Cheating communities have realized that they are unable to spoof TPM hardware ID(twitter.com)
twitter.com
Cheating communities have realized that they are unable to spoof TPM hardware ID
https://twitter.com/AntiCheatPD/status/1796609553104015767
19 comments
Indeed there is a challenge nonce that's signed by the TPM.
In that case, maybe you could do a sort of replay attack? Take a TPM, record a million or so valid states and their signature, and replay those in order every boot? Assuming the TPM is deterministic on startup and you record enough states that you don't have to loop them before reboot, you would have, in effect, a swappable TPM.
Of course, if you get banned then you need to record a new TPM and use that, and that may be difficult.
Of course, if you get banned then you need to record a new TPM and use that, and that may be difficult.
A nonce is a token specifically meant to prevent replay attacks. There's no sane reason to assume TPM is deterministic, as that would defeat the purpose of all the security.
You're right, i somehow skipped over that in reading. And you would want a TPM to be deterministic, after all one major use of the TPM is validating the hardware and boot state is unchanged. Is the state except of the nonce deterministic?
My understanding is that replay attacks are possible with a TPM, if the consuming logic is flawed.
IIRC Microsoft's original implementation of signing Primary Refresh Tokens with TPM was flawed in this way.
IIRC Microsoft's original implementation of signing Primary Refresh Tokens with TPM was flawed in this way.
I know in Proxmox there are options to add a TPM to a virtual machine. I don’t know the specifics of how it’s working behind the scenes, but I know I had to do it to setup a windows 11 VM. And it worked? Windows isn’t complaining at least. But maybe it’s just passing things through to the host’s TPM I’m not sure.
Pretty sure (~90%) it's a virtual TPM, as the Proxmox GUI requires you to give it a new storage location for storing the saved info in.
Interestingly - I don’t think vanguard’s anti-cheat really requires a TPM yet? At least not on windows 10. I wonder why cheaters aren’t just sticking to windows 10?
Although I think they are doing other means of identifying hardware as well- and they are rolling out hardware-bans much more broadly in general I think.
I don’t think my main computer has a TPM, and vanguard has been at least somewhat “functional”. “Functional” only meaning that it lets me play. It has caused intermittent blue screens, which windows directly blames on Vanguard’s vgk.sys, and also it seems to kill some other driver every time I boot my PC. I’m really considering quitting League of Legends, but most of my close friends are still playing. I never noticed issues with cheaters at my skill level, and this anti cheat is so invasive, always running at startup.
Riot can claim it “doesn’t do anything unless you are in-game” but that’s not true at all. On boot every time it pops up basically saying “we killed some other service you had running. Hope that wasn’t important!” I have to reinstall and reboot any time I want to play their game now, because I’ve been uninstalling the anticheat each time I’m not playing.
Although I think they are doing other means of identifying hardware as well- and they are rolling out hardware-bans much more broadly in general I think.
I don’t think my main computer has a TPM, and vanguard has been at least somewhat “functional”. “Functional” only meaning that it lets me play. It has caused intermittent blue screens, which windows directly blames on Vanguard’s vgk.sys, and also it seems to kill some other driver every time I boot my PC. I’m really considering quitting League of Legends, but most of my close friends are still playing. I never noticed issues with cheaters at my skill level, and this anti cheat is so invasive, always running at startup.
Riot can claim it “doesn’t do anything unless you are in-game” but that’s not true at all. On boot every time it pops up basically saying “we killed some other service you had running. Hope that wasn’t important!” I have to reinstall and reboot any time I want to play their game now, because I’ve been uninstalling the anticheat each time I’m not playing.
> Riot can claim it “doesn’t do anything unless you are in-game” but that’s not true at all
Even if this were currently true, the fact that that can change at any given time is what's far more concerning.
Even if this were currently true, the fact that that can change at any given time is what's far more concerning.
> This should be an industry standard for other games as well!
It's only a matter of time before single player games require always-online kernel-level DRM.
It's only a matter of time before single player games require always-online kernel-level DRM.
Consoles will get us the rest of the way there.
Never understood the appeal of cheating. Like why play at all if it’s not a level playing field and challenge?
And that’s for trivial cheating never mind people putting so much effort into it
And that’s for trivial cheating never mind people putting so much effort into it
The cat and mouse game continues... For every, "unbreakable" claim, there's someone capable and determined enough to prove that claim wrong.
Game streaming unbreakably eliminates an entire class of cheats. But I hope it doesn't become too popular.
Aren't people not too receptive to game streaming to begin with due to input latency?
Yeah, that said the problem has become much better than during OnLive's time. Given a decent connection it's pretty playable.
Kinda worried that widespread game streaming will eventually lead to games not being released at all anymore...
Kinda worried that widespread game streaming will eventually lead to games not being released at all anymore...
this is true, however it all boils down to having a few years with an advantage before its broken, and then the cycle continues. vs if it were non-existant (or broken immediatly) there would be a huge influx of uncaught mice
i do miss dedicated game servers and just restricting connections based on latency; rarely having to resitrct based on datacenters vs residential
i do miss dedicated game servers and just restricting connections based on latency; rarely having to resitrct based on datacenters vs residential
I'm very inexperienced with TPMs, but it seems a theoretical solution would be a hypervisor where the Endorsement Key and Attestation Key are passed through from a real TPM, but the rest of the state in the MIMO is totally artificially generated. That is unless that state is also signed by the TPM, in which case you would need to extract the Endorsement Private key from the hardware and sign the state yourself, and as i understand it extracting the private key is designed to be near impossible at the physics level. Or you could work around that some way with a replay attack of the signatures maybe?