History and Evolution of Video Game Cheating

Introduction

• Cheating in Video Games: Ever since video games existed, cheating has accompanied them.
• Personal Experience: The speaker shares their personal excitement about cheating in games.
• Example: Lisa, a top 300 Valorant player, was revealed to be cheating (shooting without clicking).

Anti-Cheat Mechanisms in Games

• Current Defense Focus: League of Legends introduced 'Vanguard Anti-Cheat' (vard antiche).
• Kernel-Level Anti-Cheat: The most effective method; operates at the deepest system level.
• Privacy Concerns: Anti-cheat software can see the memory of the entire computer, raising legal and ethical issues.

Sponsor Plug

• 365 Games.net: Platform for earning cash prizes and competing in game tournaments.
• Sign-Up Details: Description and benefits of the site (no download needed, monthly prizes, weekly giveaways).

General Working of Cheats

• Variables in Memory: Key game variables like health, location stored in computer memory.
• Programs Used: Tools like Cheat Engine manipulate these variables using Windows API.
• Server-Side Data: Typically secure, e.g., in-game currency.

Historical Anti-Cheat Techniques

• Punk Buster: Early 2000s standard for FPS games.
• User-Level Anti-Cheat: Blocked third-party program access to necessary Windows API portions.
• Internal Cheats: Modify game files and inject custom code through DLL files for more direct access.

Kernel-Level Techniques

• Ring Zero Access: Kernel level with full control and visibility over PC.
• Malware Examples: Vulnerabilities in anti-cheat drivers exploited for malicious purposes (e.g., ransomware).
• Signing Drivers: Process of getting driver approval from Microsoft to run without security warnings.

Case Study

• Genshin Impact: mhyprot2.sys driver exploited to disable antivirus, enabling ransomware attacks.
• Driver Validation: Challenges in revocation and removing compromised drivers from systems.

Bypassing Kernel-Level Anti-Cheat

• Test Signing: Allows unsigned drivers; often blocked by anti-cheats.
• Manual Driver Mapping: Using tools to exploit legitimate drivers to map malicious drivers into memory.
• Historical Example: Shimon virus (2012) exploited security flaws in legitimate drivers for large-scale attacks.

Vulnerabilities of System Drivers

• Discoveries: Studies show multiple vulnerable windows drivers (e.g., related to AMD, Gigabyte, NVIDIA).
• Exploitation Method: IO control requests from user mode to kernel mode.
• Persistent Issues: Various hardware devices require drivers, making complete patching impossible.

DMA and Hardware Cheats

• Direct Memory Access (DMA): Peripheral devices get direct access to system memory.
• PC Setup for Cheats: Use of two PCs, with one for running games and another for cheats, to evade anti-cheats.
• Detection Tactics: Anti-cheats scan PCI slots to detect DMA boards; common in Vanguard's updates.

Conclusion

• Effectiveness and Flaws: Vanguard's effectiveness in patching DMA methods but still vulnerable to bugs.
• Future Outlook: Balance between stopping cheaters and user privacy, dependency on game developers for trust.
• Call to Action: Encouragement to subscribe, support via Patreon for exclusive benefits.