HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dylz

no profile record

comments

dylz
·قبل 6 سنوات·discuss
CSGO relatively heavily suppresses "user maintained" community servers, the entire experience from onboarding to client launch prioritses the Valve-run official matchmade servers for casual/competitive/etc and any special game modes.

Server browser is a hidden afterthought behind a dropdown.
dylz
·قبل 6 سنوات·discuss
Not parent, but have seen this before, or some competitor/pissed off outed person/partner in crime/etc hands it to anticheat team.

Private cheats usually require being vouched in, sometimes with ID scans, sometimes physically shipping you hardware.
dylz
·قبل 6 سنوات·discuss
I appreciate that you are trying to do this with respect and hope you succeed.

I've done both sides (largely MMO-stuff as a kid), and for me, I'm done dealing with all this invasive garbage, and just spin up a fresh EC2 GPU instance when I want to play something, and simply don't play the games that choose to disrespect and abuse players to the point of not even allowing GPU passthrough (I can somewhat understand banning emulated GPUs; have dealt with people farming referral accounts a hundred at a time each queuing for games at <5 FPS).
dylz
·قبل 6 سنوات·discuss
I'm guessing this is a mix of attestation and inspecting what they actually do instead of just blindly checking the certificate and that the signature is verified? I'm curious how well executed that works when it comes to less well behaved anticheats (like Riot's Vanguard generally stays hands off, but GameGuard will immediately heartbeat a "ban me" and intentionally cause a bluescreen to cause you to "lose any data collected by your debugger" when it notices it's being looked at).

This type of BS is super common in Asian countries/published MMOs and a bit less acceptable in the west (you still have EAC and battleye, but at least they make an attempt to use TLS?)

Another insane example: xigncode has long since advertised a feature that the game developers can remote control into your PC like VNC. I don't know whether any developer has chosen to actually enable it, but the fact that they push it as a feature is some serious clown-egg-face.
dylz
·قبل 6 سنوات·discuss
I'm going to point out that if you want to go down this route, it is insufficient to just check that the base drivers are untampered with and signed by Microsoft or whatever vendor still.

You now maintain a list of potentially vulnerable drivers that can be used as a jumping off point (such as virtually every motherboard RGB or fan control system), and ban users that have these or hard-disable them at boot. There are some games that have caused machines to overheat by disabling cheat-jumpoffable fan controllers.

On top of that, you effectively have to maintain a whitelist of acceptable drivers, because cheat vendors are registering limited companies by the thousands (only $20 in the UK), getting an EV/codesigning cert, and signing their own drivers. Higher end cheats cost enough to offset this, and there might be less than 5-6 people using a particular certificate. Some of the people behind these also release vaguely-useful legal tools signed with the same certificates to get a large install base for them so they don't stick out.

That being said, IMO as a player, this is invasive as hell, and you should not be crawling through my flash drives, identifying my mouse, killing LogitechMacroSoftware.exe, etc. I'd rather you just collect snap/targetting/click timings server-side and run anomaly analysis on those rather than digging an asshole into my computer.

Also, now I have 5 different "kernel anticheats" running 24/7 simultaneously, half of them are horrifically written and known-insecure, and the other half need to figure out how to not explode spectacularly when the broken half tries to probe and kill it.

Korean MMOs are particularly bad for this and when forcefully uninstalled might permanently destroy disk access, make Windows non-genuine and deactivate it, and send all their data over plaintext (no TLS) with a bizarre, homegrown "encryption" method that is trivially breakable to a bare IP somewhere.

With KMMOs as an example (many of these reward you for staying logged in, have daily rewards, and similar; the game itself is fairly low resource when minimised), GameGuard and HackShield and XIGNCODE constantly have slap-fights where they bluescreen or flop over or die if you try to run multiple of them simultaneously and they try probing and killing each others' services for trying to tamper with themselves. It's like that ridiculous "what happens if three programs all try to demand Always On Top for their window", except give all of them heavy weaponry. These also have severe NIH syndrome for things like homemade shitty crypto and plaintext everything.
dylz
·قبل 6 سنوات·discuss
Yes, this is the big problem. Indie games usually run just fine in wine and don't do anything too advanced and just work out of the box; your biggest problem is probably going to be them installing stuff into weird places or directly onto C:\gamename.

The rootkit, driver signing enforcement, driver ACLing of anything it doesn't like, vulnerable drivers, all forms of emulation detection, failing any of those = permanent ban is a whole other problem.
dylz
·قبل 6 سنوات·discuss
Unfortunately most cable providers offer "gigabit" where upstream is sub-5 to 10 Mbit
dylz
·قبل 6 سنوات·discuss
Then you're looking for the equivalent of a solid takeaway place, not somewhere where you go for the "experience" and "gastronomy"
dylz
·قبل 6 سنوات·discuss
Instacart's price gouging is a bit of a special case (compared to many supermarkets that do curbside or delivery)
dylz
·قبل 7 سنوات·discuss
I have not had fun with DTAG - they seem to adamantly refuse to peer like most other networks and demand additional cost for bandwidth requested by their users..