To be fair here, the push for attestable computing environments has been here for a long time now. SafetyNet was introduced on Android nearly a decade ago. We will certainly see more of this with desktop OSs in the future.
Can't help but feel like this is Microsoft leaning on devs to make the general PC multiplayer gaming experience so onerous that they'll choose to get an XBox instead.
I am not sure Secure Boot, TPM, or kernel-level anti-cheat still manage to accurately detect hardware with direct memory access. DMA hardware can still circumvent all of these things, and they only cost a few hundred bucks. The question in my mind remains: why would you pay ~$300 for DMA hardware and then ~$10-100+/month for an active private cheat? Is it worth it to look cool online to random strangers before you eventually get algorithmically detected or mass-reported and manually banned, just to create a new account and start all over? Even for those cheaters who buy high level accounts, what is the endgame of spending all that money and recycling the process?
Cheating will slowly look more and more like trying to hack your own machine.
Secure Boot+TPM combined with decent firmware will make cheating a lot harder. If the firmware ensures random devices don’t get BME set before the IOMMU is properly, attestably, configured, you are basically now stuck looking for bugs in the TPM and UEFI if you want to shove yourself beneath the OS unnoticed. These are full of bugs, so that will work for a while, until it doesn’t.
Popping windows will probably work for some time, but HVCI will make this a pain once ubiquitously required.
And you have to do all of this while also not being detected for aberrant behavior. Eventually, the analog hole might end up being easier, lol.
It doesn't matter. The new Battlefield was hacked within 24 hours of the beta using the same DMA GPU-spoofing hardware you could buy from China for the past decade. It's not a palatable notion, but you cannot really have PC gaming without some level of cheating taking place.
Can you not simply enroll your own keys in your TPM and still boot with custom-signed drivers that circumvent all this? I mean, yeah, it's a lot more work but it would still work I guess?
> Since cheat authors will not be able to get their drivers signed by Microsoft
Why not? Presumably Microsoft will decline if you say outright "this is for cheating", but if you make a kernal driver that happens to have a feature for executing commands from user space for a benign reason, i don't think they would decline to sign it. There are a few million windows drivers, there are plenty of situations where a weirdly specific driver has a valid use case.
Qemu is capable of running secure boot enabled operating systems with swtpm emulating a physical TPM. There's also vDRM, virgl, and Venus for accelerating graphics workloads in guests, along with a proof of concept Windows driver.
How exactly do anti-cheat vendors intend to prevent this kind of setup from being effective?
This is a hill I'm willing to die on: Failure to do proper server side checking is carelessness in the face of making a quick buck.
I distinctly remember being a kid bypassing this type of software back when it was just Game Guard at the top. There's nothing that's going to stop kids from doing it today.
It's an arms race doomed to failure until these game devs stop being lazy and just put in the sweat required to get their houses in order.
Server side checks. That's it. User input is tainted evil and you can't trust it. Anything less than server side checking is insecure.
So, there is a unique public key associated with each CPU, and that key can't be changed or spoofed because it's signed by the manufacturer... Sounds really bad.
17 comments
[ 3.4 ms ] story [ 49.8 ms ] threadSecure Boot+TPM combined with decent firmware will make cheating a lot harder. If the firmware ensures random devices don’t get BME set before the IOMMU is properly, attestably, configured, you are basically now stuck looking for bugs in the TPM and UEFI if you want to shove yourself beneath the OS unnoticed. These are full of bugs, so that will work for a while, until it doesn’t.
Popping windows will probably work for some time, but HVCI will make this a pain once ubiquitously required.
And you have to do all of this while also not being detected for aberrant behavior. Eventually, the analog hole might end up being easier, lol.
Why not? Presumably Microsoft will decline if you say outright "this is for cheating", but if you make a kernal driver that happens to have a feature for executing commands from user space for a benign reason, i don't think they would decline to sign it. There are a few million windows drivers, there are plenty of situations where a weirdly specific driver has a valid use case.
How exactly do anti-cheat vendors intend to prevent this kind of setup from being effective?
In a word: attestation.
In more words, the CPU TPM contains a key signed by Intel / AMD or whoever, and can prove it. swtpm doesn't, and there is no way to fake it.
I distinctly remember being a kid bypassing this type of software back when it was just Game Guard at the top. There's nothing that's going to stop kids from doing it today.
It's an arms race doomed to failure until these game devs stop being lazy and just put in the sweat required to get their houses in order.
Server side checks. That's it. User input is tainted evil and you can't trust it. Anything less than server side checking is insecure.
How would they be able to detect that the TPM is discrete?