Latest Comments by hell0
Brawlhalla to get Easy Anti-Cheat, dev puts up Beta with EAC working on Linux with Proton
16 Oct 2021 at 11:50 pm UTC
The correct approach to server side anti-cheat is to analyse information statistically to find outliers and then determine whether these outliers are just good players or cheaters (using human validation if necessary).
Let's imagine a cheat letting you fire a weapon faster than intended and let's say the server records every hit. That's all we actually need. After each game the server can ship that game's record off to our anti-cheat analyser. The analyser looks at all hits recorded and find that player A has over 10 hits within 5 seconds with a 10 second reload weapon, player A gets banned.
Better yet, proceeding this way lets you detect cheats that may be invisible to normal players. If your 10s reload gun reloads in 9.75s that's an advantage but nobody will notice it with certainty. If it happens once, it could be chalked up to some weird lag compensation or chance. However if a player consistently reloads ever so slightly faster than possible, a machine will catch it over time.
In short: you should think of server-side anti-cheat as some sort of replay watcher/analyser bot, not a validation of every keypress in real time.
16 Oct 2021 at 11:50 pm UTC
Quoting: F.UltraServer side checks however is a major performance pain, having it client side means perfect load balancing. So it's not only about being "lazy", it has a real impact on the number of simultaneous clients you can have per server.There isn't really a need to run the checks in real time or on the same server as the game's logic. In fact it's probably a pretty poor idea to validate every action synchronously as it would lead to horrible game experience in most scenari due to network latency. It would also let cheaters know exactly what was detected or not.
The correct approach to server side anti-cheat is to analyse information statistically to find outliers and then determine whether these outliers are just good players or cheaters (using human validation if necessary).
Let's imagine a cheat letting you fire a weapon faster than intended and let's say the server records every hit. That's all we actually need. After each game the server can ship that game's record off to our anti-cheat analyser. The analyser looks at all hits recorded and find that player A has over 10 hits within 5 seconds with a 10 second reload weapon, player A gets banned.
Better yet, proceeding this way lets you detect cheats that may be invisible to normal players. If your 10s reload gun reloads in 9.75s that's an advantage but nobody will notice it with certainty. If it happens once, it could be chalked up to some weird lag compensation or chance. However if a player consistently reloads ever so slightly faster than possible, a machine will catch it over time.
In short: you should think of server-side anti-cheat as some sort of replay watcher/analyser bot, not a validation of every keypress in real time.
Brawlhalla to get Easy Anti-Cheat, dev puts up Beta with EAC working on Linux with Proton
15 Oct 2021 at 10:09 pm UTC Likes: 1
Client-side anti-cheats are fundamentally flawed. They try to render the client trustful by wrapping it in some thin protection, whilst running in an untrusted environment. That's the same as putting a padlock on a cardboard and leaving it without surveillance in a park overnight, expecting it to be fine and unaltered next morning. It might happen, but it won't be because of the padlock.
The truth is that any somewhat popular game will have cheats available for it. Though almost all cheats that are reliably updated to bypass anti-cheats are paid for.
They had cheaters before using EAC, they have cheaters after adding EAC, they will have cheaters from every OS until they implement server-side counter-measures (or the game loses enough players to no longer warrant cheat creators to bother any more).
15 Oct 2021 at 10:09 pm UTC Likes: 1
Quoting: CorbenI used to provide servers for several popular games years ago. I've tried to keep cheaters at bay (which is a real pita when you only partially control the server), that's how I've acquired most of my knowledge on the topic.Quoting: GuestI'm curious though I doubt we can ever fully know, how bad is this Proton/WINE implementation of EAC security/privacy-wise? Yeah I know it'd be better to be safe and sandbox or still never play those games at all if concerned, but I'm just wondering if there's insight how it operates.Same, I'm also wondering how effective EAC on Linux is, if it's not running on Kernel level as it does on Windows. I guess only time will tell. But this would also mean that more people will have to switch over to Linux (which is kinda good), if it would be easier to bypass EAC there than on Windows (which would be very bad though).
And I recently heard that even with EAC enabled there are still people successfully cheating in Fall Guys?
Client-side anti-cheats are fundamentally flawed. They try to render the client trustful by wrapping it in some thin protection, whilst running in an untrusted environment. That's the same as putting a padlock on a cardboard and leaving it without surveillance in a park overnight, expecting it to be fine and unaltered next morning. It might happen, but it won't be because of the padlock.
The truth is that any somewhat popular game will have cheats available for it. Though almost all cheats that are reliably updated to bypass anti-cheats are paid for.
Quoting: GryxxAccording to developers of Robocraft it is worse. At some point they disabled EAC for anything other then Ubuntu family (on Linux Native), arguing that there were too many cheaters.I've played robocraft. Whilst the game was fun and enjoyable to play, they're a prime example of trying to make up for jokingly bad cheat-proofing by using third party tools. Their servers trust everything the clients send: that weapon with a fixed unalterable 10 seconds reload is ready to fire again after 0.1s you say? Sure, go ahead! That speed you can't reach with your current setup is what you're cruising at? Seems alright!
They had cheaters before using EAC, they have cheaters after adding EAC, they will have cheaters from every OS until they implement server-side counter-measures (or the game loses enough players to no longer warrant cheat creators to bother any more).