Download

@Epic: Hack Detection and Large Studios

Hey everyone,

After prototyping my own client side hack detection for an FPS, I’m very curious why large studios don’t build some sort of anti-hack functionality directly into the game itself? I understand using BattlEye and other software, however that’s not what I’m referring to. BE attempts to detect things like injection. This is essentially trying to stop hacks by their *means *as opposed to stopping them by their result.

Don’t get me wrong, I think things like BE should continue to be developed and refined, constantly staying ahead of the curve and detecting new ways for people to hack. However, my main question here is why large companies don’t seem to try and detect the **result **itself. By that I mean, it’s not incredibly difficult to detect if someone is snapping to targets, aiming through walls, has 100% aim/shot accuracy, etc.

I have prototyped something in UE4 (on top of Generic Shooter) which will detect aimbots and wallhacks. If I can do it, it seems like it would be incredibly easy for the people who are much smarter than me working at Epic Games and other such companies. So, out of pure genuine curiosity (not out of criticism or negative perception) I’d love to possibly get an answer from the community (or Epic directly). What am I missing? Why don’t large companies build basic wallhack/aimbot detection right into their games?

My prototype works 100% client side and would only report to the server in the event the the person was found to be hacking, so it’s not adding to the server’s load. It also has virtually zero FPS loss in a fresh instance of Generic Shooter, but the negligible amount of FPS loss in a more sophisticated setup would seemingly be worth the trade off. It also will report the aim rate on bones as well, which is a very telling statistic. Your average person will have aimed at 5-10 bones at a bare minimum while attempting to down a target. Aimbots will aim at 1, maybe 2.

Anyway, hope to see some responses and get enlightened on this topic. Thanks in advance.

Things like snapping to targets, and 100% accuracy detection can by bypassed very easily by the cheat software (By not being so accurate, etc.), and you can’t always use algorithms to detect whether or not a client has the information needed to be able to shoot through walls. In order to determine whether or not a specific client has sight of the enemy they are shooting at, you need to perform multiple raycasts, (keeping in mind not everything has collision), and even then you don’t know if that vision is sufficient enough for the real player to notice them. Even with infinite processing power, you can’t accurately and consistently determine this.

The problem with client-side checking is that the cheater can simply disable (or modify) your detection. Never trust the client, they can send any input they want.

On the flip-side, there is a more proactive approach you can take. When you find a cheat engine that works, let it ride. Put in a detection for it in a latest patch, and just let people cheat for a while. Build up a list of clients who are using known exploits and cheat engines. Then, just life-ban them all after a month. You want to make sure that the barrier to entry is something at-least significant. Using Steam for authentication is one good method, as they would need another Steam account to play again.

You see, this will make people who are cheating think, “Well I’m not getting caught, but last time they nuked X number of accounts out of no where.” World of Warcraft did this, and it had great effect.

Yes, but if a hack interpolates the aiming over 50 ms, isn’t that a win? If the hack implements something to “wobble”, isn’t that a win? Lol. The moment a hack gets around something like this is the very same moment the game-breaking advantage is lost. Stealth comes at a price, and through trying to cover it up they lose literally everything they even use the hack for. I consider that a win.

Also, in regards to your last sentence, validate with the server. Of course you don’t simply trust something that comes from the client, that’s why the client/server relationship exists in its present state.

Built in client side AC done by the developer is a time and cash sucking vampire that does not convert to direct profit add to the bottom line and due to the fact that cheats and hackers can usually overcome any kind of AC solution, some times with in hours, and the cycle of spending $$ to update the AC continues.

There is your issue. I’ll search for the string you are sending in IDA and knock out the function with a simple return. You need to do a little bit more than that… So every time you do something you’ll get a counter reaction - so you are fighting a never-end war on ‘cheats’ which will take most of your resources. 100% client-side means it’s useless.

And if i could not bypass your function i’d simply smoothly move the mouse to the target each frame without snapping.

Uh, yeah, once again, do some server validation. UE4 is quite capable of it and quite frankly any game developer is going to have to custom tailor any solution to their specific game and needs. I think it’s hilarious that your “counter” to reporting client statistics in order to further the anti-hack movement is memory modification. That’s like saying “Epic didn’t include a fully functional FPS so the engine can’t do it”. At this point you’re not even replying with anything legitimate, it’s nonsensical theory-crafting about a hypothetical situation that doesn’t even exist.

If the gaming industry as a whole had your mentality, speed hacks would still exist in WoW, ARK, and other games. There are plenty of examples of client-side functionality with server-side validation. It may be in your favor to research them prior to just throwing your hands up and saying, “welp, hackers can change literally anything in any game, may as well just let them exist in perpetuity and not even try.”

Also, your last statement proves my point. If you have to interpolate the movement, that’s a win. That’s no longer a snap, and if your aiming accuracy (from the time you start aiming on someone) is 100%, you’re still getting banned by my prototype. So, you just interpolated to still be banned. :thumbsup:

This is the problem with the industry. “It takes time so I will just not do it”. I’d love to see some actual, legitimate counters here rather than “I simply can’t be bothered.”

The fact is you cannot overcome statistics. If someone has perfect aiming accuracy, they should be banned. If they consistently aim on someone through walls, they should be banned. If someone snaps to targets, they should be banned. Overcoming that means they are interpolating their aiming, incorporating some kind of mechanism to aim off of their target for a period of time, and are not aiming on people through walls. I’d love to see that. A hack that would do that would make me laugh – I’d win against the player using that hack 99.9% of the time, and so would any other seasoned FPS player.

Every cheat detection can be bypassed; even some server-side things.
Engineers at Epic know how to bypass this kind of stuff so they assume everybody else can too, then why bother.

I know right now an entire squad of players using cheats in FORTNITE every weekend and BattleEye never caught them; And I can tell you BattleEye is the best anti-cheat software available out there.
They don’t even inject anything. they just modify engine shaders and repackage the game; everything set to grey and enemy set to red. if “red” happens to be under crosshair then a macro in a mouse with programmable buttons starts shooting with a 2~3 hit miss… Good luck detecting and proving that that is a hack tho.

But detecting and shielding from more basic attacks can be done, I’ve made a free plugin for that some time ago ^^

  1. You stated your solution is 100% client-side = FAIL. You have no clue what you are talking about.
  2. It doesn’t matter what you are doing on the client - if you are doing it on the client i can alter it. If you don’t bring some ring0 techniques or code-virtualizer we don’t even need to get started argueing here.

Your approach is buullshed. Here is a good example why…

https://www.youtube.com/watch?v=VxPSmrxIdGs

I just found out that PUBG, CS:GO; and other competitive FPSes have a very similar approach to my prototype and large quantities of hackers are automatically banned. Guess there are some people out there smarter than you, shocker. :slight_smile:

Also, you’re largely incorrect on the client statements. Tremendous amounts of wildly successful games offload to the client and simply sanitize/validate (large-scale multiplayer REQUIRES you to offload to the client – you really think the server can handle thousands of players without any client offloading?? lmfao). Again, maybe do a bit of research. That, or send me a video of you speed hacking in WoW consistently without getting banned (and not using someone else’s script, I mean YOU validating YOUR statements that YOU personally can hack anything client side). I’ll be waiting.

The fact of the matter is I answered my own question through digging deeper and decent amount of crazy good luck. While it’s not common knowledge, there are automated forms of cheat detection that are based on exactly what I was theorizing: statistics based on aiming accuracy, snapping, and whether or not a player is aiming through visual obstructions. That’s actually quite common-place, and due to the server-side validation which takes place, it’s one of the hardest things for hackers to overcome. Still, there are brilliant people out there who can find ways around near-anything, therefor other measures are added on top. CS:GO, for example, has layers upon layers of anti-cheat measures, including account validation to prevent a bunch of smurf accounts, signature detection, memory modification detection, and statistic based measures similar to what I originally posted.

Sorry to burst your bubble, but AAA game developers apparently aren’t too lazy to do it (and don’t share your “meh, Burnz is our god and can hack anything so why try?” mentality), you simply don’t know about it. Maybe if you could just arrange a meeting and tell all of them how much better than them you are? Surely they’ll see it your way eventually.

Anyway, /thread. I’ve discovered that it’s a very popular technique in AAA games and don’t need hobbyists to tell me how incorrect some of the most popular FPSes on the planet are with their approach. I forgot that asking a question on the internet means that people who literally have no clue will answer and feed you anecdotes and opinions – my mistake.

I have your plugin, I bought it in its infancy :slight_smile: I think it’s a great plugin, well done btw.

There are a large number of circumstances which will never be detected. Packet sniffing on a separate machine to show other players’ locations, for example. The reality of the situation is those circumstances will likely exist in every game with impunity. However, those are not the things that most players are concerned with, and they’re not things I’ve mentioned or questioned. If you can eliminate the vast majority of players who use a script to aim, that’s a pretty large win (and a massive “if”). In your example the players still have to have decent aim. I guarantee those players don’t have much higher of a win rate than skilled players who don’t use anything to augment their gameplay, if at all.

I do agree that BE is good at what it does, but it’s not the only thing a company can do. It simply detects based on signature and very easily traceable (memory modification) methods of hacking. Private hacks will likely never be detected by BE, even the ones that are blatantly obvious. No signature very often means no ban. The developers of these hacks are also smart enough to take a read-only approach, or to not do something so ridiculously obvious as memory modification. Also as you mentioned, a lot of people repackage with modifications. That’s HUGE in PUBG right now. Those sort of modifications aren’t likely to be detected by anything ever, other than built-in comparisons which could easily be fooled/bypassed.

You don’t even know how Battleye works but you like to sell us an anti-cheat… BE utilizes a kernel driver and through those callbacks in the driver it detects cheats in a generic way. Most of your text is just wrong and just proves again you don’t have a clue what you are talking about. Private hacks can be easily detected if they utilize the wrong injection method, making wrong API calls, or creating threads the wrong way.

My initial statement was “100% client-side = FAIL” and you talk about SpeedHacks in WoW - which are detected by the server, not the client. Good job, Sherlock…

It does not matter what code you put in your client because it’s in the client. If you fail to understand that concept you are too incompetent to continue this discussion.

Sounds to me like a very ineffective version on Fairfight Anti Cheat. If you don’t know what it is look it up. It essentially uses statistics of a player to determine if they’re cheating. Examples include tracking players through a wall or inhuman accuracy. This anti cheat alone was defeated nearly instantly as players just used cheats in their advantage but not FULL advantage. ESP through walls but not actually tracking the player fooled Fairfight. This was also very much client and server sided. Battleye was the solution.

Doesn’t the unreal engine games digitally sign their assets?
Or at least SHA256 checksum check files when loading?

I play ark and suspect someone has switched the Tek Rife heat vision through walls to the Tek Helmet vision effect.
i.e. no code injection, no running executable. Just switching and modifying existing game files.
Ark unlike Fortnite and PUBG doesn’t have matches that last 20 minutes or so. Instead you spend 100’s of hours building up while trying to stay hidden,
All that is useless if someone can see you instantly glowing red from an long distance , through any structures while they traverse the whole map quickly.

Could video card drivers support digitally signed shaders and textures etc? i.e. enter secure mode and only accept shaders and textures signed by a known CA.
Cheaters are a major problem and I think the whole industry should be tackling it.