Why are game studios powerless against cheating/hacking?

Fire&Blood

Platinum Member
Jan 13, 2009
2,331
16
81
I meant to post something like this for a while, never got around to it but it's clearly an old, ongoing problem.

When hackers have working hacks ready for a open beta, we have a problem. Especially when it occurs in different games, made by different studios and publishers like with BF1 and the Division before it.

These newest titles are made in brand new engines or their newest versions, either the hackers are really good and insanely quick at adapting or... the game industry just recycles last year's PunkBuster and calls it a day?

Industry actively pushes it's DRM policies, the always online connection model, DLC's and micro transactions
yet addressing cheating is never given priority. It was OK to push rootkits on customer's PC and force customers to be online so they can play single player game but if a problem doesn't effect the publisher and game studio directly, then I suppose the problem doesn't matter much. Instead of addressing the problem of cheating, game industry offers cheats for profit via micro's and preorder bonuses or any other P2W method.

If Denuvo can keep a game pirate free for more than a year, shouldn't a 3 month window of cheat free gaming at launch be a reasonable expectation?
 

WhiteNoise

Golden Member
Jun 22, 2016
1,074
184
106
Money. These hack sites make money. As long as people are willing to pay for hacks, people will be there to hack the files to make it possible. There is just too much money to be made. Once a game updates the hack site will hack the files and sell hacks for $$$ then wait for the next game update. Rinse repeat. Devs can take steps against that but it costs money. In some case I wouldn't doubt that the guys creating the hacks are not more savvy than the game devs, Easy money.
 

Newbian

Lifer
Aug 24, 2008
24,777
837
126
Plan on servers that are run by decent mods is your best fix as most can catch them quick and ban the people that do it.

The vac bans help but you will notice it more during steam sales as people can buy 2-3 of the same game cheap and ignore the vac bans on alt accounts but again this is common on crappy ran servers.

Unless of course it's a mmo or such that is ran entirely on the game dev's side then you have to pray for support or yea it can suck fast.
 

Painman

Diamond Member
Feb 27, 2000
3,805
29
86
It's an ethos, man. If it can be hacked, then it WILL be hacked.

Try to think of it as a necessary evil.
 

maniacalpha1-1

Diamond Member
Feb 7, 2010
3,562
14
81
Plan on servers that are run by decent mods is your best fix as most can catch them quick and ban the people that do it.

The vac bans help but you will notice it more during steam sales as people can buy 2-3 of the same game cheap and ignore the vac bans on alt accounts but again this is common on crappy ran servers.

Unless of course it's a mmo or such that is ran entirely on the game dev's side then you have to pray for support or yea it can suck fast.

Planetside 2 doesn't seem to have much luck with enforcement. Seems to me that it is much worse off than a non-mmo, for lack of individual server admins that can be the manpower of a wide-reaching enforcement force. I also wonder if there's a hesitation on Daybreak's part to issue bans due to the potential revenue loss? Daybreak's games are the only ones I've played mostly, so I don't have experience with other company MMOs to form a comparison. But based on what I've seen I do wonder if fear of losing paying accounts tempers their willingness to take enforcement actions.
 

Artorias

Platinum Member
Feb 8, 2014
2,106
1,380
136
Its part of the reason I stopped playing CS:GO and most multiplayer games in general. The amount of closet hackers in CS:GO and multiplayer games in general has really soured my experience.

So many pathetic people in this world looking for an edge when your just trying to have fun after a long day, I don't have time to deal with these pathetic losers.

The only effective way of stopping hacking is to hire them, you cant hire all of them so its a lost cause at the end of the day.

Developers will never win, there will never be a full proof method of stopping hackers. At least you got companies like Blizzard who sue hackers, but even that is not effective.
 

Elixer

Lifer
May 7, 2002
10,376
762
126
Money. These hack sites make money. As long as people are willing to pay for hacks, people will be there to hack the files to make it possible. There is just too much money to be made. Once a game updates the hack site will hack the files and sell hacks for $$$ then wait for the next game update. Rinse repeat. Devs can take steps against that but it costs money. In some case I wouldn't doubt that the guys creating the hacks are not more savvy than the game devs, Easy money.
While that may be true for some sites, there are tons of other people who do this because it is a challenge.

As for how can devs let this happen, anything that is user controlled is mostly out of their hands, these aren't closed systems, but, what they can do is run simulations on their server to check all input coming from the player is sane.
That is a ton more work though, and gets to be very expensive to maintain.
Nothing is fool proof though.
 

DigDog

Lifer
Jun 3, 2011
13,443
2,084
126
https://www.youtube.com/watch?v=svSzz_cm5EY

to be honest, not the most exciting video, unless you are hardcore into these games.

hacker (who is streaming at the time, WITH HACKS ON, and people watching the stream who, according to my weird-language speaking friend, don't even know he's hacking) gets banned mid-game on Overwatch.

hackers are easy to deal with, as long as you 1) understand the problem and 2) have $$$ to invest in the solution.
 

IEC

Elite Member
Super Moderator
Jun 10, 2004
14,323
4,904
136
I used to run a CS Source server. It was always fun to be spectating and banning obvious cheaters.
 

Midwayman

Diamond Member
Jan 28, 2000
5,723
325
126
This is exactly why I was so pissed off about the server situation on SWBF3. No clan servers = no moderated servers. No moderated servers means hackers all over the place. In BF4 I played exclusively on heavily moderated servers and the few hackers we got didn't last more than a few minutes.
 

JTsyo

Lifer
Nov 18, 2007
11,709
871
126
Planetside 2 doesn't seem to have much luck with enforcement. Seems to me that it is much worse off than a non-mmo, for lack of individual server admins that can be the manpower of a wide-reaching enforcement force. I also wonder if there's a hesitation on Daybreak's part to issue bans due to the potential revenue loss? Daybreak's games are the only ones I've played mostly, so I don't have experience with other company MMOs to form a comparison. But based on what I've seen I do wonder if fear of losing paying accounts tempers their willingness to take enforcement actions.
Free to play also means there's isn't much of any consequences getting caught. That's why to see blatant cheating instead of the more sophisticated stuff that was seen in BF4.
 
  • Like
Reactions: Midwayman

Rifter

Lifer
Oct 9, 1999
11,522
751
126
Its part of the reason I stopped playing CS:GO and most multiplayer games in general. The amount of closet hackers in CS:GO and multiplayer games in general has really soured my experience.

So many pathetic people in this world looking for an edge when your just trying to have fun after a long day, I don't have time to deal with these pathetic losers.

I agree, i mostly play single player now as well for same reasons. I've played to many mmo over the years that ended with just to much hacking.

One of my friends actually suggested i join the hackers, says obviously the devs are ok with it since most of the time they refuse to ban people who get routinely reported for hacking so instead of grinding just hack, if you cant beat em join em. Im starting to think he may be right, if devs are cool with it i might as well be. Just doesnt feel right to me though.
 

Raduque

Lifer
Aug 22, 2004
13,141
138
106
I don't play online games, so I really don't care about hacks. But, one thing I've always said, murder is a very effective deterrent.
 

Stuka87

Diamond Member
Dec 10, 2010
6,240
2,559
136
Some game engines are very poorly coded. Take The Division for instance, everything is handled client side. So hacking it is extremely easy, as the server will just do whatever you tell it. Same goes for many call of duty games where cheating is the norm.

But a game like Battlefield 1, almost everything is done on server side. Hacking is not easy as the client does so little. And if you do try, they typically do not work unless you are on a server with the countermeasures turned off. Playing through the beta I could see the server ban people because it detected memory manipulation. You get banned the instant you enable a cheat.

Another game will basically no cheating at all is World of Tanks. Only cheat you can do is auto aim, which is pretty much pointless in that game as it is not a fast paced shooter. Its also painfully obvious when somebody is, so its easy to report them.
 

Yakk

Golden Member
May 28, 2016
1,574
275
81
Yeah, the onus is on the developers to implement multi-player right.

Server-side multi-player needs to be setup, but is harder to work, more costly to maintain, but the diagnostic tools it gives tells the admins pretty much everything that is going on.

Client-side multi-player garbage like Division is cheap to implement, but really, really easy to hack/bot.
 

PrincessFrosty

Platinum Member
Feb 13, 2008
2,301
68
91
www.frostyhacks.blogspot.com
As Cory Doctorow has said in the past, we don't know how to make general purpose computers run the code we like but don't run the code we dislike. Fundamentally once some piece of code has been released to a client you're no longer in control of how it executes on the target PC. There have been attempts over the years to create systems which are trusted environments but people have always rejected these because the loss of control over your own hardware and loss of privacy are too much to sacrifice in order to get secure code running.

You can always write more and more complex code as the developers which attempts to detect changes to the system and catch out hackers and report them, but this is a game of cat and mouse where a single game development studio is completing against the entire world trying to hack their game, at the end of the day it's simply a matter of economics, they can only spend so much time and money trying to defeat hackers before it stops being financially viable. Farming out the anti-cheat to experts at writing anti-cheat systems like Punkbuster for example, helps somewhat, but it only mitigates the problem.

It's an inherent issue with allowing code to run on remote systems you have no control over, the only really decent way to stop it is to run the code locally on a server and then farm the frames out back across the wire to dumb terminals, this is very much akin to OnLive and similar game streaming services. The clients at the edge of the network then send in controller/input signals, the code is processed at a server the provider operates in a controlled manner, and the output audio/video is streamed back. However implementation of this over the years has failed because first of all latency causes huge problem and isn't easily fixed, and secondly it means the investment in hardware is done by the developer which makes operating costs massive and so subscriptions to these services is expensive. Again it's a problem of economics, it's simply more economical right now to release code that ships to peoples PCs, they can run it and modify it, and cheating is just a trade off in that system, that allows for greater profits.

The best defence against online cheating as ALWAYS and FOREVER will be allowing gamers to rent their own servers, admin them, spot cheaters and then issue bans on their unique CD key. Sadly this has gone away over the last decade or so with matchmaking services and developer run only servers, removing the community out of online PC gaming has lowered the quality substantially.
 
  • Like
Reactions: KMFJD

smackababy

Lifer
Oct 30, 2008
27,024
79
86
Yeah, the onus is on the developers to implement multi-player right.

Server-side multi-player needs to be setup, but is harder to work, more costly to maintain, but the diagnostic tools it gives tells the admins pretty much everything that is going on.

Client-side multi-player garbage like Division is cheap to implement, but really, really easy to hack/bot.
You realize unless you're on a purely dumb client with no execution, it isn't this easy. As soon as the code is executing on someone else's environment, you have zero control over it and can only account for things. And, even with that, you can't account for things you have no control over. This has nothing to do with devs being lazy or clients being garbage. Every client action you need to verify on the server is performance lost. You need to two communications and players aren't going to play that.
 

KMFJD

Lifer
Aug 11, 2005
29,044
41,728
136
As Cory Doctorow has said in the past, we don't know how to make general purpose computers run the code we like but don't run the code we dislike. Fundamentally once some piece of code has been released to a client you're no longer in control of how it executes on the target PC. There have been attempts over the years to create systems which are trusted environments but people have always rejected these because the loss of control over your own hardware and loss of privacy are too much to sacrifice in order to get secure code running.

The best defence against online cheating as ALWAYS and FOREVER will be allowing gamers to rent their own servers, admin them, spot cheaters and then issue bans on their unique CD key. Sadly this has gone away over the last decade or so with matchmaking services and developer run only servers, removing the community out of online PC gaming has lowered the quality substantially.

I very much agree with these two points and would like to add that making it expensive for the cheaters to continue cheating might help as well (I had been hearing that blizzard was having some success with their hardware(?) based bans?)
 

PrincessFrosty

Platinum Member
Feb 13, 2008
2,301
68
91
www.frostyhacks.blogspot.com
The best way to make it expensive is to require authentication via a unique CD key, this allows perma bans to be handed out, as long as you have a strong key generation and no one works out how to keygen valid keys, then you're relatively safe with this system. But it still means banning all the cheaters one by one.

Hardware based bans have been around for a while, typically the software checksums the serial numbers of pieces of hardware that are unique to a system and then generates a signiture based off that which can be banned. However many of these pieces of information can be changed by the user, you can often just do it in software or in some cases by flashing firmware. It's a fairly good way of stopping individual users from cheating, but it doesn't really stop the newer kind of cheating we see today where people pay for cheats, this creates a market for cheat tools online and they're the kind of tools that will have the ability to easily with a single click change the hardware profile of your machine to evade those kinds of bans. Cheating moving from a relatively small time thing into its own competing business has made cheating harder to stop since peoples livelihoods are now reliant on cheats working.
 

Artorias

Platinum Member
Feb 8, 2014
2,106
1,380
136
The best way to make it expensive is to require authentication via a unique CD key, this allows perma bans to be handed out, as long as you have a strong key generation and no one works out how to keygen valid keys, then you're relatively safe with this system. But it still means banning all the cheaters one by one.

Hardware based bans have been around for a while, typically the software checksums the serial numbers of pieces of hardware that are unique to a system and then generates a signiture based off that which can be banned. However many of these pieces of information can be changed by the user, you can often just do it in software or in some cases by flashing firmware. It's a fairly good way of stopping individual users from cheating, but it doesn't really stop the newer kind of cheating we see today where people pay for cheats, this creates a market for cheat tools online and they're the kind of tools that will have the ability to easily with a single click change the hardware profile of your machine to evade those kinds of bans. Cheating moving from a relatively small time thing into its own competing business has made cheating harder to stop since peoples livelihoods are now reliant on cheats working.

As the CPU's get more advanced couldn't they be the solution as they all have some form of identification code now. Wouldn't creating an encrypted code that couldn't be altered by software be feasible? Maybe that becomes a major privacy issue though?
 

smackababy

Lifer
Oct 30, 2008
27,024
79
86
As the CPU's get more advanced couldn't they be the solution as they all have some form of identification code now. Wouldn't creating an encrypted code that couldn't be altered by software be feasible? Maybe that becomes a major privacy issue though?
Not really. They can already check the hash of the executable to make sure it matches, but that doesn't stop memory modification and things outside the control of the game itself (Direct X, for example).
 

PrincessFrosty

Platinum Member
Feb 13, 2008
2,301
68
91
www.frostyhacks.blogspot.com
As the CPU's get more advanced couldn't they be the solution as they all have some form of identification code now. Wouldn't creating an encrypted code that couldn't be altered by software be feasible? Maybe that becomes a major privacy issue though?

It's feasible to design a CPU which operates on encrypted data and holds encryption keys internally, that would allow the execution of secure code and the only way to get at it would be some serious low level hardware hacking to extract the encryption keys off the CPU in order to decrypt the running code and alter it in memory.

There's already research into this to expand the security of FDE (Full Disk Encryption) to not just encrypt data on the disk but also in the CPU and in RAM as well, it stops cold boot attacks and other similar analysis of memory across the internal bus. If you're interested in the more technical side of this being it's somewhat tangentially related, then check out this video, it's really interesting https://www.youtube.com/watch?v=pKeiKYA03eE

All these methods fundamentally rely on the same problem though, in order to guarantee that users cannot modify running code the code needs to run at a higher permission level that the user runs at, in other words the code needs to be in control of your PC to a greater degree than you are, and no one likes this idea, almost no one will give up that freedom to someone else in order to prevent cheating. While there's choice in the free market of general purpose CPUs people will always pick the one they're maximally in control of.

The closest thing you'll ever get to this is consoles, and phones, and that's because they're not so much general purpose devices, they're tailored for a narrow range of jobs and so people are more happy to relinquish control over the hardware/software. Even then experts still use hardware hacking to crack the chips open and reverse engineer them and steal the encryption keys that protects the DRM, it's just a lot harder.