When PUBG came out on the Xbox, I built a tool to sniff and parse gameplay packets to determine the exact location of loot and enemies. Radar cheats are much more common now, especially because if the developers do not use any type of encryption, it is rudimentary to setup a packet capture with a 2nd PC or laptop.
On PCs where the communications are encrypted, I use a hardware device plugged into my motherboard to grab the encryption key directly from memory.
I never heard of such a hardware device. For those interested, it looks like the parent is talking about devices like Screamer M.2 [0] paired with software like pcileech [1].
Since you're here, I have a few questions for you!
Do you think cheating is a big problem in multiplayer games? What % of people playing a given game are using advanced techniques similar to those that you use?
And, lastly, do you think anyone will ever be able to stop you? :)
With the radar hacks I’ve built, I can see (with a high level of accuracy) which other players are aiming at me while not having a line of sight. When I first started hacking in Escape From Tarkov in 2020, I ran into another cheater once. We stared each other down from opposite sides of a hill until we both turned around and left.
I was banned last year and stopped playing EFT for a bit. When I picked back up over the summer I was absolutely floored by how bad the game had become with cheaters. A friend that builds paid cheats had given me access to his platform, so I indulged. My first 3 matches had at least one other cheater in them. There’s a secret handshake now - you wiggle from across the map at the other person so that you can go your separate ways. Some don’t respect the wiggle and try to shoot you from distance. The players not using hacks get decimated.
Witnessing this changed my perspective on cheating. I don’t consider it a technical challenge anymore, now it’s a necessity to play and level up in the game.
As far as bans, it truly is a cat and mouse game. The team I am involved with write hacks full time now. There are full time support people. Full time QA folks. Ban waves are actually great for business because players become addicted to the hacks, and as soon as they’re banned they want back in.
In the case of Tarkov, I’ve noticed that the company that makes the game will wait until known cheaters elapse the chargeback window on their payments, then ban them. They know the cheaters will come back with a new account.
> now it’s a necessity to play and level up in the game.
Wow. Have you considered just getting better, or quitting? This is a very selfish way of thinking. You are playing at everyone else's expense. It's such a huge waste of time when I play against cheaters in games. Sometimes I can still beat them because the players that resort to cheating are not very good. When cheaters aren't around, I have lots of fun.
Are you even having fun when you cheat? Imagine playing soccer and you bribe the judge to let you pick up the ball with your hands whenever you want. All the players stare in disbelief and disdain you, and some leave the game. Everyone boos you. You slowly walk into the goal uncontested. Wow, is that fun? Why do you keep coming back every day to do it? Why are you spending this time getting this referee into other people's games?
I know you probably don't care, but just remember that it's not "just a game". You are stealing the time of lots of people who are just trying to have an evening of fun with their friends after a hard days of work. It is antisocial behavior for your own monetary gain. How can you justify this to yourself?
Depends on the game and on how you cheat. A game of true skill is ruined by cheating. Other types of games might not be. Some games deserve to be ruined by cheaters.
I've played games so ludicrously exploitative I don't even consider them games anymore. They were spending competitions. Yes, I was competing with whales to see who could pay the game company the biggest amount of money. I also fell for their little daily login habit forming tricks such as timer-based daily tasks. I was one of the poor bastards waking up at 4 AM to press buttons in a stupid fucking mobile game! It took me months and about a hundred dollars to realize the stupidity of it.
You bet I started cheating at that game. I admit it proudly. I did it out of spite. I wrote a bot to automate it for me. I don't even consider it cheating, to me it was a cure for my addiction. With the boring stuff automated away, the game was no longer punishing me for not logging in. I no longer felt guilty because I was missing out on meaningless virtual tasks. You know the funniest thing? My bot was statistically indistinguishable from a sufficiently addicted player. There's no way they could analyze some data and say "yeah, here's the one outlier". Everyone played like bots because they were all slaves of the timer.
In the end I never published my hack... But yeah, I had fun making it and I seriously hope it frustrated other people into quitting the game too. The less people suckered into these money sinks the better. Maybe if I had published my bot it would have significantly reduced the amount of addicted players out there, reducing their bottom line.
> Wow. Have you considered just getting better, or quitting? This is a very selfish way of thinking. You are playing at everyone else's expense.
I think 'hacking' is the real game parent is playing, the cat & mouse with the game developer likely gives them more rush than playing fair in the game itself.
Personally as a gamer I would like the game to be fair, free of cheaters but I've quit FPS games altogether not just because of cheating but It has become harder to smash the buttons due to accessibility issues, a double whammy.
Since then I've switched to RTS, specifically Factorio. It's a game which doesn't generalize game play and so I don't have to compete with physical effort; Play the game as I want without stress; Or should I say different kind of stress? Go to go...must keep the factory running.
But seriously, Thank you Factorio developers and community for building an inclusive game. As for hackers, feel free to put your efforts in building those sweet mods!
Not the parent, but the situation you described is not fun. But say, I can magically stretch my legs? Or make players not solid for a moment? That's magic from Harry Potter and that's fun.
Fun is making a computer do stuff using your skills which it was not originally mandated to do.
Then there is meta game of playing against other wizards of the world.
However, I dispise pair exploits and unskilled players using paid exploits. That's not magic.
> But say, I can magically stretch my legs? Or make players not solid for a moment? That's magic from Harry Potter and that's fun.
Sure, that's fun if you're playing by yourself or if it is a part of the game. But if you're playing against other people who don't have that advantage, then how is that fun? Is it fun to cut in line ahead of others? Sure, maybe there's a thrill for a moment, but it should quickly become apparent that you're just taking advantage of other people.
If you want to play against the other wizards of the world but hurt innocent bystanders, then it's a very rude game to play.
It IS fun. However you are correct in assuming that its not justified. I originally meant to convey what other cheaters feel like when they break the rules of the program.
It is rude, it is unjust, it is not fair, but it is fun for those who execute their exploits and equally unfun and frustrating for the by-standing players.
Its not required at all, I've managed it, but I'm also very good at fps games, but my friends that are not as good are still managing, at a slower pace.
Its only 'required' if you do not want to spend time to learn the game, mechanics, where good loot is on the map, how ammo and armor work. Basically sidestepping what makes this game fun and challenging.
Frankly a bit disgusted at his point of view, seems to have no remorse at all. A subset of people paying for hacks does not make it ok for him to hack, and since he can spot hackers now he seems to have justified it to himself.
But cheating in a game is more like littering, I can easily choose not to litter. And my presence on the road doesn't change the rules to disadvantage other drivers. It makes the road more congested, yes, but for everyone including me.
It would probably be more akin to cheating on a test. Like if you don't want to put in the hours but you want to perform above your actual level. These kind of games suffer from survivorship bias, the people that stick around sink thousands of hours into them. They have a very steep learning curve. People with experience and the gunplay to match it will absolutely destroy people that can't, won't or haven't put in the work. Without having to cheat.
> I was absolutely floored by how bad the game had become with cheaters.
i think there's actually value in a game server which allows _all_ cheats (that does not crash or disable the game from being playable).
Like 2b2t (https://en.wikipedia.org/wiki/2b2t) minecraft server, the gameplay advances is amazing when cheaters are allowed full creativity. It changes the game in a whole new dimension. It also solves the problem of cheaters - in the sense, cheating is basically part of the game in 2b2t.
Do you ever stop to think about whether what you are doing is wrong?
I understand and am not surprised that there are businesses built on cheating (see Blizz vs. Glider), but it's pretty striking to me that you never even mention ethics or morality in your post.
I have been creating and hacking games for at least 20 years now. The hacking actually started when a friend who I shared one of my earliest games with (most likely a Breakout clone in Windows GDI / C++) hacked it with a memory editor to change his score. I was amazed at the time, both by his apparent ingenuity but also how easy it was to do myself in other games. 12+ years later you could still use a memory editor to desync RTS games (aoe2) or even over-write resources or XP (as in some SC2 custom games back in 2010).
But I've also played games competitively. I was probably very close to good enough to compete in cash tournaments in Unreal Tournament 2004. I remember ending up in a game with a cheater who bragged about his aim-bot's ability to compensate for high latency (up to 300ms). I was genuinely impressed but at the same time found it off-putting. I imagine what I felt was tiny sliver of what someone must feel after working their whole life at a professional sport only to lose out on an Olympic gold medal to someone who was later found to be using PEDs. And then take it a step further and imagine if Lance Armstrong gloated about how long and effectively he was able to keep his PED usage undetected.
It may sound paradoxical but I follow a code of ethics when it comes to hacking. I never give myself a competitive edge in multiplayer games that take their competitions seriously. Furthermore I would never distribute or share my hacks even if I did. I treat hacking as an exercise and mostly now just write bots that "play fair" because it is still an interesting technical challenge. By "play fair", I mean they read pixels from the screen and send keyboard and mouse inputs back to the game. Same interface as a human - no direct memory reading or writing of any kind. Even Alphastar (Deepmind's SC2 AI) doesn't go that far since it uses the game's provided API. This has the added advantage of being virtually impossible to detect via software (especially with human-simulated input delays and randomness).
That's two of my perspectives: as a hacker and separately as a semi-competitive gamer. And I have a third perspective as a game developer. Because of my past experience, it was an incredibly easy decision to make everything I could server authority when I created my game Nebulous. Player's positions are lock-step synced with the server and the server even keeps track of the player's view so clients only receive data for objects nearby. This was actually a networking optimization with the added benefit of making things like your radar hack impossible. (There are certainly workarounds that I'm aware of in my game, but the idea is sound).
Nebulous has a competitive 1v1 mode (with an Elo-like leaderboard). I used to do monthly ladders with in-game rewards at the end of month but had to do away with the rewards due to the all the "social" hacking it encouraged (win trading, smurfing, and multiple accounts. Some players have literally hundreds of accounts). Sucks for everyone.
For a while, one of the things competitive players enjoyed about the game was the discovery of "lightning fingers" (coined by South Korean players) or extremely fast tapping to eject mass by using multiple fingers. Think finger-rolling in Tetris: https://youtu.be/n-BZ5-Q48lE?t=80. Unfortunately you can imagine where that ended up going. Click macros became ubiquitous at the top of the ladder. There is nothing inherently wrong with a macro recording app (not sure if they still even require rooting). I wrote some hokey click-macro-detection algorithms but all you had to do was record your clicks while doing the technique successfully once for sufficiently long and replay that recording in segments. So I tried fighting fire with fire: I added an "auto click" feature with which you could hold the eject button down to eject mass at the server's tick rate (20hz), which is of course what the macros and very best legit clickers were able to accomplish. Unfortunately this really pissed off some legitimate players. It was a lose-lose situation.
Nowadays the biggest issue I face is publicly distributed bots (even available on Github!). These are even harder to detect.
I'm not sure if I really had a point with this post, but maybe I can provide unique perspective(s).
That would possibly work for 3D first person games that do some kind of frustum culling of game data, which is an interesting idea. But Nebulous is a 2D top-down game so its not really applicable.
That said, I vaguely remember a similar sounding technique used in the Diablo 2 map hacks of yore. I think you could simulate your character moving around somehow (locally) to reveal the entire map. There were other techniques as well.
For something more along the lines of "An intermediate's guide to game hacking techniques" look up diablo 2 hack implementations. In my unprofessional opinion that is the most hacked multiplayer game of all time in terms of variety and creativity. Examples: https://www.reddit.com/r/Diablo/comments/24h8gh/how_were_peo...
Edit - oh just remembered a fun D2 anecdote: someone was able to memory-inject a keylogger on my machine and steal my password when I attempted to pick up an item he had dropped in the game. Not fun at the time!
Sort of, think image recognition based fish bots in WoW.
More recently in WoW classic I wrote a simple multi-boxing utility that let me play 5 characters at once using a combination of keystroke replication and repetition. Importantly I never used this in PVP. I used it in 5-man heroic dungeons (PVE) and eventually to see how far I could get in a 10 man raid (with 5 characters played by 1 person). Playing the game this way fundamentally changed the game, and it was probably the most fun I've had in any game ever.
I've never shared these hacks but regardless, public fish bots and multiboxing are/were common in wow and were always the least of Blizzards concerns. Look up "wow classic ban wave" for recent examples or the Blizzard vs. Glider suit I mentioned previously.
Maybe where I draw the line is that there are no victims with my hacks.
Cheating is a massive problem in multiplayer and most developers/publishers dont care much about it. Battlefield for example relies heavily on a community project to ban cheaters from private servers ( https://bfban.com ) but official DICE servers are often run over by cheaters.
> I use a hardware device plugged into my motherboard to grab the encryption key directly from memory.
Can you give me more information on this or some pointers as to where to begin?
Also: is there a way to protect against some of your techniques, assuming you are the developer of the game who wants to keep the cheaters out?
I am asking because I am working on a game. I will have to start from the basics I think, as in, what information the clients can receive, what they can manipulate and so forth. I have not thought much about client-side prediction either.
First off, I am going to require authentication (paid account), but the problem is that it requires an Internet connection, and as far as single player is concerned, anyone could "hack" the client[1]. Is there anything I can do or can you give me some advice as to how to go about it? I suppose authentication would be useful for multiplayer though.
[1] They can just make it jump directly to the Main Menu screen and bypass authentication. I do not even know how I could protect against that, if at all possible.
---
Come to think of it, I hardly remember how ioquake3 handles this stuff and makes sure the client has "pure" .pk3 files. I would think it would be easy to bypass that as well.
I checked out the Wikipedia page of PunkBuster which says:
> PunkBuster Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server
Now, would not the client eventually know the correct MD5 hash, thus modifying the client to send those hashes could bypass it, right? I imagine such things to be easily spoofable.
The difference between Vanguard and, say, BattlEye or EAC is that it runs at all times.
I don’t know enough about Valorant to say whether it’s effective. I will say that pre-loading your hacks prior to starting the game has been a common practice for some time. That way, unlike anti-virus, the games anti-cheat doesn’t see the bootstrapping process.
Cheaters are less common in Valorant but still exist.
Of course Valorant is also a proportionally less popular games than the games I'd use for comparison, so even that might not have anything to do with their specific anti-cheat.
What would these expose to the target? Would this kind of card be visible to the target’s OS? apologies for lack of knowledge, but this is an interesting area for research imo. Even outside of the context of game hacking.
Yes, these cards are visible to the target's OS in their default configurations, as they appear in the PCIe configuration space at a minimum. While they can initiate DMA without the need for any OS-side drivers, an application with sufficient permissions can still locate them in the configuration tree.
This is already part of the cat and mouse with game hackers, as they identify some of the standard PCIe VID/DIDs and at a second level, the PCIe configuration values for these cards.
Beyond this, there are also a lot of ways using performance counters to see if memory is being accessed without the access being accounted for at the CPU level - https://github.com/ufrisk/pcileech/issues/107 has some documents around these approaches.
Game hacking techniques have gotten even more advanced and cat-and-mouse than this in recent years, though. My brother is really into this stuff and I hear a lot from him.
For example, nowadays anti cheats like Unreal's EAC (Easy Anti-Cheat) ban the use of certain drivers because people are relying on e.g. vulnerable Intel wifi chipset drivers in Windows in order to have a way to get into the kernel's memory space to modify game memory without the anti-cheat knowing[0] (after all, it's your wifi driver not your own arbitrary kernel module!) - so people are constantly finding vulnerable drivers that anti-cheats don't know about.
Also heard rumors that the Windows kernel actually has undocumented anti-cheat hooks directly in it these days so that anti-cheat engines can plug into, as part of the Windows store initiative.
I wonder if the demand for DRM that actually works will eventually split Linux distros into ones that respect user freedom, and SteamOS, which will be able to run Steam. I thought I read discussion of their proposed anti-cheat kernel module already... can't have nice things with any shared resource...
No doubt. It's impossible to enforce copyright if users are free. Same thing applies to cheats. It's impossible to prevent cheating if users are free. Truth be told, cheating is nothing but an exercise in computing freedom: the user orders the computer to cheat and the computer obeys.
Linux users of Steam and its games will eventually be forced to install proprietary kernel modules. They'll have to swallow that if they want to play the games they paid money for. Steam machines will probably be reduced to appliances just like game consoles eventually. The whole point is to enable the game companies to own the user's machines. They don't think users should have total freedom and the only way to enforce that is to take it away.
The site/PDF mentions using Cheat Engine... how do you even download an adware-/malware-free version of that nowadays besides setting up a recurring Patreon donation? I tried building it from scratch, but the compilation process fails when following the guide line by line. I've since switched to Squalr, which is not as good, but at least it doesn't try to trick me into installing adware/malware.
Are you using the installer that installs adware/malware, or are you subscribing to the author's Patreon to get the plain binaries? I wish the author would just let you buy a one-time license for it.
Much game hacking seems to be around competitive PvP.
But I generally see even if you had no hacking, the social feel of a competitive PvP is often elitist and a turn off. The elites always seem to pick on the not so good, offering little true good hearted mentorship. This is not 100%, but a general thing, like 13yr olds having loose lips.
For example: Person A, bottom of the rung, loses a lot. Without mentorship help or good cheer this is not fun, so the options are:
1. Git gud. They have now given the "bottom of the rung" baton to someone else. Issue not solved, just handed over.
2. Leave. Which also gives the "bottom of the rung" baton to someone else, decreases player pool etc.
3. Keep playing and losing. Not many choose this.
With the high % of options being 1 or 2, eventually enough people pick 2. So most PvP is doomed to fail after the hype.
And in the period of time it is running, the elite have fun winning over the losing. Continuously.
Now add hackers.
Seems like unless you are the elite, which by definition is a minority, the only winning move is not to play.
Publishers have watered down their communities in a way that encourages delinquent behavior, both cheating and toxicity. In old school, communities formed around dedicated servers. There were servers that were really competitive, and others more casual. Now everyone is just disconnected random people.
I'm surprised we haven't seen discord server integration into matchmaking. Always play with the same discord community that enforces their own community standards and where reputation follows you.
> I'm surprised we haven't seen discord server integration into matchmaking.
This is a thing. I have personally written integrations for Discord, IRC, and web apps to manage private competitive (and casual) games for communities from various FPS and RTS video games.
One of my all time favourite servers was joe.to 's j2 server for tf2. Lots of fun to be had, sadly it fell apart. (Still occasionally in contact with some though.)
I would argue that PvP games are most fun exactly at the point, when you are still kinda bad. Every bit of progress is an achievement and every new thing you learn has a huge impact. The games become less and less fun as you advance the Elo/rank ladder - playing becomes less about having fun and more about keeping your status. From my experience "the elite" has the least fun.
And I think this is true both in cases, where there is a matchmaking system that matches skill level, and where there is none. There is only a small portion of players that would find fun in endlessly dominating "bottom of the rung" players. Maybe that is also one of the reasons, why hacking is limited to a small portion of players.
Hackers make 2 much more likely for me. If I'm struggling to get off the ground, and getting demoralised, realising that I literally have no chance against the others because they are hacking just makes me switch off completely.
I know there's a learning curve in any given game. I know I have a chance to be at least on the low end of mediocre with a bit of practice. Unless the game is infested with hackers in which case it makes no difference and I may as well give up now.
> Seems like unless you are the elite, which by definition is a minority, the only winning move is not to play.
aint this a metaphor for life? :D
The misconception you have is that pvp is meant to be fun. It's not. It's meant to be painful. It's meant to suck. But winning has meaning in pvp games, because of the above.
If you want fun, the games to play is single player experiences. They are designed to give enjoyment, and happiness.
Well, there are many aspects of life. Any given game only has a limited scope.
For example, most people have family and friends who aren't "competing" with you for every dollar/meal/car/house.
This gives you a safe place, respite from the wearying competitive world and hopefully some enjoyment.
In regards to the competitive workplace though, yeah, you could say games could be a metaphor in that regard. Again though, workplaces are varied and larger in scope. People can also jump between workplaces to their benefit - which AFAIK doesn't work with games.
PvP can be supremely fun if you enjoy competition. Are sports not meant to be fun? Is chess meant to suck? There's a special dance in trying to understand an opponent and anticipate his next move, and when they do the same, you push each other to get better and better in the long run, and both come out ahead.
I wish to add that PvP can be fun, if both sides are playing for fun and good humour. Then, even losing can be fun.
But all too often is not the case.
I also wonder why games are so focused on PvP while watching a huge WoW playerbase pay subscription fees to Blizzard for years on end.
Warframe has been having a good stab at public coop FPS. They even have some PvP in there. Not sure whether hacking/elitism is much of an issue though as I played coop with friends the whole time...
Virtualization detection could also be addressed by using tooling that resists detection. Are there publicly available tools in this area and does it work against rootkit style DRM?
There seems to be a fair bit of pubished research under the term "sandbox evasion" at least, in the malware research field.
"Business centers" like kinko's, Staples, Office Depot would be my first bet. Also if you have a college near by they probably do that kinda thing all the time. A 511 page pager would probably be incredibly expensive though, yes.
I just chucked it into Fedex's print service and it looks like it's gonna be $250
To those who do not mind the different physical format (who do not strictly require paper pages), here is a reminder that 10'' and 13'' EPD tablets are available.
Is there some way to do this work of memory hacking from OUTSIDE the VM? I've always thought that it would be "safer" to do the work by just being able to scrub the hosts side of VirtualBox, then stuff events back in through the keyboard and mouse rather than getting on the inside of the VM and hooking/injecting inside the target executable.
There are libraries such as memflow[0] that let you have DMA to vm using KVM. Though be warned, it's a lot more complicated then injecting a dll or using cheat engine.
Sure, this is sometimes done using hardware with host memory access / DMA support, like PCIeScreamer type PCIe cards. This is also used for network level exploits when there's some kind of ephemeral or negotiated encryption key at play.
DMA was my first introduction, with good old Cheat Engine. I have very fond memories of digging through my favorite games, changing values incrementally to try to find their place in memory.
Horrible flashbacks. Pure war of attrition. I remember at one point replicating the work of a cheat author in a game I was responsible for and pushing out a bait 'patch' for the hack to confirm they were using the methods I thought they were.
Unfortunately I had far less time to work on these issues than those creating the hacks.
Funnily enough, I remember leaving Cheat Engine running while playing Counter Strike a few times, I was surprised that I never got banned for that. Abusing client-side scripting with friends (in a community server, at that) did get me VAC'd though.
Pwn Adventure series comes to mind. The games were created for CTF events and are actually intended to be hacked. That is, you cannot complete the quests without resorting to hacking.
Made by some of the creators of the Binary Ninja disassembler (at least, I know the third one is).
LiveOverflow did a fairly comprehensive video series on it as well.
Can't speak firsthand as a player beyond running around in the game world for an hour (nor did I rtfa); just enjoyed watching the video walkthrough.
Might be worth watching the first video to see whether it'd be up your alley. He is just exploring around without yet doing any actual hacking.
When PUBG came out on the Xbox, I built a tool to sniff and parse gameplay packets to determine the exact location of loot and enemies. Radar cheats are much more common now, especially because if the developers do not use any type of encryption, it is rudimentary to setup a packet capture with a 2nd PC or laptop.
On PCs where the communications are encrypted, I use a hardware device plugged into my motherboard to grab the encryption key directly from memory.