can't game on your dev-computer then.
Its a rootkit. Hopefully microsoft pushes an update to remove it like they have done for other malware like this in the past.
I have a problem with it, even ignoring the Chinese influence or any direct spyware/vulnerability issues.

If it's seen as a good idea then soon everyone will want to do it and our computers will suddenly be back in the hellscape of 00's browsers. I don't want to know what my computer will be doing when 10 companies' kits are actively competing with each other, the OS, anti-virus etc.

For those who don't know, Riot Games recently released a closed beta of Valorant, their new game with this anti-cheat. Valorant is a direct competitor to Valve's CS:GO, borrowing it's core loop and even some of its weapons.

It's interesting to compare the two approaches to anti-cheat that the two companies are taking here:

* Valve use VAC, an unobstrusive memory scanner in user-space with an emphasis on never having false positives.

* Valve use machine learning on game replays to detect obvious aim-bots and spin-bots

* Valve enlists the community via the "Overwatch" program to review game recordings and spot cheaters.

* Valve supports CS:GO on Linux.

* Leveraging your Steam history, Valve creates a "Trust Factor" score for every player and keeps trusted players together.

* Riot uses ring-0 scanners.

* Riot will not allow you to run Valorant in a VM.

* Riot will ban specific hardware if a cheat is detected. Beware when buying 2nd hand motherboards!

* Riot does not allow you to host your own Valorant servers (this makes hack-vs-hack servers, which some people enjoy, impossible)

I think that in the long run Valve's approach, particularly with Trust Factor, will be proven the better of the two.

https://www.youtube.com/watch?v=ObhK8lUfIlc

The wonderful world of games running on your PC.

Recently I tried to get Dirt Rally 2.0 to run on my Linux gaming machine. Apparently, according to ProtonDB [0], the solution to get it to work is installing a fully trusted root-certificate from Codemasters on your system (not only in the Wine/Proton environment) [1].

In case you don't know, this means Codemasters can now man-in-the-middle every https connection from your computer. This is insane imho.

I tried to comment on that thread but they need full system information before you can post anything on ProtonDB.

[0]: https://www.protondb.com/app/690790

[1]: https://gist.github.com/PeXArtZ/020931f0182cafe84c623b5584da...

You know what they say about the cloud.

There is no cloud, it's simply somebody else's computer.

Welcome to the next level where even your personal computers is somebody else's.