Hacker News new | ask | show | jobs
by akersten 2335 days ago
Yep. The article even smugly tries to boast about how they're adults and understand these things:

> We haven’t needed both arms yet, primarily because we have the advantage of steady paychecks and the lack of strict bedtimes at our immediate disposal. But as much as we might like the idea of an ever-escalating appsec war with teenagers,

And yet they fail to realize that they're playing in to the very cat-and-mouse game they deride. I can't wait until this escalates into "ok, well, now you need Intel TSX with Secure Enclave to verify that you're using the League video driver, and our proprietary USB dongle to play our game."

Spoilers: the teenagers will always win; you can never trust a client no matter how many technical barriers you erect. Look to the entire legacy of DRM for how this strategy has been tried and has failed. Server-side statistics are the only hope against serial cheaters - they're barking up the wrong tree here.
6 comments
xenadu02 2335 days ago
That's correct. The ability to cheat relies on the fact that servers don't actually model the client's view of the world to any fidelity. The server sends you information about the world you can't see so it doesn't have to do the culling. It accepts clearly impossible input that is obviously not human because statistical analysis would require some data scientists who are quite difficult to hire at the bargain-basement rates game companies pay.

You don't even need a hypervisor to bypass this, just a driver that pretends to be their kernel driver.

link
int_19h 2335 days ago
Servers usually try to do culling, if only to optimize network traffic. But they can't cull in real time, because the visual lag from round-trip to the server would be too much; and if the client doesn't wait for the server, then the player would see gaps in the world if they move around fast enough that server can't catch up. So they pessimistically provide more data than the client "should "know about.
link
backupcavalry 2335 days ago
I'm getting the same vibes from this article that I got from when LifeLock's CEO posted his SSN to taunt people / promote their own service... and frankly, I'm looking forward to the same schadenfreude. Never underestimate the resourcefulness of teenagers powered by spite and boredom.
link
Kaze404 2335 days ago
That seems to be Riot's phylosophy for everything these days, unfortunately. They treat their playerbase with this incredibly smug and patronizing attitude, which is what personally drove me away from the game.

Seriously, no voice chat after a decade because of "toxicity"?

link
toast0 2335 days ago
> Spoilers: the teenagers will always win; you can never trust a client no matter how many technical barriers you erect.

This type of battle can't be won, but if you do it right, you can push most of the cheaters somewhere else. Of course, if you do it wrong, you push legitimate players out too.

link
nebulous1 2335 days ago
> Spoilers: the teenagers will always win; you can never trust a client no matter how many technical barriers you erect.

I think if we accept sgx type technology onto our systems then they can at some stage win this battle, at least theoretically. This is assuming that the sgx-like tech cant be practicably attacked, which isnt currently a valid assumption but could, at least theoretically, be in the future.

This differs from non-hardware drm which is basically just obfuscation, and which the method they're currently describing is merely an extension of.

link
toast0 2335 days ago
SGX is theoretically strong, but the implementation matters. If the motivation and budget is there, SGX enabled chips could be decapped and reverse engineered. It would be an immense challenge though, so I doubt the budget would be there for cheating. Implementation errors are a more realistic target.

But, assuming you can't cheat on the system itself, you can probably cheat with the video/audio signal and generating USB inputs. It's harder than reading ram, but it's not feasible to stop it. At that point, you have to depend on behavioral targeting and what not (which they're already doing)

link
sudosysgen 2334 days ago
Even SGX based methods could be bypassed.

You could do DMA on the video-game memory, you could plug the monitor HDMI cable into a raspberry pi 5 or 6 camera input and do framebuffer based aimbot, you could stealthily modify the GPU drivers to give you data before some processing stages (you could probably do that without leaving anything in CPU RAM for too long), and so on.

link
nebulous1 2334 days ago
> could do DMA on the video-game memory

The SGX won't allow you do this as the memory is encrypted

> plug the monitor HDMI cable into a raspberry pi 5 or 6

I don't know if the pi is powerful enough for that or not, and a HDCP type extension to what's coming out of the SGX could stop it, but ultimately yeah, you could have a robot play the game for you.

> stealthily modify the GPU drivers

Again, SGX type systems aren't going to allow that. This side of SGX type systems is all about trying to make your computer act how the developer wanted it to, regardless of your wishes or a malicious actor's wishes.

link
wyqydsyq 2335 days ago
I can't wait for this situation to escalate to the point where Riot are trying to sell their own bespoke hardware, required to play their games
link