Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The reason games companies reach for KLA is not because they're dumb and can't be bothered to secure their network protocols on the server side, it's because they don't want to have to hire an inordinate number of human reviewers to make unreliable decisions on whether someone is cheating or not in their game.

While KLA is fundamentally flawed (DMA and even CV based cheats are becoming more popular as a result of KLA and they still give cheaters a significant (but now even harder to detect) advantage) it solves the problem of obvious and even most kinds of subtle cheating.

Attempting to detect cheating once inputs are being sent to your server (which is within your domain of control and on which you can implement non-intrusive anti-cheat) is very difficult to do reliably. An inexperienced player will make slow, delayed inputs. A highly experienced player will have reactions which are an order of magnitude faster (and in many cases faster than the speed of thought because of muscle memory). If you want to make a working but no longer detectable cheat, all you need to do is spend a bit of time and effort programming in human limits of reaction time into all your code and making sure all inputs look realistic (again, more limits).

At the end of the day, you can make a cheat which gives you a significant advantage without it being actually detectable by any statistical methods on the server.

At this point you might attempt to reach for AI but undoubtedly that will require human oversight or you will get false positives.

So, in summary, even if you were to design your game around server-side rendering and server-side input processing, forcing your players to effectively play over a remote desktop connection (which is impractical for any fast paced competitive multiplayer game due to latency issues but let's pretend those don't exist for a minute), you will still get cheaters with snap-to-head or recoil compensation or auto-fire making a significant impact on games. Heck, there's even the idea of using sounds (which need to be pretty accurate so human players can utilise them to determine where enemy players are) to implement a rudimentary wallhack.

This is just the nature of FPS games and why games companies end up implementing KLA for these games. The way to make an FPS game un-cheatable is to make a different game where cheating is more difficult or impossible just by nature of the format.

Want FPS without cheaters? Encourage people to do DIY matchmaking again, DIY server hosting and DIY administration. Except that "this doesn't scale". Neither does human review. Neither does server side rendering. The core reasons why game companies do KLA is that players will pay for games with KLA but won't pay for games without it. As much as I think Microsoft is one of the worst companies in existence, in this case I don't think they or KLA developers are to blame. KLA developers are simply doing what players want them to do and Microsoft is only allowing what their end-users want them to allow. If Microsoft removes KLA, it will be by replacing it with userspace code with hardware attestation support, it won't be by killing the concept of intrusive anti-cheat. All Microsoft is doing is trying to re-design the tools to cover their own ass.

Fundamentally, KLA has pushed cheating further into DMA and CV territory. This means that more obvious and annoying forms of cheating, undetectable by KLA are probably going to soon become more common. At this point the options are to have these games be console-only with blessed hardware and hardware attestation. And even that has flaws (as described). Eventually it will just be impossible to play a game in a public server without cheating. Maybe this will force people away from these types of games, or towards private lobbies. I don't know what the future holds here.




And fundamentally, the anti-cheat software is fighting a loosing game because of some quirks of x86:

- hardware breakpoints on memory latch to logical, not physical addresses - one can map the same area of physical memory to different logical addresses thus allowing arbitrary memory reads - simulating inputs through the PnP stack can be made indetectible with polymorphic code doing the injections - detecting the aimbot's core code can be prevented via at least two methods: triggering (and capturing) page faults on memory hosting the bot or, again, with polymorphic code generation

One could create a fully open source cheat engine relying on memory reads and input injection via the pnp stavk and it would be undetectable deterministically (with heuristics, sure).

Games - unless streamed - need to know a bit more about the world they display than the player is allowed to see. Some engines I analysed (years ago) tried to limit propagating data to the local client to only a portion of the map and close proximity (the more recent battlefield games, if memory serves), while lots still have all enemy coordinates at all times in memory, some even with debug symbols to help the poor aimbot community reverse memory structures that more easily.

Its hopeless. The only winning move is not to play :-)


I suppose the memory being mapped twice could be detected by anti-cheat though. You can then also make more mitigations to prevent detection of the mapping (e.g. hooking the syscall to check the active mappings), but it’s always a cat and mouse game.


You are right on the first point, but I don't think you are right on the syscall part - a kernel level module can just read the PT directly without resorting to a syscall, no? You get access to CR3, and besides kernel-level PTs have a fixed logical (and if memory serves, physical - though maybe just on windows) address.

When in the non-PAE mode, I think one can still practically trigger page faults on attempted reads on the PDEs mapped by a kernel-level aimbot, force flushing of TLBs when anti-cheat tries to read the PT, and effectively conceal the cloning (although if the anti-cheat is doing this often enough, the performance impact might be too much?).

When in PAE mode, I do not know of a practical way to do it, but I haven't been researching such exploits for a few years now.

I think at this point, the most practical way to implement an open-source, undetectable aimbot proof-of-concept would be to perform static reversing of the game engine to get the network protocol, peform a MITM to listen in and recreate state on a separate process or machine, do a PnP input injection via a real or fake mouse/keyboard.

Reversing the code (as opposed to memory structures) is very hard these days, though, and not because of anti-cheat software, but because of the high-end anti-piracy runtimes and layers upon layers of abstractions which are annoying to analyze in assembly. (But sure, not impossible, and I am sure people are doing this considering the crazy amounts people are willing to pay for private aimbots).

For a system programming geek its all very interesting and intellectually stimulating, but boy does it ruin the fun of multiplayer gaming :-( I think the best way to protect against cheaters would be to run streaming-only servers where all the processing happens server-side.


Realistically if you make a game hack where it behaves exactly as well as a high skilled player, no one should care. The lobby experience is the same as if you got a really good player in there. When people moan about hackers its when they are blatant. Dominating the entire server and obviously hacking when you spectate them. If you take away all this low hanging fruit who cares about the people who are cheating within statistical variance of player skill?


I think people happen not to care as long as they don't know, but if they were made aware then they would care. Games companies rely on the fact that people don't care if they don't know because it means they _only_ have to rely on KLA to get rid of most people with trashy spinbots.


> Want FPS without cheaters? Encourage people to do DIY matchmaking again, DIY server hosting and DIY administration.

Yes. This is the answer. There is no solution that relies only on technology that will fix human problems at scale. You can make it harder, but once one person figures it out, everyone has access to it. You need to break it into pieces and let people deal with it on the community level, where communities are small enough that people can deal with individuals.

The main issue is that 'at scale' you have the fact that a certain percentage of people are sociopaths, a certain percentage of people are really smart, and a certain percentage of people have the time and motivation to do something, and when they all cross you end up with a person who breaks your system.


> Yes. This is the answer. There is no solution that relies only on technology that will fix human problems at scale. You can make it harder, but once one person figures it out, everyone has access to it. You need to break it into pieces and let people deal with it on the community level, where communities are small enough that people can deal with individuals.

The issue is that the players themselves seem to think that the convenience of KLA (over running your own community, paying for your own servers, etc) outweighs the privacy risks.


> The issue is that the players themselves seem to think that the convenience of KLA (over running your own community, paying for your own servers, etc) outweighs the privacy risks.

That's not true and there isn't data to show it.

The reasons why support for community run servers have fallen by the wayside are more complicated than "players chose one over the other and companies followed them".

Companies also recognized significant downsides for themselves of community run servers. When your online experience is in community run spaces, you expose your player base to experiences outside of your control. When you don't run your own server instances, you can't enforce the cheating rules you want. These, among many other reason, make it harder and more risky to monetize the online experience of your game. A such, the choice was generally taken away from players to protect companies. This wasn't at all a pure reaction to player preference.


Really? Most gaming communities seem to hate kla as it breaks their steam deck compatibility or linux compatibility.


Most players don't use Steam Deck or Linux.


They might not own one themselves but they beat its drum and support the idea of it. That’s something developers would realize if they spent even a little bit of time looking at such sentiment in their communities.


It's only the answer if the goal is to not feel like you're being cheated by cheaters: realistically cheating would be absolutely fucking bonkers if you actually tried to treat DIY matchmaking as a form anti-cheat.

Voting to kick/ban and sharing ban lists only works for ragehacking, but the most joy stealing form of cheating is people using hacks and cheats subtly enough to beat an average player, but not strongly enough to guarantee they'll be caught by the community.


I don't think anyone is saying "DIY matchmaking", they're saying "community servers" - and everyone in any given community knows everyone else, ideally IRL, and any newcomers are going to be watched, both for their technical performance but also their social performance.

Cheating among your friends has the ultimate death penalty of losing those friendships. Most people don't want that.

This is why most cheating is not among close friends, but where there's an open buffet for the energy vampires; anodyne corporate "matchmaking" where the game corporation will place you with other customers of the game corporation at its choice. The cheater does not have to face a panel of their peers, they only have to slip past the inattentive corporation to be placed in a server with delicious innocent strangers who they will never see again once they've had their fun.


Equating cheaters to energy vampires is great comedy, I'm stealing that.

I'd love to see Colin Robinson play CS 1.6 with wallhack in his basement.


How's that any different from just having a really good player in your community - which, in many cases, also spoils the fun?


Are you seriously asking me how getting killed by someone cheating to know exactly where you are feels different than just being outplayed?


Actually yes.

If you've never been falsely accused of cheating in an online game by people who can't tell the difference between that and getting outplayed, chances are you haven't played any multiplayer games long enough to get any good at them.


You'd end up pretty awful at games if you treated getting killed by something that has no counterplay the same as getting killed by something that does...

A person who's good enough to know where you are for in-game reasons is something you supposed to learn to respond to: They aren't cheating so they're using heuristics and information that you're supposed to learn to counter play.

A person who has omniscience at the press of a button does not play similarly at all. Often times that's how they're even caught: since they're not bound by any sort of in game heuristics no counterplays work against them.

-

In some games that even makes cheaters a liability when they're on your team. With any ranked game mode "soft cheating" will result in them climbing to a rank where non-cheaters have all sorts of great heuristics on how to play that they lack. So without ragehacking they're actually at a disadvantage and either need to get increasingly bold with cheats or lose.

In some games that's transformed into another way cheaters ruin modern competitive games: intentionally de-ranking so they'll play against less mechanically sound players who are easier to cheat against.


The only real answer for this is self-imposed handicaps.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: