I also have no trust in any sort of gaming related records of feats of ability. I've been deeply involved with gaming communities in the past where people would show off their world records. I would question such scores only to be flamed and then years later it is discovered they were cheating after all.
Really my only point is that I despise cheaters and any game that isn't single player or only between friends may as well not exist for me anymore.
Valve in their "infinite wisdom" decided to funnel the bulk of players into a matchmaking style multiplayer system, while relegating decades of player-run (and previously Valve run) dedicated servers to a "Community" tab that opens the old school server browser
Consequently the game has been absolutely infested and overrun with bots for the last couple years. They all play Sniper and aimbot instant headshot players on the enemy team, they're also programmed to steal a players username and steam avatar (because there is no throttling on changing that information live, even when connected to a game server)
Consequently the paranoia of most players means that even if you're just a "good sniper" (as someone with about 8,000 hours in the game over the last ~14 years) you'll almost immediately be the subject of a votekick. To which you have to get on microphone and plead "I'M HUMAN, I'M HUMAN!" and hope players don't automatically just vote to remove you
In a few months even this won't be good enough.
Having said that I've run into plenty of "hackers" and cheaters over my decades of online play. I steer clear of certain types of games as the player base seems more inclined to cheat.
Found an old screenshot of Counterstrike after I got auto balanced.
If you get good enough to reliably point your weapon at their head (before they do it to you), you are basically invincible.
It is a badge of honor, not a hassle.
It used to be script kiddies with aimbots downloaded from somewhere, nowadays it's cheat developers making hundreds if not thousands of dollars per month from renting cheats or selling carry services.
As in, maybe people are often wrong when accusing cheaters, but with numbers like this they’re often correct too!
That and similar ridiculousness were fairly common.
I actually didn't mind that stuff, it was funny enough to outweigh the irritation of not getting to play a real match. The ones cheating without making it overt were the ones who'd truly ruin a match.
> You wouldn't cheat at tic tac toe despite the inherently low stakes of the game so it doesn't seem any different in any other video game.
I don't get it, but people do cheat. They cheat in online games, they cheat at board games, they cheat at tabletop RPGs(?! and no, I don't just mean the DM fudging some roles in the name of fun—they have a screen for a reason) [EDIT] What I mean is, there must be some impulse to do it, even when the stakes are nonexistent and it might even ruin the fun for everyone. It's not even uncommon. I don't get it either, but it must be there.
If there are gonna be cheaters, I'd rather they do silly shit like that than just be using wallhacks, radar, or aimbots.
The latter group will often cheat if necessary as winning is the need and the priority. The talented ones usually end up in profitable pursuits like business and poker rooms. The losers (pun intended) will gravitate toward friendly competitions where people have their guard down and cheating is easy. At least that’s what I’ve seen.
The best strategy is to detect these people and ban them because appealing to values won’t work.
Missions are arranged into five difficulty levels ("Hazard 1", a.k.a "Haz1", the easiest, through "Haz5"). I've found that, when playing with random people, Haz2 or Haz3 gets you a good combination of players. Of course there are toxic players, but the proportion of them (that is, the number of toxic players as a percentage of the playerbase online at any given time) is low.
I think Haz4—more difficult than Haz3 but not Haz5—has a higher chance of toxic players. I avoid Haz5 as it's _extremely_ difficult for my skill level, but I understand the players who regularly do Haz5 missions are good folk.
If you play DRG on Steam, and you ever see me online (http://steamcommunity.com/id/CaliforniaKarl/), feel free to ping me for a mission!
The few people you saw cheating were probably frustrated enough with the game they decided burn their accounts and ticked enough boxes in their cheat menus to let them go out with a bang. It may of course be that you are particularly good at spotting cheats and Halo Infinite is just blessed to be relatively cheater-free. (I've not played it.) But I'd expect 1-2 orders of magnitude more games to have cheaters than your estimate.
That’s the difference. The stakes are way higher in video games. People pour thousands and thousands of hours into these games. They dream of going pro and joining one of the big teams. They dream of winning the big tournament for real money. They dream of having a popular Twitch stream with many thousands of viewers throwing even more money at them.
Most fall far short of those dreams. Instead they throw temper tantrums and rage at their teammates over voice chat. Some get so frustrated about their lack of progress that they search for alternative means. That’s where cheating begins. It’s really no different from sports.
For instance, I played a free to play game. The servers just went live and it was the VERY FIRST MATCH of the game. It wasn't soon before one guy on our side was crying because we all sucked. I see this type of behavior everywhere.
Instead, every single game now is optimized for streamers, content creators, and a small "Professional" scene. So now, when a single popular youtuber wants a meme gun, the devs add a powerful slug to the double barrel shotgun and a red dot sight, so that youtuber can make a highlight reel of headshotting people across the map with a damn shotgun while throwing the entire tactical part of the gameplay out the window. The community spends 6 years complaining about a tactic that is basically just spawn camping, and the publisher gives radio silence, but there's a weird, niche tactic using your favorite character in the pro scene that is SLIGHTLY better than random in effectiveness, and you better believe that character is getting a hard nerf.
Now I boot up the game, and if I have a good match where I did better than expected, the system responds to that by putting me in a much harder game, where I'm expected to lose, because that 50% win rate must be ENFORCED. Even if you constantly improve at the game, you just get put in front of more and more talented people, wiping out any joy you might experience from your improvement. Meanwhile, you continually get destroyed by 12 year olds that don't have to cook dinner every night and have plenty of time to hone their skills. These systems are even implemented in """Casual""" game modes, which are then full of pro players on new accounts making youtube highlight reels.
So yeah, excuse my old man anger, I just literally lived through a better time. Right now it is impossible to sit down with my friends and enjoy a PVP game together, because casual multiplayer has been thrown to the wolves, often in service to memes.
Whenever you have a sentence that has 'these days' and is describing human behavior, just leave off these days.
Humans have been cheating pieces of shit throughout history, especially when they are in a position where there is no recourse from the other parties in the transaction.
And you know what would be especially satisfying to do against these pathetic losers? Cheating against them and watch them rage.
Seriously, I don't think the "man children" and the people complaining about them are all that different. You were clearly not engaged in traditionally approved adult activities either, if you were there for the very first matches of a competitive computer game.
"It's just a game" is a lame excuse. A game is using real time.
See also this video about why it's considered rude to suck at WoW: https://www.youtube.com/watch?v=BKP1I7IocYU
One time there was a blatant hacker on the Markov server in the original PlanetSide (a TR player with a name like iIiIiIiiIiii) that was using some sort of time/speed hack to move and shoot at some large multiple of normal.
They were having a lot of fun camping inside towers to kill people spawning there, so I managed to camp out in one before they arrived and held a good corner with my trusty bolt driver (sniper rifle). I managed to pop them once on their way up the tower, and I think they were moving so fast that they didn't realize it'd happened until they got to the top. Just enough time to reload and switch angles for them to come back down.
I know the hacker was there to enjoy ruining fun for others, but they gifted me what was unambiguously the most exhilarating, triumphant, and memorable of the 25K+ bolt driver and 40K+ total kills I recorded.
I also will never knowingly permit a program to run on my computer that performs remote attestation or otherwise uses my hardware against me. Neither will I accept opaque anti-cheat kernel modules. I don't want anything to do with malicious anti-user software.
Wall hacks are another common hack; getting information that the game client has but that you aren't supposed to know. I think games will have to evolve to being "perfect information", just let all players see behind walls.
All in all, I don't see cheating as ruining gaming as a whole. Game designers will design games that are more difficult to cheat at, and hopefully there will be less cheaters ruining your matches. I would definitely play the can-see-behind-walls-and-aim-doesn't-matter FPS!
"I think games will have to evolve to being "perfect information", just let all players see behind walls."
I enjoy cs go, and I can't recognize a difference with good aim and aimbot. So there is no difference with a cheater or a smurf for me.
Probably why competitive fps games are at the top of the list for cheat makers.
They are hard to detect by eye and can be easily made to look human-like.
hard to spot because it doesnt give as big advantage due to game mechanics/dynamics.
Majority of cheaters that I've met were when I've been leveling new account
Also:
Today on HN we complain about cheaters
Tomorrow we will complain about kernel rootkit from anti-cheat software and someone will argue that server-side should be enough :)
Mostly because actually spotting cheaters takes a lot of game knowledge and experience. In FPS games anyone can spot a spinbot, but how you can be sure that someone uses wallhack? or aimbot that just slightly corrects the aim?
Without proper game knowledge you wouldn't be able to distinguish a wallhack from someone listening to footsteps, having info from teammates, and having a good map awareness.
It is very easy to cry 'cheater', especially without any actual proof. Without knowledge that, for example in CS: spray patterns exist, even someone correcting them would look like a cheater to a newbie.
I spent about 300 hours lately playing new COD, and there was only one case where i suspected someone of cheating. One.
And i do play a lot of FPS, and played them for good 25+ years.
It would seem like players had good map awareness, and would be really hard to spot.
It takes a minimal amount of study, training, effort to be a perfect tic tac toe player. If you put a small amount of effort into it, you can get skilled enough at tic tac toe to never make any mistakes, to never end up with a result less than a draw. No amount of improvement will ever give you a better result.
Not so with nearly any online game, especially one with as high a skill ceiling as Dota2. You can always get better, there's always room for improvement, there's always someone better than you. If you could get just a little bit better, you will win more games, no matter how good you are.
A really smart SBMM would solve both problems. One that not only prevents players from artificially dropping rank, but also hiding their skill and maintaining a lower rank; and perhaps instead of an ELO, also matches players with similar play-styles. Because then cheaters will quickly end up in a rank with other cheaters, and won’t be able to leave unless they buy another copy of the game.
...but admittedly i've been turned sour by a few purchases recently in that genre .. so i'm probably just axe-grinding ;)
An example is Tekken where I play as Lei Wulong. He's extremely uncharacteristic and idiosyncratic, to the point that if you fight actual Lei players -- it's immediately obvious that bots don't play the same. One of my friends (a newer fighting game player) particularly hates my playstyle and tried to scrim against Lei bots to practice, but instantly realized they play nothing like me or any other Lei. Lei is a rare character to play. So he had to just keep scrimming, really.
Many fighting games also have literal handicap mechanics that might be seen as equivalent to cheating in some capacity, but for the same reasons, it doesn't matter. They are often there to level the playing field, which is considered fair. Basic Combos in Tekken allow even the simplest of players to pull off powerful moves like Wind God Fist, but it doesn't matter how easy Wind God Fist is, I can and will still beat them even with that handicap, with no special moves of my own, because I can just read their attacks and respond and punish all of them and set them up and bait them endlessly.
That said cheating does happen but often it's the last thing on my mind. Bullshit characters that are unbalanced is where all the complaints go. ;)
TL;DR Humans have distinct fighting styles, and fighting games are largely mind games once you get into them. Cheats that are subtle enough to avoid detection can often easily be outplayed because of it.
https://www.penny-arcade.com/comic/2004/03/19/green-blackboa...
The only positive thing is maybe gamers will push for more local multiplayer options.
I've played many competitive games over the years, many to a decent level in the top 5-10%. Thousands of hours of play.
Cheating is almost non-existent.
I've been accused of cheating though, especially in CS:Go + Overwatch, when I wasn't even that good. I couldn't hold a torch to professional players.
I've seen orders of magnitude a more complaints about cheaters in chat, than I've ever seen actual dodgy behaviour.
Sometimes you're just on a streak, or lucky.
You're just bad at losing.
I'm a gamer but I don't think that they're meant to be taken seriously.
Game publishers won't allow this again because it they can't "control" it and it won't make them money. Fortunately, opensource games still exist :D
Personally, I'm mostly referring to Tarkov. I don't play anymore. I used to love it and try to convince my friends to get it, but that was years ago. I only play the single player mod on top of it now.
I've generally moved on to single-player and coop games now. Everything else is excruciating. And part of that is that I have less free time, so wasting it on being angrily competitive and anxious just isn't appealing to me anymore. I don't have time to be on-par with sweatlords.
I have run into cheaters but most games are fine, sometimes you even manage to kill a cheater, fun times.
All sports are like this. Welcome to Earth. Sorry.
There's your problem right there.
Any speculation as to how this worked on a lower level ?
There are multiple ways to detect this. Hardware breakpoints were already mentioned, but they only work per thread, so if one is sniffing on your memory from another process or the kernel then these won't help.
The most stealthy and evil way I found was to allocate a page but never actually use it.
Windows lazily allocates physical memory for fresh memory pages when they are first used.
The detection is to periodically poll the page map from your process and check your canary pages via NtQueryVirtualMemory. If your unused page suddenly is backed by some physical memory then something happened to read from it! Bonus-points for putting such canary pages into places previously used for real game data.
This method is not foolproof: Anti-virus programs can read memory of all programs (but don't, Overwatch e.g. does not like this and crashes randomly due to this exact protection method). A bug in the program could also read from the page accidentally (e.g. out-of-bounds array read). But it's a /very/ good indicator that something is wrong when other cheat detection mechanisms also trigger.
Once you know how this works it's pretty easy to defeat unfortunately: Read the page map first, then avoid reading pages that have no backing physical memory, because those contain no useful data at best and are canary pages at worst.
Obfuscation and deobfuscation is also super interesting. I think overall reverse engineering and figuring out how things work is one of the most interesting things in computer science.
https://github.com/obfuscator-llvm/obfuscator/tree/llvm-4.0/...
https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm...
It took like a decade before anyone noticed, but all screenshots were very very very slightly modified to hide (in plain sight) a blob of data that gave the account name, date, time, server, etc.
Just in case a screenshot ever got posted and they really needed to know who took it and when.
Antivirus was a concern but easily solved by the fact that cheats access memory many times a second, antivirus does it rarely if ever.
(Jokes aside, the kernel does not provide any information about which application reads a canary page. It's best to just use this as necessary condition and take it with a good pinch of salt.)
This trick is used to catch cheaters on minecraft, by spawning in fake diamond blocks that would only be visible to specific cheats (xray). If a user suddenly were to dig to these blocks, you can be reasonably certain there's something fishy going on.
Other way to think about it, is adding an invisible field to a contact form that is only hidden through CSS
Watch out for autocomplete though.
https://learn.microsoft.com/en-us/windows/win32/memory/creat...
It can just be something exposing a data structure that gives the player some unfair advantage and them watching the players that could only have achieved some very unlikely advantage in the game by exploiting this information.
In a FPS for example, if a player consistently anticipates their adversaries sneaking behind a wall, well beyond what would be dictated by probability laws, there's a very high chance that he is cheating in a way that allows him to "see" their adversaries behind walls.
Specifically - I wouldn't fancy writing the "consistently anticipates their adversaries sneaking behind a wall" heuristic you describe but the earlier post describes the API that already exposes the "has read canary page" functionality.
I know it only from stories, so forgive me mistakes.
So basically
action X at patch Y sends instruction Q1
and then
action X at patch Y+1 sends instruction Q2
but cheating/botting software when ran straight after the update still sends old instruction Q1,
which is now impossible to be generated by legit player and this way you can instantly mark player as botter.
but I think it cannot be it since modern cheaters wouldnt be this stupid, right?
you might not trigger the cheater-flag on a single access (because of, as mentioned, antivirus etc.) but if your page gets accessed over and over again, you can be quite certain that someone is reading it who probably shouldn't...
to be clear, this was not a honeypot, but they claimed it to be
struct player_info {
std::string name;
vector4 position;
vector3 orientation;
int level;
...
}
Even for non F2P games it is usual for cheaters to use phished or hacked accounts that they buy for a few cents. There are also accounts that are tradebanned because they were used as bots for 3rd party trading websites and they are basically worthless after getting tradebanned.
The old business model of just charging a lot of money up front for the game seems like it wouldn't have this problem to the same extent. You just ban their key and they're out $20-60. But that business model is less popular now I guess.
The problem with such games exists as well but challenges are different:
- cheaters still have access to phished/hacked abandoned accounts that own the game that they can buy very cheap
- another way to get new accounts for cheap is to buy the games in countries where the games are cheaper i.e. argentina or turkey
- there is very little motivation from developers to completely stop the cheaters or slow them down (every banned account is a potential sale of new copy of the game) the developer benefits financially from cheaters continuing to evade bans
- the players hurt the most (who already bought the game and paid the developer) don't generate any new income to the developer and dont pose any risk to income generation unless they quit the game en masse (discouraging potential new players from buying the game)
If your character or account was flagged for cheating, you were put into a public multiplayer pool/jail with all the other cheaters and would only match games other cheater.
It's clever because you never actually know what you did to get caught or if you have even been caught.
You can only suspect when you notice nearly everyone else you play with also cheats.
Monthly active users should be in the millions.
Million to two million would be my estimate of players. Still leading to 2-5% of player base. Which itself isn't small either.
It's also possible some of those accounts were created to be sold on on a marketplace. Online gaming marketplaces have traders with in-game items, credits, and even accounts for sale. It's especially big for online games where item duplication glitches allow some players to hoard hundreds-thousands of hot commodities. Accounts that have maxed out levels, achievements, and/or rare rewards (possibly via this cheat) can sell for hundreds of real world dollars.
And, you don’t offer any data or evidence for this.
There are thousands of businesses and million of users who don’t care about and don’t need this.
You have to fundamentally alter how you serve these experiences to customers if you really want to solve it.
Hundreds of thousands played. Blizzard released patches in beta that would, for example, spawn infernals to attack your town hall if it detected you were on the emulated server. This reminds me of that. Blizzard lost their battle, by the way, and people pirated WC3 all the way until release.
https://www.thesixthaxis.com/2011/12/08/how-to-get-rid-of-th...
This happened a few times at LAN parties to my friends, some of whome gave each other the game by copying the install directory across. Took us a while to work out what the hell was happening.
I remember in Settlers 2 or something (before Ubisoft ruined it) the iron smelter was producing pigs in pirated versions.
However, it wasn't extremely good at detecting them leading to pissed off legit players.
I would play it almost exclusively in a web design class I took. That class was where I learned HTML; that wasn't the focus of the class, not by a long shot, but it was the thing that captured my interest the most. I ignored everything else in that class in favor of the Wintermaul Tower Defense custom map.
Custom games and ladder were usually clear, besides map hackers in custom games. Every few months things would be wack (remember the enemy workers are sheep hack?), but it was pretty fair
They most certainly did in this case. This was for the private beta of WC3, not the fully released game. Most people migrated to official Battle.net when WC3 was released, I know I did. They really wanted to keep their private beta private and polish it without the entire world looking in on it.
One thing about Blizzard is they’re extremely litigious wrt to piracy and emulated servers. See WoW, etc..
Meanwhile, Riot Games issued a warning to League of Legends and Teamfight Tactics players earlier this year that new cheats could be developed after source code for both games and the legacy anti-cheating software they use was stolen in a data breach.
Seeing this news for Dota 2 warms me up inside. I don't play Dota 2 because I don't want to allocate the time to it, but it seems like they truly care about their community, at least to a much greater degree. Very happy news.
I've played some league and it's definitely a very different community feel.
I also think that the fact that in DotA you are not able to surrender is incredibly important when it comes to the feel of the game and community. I think the single biggest mistake Riot made is allowing teams to surrender, it makes the game so much worse to even give people the possibility of giving up. DotA is a game you can win off a marginal mistake even till the bitter end, I'm glad the mechanics reflect that.
One way to tell is by looking at a player's match history and seeing their account plays one or two champions for a while repeatedly getting MVP with 20/0/x, and then suddenly switches champions and either plays significantly worse or somehow playing even better depending on the ELO. The opposite is also true--consistently playing horrendously, then suddenly switching to different champions and steamrolling beyond their ELO.
There are networks of boosters and account sellers. Some people spend full time hours farming hundreds of accounts to level 30 for ranked play, and these accounts are purchased by other boosters who spend full time hours getting to Diamond+, to then resell. This is how you can find fresh level 30 accounts at the highest ranks--it's account farming.
When you analyze closely, the majority of the community is composed of these bogus Chinese account farms. Hardly anyone is actually playing the game. This problem goes all the way even to the Challenger level; streamers constantly deal with this problem and Riot doesn't do anything.
Even when League was having betting problems at the Grandmaster/Challenger level, of people betting against their own games and then "soft throwing" to make money, it wasn't Riot that did anything about this. It was the betting companies themselves that banned League from being gambled on their platforms.
Arent "Cheaters" in the sense this thread is talking about
It's disappointing -- but not surprising -- to hear all this, especially that it even affects the Challenger-level games. This does sound like the kind of issues they would have no idea how to deal with. Not that they don't care exactly but that they can't figure out how to handle it.
Thanks :P
I continue to get good vibes from so much of what Valve does. It might just be good PR work from them but it seems like it goes beyond that.
- They maintain an online service which is used by millions, if not billions, of people around the world. They actually(!!) provide customer support for this service.
- They sell computer hardware, admittedly for the primary purpose of using the aforementioned service. I've never heard about any serious complaints about this hardware that are left ignored (this might exist but I haven't heard of it).
- They develop an online multiplayer game with community support. I almost never hear bad things about how this community is managed from members of the community. I guess this is the most likely to be just "good PR" but again, I don't tend to see these issues escaping community discussion as I would expect for hot-button topics.
* You can set a read watchpoint using debugging APIs (ptrace);
* You could place the honeypot in a memory page(s) that has its read permission revoked. An attempt to read the page(s) causes a signal to fire. In order to not crash the application, the code would then handle the signal by making the mapping readable, before continuing execution as normal.
Other approaches probably exist too, these are just the two options I would personally try first.
So, e.g., you alloc a blank page into memory: it isn't mapped yet, so the first read will trigger a page fault. You register that page with your userfaultfd. You (Dota, here) never read from it. If the userfaultfd receives an even that the page is faulting, then it isn't Dota/you that's reading from it.
Judging from the comments it sounds like Windows has similar capabilities.
… there are all sorts of false-positives here. (Or with any honeypot, really.) Many are mentioned elsewhere in the comments…
(Cf., userfaultfd(2).)
What kind of read is sufficient to trigger this? If dota makes a read watchpoint with ptrace, my cheat process calls the linux equivalent of readprocessmemory on the dota process, then dota gets notified by the kernel? So every time a process directly interacts with the memory of another process, the kernel has to look through a list of which processes have called ptrace and run some kind of handler? As an aside it seems like this would be bad for performance of the whole OS
If ptrace is a syscall and ptrace (according to wikipedia) allows one program to intercept and manipulate another program's syscalls, then couldn't I just launch my cheat first, have it ptrace dota, and intercept dota's ptrace call, so that the read watchpoint never gets set up in the first place?
1.) Windows is a closed-source and really huge system. There are many places you will leave traces, and they change all the time. Getting it right is hard.
2.) At least for malware, windows offers official ways to get to go first with e.g. https://learn.microsoft.com/en-us/windows-hardware/drivers/i... - I do not know if this is used by any Anti Cheat though.
The super exotic theory would be a rootkit, in those cases not even windows can help you. But as with security, as long as there is easy money to be made (because most anti-cheat systems are simply bad), those very expensive solutions will be limited to selected few professionals.
They probably just query the clients to see if it's set. Querying client cvars from the server is already built in the game engine.
If true then the announcement just made it sound way more amazing than it is.
Maybe lazy cheats do use that mechanism, but it's hardly a foolproof system. If this is how detection was done, I imagine Valve has targeted this detection system for a specific cheat tool/framework.
* A flag on each CDOTA_Unit which includes heroes for example CDOTA_Unit_Hero_Weaver has a called m_iTaggedAsVisibleByTeam which allows you to tell which teams this entity is visible to, so you can tell if the enemy can see you or not.
* Particles (which affect things like Town Portal scrolls, Smoke of Deceit, attacking neutral camps, etc). There are some things that happen in the game that need to be sent to all clients (even if it's happening in the fog of war for this client), otherwise things would look weird if you were to suddenly get vision of these areas. There's a great explanation by one of the Valve Dota devs on this exact topic and why it's hard to solve: https://old.reddit.com/r/DotA2/comments/uywfxi/comment/ia85u...
* Some other cheat modules are able to see spells cast, so they can track cooldowns of spells (with indicators above each hero). They can also track cooldowns of specific events: when a player uses buyback there is a cooldown before they can buyback again, when Roshan is killed his respawn time is randomly decided within two bounds so you want to track those bounds.
- Tell you where the enemy is during TP. This is really useful for, for instance, Zeus, who has a stun (stops TP) that can be placed anywhere on the map.
- Show you where enemy has vision, which makes de-ward a trivial task, and therefore makes sure the enemy has basically no vision.
- Instant skill casting when an enemy comes into vision. Useful for heroes with instant stuns/silence, makes them be impossible to be jumped, basically an impeccable counter-initiate, but not always an advantage when initiating.
This phrase makes me feel old, haha. No idea what it means.
As a programmer with no game dev experience what are the most common technical mechanisms used for cheating? Are they modifying outgoing network traffic on the fly or something like that?
- Reading from and writing to memory (either by direct means provided by windows, by custom drivers, or by exploiting installed vulnerable drivers to bypass secure boot and such)
- Reading network traffic (particularly nasty because it can be done on a device where the game and Anti-Cheat is NOT running provided you get access to SSL decryption keys)
- Having an external device react to your video feed only (either "dumb" aka on colors, pixels shapes etc. or fancy with AI and stuff) and then react by a "faked" input device (mouse, controller, etc).
- Modifying game files (e.g. replace texture walls with transparent textures)
- The very easy way: Simply exploiting game bugs. E.g. you can cheat in Fifa on console (!) since years by doing stuff in the system menu. Fifa will just disconnect the game without giving you a loss for the match.
Let's translate to the more commonly understood First Person Shooters. In a FPS, you don't know if someone is hiding behind a door. But with cheats on, the cheat program could be reading game data and know that someone is behind a door. It could highlight that person on your screen in a red color, that way you can see them even tho they are hidden.
It could also move your mouse cursor automatically for you so you get an easy headshot without even trying to aim.
Neither of these involve modifying outgoing network traffic.
For example - VR mods for older games give me great pleasure and a ban because they used internal hooks would make me very angry.
Before the game starts each of the ten players gets to pick a distinct hero for themselves out of a pool of about 120 choices. This is over 10^20 distinct combinations! Each hero has some unique capabilities that combo with allies or counter enemy heroes.
I tried to train a “hero recommender” based on tens of millions of games.
It turned out that this is obscenely difficult because even the best AI training algorithms struggle with such highly noisy labels. A good hero combo might shift win rates by some positive percentage but have a single sample data point, which is a loss because of one stupid kid in the team throwing the game.
You also can’t naively simplify the problem into 2-hero or 3-hero combinations because this misses the “total team composition” metrics.
I found some research papers that were just a few months old at the time which covered this corner of the AI training space. Their conclusion were: “We don’t know either but it’s an interesting problem!”
The problem is that it has been highly throttled, throwing 429 errors after just a few dozen calls. When I looked at it before it was "soft" throttled and would return data at a pretty decent rate. If I remember correctly I got something like 80 million game results downloaded in about a week.
You can get 100 matches at a time[1] via this API: https://wiki.teamfortress.com/wiki/WebAPI/GetMatchHistoryByS...
The "ID" is the game ID, which is 570 for Dota 2. Hence the actual API endpoint is:
GET https://api.steampowered.com/IDOTA2Match_570/GetMatchHistoryBySequenceNum/v1
I imagine they are looking at the honeypot, and in-game actions that would be a result of the player having information they shouldn't.
Unlikely that they checked each of the 40,000 bans individually, but I imagine they devised a simple quantitative check that they could automate like "honeypot = true, check how far from STDDev player's dewarding accuracy was", then they spotchecked the highest confidence rates until they were happy to rollout the banwave.
But I imagine they tested the patch, like any other patch, and did not find evidence of any other access to that memory. You can never be 100% sure, but if that’s the standard, then how could any banned player be 100% sure cheat software wasn’t secretly installed on their system using nation state invisible rootkit capabilities?
In the past (pre-internet/early internet days) entire companies were built just on selling cheats.
Competition drives people to it, especially since many players are kids and don't have better stuff to do. By competition I don't just mean in-game results, but also recognition for achievements (i.e. social competition).
It doesn't solve 100%, but it definitely fixes this entire universe of "oops the client has to know a little bit too much about the game state" problems.
A point to be made for remote competitions requiring it!
I'd also love to see a breakdown by region. Just knowing what servers were more impacted would be super interesting.
Reading from that section was a necessary condition for this wave of bans, but they didn't say it was sufficient, and that they didn't do any additional checks.
Conflating a variety of possibilities and relying correlation doesn’t reduce to intent or prove causation.
OTOH: Don’t play computer games on company hardware unless it’s part of the job.
I don’t have skin in this computer game. To stay ahead of cheaters requires constant vigilance and creative solutions to scale detection.
Come on, how naive do you think they are? Antivirus doesn’t load player_pos[4] every 35ms.
I wonder how many non-cheating users of some obscure AV solution that scans memory they banned.
I'm curious what this information was - does the Dota 2 client have access to all the game state including players hidden from view?
For that to work, the client needs to know at least where every player / model / polygon is within some range and field of view.
As fast as the game moves and as much freedom as players have to change their position and heading, it’s likely that everything anywhere near the player is computed and sent to GPU.
That ability necessitates a function that checks for enemy vision, from heroes or from static observer wards that you can buy.
From an exploit perspective that is a huge boon to use for a variety of purposes. Lately it may have been used to allow exploiters to detect those purchaseable wards so that they can be countered and removed in gameplay.
In this hypothetical game, there is a feature where, in specific circumstance, one player can in fact see on a map where the enemy players are located. Maybe this feature occurs when enemies are within a specific distance and shooting a weapon. Or maybe it occurs for a limited time when somebody on one team activates a drone and then that team can see the positions of everyone on the enemy team.
Regardless, there exists some function called "DisplayPlayersEnemy" that provides this feature. It's only supposed to be running in specific circumstances and otherwise is not active.
Unless, of course, some players figured out how to always have Function "DisplayPlayersEnemy" constantly running. This gives those players an obvious advantage.
So the developers decide to quietly release an update to the game to test this theory.
They create an alternative function called "DisplayEnemyPlayers". It does the same thing as the older "DisplayPlayersEnemy". And all the processes that had previously initiated the old function now initiate the new function instead. So the game continues to function just the same as it did before.
The developers keep the old function in the game, even though there's no longer any legitimate way to initiate it. It will still do all the things it did before, so if the function is initiated, it will seem to work as it did before. Except that the developers added a process to that function to identify when and by whom the function was initiated.
The developers release the update and then wait.
From the players' perspectives nothing has changed. Except that the cheaters are now about to fall into a trap. Some players did in fact modify their game with additional code that caused the old function to initiate when it wasn't supposed to. Since the old function is still in the game, their modifications have continued to work. Many of the cheaters did not notice that the old function had been modified and that a new function had been added. So these cheaters did not know to update their modifications to use the new function.
But since there's no legitimate way for the old function to initiate after the update, and since the old function now reports data to the developer, the developer knows who modified their game to cheat.
The client should never be able to call a "DisplayEnemyPlayers" function, like _ever._ That should be calculated entirely server-side. The client should only ever know what the player could possibly know, and the inputs limited, checked, and sanitized to ensure that they're valid inputs based on the server's known player state, not the client's reported player state.
Of course, there's limited situations where the client can still do cheaty things despite your best intentions, like refusing to display smoke particles that should partially obscure another player and make it difficult to hit them (if they fully obscured the other player, the client should not receive updates about that other player), but aside from that and other "partial knowledge" problems, what you describe is a completely solved problem.
Ie, foliage that partially obscures an enemy. There's no way to have this as a feature that doesn't require trusting the client to render the foliage properly.
I'm not a player, but I assume people access Dota using the same account each time they play? Their win/loss record should produce a decent "skill" ranking. Those that are cheating will un/naturally do better, and eventually they'll just be playing each other.
It would be sort of like a shadow-banning. They still get to play, but real people don't have to come in contact with them.
Who cares if the cheaters play other cheaters? Perhaps it's a drain on the company resources? But if they're paying participants, does it matter?
I think they could even get those cheaters to pay for the non-cheaters. Say they pay a monthly fee (I'm not sure if it's the case for DotA? I don't play any games right now). You create a monthly challenge where you get a chance to get a month of subscription for free! But you make it very hard for the cheaters to get it, like a ration of 1/20 (either through shadow banning or by redirecting them to an almost impossible challenge).
Another alternative I thought, you could monetize cheaters by pushing ads to them whereas the non-cheaters don't get any ads.
And you could make it so that if you don't cheat for a while, give up all the items/experience you got while cheating, you're welcome back to the normal process. Just to keep them paying the monthly fee as they have a path to redemption.
I'm a bit out of the loop on Valve's newer games but at least with the older ones, if you were cheat banned you could still play but were just stuck playing on the servers without cheat protection (so basically cheaters got stuck playing with cheaters).
The honeypot doesn't seem to have had anywhere near a 100% hit rate on users of a well-known exploit system. Lots of exploiters self-reporting that they have had some of their accounts, but not all, banned.
Valve have likely been fairly careful in reviewing the results from this method. It's a banwave after all, not an automated detection system that issues bans in realtime. Also worth noting that exploiters have reported game bans, account bans, and VAC bans, from this wave. So, the severity of the punishment seems to have been measured against some metric too. It's not a simply boolean of 'UserExploit=True', there's shades of grey involved.
Even when it is tolerated, it is always "at your own risks".
Accounts that are in the higher brackets of matchmaking can fetch a reasonable sum.
So using hacks (provided it has gone undetected by anti-cheat software and other players) can make this process easier.
I'm certainly not condoning the behaviour, of course.
- kids experimenting with boundaries.
- trolls just happy to screw around. They don’t get pleasure from winning, they get pleasure from ruining the game.
- those with something to gain, like money.
- people from a background where doing anything to get ahead isn’t always seen as wrong.
- Bob and Alice have different latencies and are walking toward eachother, lowest latency will have a huge advantage (there are of course mitigations for this in games, but it _does_ involve the client doing some of that work)
- There's rendering: Alice opens a door, behind that door was Bob but he will only plop into view later for Alice; which makes for a rather ugly and awkward experience in a game
- in the same vein, in a fog of war, people can very quickly change their line of sight -- server will want to share this information with clients before-hand
- As for data that is _always_ there: take 'aim-bots' which just harvest data from targets in your view and well, target them in the best order
Making a competitive multiplayer game is hard.
All that said, cheating is harder in streamed games. Client will send controller data, servers only send video streams; in this scenario you'd still have the aim-bot problem, but a lot of other cheats go away.
But yeah... DotA, and League of Legends... some of the most toxic games out there. No community to speak of, just a bunch of sweaty try-hards who probably don't get out around humans enough since they're too busy playing these games.
It's rough.
This is weird wording, Dota client stores data inside my RAM, on my hard drive, am I free to read what I want from my own hardware? They send me network packages and i send them back, so am I free to sniff my own traffic and examine it? How do they even detect this? I mean, if they exposed the data which leads to unfair advantage, it's their fault
Cheating was only a secondary problem to the toxic community. It went all the way up to the casters.
ZING!
But seriously, I haven't played it in years and years...mostly because of the cheating and the toxicity of it's players.