Big Brother goes Kernel Mode
Intro
Modern cheating techniques can be applied to any multiplayer game if you know your way around anticheats and other detection systems. These modifications give the player a huge advantage over their adversaries. Consequently, this makes the game not enjoyable for other players that like to play casually. An entire debate emerges from these two perspectives, analyzing the ethics of video game cheats; however, that is not the topic of this article. Therefore, we will stand on the side of the cheater for once and analyze everything from their perspective, without judging if it is ethical or not.
Types of cheats
Cheating can appear in many shapes and forms, ranging from a simple autoclicker to AI-trained agents that emulate the behavior of real players. The nature of the cheat mostly depends on the genre of the game it is used on. Below I provide the two most common video game genres where cheating is pretty much a common practice:
FPS (First Person Shooter)
These games emulate wars and gunfights from the perspective of a combatant. The main objective is usually to eliminate players from the other team to win. The main ways of cheating in FPS games are the following:
- Autoaim: The players aim is enhanced through complex vectorial calculations. In the most obvious scenarios the player’s cursor instantly “snaps” onto the body of the closest enemy.
- Wallhack: Malicious code is injected into the graphics library of the game to draw an outline around the enemy players, making them visible through walls and opaque objects.
- Godmode: The player modifies values on the server in his favour; e.g., making the player immortal or giving them the ability to fly.
Modern cheat suites for this genre include many more features; however, most are designed for specific mechanics inside a specific game so they are not worth mentioning.
Some of the most notable FPS games include: Counter Strike Series, Rainbow Six Siege, Battlefield Series, Overwatch…
MOBA (Multiplayer Online Battle Arena)
A genre that combines both strategy and skill in a closed arena where two teams fight to destroy each other’s bases. Each player controls a character with a unique ability set from a third person perspective. These games are usually set in a fantasy world where the player’s abilities are magic spells.
The most common type of cheating in MOBAs is by using scripts. These are programs that give the player enhanced human capabilities, both defensively (e.g., almost instant reaction time to dodge enemy spells) and offensively (e.g., enemy movement prediction to guarantee hitting abilities).
The most notable games in this genre include: League of Legends, Dota 2, Smite…
Distribution and profitability
While some users may make cheats for personal use, this is a very rare practice because anticheat systems are constantly evolving and evasion is getting harder and harder every day. For this reason, cheat developers offer their product behind a price tag, usually as a SaaS (Software as a Service). The concept is simple, users pay a monthly subscription and the developer provides access to the latest version of their cheat. The moment the developers of the game patch the cheat the cheat developer works on an update to make it work again.
It is a constant battle between game devs and cheat devs. However, the vast amount of users willing to pay for cheats makes this battle extremely profitable for the cheat developers. The best hackers in this industry not only make a living out of it, but they earn big amounts of money.
Legal implications
Both using and developing cheats can have serious consequences; however, usually, only developers face legal punishments. This is why big cheat production studios are mostly located in countries where cybercrime is not generally chased by authorities (most notably, Russia).
On the other hand, the most common sanction for users who cheat is a permanent suspension to their access to the multiplayer servers of the game.
Anticheats
Having the all the information discussed up to this point in mind, it is pretty clear that cheaters ruin the gaming experience for casual players. So the most logical thing to expect is that game developers will do everything they can to stop people from developing cheats for their games (right? … sigh, I guess that is also a topic for another day).
For this they use anticheat systems, these systems have been mentioned quite some times before in the article; but, what do they really do? The answer: many, many things. However, these are some of the most trivial things:
- Check the integrity of the game files
- Make the game function handles unreachable to avoid memory modification
- Block DLL injection
- Obfuscate the executable
- Ensure secure network connections
The controversy
You can think of cheats and anticheats as two ninjas playing a game of hide and seek, they are both extremely stealthy and one of them (the anticheat) needs to catch the other (the cheat). There are many methods of hiding as a program in a computer; however, one of the most effective ways of doing it is by having access to kernel mode. This means that the program has direct access to the hardware of the machine, as oposed to user mode, where the program has many restrictions set by the operating system.
At some point in time cheat developers realized this and started developing cheats that operate in kernel mode, making them completely invisible for the anticheats at that time. In an attempt to fight this, anticheats also started getting developed for kernel mode and now almost every cheat and anticheat works this way.
Everyone knows that with high power comes high responsibility, and operating in kernel mode offers a very high power to the developer, so much that people have started to protest against this kind of anticheats because now every casual player has a state-of-the-art surveilance machine installed on their PC which they can not stop because it has complete access to their hardware. Some companies have gone as far as requiring the anticheat to be running 24/7 to “ensure players are not cheating”.
My thoughts
I am nowhere near an expert in anticheat technology, but I have listened to many people who are, and they defend that anticheats do not need kernel mode to fight modern cheats. Anyone who has the slightest knowledge about today’s society knows that the most valuable thing a person has is their private data, gathered and sold by companies all around them. And anyone who thinks that these anticheat companies, who have a 24/7 surveilance system setup in the computers of millions of users worldwide, do not gather and sell data, like the rest of the companies in this world, should reconsider their thoughts.
Therefore, I stand with the people that defend user mode anticheats and demand tougher privacy regulations in this field. We can not let this become a standard for the gaming industry. Embrace user mode!
To whoever is reading this, thank you, stay safe, and more importantly, stay invisible.
PS: Do not cheat. If you are bad at a game, just accept it. ;-)