• @MJBrune@beehaw.org
    link
    fedilink
    English
    -11 year ago

    Client code isn’t trusted but no matter what the is one set of data you most trust that comes from the client. Input data. So with input data it can be manipulated that another application calculate out a headshot and sends that input. So even only trusting the client where you have to, you’ve failed to secure the game fully because you need to trust input data.

    • Riskable
      link
      fedilink
      English
      141 year ago

      The first rule of network programming: Never trust the client. How does anti-cheat software work? It trusts the client.

      All clientside anti-cheat is fundamentally flawed and broken by design. It doesn’t actually prevent cheating it just creates an illusion that it’s preventing cheating. The fewer people that believe in that illusion the better off we’ll all be.

      Besides, you can train AI to play any game via MITM in USB (plug the mouse and keyboard into the Raspberry Pi or similar which then pretends to be a mouse and keyboard to the computer playing the game). The simplest method is to just point a camera at the monitor but there’s much lower latency ways where you use some cheap Chinese HDMI decoder/encoders to feed the raw video signal right into the AI.

      With methods like that becoming cheaper and easier every day the whole client-side anti-cheat bullshit kinda seems pointless, yeah?

      • @MJBrune@beehaw.org
        link
        fedilink
        English
        21 year ago

        We’ve already established you have to trust the client to some extent in a typical game.

        Also do you lock your front door despite people being able to lockpick it? Most people do because it raises the barrier to entry.

          • @MJBrune@beehaw.org
            link
            fedilink
            English
            01 year ago

            Most people put security cameras in their homes despite them being able to be remotely hacked. Lots of people have an Alexa which could also be seen as letting a stranger in. A lot of people use tools that could be used to compromise their direct use but trust they don’t as for things like anti-cheat being malware. That’s all FUD. There has not been a single large anti-cheat company known to be sending unneeded or personalized user data.