Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Kernel Anti-Cheat Is an Overreach

⁨179⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨who@feddit.org⁩ to ⁨games@lemmy.world⁩

https://nooneshappy.com/article/kernel-anti-cheat-is-an-overreach/

source

Comments

Sort:hotnewtop
  • monkeyslikebananas2@lemmy.world ⁨50⁩ ⁨minutes⁩ ago

    I don’t understand why games don’t just boot off an image if they need kernel access. Just provide and boot up their own kernel and isolate their spyware.

    source
  • x00z@lemmy.world ⁨1⁩ ⁨hour⁩ ago

    I have a good middle ground: no monetary gain = no kernel level anticheat. Tournaments with monetary gain = kernel level anticheat. Pretty neat right?

    source
  • Eyck_of_denesle@lemmy.zip ⁨2⁩ ⁨hours⁩ ago

    Lemmy community loves to suggest server side anti-cheat as the solution but I have yet to hear 1 pvp game that has it implemented properly. What’s more insane is someone unironically suggested Cs 2 as an example. Absurdly disconnected from reality.

    source
  • redwattlebird@thelemmy.club ⁨2⁩ ⁨hours⁩ ago

    Allow private servers so you can control who plays.

    source
  • ozoned@piefed.social ⁨1⁩ ⁨day⁩ ago

    Kernel anticheat is a virus. There are zero reasons a video fame should have full access of your system.

    source
    • thingsiplay@lemmy.ml ⁨1⁩ ⁨day⁩ ago

      There are zero reasons

      There is a reason. The idea is that an anticheat probably have higher rights than the regular user and therefore would be undetectable by an anticheat system with regular rights. Doing it in Kernel mode means it has the highest power to detect even admin level cheats. That is the reason. Many anticheat systems are completely useless without Kernel mode, at least according to the devs (I don’t have numbers to compare them with or without Kernel mode, nobody has probably). So they don’t even bother if they cannot access the Kernel.

      Now I agree with you a videogame shouldn’t have this much power over my system. And it doesn’t even catch them all. But stating it has no reason whatsoever is wrong. I do not want shady companies like Riot to do whatever they want on my system.

      source
      • pory@lemmy.world ⁨15⁩ ⁨hours⁩ ago

        This is why I hope that cheats end up being MITM attacks with ai slop in control. LLMs can easily do basic pattern recognition, so a device that can “look” at the screen for you and click on people’s heads would be trivial to produce with no software running on the actual game device. Get that popularized and the only excuse for rootkit anti-cheat evaporates. I’d rather live in the world where people cheat at video games than the world where the average gamer has 5 rootkits on their system just to protect “competitive integrity”.

        source
        • -> View More Comments
      • noobdoomguy8658@feddit.org ⁨1⁩ ⁨day⁩ ago

        Privileges and rights an application has has little to nothing to do with whether said application will be able to hide from an anti-cheat software or fool it or whatever. It’s more about being able to access different secure parts of the system, like memory, which is where everything lives basically, including game data that the cheats are supposed to manipulate in some advantageous way.

        This is what leads many to plea for server-side anti-cheat that doesn’t invade the privacy of the end user (the client).

        The games that use kernel anti-cheat are still largely infested with cheaters of many sorts. At this point, defending such deep access sounds like letting some security people live with you, totally at your expense, all the time, even in the bathroom and watching you sleep and masturbate and everything, in the name of safety, because they’ll supposedly be there when some criminal comes to do some crimes, only for them to turn the blind eye when that criminal comes with proper disguise and a gun.

        source
    • KindaABigDyl@programming.dev ⁨1⁩ ⁨day⁩ ago

      There are zero reasons

      To stop cheaters is the reason lol

      source
      • ozoned@piefed.social ⁨1⁩ ⁨day⁩ ago

        That’s not a justified reason. To each their own, but no game is worth compromising my entire system.

        source
      • cybervseas@lemmy.world ⁨1⁩ ⁨day⁩ ago

        A video game is not a test you take in an exam room with a proctor monitoring you.

        If these developers want to make billions and billions of dollars on slop micro transactions and loot boxes, they can figure out how to detect these things and run more of their infrastructure server side.

        source
      • mnemonicmonkeys@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

        Except it doesn’t work you knob

        source
      • CubitOom@infosec.pub ⁨1⁩ ⁨day⁩ ago

        Does it tho?

        source
      • thingsiplay@lemmy.ml ⁨1⁩ ⁨day⁩ ago

        I don’t know why you get down voted. It is not zero reason, there are reasons why Kernel anticheat is implemented. Yes, its incredible dangerous and invasive for the local player. Yes it does not catch all of them. But there is a reason why its being done.

        source
        • -> View More Comments
  • warm@kbin.earth ⁨1⁩ ⁨day⁩ ago

    Anti-cheat should be server side. Cheats are done on external hardware now as kernel AC chased them into the undetectable zone, well played.

    No game is worth sacrificing your entire PC to play.

    source
    • echodot@feddit.uk ⁨22⁩ ⁨hours⁩ ago

      There’s so many cheaps that are only possible because the game’s net code is just weirdly implemented.

      Like wall hacks, why can I see this other player on the other side of the map, why you sending me their position.

      source
      • Alberat@lemmy.world ⁨18⁩ ⁨hours⁩ ago

        it’s for speed. if I tell you they’re out of sight now, but will be visible in 50ms, it’ll be faster than waiting 50ms to recv their new position that’s visible and waiting on network latency which could be another 50ms in addition

        source
        • -> View More Comments
    • thingsiplay@lemmy.ml ⁨1⁩ ⁨day⁩ ago

      Server side anticheat can’t detect lot of client side anticheat. Ideally you want to have both, if you want to catch most cheaters. One is not a full replacement for the other method. Local anticheat has the advantage of being much cheaper for the developer / publisher.

      source
      • Sir_Thominick_IV@lemmy.world ⁨17⁩ ⁨hours⁩ ago

        Depending on the implementation, client side anticheat isn’t needed at all. Take the game Speedrunners for example. There is zero need for the server to do anything other than accept player inputs, process them, and return them to the clients.

        So if coded correctly, where the server trusts nothing and does the math itself, it is impossible to cheat while having zero anticheat on the client.

        source
        • -> View More Comments
      • warm@kbin.earth ⁨1⁩ ⁨day⁩ ago

        It's more costly to the developer when I dont buy their kernel AC game.

        source
        • -> View More Comments
    • samus12345@sh.itjust.works ⁨15⁩ ⁨hours⁩ ago

      Same reason I don’t use the Hypervisor Denuvo bypasses.

      source
  • DarkCloud@lemmy.world ⁨1⁩ ⁨day⁩ ago

    We’re really going to kill this planet running algorithms against algorithms and it’s the stupidest way to go.

    source
    • crispbacon99@lemmy.zip ⁨38⁩ ⁨minutes⁩ ago

      That’s what the rich want, its what the rich deserve

      source
  • Treczoks@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Thank you for the list of games to avoid.

    source
    • artwork@lemmy.world ⁨18⁩ ⁨hours⁩ ago

      Related: areweanticheatyet.com

      source
  • artwork@lemmy.world ⁨1⁩ ⁨day⁩ ago

    To understand why the requirements keep escalating, follow the arms race. Cheats started in user space, so anti-cheat moved into the kernel to see them. Cheats followed into the kernel, and then below it into hypervisors - so anti-cheat added hypervisor detection and began demanding a verified boot chain. Every time the cheat drops a layer deeper, the anti-cheat has to demand more privilege and more hardware trust to keep watching. That is what TPM 2.0, Secure Boot, remote attestation, IOMMU enforcement, and now forced firmware updates actually are: anti-cheat chasing cheats further down the stack.

    Source

    -–

    Wonderful day!

    Just in case, if if interested, the TPM is a specific module with its own API in modern motherboards that has inside a key pair known as Endorsement Key (EK) which is a permanent unique identifier burned into the hardware. It’s used to create signed EK certificates.

    To clarify, similar to the asynchronous cryptographic we may see in the general TLS certificates in HTTP traffic ( “green” lock), the TPM , as mentioned, has API to create public keys from its private key inside.

    The private key is burned-in by the manufacturer inside the module, which is also normally protected from physical damage to be self-destruct, by its standard requirements.

    Systems like Denuvo may create and encrypt their own data using the public key, and send it to the TPM to decrypt, verify, and therefore identify the hardware on their servers as an identity.

    The Endorsement Key (EK) is an asymmetric key pair consisting of a public and private key stored in a Shielded Location on the TPM.
    The public part of the EK can be read from the TPM while the private part MUST never be exposed.
    The public key of the EK is included in the EK certificate…
    However, the EK provided by the manufacturer MUST be defined as a non-duplicable key.

    Source: Credential_Profile_EK_V2.0_R14_published.pdf

    Though, I believe, the TPM specifications were actually designed by Trusted Computing Group with privacy in mind to prevent the EK from being used as a “global tracking ID”, some vendors or organizations may use it for undefined reason, and hence please do consider the opportunities your operating system and motherboard provide.

    Also, if interested in experimenting, and haven’t yet, in Linux, TPM is accessed via character devices (created by the Kernel module), and normally support different operations to read/write to, and located at /dev/tpm*, though these devices’ permissions are set to root only in all the Kernels I’ve seen yet. There are CLI software packages as tpm2-tools for the protocol.

    source
    • snugglesthefalse@sh.itjust.works ⁨18⁩ ⁨hours⁩ ago

      So I actually disabled TPM the other week because as it turns out it was preventing my pc from entering sleep a significant portion of the time, I think the GPU wasn’t being allowed to save the framebuffer anywhere because the drivers weren’t proprietary Nvidia ones.

      source
  • CosmoNova@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Absolutely! It‘s completely insane already but apparently you can still get around it sometimes by starting the game offline, then going online once you‘re inside and play online matches. Like, all these risks they burden their customers with just to be sloppy with the execution.

    source
  • dan1101@lemmy.world ⁨1⁩ ⁨day⁩ ago

    More enshittification, pvp gaming is going in a direction I won’t go. Maybe if I had a dedicated computer for it, but there are no games that are worth it to me right now.

    source