[andrewia]

I think that's a very naïve way of looking at game development. There are many reasons why games are exploitable besides lack of reasonable dev effort.

- Almost all games are going to use a licensed or shared game engine. That means the softwsre architecture is already known to skilled cheat developers with reverse engineering skills.

- Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

- The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats. More advanced cheaters can use PCIe devices to read game memory, defeating that mitigation.

- TPMs cannot be trusted to secure games, as they are exploitable.

- Implementing any of these mitigations will break the game on certain devices, leading to user frustration, reputation damage, and lost revenue base.

- And most damning, AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

[maccard]

A couple of thoughts, but I largely agree with you.

> Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

Denuvo is for the most part DRM, rather than anticheat. It's goal is to stop people pirating the game during the launch window.

> The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats.

This ship has sailed. Modern Anticheat platforms are kernel level.

> TPMs cannot be trusted to secure games, as they are exploitable.

Disagree here - for the most part (XIM's being the notable exception) cheating is not a problem on console platforms.

> AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

I don't think these are rampant, or even widespread yet. People joyfully claim that because cheats can be installed in hardware devices that there's no point in cheating, but the reality is the barrier to entry of these hyper advanced cheats _right now_ means that the mitigations that are currently in place are necessary and (somewhat) sufficient.

[ghxst]

It's not AI enabled cheats that are the issue, it's DMA through things like PCIe devices disguised as regular hardware. Sophisticated cheats no longer run on the same computer as you're playing on. Google "pcie dma cheat" for a fun rabbit hole.

[maccard]

Right, but the barrier for entry for those cheats is huge - the sp605 board is $700, for example. There are cheaper ones, but you’re not going to have rampant cheating testing through games when you add hundreds in hardware to the requirements.

Antiecheats work in layers and are a game of cat and mouse. They can detect these things some times, and will ban them (and do hardware bans). The cheaters will rotate and move on, and the cycle continues. The goal of an effective anti cheat isn’t stop cheating, it’s be enough of a burden that your game isn’t ruined by cheaters, and not enough of a target to be fun for the cheat writers.

[ghxst]

If you look on popular cheat forums, you'll find a newbie guide that links to recommended hardware, typically priced around $250 from memory, certainly not $700.

Also, spending hundreds on hardware is standard for anyone playing competitive games. For example, Escape from Tarkov's "unheard edition" costs $250 for just a single game, and people still buy it. When you factor in the cost of gaming mice, hall-effect sensor keyboards, 480Hz displays, and high-end systems, the total investment adds up quickly for improvements that will never match the capabilities of a cheat, which is how a lot of them also like to justify their cheating, it's simply the most cost effective way to dominate in a game, especially if your livelihood depends on it.

I don't disagree with the second half of your statement.

[heavenlyblue]

> This ship has sailed. Modern Anticheat platforms are kernel level.

so you use a kernel level anti-anti-cheat