If I was trying to prevent cheating, I'd hash the relevant game files, encrypt the values, and hard-code them into the executable. Then when the game is launched, calculated the hash of the existing files and compare to the saved values.

What is gained by running anti-cheat in kernel mode? I only play single-player games, so I assume I'm missing something.

[–] SkavarSharraddas@gehirneimer.de 15 points 1 week ago (2 children)

Modern cheats for multiplayer games don't modify local files (or attribute values in memory), since the server validates everything anyway. They're about giving you information that's available but not shown in the game (like see-through walls, or exact skill ranges), or manipulate input (dodge enemy damage, easy combos). Those cheat can run in kernel mode (or at least evade detection from user mode), so the anti-cheat needs kernel mode to be more effective.

[–] ysjet@lemmy.world 14 points 1 week ago

since the server validates everything anyway

Oh you sweet summer child.

The server doesn't validate shit, because that takes up CPU cycles on THEIR hardware, which costs them money. A huge part of kernel level anticheat is forcing YOU to pay the cost for anticheat, so they can squeeze a few more pennies out of it. And if your computer gets owned because they installed insecure, buggy malware on your system...? Well, they'll just deny. After all, it's kernel-level, how are YOU going to prove anything?

load more comments (1 replies)

[–] ampersandrew@lemmy.world 10 points 1 week ago

They can prevent you from running cheats that other anti-cheats can't detect. For instance, they could modify the value in memory so that your calculated hash always succeeds even when it's modified. This doesn't stop cheating though; it just means cheaters have to use cheat hardware that exists at a layer that even kernel anti-cheat can't detect.

[–] Maalus@lemmy.world 9 points 1 week ago (1 children)

And then a game gets updated so the hashes don't match and uh oh, everything is fucked. Oh, but we can change the hashes of the files in the executable! Yeah, so can they. People modding shit into the executable is basically a given. Let alone the fact that you'd need to sit through a steam "validation of files" length of time every time you'd need to launch a game (because validation works exactly as you have described).

What is gained is that it has access to more information. Some cheats use an entirely different program / process that reads memory and outputs info that is available to the game but hidden from the player. Like a client needs to know where a person on the other team is to be able to draw their model. So you read that, you put a little box over where they are, and bang you have wallhacks.

[–] joyjoy@lemm.ee 6 points 1 week ago

I think the popular thing now is to mod your mouse so it clicks on the enemy player's head.

[–] catloaf@lemm.ee 6 points 1 week ago

You don't need to modify the files to modify data in memory.

load more comments (4 replies)

[–] xep@fedia.io 10 points 1 week ago (2 children)

I do everything important like banking etc on a separate device that isn't my gaming PC. This has been quite liberating since I worry less about invasive anti-cheat, drm etc. I realize not everyone wants to do this but it's been a nice compromise.

[–] ampersandrew@lemmy.world 23 points 1 week ago

That's one way to do it, but I worry less about those things by not supporting them with my time and money.

load more comments (1 replies)

[–] Chozo@fedia.io 6 points 1 week ago (1 children)

Probably a pessimistic take, but I don't expect this to have any discernable impact on sales, or any other effects that would discourage publishers from these practices. The average user doesn't care about or understand how these things work; they'll see an anti-cheat warning on the store page and think "Okay, tell the colonel I'll be on my best behavior then" and continue to buy the game.

[–] spankmonkey@lemmy.world 22 points 1 week ago

It will benefit those that care and won't negatively impact the experience for those that don't.

Win, win.

[–] Riccosuave@lemmy.world 5 points 1 week ago (3 children)

Not to be annoying, but can someone please ELI5 how kernel level anti-cheat software actually works, or link good resources where I can read about it.

[–] conciselyverbose@sh.itjust.works 22 points 1 week ago* (last edited 1 week ago)

It runs with higher priveleges than you have and can see anything that happens on your computer.

It also creates a giant additional attack vector.

[–] scoobford@lemmy.zip 13 points 1 week ago

Eli5: your PC has different access levels a program can run at. This prevents a malicious or badly coded program from completely fucking your computer. Kernel level anti cheat runs at the lowest level access that exists under windows. It can do basically whatever it wants to your PC, and if a backdoor is coded in (happens way more than you'd think), it gives malware basically total access to your PC.

[–] ampersandrew@lemmy.world 11 points 1 week ago

Try this one.

load more comments