I do love how nearly every AAA multiplayer game has a deeply rooted in your system anticheat, yet fails to do some basic server 'input sanitization'. Like this man has been spinning at a gagillion RPM, moving faster than than character speed limit and is going through coordinates that are clearly walls, "seems good to me, everything is working as intended" says the server
I give you one exact reason why this doesn't happen: The games are coded under so much pressure with so many bugs that you can rarely differentiate suspicious behaviour from the bugs in the game. Imagine your game bugs out, you glitch through a wall or under the map and one second later you get permabanned on top of it.
@@psychoedge maybe if deadlines are that stringent, they should either extend them or devote more resources to the anti-cheat specifically. If some soulless company wants me to pwn myself to play their game, the anticheat should be functional as a BARE MINIMUM. I'm not so addicted that I won't uninstall something if it's that busted.
It's dick behaviour but it also never should've been possible. The financial liability for this imho is Activision's fault, because this isn't a 'could happen to anyone' issue. It is the product of negligence AND an insufficient appeal system with human overview. Companies are not entitled to fully automated product aftercare. These bans should have been minor temporary inconveniences at most.
Exactly, most of the comments in this video are blaming only the hacker. And while the dude is responsible for exploiting the bug, Activision is responsible for doing a shitty anti-cheat. It's really worrisome reading people defending the multimillionaire company, that puts kernel-level software instead of using server-side anti-cheat, just because is cheaper. That means we're normalizing companies can install shit just for sake of our entertainment.
@@nathanp3366 He literally isn't doing that here... He agrees Activision is responsible for such a bad anti cheat. He's just saying that people weren't getting banned by Activision randomly. They were getting banned because this person specifically started exploiting that behavior to get people banned. He took bad actions. Period. Activision should have not made it so shitty, but that doesn't make the exploiter not shitty. If you leave your door unlocked, it's still illegal for people to take your shit.
Getting people permanently banned isn't exactly funny. What would be funny is if COD ended up with no players because their anti-cheat is so stupid that it banned them all.
CoD is a trash game that for some reason people dump money into buying year after year. If you get banned, it is a blessing in disguise. And the developers are lazy and greedy, and milk the crap out of this franchise instead of making new games.
I can’t say I am too much of a fan for the “leaving the door open” analogy. In the case that a robber comes onto your own property which only you own, you are the only one who is directly affected. No one else would have a tangible stake on the incident (other than the robber) However, the devs of the anti-cheat have a responsibility to all of the innocent players. If a banker left a vault open for thieves to steal the money of *other people*, they would most definitely be liable for negligence, and would be at some fault to blame. Obviously this isn’t to say they are entirely to blame, but let’s not think they are completely blameless.
Good point. A better analogy would be a bad lock, with a manufacturer's defect. Clearly the lock company is culpable, but not nearly as culpable as the thief.
Yeah, also there will be always someone like that. For me, anti-cheat team / publisher responsibility is bigger in this case, like a government that doesn't invest in its population security.
Is more of an argument that if it wasn't for the "abuser" Activision wouldn't have fixed the problem and keep banning innocent people. How is not the company the abuser in this scenario? Is not like this problem hasn't been mentioned before.
Alfred Nobel invented dynamite, which subsequently led to a massive increase in lethality in warfare, heightened terrorism, and various other destructive outcomes. Is Alfred Nobel responsible for the deaths of millions (perhaps even billions) of people? Perhaps we should reconsider awarding Nobel Prizes, as his name is now associated with global bloodshed.
I'd say the argument here is that statements like this make it look like abuser and company are equally at fault, while IMHO abuser is 1% at fault and rest 99 are on company.
I wonder, of course the exploiter is held liable for his actions. But can the exploiter be held liable for the damage incurred if there was any damage? Prime argued that people lost their money, and it is similar to vandalizing the property owned by these players. However, does people technically own games? I do not think so according to recent developments in digital law. Plus, a simple unban gives back the access to the game. Now it does not seem that evil, and more like a silly prank. Although I would like to get a lawyer here
he knew that everyone who was banned would be unbanned immediately, which is what usually happens. the goal seemed to be to bring as much attention to the issue as possible, and the quickest way was probably to simply ban a lot of people and famous streamers
Exactly!, I don't think the article writer was being a "brown hat". He may have been testing for curiosity's sake. Like, "hey what if..." Also, it's just a game.
@@Jabberwockybird exactly he wasn't denying the service it was the game developer. People could have accidentally sent similar messages to. If he did a responsible disclosure they could have just quietly patched it and not look for people banned by it incorrectly.
I've been told I know nothing and anti cheat developers are doing their best when I raised this issue on subreddit of a game I play. Truth is game developers will invest as little into anti as they can get away with.
One of the advantages of making good single player games is that it doesn't matter if people cheat in them most of the time, because you're not ruining other people's experience by doing so.
That's because anyone worth their salt knows anti is a fool's errand. Rule #1 of all system security- YOU CANNOT TRUST THE CLIENT. Anti is just jumping through hoops to try to create a client that can be trusted. Not happening.
Developers of any type are not to blame when they don't get enough funding to get shit done. With takes that bad, I can see why people on reddit would tell you that you don't know anything.
This is called Liability, If you had a smartlock to your house, and anyone could walk up to a door and press 1234 to gain entry, The creator of the lock would almost certainly be liable for their faulty product.
youd be able to go after both, because both are at fault. Someone literally trespassed and broke into your home and committed a crime, they're not getting away with it just because the door lock was shitty
About the chatter that mentioned DMAs, they are the reason why some devices don't work with Valorant running. If a device's type can't be identified by Vanguard, it just cuts it off, disabling any connectivity and drivers. And for device types it identifies, it regularly scans its behavior for signs of misbehavior. So if a device doesn't fit an approved shape (as in presents itself as an input device, a drive, a network card, a sound card, or anything identifiable) it's not able to run, and if anything doesn't behave like its category suggests, it's detected and you're part of the next ban wave. Basically 1984 in the computer.
This person is a freedom fighter in the same way as someone who sprays tomato soup on a piece of art in a museum. Which is to say that they aren’t a hero, the ends don’t justify the means.
The anti cheat arms race has been a rollercoaster of a ride. Just stop playing these games and eat popcorn on the side guys. There are better multiplayer games out there.
I'd say the dude is not the asshole because of the accelerationist theory He does it so hard that they cannot swipe it under the rug Instead of a few randos being disappeared with no recourse Maybe they'll even be able to sue, because they got banned at no fault Also "because you didn't lock it" I think is an actual legal thing, because if there is no evidence of breaking in, there is no evidence of theft
yeh, besides the fact that the joke outweighs the "harm", the harm is done to activism as punishment for their stupidity, we want things like this to be as public and embarrassing as possible
Breaking and entering is a separate charge to theft. You can prove the latter without the former, the person just wouldn’t be charged with breaking and entering.
This way they weren't able to sweep it under the rug. They are now forced to get their stuff together. Also, maybe stuff that the client can't be trusted with shouldn't be there. Kernel anticheat shouldn't be a thing at all.
The problem with auto-banning is that no matter what methods you use to detect cheaters, you will always end up with some false positives. Do you really think that a game studio would hire reviewers to check flagged players, even cheap ones? No way...
"that could have happened by accident in an image I assume" - Yes, in fact it was already a problem in CoD1 20 years ago. It was using PunkBuster anti-cheat and I remember at some point there was scandal of a very famous eSports player getting banned on a live event, and it was only then discovered that someone was posting malicious jpg images for months on frequently visited public forums that had the cheat signature encoded in it. Whoever visited such a website/forum got automatically banned (and publicly shamed in such an unforgiving environment as eSports).
Couldn't find any sources on this-even generally. Where can I find it? I am sure it happens and has happened, just can't find any concrete examples with facts, only anecdotes and speculations.
@@dealloc Honestly I have no idea how to find content from 20 years ago as most websites I knew of does not exist anymore and social media was pretty much non existent. Iirc it was a ClanBase event if that helps. I tried searching it, here's what I found: If you go on wikipedia/PunkBuster then under the "Attacks on PunkBuster" section, it cites an article (netCoders vs. PunkBuster) where Evenbalance finally confirms the existence of the exploit. That article explains the exploit in detail.
@@dealloc Not sure where my previous comment disappeared maybe I triggered some kind of filter. I don't know how to find anything from 20 years ago as none of the websites I knew of exists anymore and there was no social media back then either but iirc it was a ClanBase event. However if you go to the PunkBuster wikipedia page it cites [8] an article which was supposedly the first time the company behind PB publicly acknowledged the problem. The article is titled "netCoders vs. PunkBuster", there you can read about it in more details.
If it wasn't for this person making a stink about this issue, it could've gone months without being addressed, leading to many people being permanently banned unjustly for longer periods of time.
After watching the video from Low Level Security explaining the exploit, I'm totally sure the responsibility of this mess is 90% Activision's fault, and 10% the abuser. Activision received reports about the exploit, and they decided to ignore them.
To me the whole idea of a client-side anticheat is kinda ridiculous. I am still waiting for an arbitary code execution in a kernel-level anticheat so everubody playing some AAA game will get hacked.
I dont like the robbery comparison. It's more like your Security system calls the cops to arrest everyone comming near your house because somebody is throwinh pebbels at a window.
Not if the person doing it knows that's going to happen and causes it on purpose. The guy throwing stones is basically swatting everyoneone who walks past. He is the one who did this to people and was hoping to get even more people banned, rather than doing a resposible disclosure of teh issue.
About the banning drama, I would say that's very subjective, if the person who's trying to ban lots os people has told Ricochet about the exploit; I can agree with his methodology
String scanning is a common technique for anticheat and antivirus. They just didn't implement it well, because they didn't set boundaries on what they can and cannot scan. They shouldn't have been scanning the chat.
I understand that developing an in-house anti-cheat is an expensive endeavour but game companies at some point need to understand that an anti-cheat solution is fundamentally a server-side input validation problem, you can't really solve this in the untrusted context of client devices, it's an endless race against arbitrary code that you cannot possibly win in the long run.
I agree they are taking the wrong approach, server-side is probably not viable, there's a whole bunch of confounding factors. I do however feel like FPSs have really easy vector for anticheat, just have ghosts on suspected cheaters. I know it's possible to work around by the cheat software, but it seems better to me than just scanning memory. And I'm sure they could iron out issues over time. I'm sure a game has tried this but can't remember what it was.
@@farrongoth6712 "But server side won't detect a wall hack though!" is always the rebuttal, but no one ever stops to think that maybe you shouldnt send info to the client that they shouldn't be having anyways and magically client side hacks become WAY less effective
27 วันที่ผ่านมา +6
@@TurtleKwitty Doing actual work is way harder than installing actual malware on the paying customers' computers.
you're right but also every game committed to server side checks also have generally vastly more problems with cheaters. There really isn't any argument in terms of which is more effective.
@@TurtleKwittythat's because the data is there mostly because of latency, players out of sight aren't always in your memory but depending on the game there are various cases where they need to be, league for example has many cases where close by enemies will end up in memory even if they are hidden by fog. Developers aren't making these decisions without knowing the consequences and it's why they also are making sure trying to access it is difficult. The only real thing a anticheat is getting measured is how many players/how long were they playing before a ban, the idea of this simple perfect solution is as always a mirage that you only have because you haven't done any of the work
It's Ricochet's fault for being faulty. But that doesn't mean you can go ahead and exploit the system and ruin the experience for others. The exploiter had the choice to be responsible.
Yep, that's why there's a distinction between ethical hacking and just plain old hacking. They could've reported this issue without exploiting it for their own gain.
WTF. This was not a game feature. It's a bug. Ricochet is responsible for this damaging bug. This guy is responsible for causing financial damage to the people he purposely got banned.
I love how Prime interrogated a spam bot. And the bot complied. Is he secretly a son of Chuck Norris and the visual similarity is not just a coincidence?
I long for a day when anti cheat isn't needed, in the words of John "You may say I'm a dreamer" LOL. I remember guys bragging about sending obnoxious emails to C-suite from machines that were left unattended and were not locked "to teach people a lesson". I suggested they just lock the machine for the person and walk away being happy they helped someone.
8:24 just want to point out that bans were already happening because of this bug and it took getting streamers banned for them to look into fixing it, if you care about people losing money think about the unfair bans that never get reviewed.
If someone drives a car with a flaw and crashes due to that flaw, it is 100% on the manufacturer for releasing a flawed car. Ricochet released a horribly written anticheat, which also likely triggered other permabans from random chat from others unknowingly. They released this trash, full well knowing there would be false positives, they are 100% at fault. Anticheat quality should be written to a higher standard because they are usually highly invasive, and false positives have horrible consequences. This is litteraly the worst possible method they could use.
@12:40 I think the check fraud thing was different. That was not a bug, that was a courtesy from the bank where they made money immediately available on deposit.
This isn't like blaming someone for getting robbed when they left their door unlocked, this is like blaming the cops for breaking into the wrong house because they read the warrant wrong. Some dude said "Nice Trigger Bot, dick" when they got killed and all the completely innocent players in that match got banned. Game company only cares about the money and doesn't care about those innocent players, there's not a mechanism to prove your innocence and get your account back. This isn't an exploit or hack, it's bad management and poor customer service. Exposing it like this seems to be the only method of getting it noticed.
Despite all the scrutiny Riot faces for their kernel level anti-cheat, I still believe it’s one of the most effective AC out there. The developers behind it are top-tier game hackers themselves, which is a big part of what makes this AC so effective. What’s even more impressive is their ability to detect DMA based cheats.
Using the strings that *have* to be in memory for cheaters to use the software as a signature was smart by itself, it's the hardest thing for a cheat developer to obfuscate and it's inherently fast which is important to reduce the impact on game performance, but scanning all the game memory indiscriminately was the stupidest thing they could've done.
I will not install a game with kernel level anti cheat. This sounds like me being arrogant and proud, but the reality is if a game requires anti cheat, it's probably a game I won't enjoy.
Saying you forgot the door is a bad analogy. If someone i trusted left my door unlocked and someone stole my stuff then yes, the person who left my door unlocked is at fault (also) . The user didn't make the code. They trust the program is safe but it wasnt and that got them banned. Bad take.
A non human reviewed permaban in a product that you payed money for is just evil. Someones head should be on the line for every permaban, so that permabans are only issued when absolutely sure.
I'd argue for a mandatory refund for every perma ban due to them being unable to use the product now. Permabans should only be used when the cost of having the player is higher than the revenue they provide.
I'd argue for a paid refund for permaban regardless of the reason for banning in the first place. The company no longer wants to do business with someone, they closed the deal, they should refund them.
It's not vandalism. You are allowed to write inoffensive messages to anyone you like. That's a right! If someones gets banned for legal and inoffensive messages, that's simply a stupid police of the guys running the gameserver and providing the clients. If a shop sells an item below the value the buy it, and I buy all those Items from them, then I'm not vandalizing their business. They bancrupted themselves on their own. That is not vandalism. The guy writing text messages totally stayed inside the contract and the guy receiving those messges stayed inside the contract with the makers of COD . COD broke thousands of contracts with their customers when they banned them for no reason. In my opnion the whole procedure of automatic permabans sounds like a fundamentally illegal procedure . I can't imagine that this is legal in anyway in payed contract. But I'm no lawyer...
@@edwardallenthree So what you are saying is The makers of COD dehumanize the whole playerbase by exposing them to potentially get an automated permaban that is not reviewed by a single human, after they took their money away?
The most amusing part is that thousands of accounts are a "small number of affected accounts" to them. I know numbers go brrr but damn, that's a LOT of people bro
Signature scanning does check for values you might see in a debugger, which is the 'signature' for it being in memory. Most tools will hash the signature so that cheat tools cannot read what they are scanning for. Richochet did not, it was loading the values in plain text which cheat devs could see in debuggers 😂
A good analogy: If i forget my home door open and someone gets inside break and shit on everything, i'm the one going to jail for forgetting to lock the door?
There is an analogous situation where you WOULD face legal repercussions for that. If you had a kid/pet/elderly person under your care leaving your door open might be considered criminal negligence. What if you replaced your house with something like a school/orphanage/hospital/old folks home. If someone breaks into those places they are criminals for sure but the institution also has a duty to maintain some level of security.
@@aliasjon8320 In fact, the door was closed and locked. Since lock picking is extremely easy, would i go to jail for not having a bank vault door installed instead of a regular door? My point is, the criminal is the one going around the house, poking at the doors, finding the easiest one to pick, and opening it. The guy sniffing through the source code/memory dump of software, obviously had the intention to cause nothing but harm. So now maybe cheating is ok, because the devs don't make games cheater proof... There's no excuse for acting with bad intent, you can never ever blame the victim. What kind of dark age shit this kind of thought would lead? Should i beat you because you're weaker? Rape you because you're defenseless? Don't go down this rabbit hole.
15:14 The idea is pretty simple, you don't want cheat developers to be able to tell what you are looking for. If they can update their cheat and be able to tell if it worked, the anticheat already lost the battle. That's what banwaves are for. That's also why even with something like vanguard which is invasive af and basically knows everything about your system, there is still at all times some detected cheaters playing the game. They will wait a random number of hours before banning so the developer doesn't know what part of the cheat triggered the ban.
"If the thing takes 3gb of memory are they scanning entire thing?" IDK about Ricochet, but something like BattleEye will scan ALL the memory of all running processes. And your disk. (And it's a ring 0 backdoor that gets its executable payoad from a remote server, but that's beside the point). So yeah. Not a new thing.
So a smart way that Valve (VAC) does this for counter strike or other games is they look for recurring byte sequences that show up over time over a large player base. They then compare that with their human in the loop overwatch system that flags reported cheaters and then the community decides on whether they should be banned or not. Once enough players with the same byte signatures in RAM are found to be cheating, they can confidently implement a mass ban wave to all of the people with that same executable running with the same memory signature. They intentionally allow more players to get by with their cheats for a weeks to have a more confident ban wave that doesn’t impact users who aren’t cheating. I think this approach is one of the better ones and does not need kernel level permissions.
Have you ever played a multi player FPS ever? People will send "Trigger Bot" in chat. You can't blame the guy spamming stuff that will normally be said in chat for intentionally trying to get people banned. If it was a custom signature or smt sure but it's just an idiot spamming "Trigger Bot".
Yeah, I think prime and so many other commenters took a vague statement in the article and got all out of wack over a percieved "brown hat" hacker, without really knowing anything in the first place. This is why mob rule is a bad thing.
What’s really insane to me is that companies running games are allowed to just ban you and not give you a reason why they did it Like that guild wars 2 bug that banned people bcs it was hashing files on the players system and one of the hashes that flagged cheaters was the hash that you get when hashing a empty file Idk why they are still allowed to play the security through obscurity card and get away with it
As long as they scan for any memory region with input (from other users) this might happen, just instead of the word trigger bot one could simply write a different (cryptic) message resolving to the hash (as you can reverse engineer the original data even if hashed)
i dont know the details but, it seems like the twitter guy did this to get rid of competition and enable his own cheat to not get the same treatment as trigger bot
The issue is they scan not only game's process memory. Cheat most of the time is a separate program that reads and alters game's memory to send needed values to server.
My 5 cents: the security in general is a huge problem. And many of security issues are rooted in irresponsive software development. I truly believe such mishaps must be punished with extreme effort, including massive usage of that exploits just to create heavy cause. This may be* the only* way to force devs act seriously about security and safety.
The problem is that they require you to install a poorly made rootkit into your system. There is a much better, non-invasive method to deal with cheating.
@whette, he not says guns are great or defending the creator of the gun, he’s saying the gun didn’t do the damage. Someone used the gun to do damage. Obviously the gun is bad but doesn’t have to be used that way if that makes sense.
the odds of 11 specific bytes appearing in a row in 16GB of RAM is about 1 in 2*10^16 (i wouldnt trust my math tho) the probability does increase a TINSY LITTLE BIT when those bytes happen to correspond to a COMMONLY TYPED CHAT MESSAGE
This is why I don't trust anti-cheats. There isn't any transparency, or concern about false bans. Nobody wants to do any kind of appeals for banned players because they assume they must have cheated because the anti-cheat banned them. The anti-cheat is infallible, and is never wrong is what they always say. They only care about false positives if it brings bad publicity. But if you "bought" a game, and then get false banned so you don't get your money back, they keep your money, and you get nothing.
Call of duty's codebase has always been a shitshow. This reminds me of how Black Ops I, II, III, and I'm pretty sure IV's multiplayer was completely unsafe because there were RCE exploits that could let other players online (not just in your lobby) take control of your computer. These went unpatched for literal months,.
Exploiters are going to exploit. You can't blame this exploiter for using it, then disclosing it. Because if they didn't someone else would have, and possibly wouldn't have fessed up. Is it wrong to exploit? Yes. But being in the wrong and being the one to blame are not the same thing. It's certainly all Ricochet's fault. They weren't scanning the right areas of memory. 1. Don't scan for strings, that's stupid. Scan for behavior. 2. Don't scan user generated content. This is the reason why you can message someone and get them banned. Also, the chat member comparing this to "blaming the homeowner for leaving their door unlocked" is a bad comparison. Activision didn't suffer loss from this, their customers did. The real comparison would be like saying Richochet owns a safe deposit box, you pay to store belongings in it, and when Ricochet's lax or otherwise innefective security allows a bank robber to steal from your deposit box, you blame Ricochet. Which, if it came out that a thief was allowed in my safe because the manager of the safe is a dumbass, yeah, I'd be blaming the manager. Also, now everyone knows that these strings are blacklisted, so the cheaters are just going to change what they call these tools. Good anti-cheat monitors behavior, not text... I'm so glad the last time I played a Call of Duty game was back in the original MW3...
The lesson: don't pay for online game loot boxes or virtual assets you'd lose because of a dick in lobby. And don't pay for virtual content anyway. Just for the game.
Vandalism is not stealing. Motivation is different, means are different etc. Breaking something doesn't require taking ownership over it. The fault is shared between Ricochet and the perpetrator with more blame on the latter. For example, when lawmakers make flawed laws with vague terms that get innocent people jailed, it's not just the cops who exploited the laws who are at fault.
DMA is an onboard card, using an anti-cheat at kernel you can check to see if one exists, which some have done. Soon, we'll see people wiring directly to the RAM itself to use cheats, crazy stuff all for money.
it wasn't a bug in the system when you are fraudulently depositing checks... it's unironically a feature of a system used well before computers were a thing.
"This is like blaming the person for leaving the door open, because they get robbed". - No, this is like "blaming the company that makes shitty locks, for failing to secure someone's house, and then that house getting robbed". We live in a world where corporations do the absolute minimum they can get away with, then when 1 issue gets raised by a good citizen, they patch that 1 issue and leave the other 999 there, because no one noticed them. That is even if your concern gets looked at. Unless you cause a media shitstorm.
It's Ricochet's fault, because they left a gun on the table, so that anyone can grab it and do whatever they want. Sure, it was someone else who pulled on the trigger, and is also responsible, but the fault is Ricochet's. Fault = Ricochet Team Responsible = Guy who used the exploit
I remember the early days of Civ4 when the game would refuse to start if a uTorrent process was running. My opinion hasn't changed since then, a game has no business looking at anything else my computer is doing and anti-cheat is merely an excuse for them to do just that.
9:50 Fully agree with Prime on that whole thing. Ricochet stupidly left the door open, someone entered, broke everything, planted a bomb on A main and now it's Ricochet's fault the bomb exploded? I wouldn't go that far.
They are both faulty. Ricochet's left a gun on the table without checking if everything is secure enough. It was a very simple and rookie mistake and you can say its their fault. Just because someone exploits that does not make Ricochet team less faulty, it makes them both faulty. Or in another words, if you can't drive a bus correctly, then do not drive a bus full of kids. Ricochet devs did that without securing everything.
@@thingsiplay That was the whole point highlighted by both Prime and me, but in the other direction. Ricochet messing up does not excuse his actions. If we're using your example, Ricochet left a gun on the table and that guy took it and did a mass shooting. People in chat were acting like the mass shooter was justified.
If the guy attempted to contact the developers to fix the problem and got ignored, then what he did is the only right thing, to avoid banning innocent people in the future you need to make it so they ban some streamers who can raise the awareness about the bug so it gets fixed. If anything this incident highlights that the people who design these things have neither imagination nor creativity. all they had to do to fix this is add some binary component to the signature scanning but they simply disabled it. maybe they have it written by the llm and can't make a prompt to fix it or something?
The chase "bug" wasn't a bug. It was meant as good service. Intentional. You deposit check and we make it immediately available, not make you wait. That's not a bug. I just don't think they thought about people would actually be so stupid to just go do it cause they heard about it.
yeah the spambotguy was correct, most cheat providers have a build server that dishes out different builds which all have lets say a few different file protections like vmprotect, so it is literally impossible to sigscan for most cheats, the only reason games do it nowadays is to detect the cheats that are released online for free since no one has gone through the effort of protecting the binary / dll, and another way you can 'sig scan' which isnt really signature scanning, moreso footprinting is if you read the strings in an executable, again if its not protected with any type of string encryption then you will get scenarios like this silly cod exploit where they are scanning their memory for any strings like 'triggerbot' (known cheat options)
I'm with you on the "not richochets fault" in regards to the "having bad security does not make abusing that security okay". It is their fault in the sense that they were responsible for the security against a known threat and not securing it properly. Still shitty people to blame for them being shitty. Though
Wait did he say that string with all of the 00 in it is ASCII then he said UTF-8? Pretty sure that third string is not ASCII nor is it UTF-8 but is actually UTF-16. That's why it has 16 bits per character.
if your character data on the server says your walk speed is at X then when the delta normalized number exceeds the number it should boot you out, its that simple to stop cheaters. you dont even need bans, if at the first hint of cheating you get booted out the server you will never be able to play with cheats. Althoug there are some client side cheats that servers can not prevent, however client side anti cheat cant prevent it either because it can be bypassed with various methods. Personally i just dont bother with multiplayer unless i am self hosting and playing with people i know personally. I think this root-kitted anticheat is just spyware.
L take. Blaming the cheaters takes the responsibility off the bad anti cheat company's shoulders. However bad those actors are, the anti cheat is the thing that opened the doors for them and put legitimate players at risk. Period.
I do love how nearly every AAA multiplayer game has a deeply rooted in your system anticheat, yet fails to do some basic server 'input sanitization'. Like this man has been spinning at a gagillion RPM, moving faster than than character speed limit and is going through coordinates that are clearly walls, "seems good to me, everything is working as intended" says the server
Exactly dude, and analyzing input streams is wayyyyy simpler than writing some kernel level bs that doesn't even work
AAAA
I give you one exact reason why this doesn't happen:
The games are coded under so much pressure with so many bugs that you can rarely differentiate suspicious behaviour from the bugs in the game. Imagine your game bugs out, you glitch through a wall or under the map and one second later you get permabanned on top of it.
@@psychoedge they don’t have to ban the first time you do something weird though. Cheaters would have events like that repeatedly.
@@psychoedge maybe if deadlines are that stringent, they should either extend them or devote more resources to the anti-cheat specifically. If some soulless company wants me to pwn myself to play their game, the anticheat should be functional as a BARE MINIMUM. I'm not so addicted that I won't uninstall something if it's that busted.
A server-side anticheat incurs unwanted costs to the game publisher. Hence: horrible local spyware-enabled anticheats.
...Richochet isn't local only, bucko.
It's dick behaviour but it also never should've been possible. The financial liability for this imho is Activision's fault, because this isn't a 'could happen to anyone' issue. It is the product of negligence AND an insufficient appeal system with human overview. Companies are not entitled to fully automated product aftercare. These bans should have been minor temporary inconveniences at most.
Exactly, most of the comments in this video are blaming only the hacker. And while the dude is responsible for exploiting the bug, Activision is responsible for doing a shitty anti-cheat. It's really worrisome reading people defending the multimillionaire company, that puts kernel-level software instead of using server-side anti-cheat, just because is cheaper. That means we're normalizing companies can install shit just for sake of our entertainment.
No one is defending the company, you simply made that up.
Primagen will always give the corporation the benefit of the doubt. He’s always white knighting billion dollar corporations.
Cheaters who ruin the game for others looked for a new way to ruin the game for others, how could Activision have possibly anticipated this?!
@@nathanp3366 He literally isn't doing that here...
He agrees Activision is responsible for such a bad anti cheat. He's just saying that people weren't getting banned by Activision randomly. They were getting banned because this person specifically started exploiting that behavior to get people banned. He took bad actions. Period.
Activision should have not made it so shitty, but that doesn't make the exploiter not shitty.
If you leave your door unlocked, it's still illegal for people to take your shit.
Getting people permanently banned isn't exactly funny. What would be funny is if COD ended up with no players because their anti-cheat is so stupid that it banned them all.
It would be a blessing to the gaming community 🙏
That's part of the experience I believe.
CoD is a trash game that for some reason people dump money into buying year after year. If you get banned, it is a blessing in disguise. And the developers are lazy and greedy, and milk the crap out of this franchise instead of making new games.
I can’t say I am too much of a fan for the “leaving the door open” analogy.
In the case that a robber comes onto your own property which only you own, you are the only one who is directly affected. No one else would have a tangible stake on the incident (other than the robber)
However, the devs of the anti-cheat have a responsibility to all of the innocent players.
If a banker left a vault open for thieves to steal the money of *other people*, they would most definitely be liable for negligence, and would be at some fault to blame.
Obviously this isn’t to say they are entirely to blame, but let’s not think they are completely blameless.
Good point. A better analogy would be a bad lock, with a manufacturer's defect. Clearly the lock company is culpable, but not nearly as culpable as the thief.
Yeah, also there will be always someone like that. For me, anti-cheat team / publisher responsibility is bigger in this case, like a government that doesn't invest in its population security.
What happened to society. Why cant people just agree that the abuser is at fault AS WELL AS the open door left by the anti cheat.
Is more of an argument that if it wasn't for the "abuser" Activision wouldn't have fixed the problem and keep banning innocent people.
How is not the company the abuser in this scenario?
Is not like this problem hasn't been mentioned before.
Everybody wants power, control, rewards but no responsibility.
Alfred Nobel invented dynamite, which subsequently led to a massive increase in lethality in warfare, heightened terrorism, and various other destructive outcomes. Is Alfred Nobel responsible for the deaths of millions (perhaps even billions) of people? Perhaps we should reconsider awarding Nobel Prizes, as his name is now associated with global bloodshed.
I'd say the argument here is that statements like this make it look like abuser and company are equally at fault, while IMHO abuser is 1% at fault and rest 99 are on company.
I wonder, of course the exploiter is held liable for his actions. But can the exploiter be held liable for the damage incurred if there was any damage? Prime argued that people lost their money, and it is similar to vandalizing the property owned by these players. However, does people technically own games? I do not think so according to recent developments in digital law. Plus, a simple unban gives back the access to the game. Now it does not seem that evil, and more like a silly prank. Although I would like to get a lawyer here
he knew that everyone who was banned would be unbanned immediately, which is what usually happens. the goal seemed to be to bring as much attention to the issue as possible, and the quickest way was probably to simply ban a lot of people and famous streamers
Exactly!, I don't think the article writer was being a "brown hat". He may have been testing for curiosity's sake. Like, "hey what if..."
Also, it's just a game.
@@Jabberwockybird exactly he wasn't denying the service it was the game developer. People could have accidentally sent similar messages to.
If he did a responsible disclosure they could have just quietly patched it and not look for people banned by it incorrectly.
Trigger bot is a common enough phrase in those scenes the first person banned for that phrase might not have been because it this guy OR cheating lol.
Banning without appeal should be punishable...
I've been told I know nothing and anti cheat developers are doing their best when I raised this issue on subreddit of a game I play. Truth is game developers will invest as little into anti as they can get away with.
The developers themselves are probably doing their best, but they are constrained by cheap companies and managers.
One of the advantages of making good single player games is that it doesn't matter if people cheat in them most of the time, because you're not ruining other people's experience by doing so.
@@monkemode8128 but not every dev has interest in that. You need the right people also (obviously)
That's because anyone worth their salt knows anti is a fool's errand. Rule #1 of all system security- YOU CANNOT TRUST THE CLIENT. Anti is just jumping through hoops to try to create a client that can be trusted. Not happening.
Developers of any type are not to blame when they don't get enough funding to get shit done. With takes that bad, I can see why people on reddit would tell you that you don't know anything.
This is called Liability, If you had a smartlock to your house, and anyone could walk up to a door and press 1234 to gain entry, The creator of the lock would almost certainly be liable for their faulty product.
I had a more clear example, by letting a gun on the table or street and not caring what could happen.
Yes, that's true, but who abuses the explot is still culpable of transpassing regardless.
youd be able to go after both, because both are at fault. Someone literally trespassed and broke into your home and committed a crime, they're not getting away with it just because the door lock was shitty
About the chatter that mentioned DMAs, they are the reason why some devices don't work with Valorant running. If a device's type can't be identified by Vanguard, it just cuts it off, disabling any connectivity and drivers. And for device types it identifies, it regularly scans its behavior for signs of misbehavior. So if a device doesn't fit an approved shape (as in presents itself as an input device, a drive, a network card, a sound card, or anything identifiable) it's not able to run, and if anything doesn't behave like its category suggests, it's detected and you're part of the next ban wave. Basically 1984 in the computer.
This person is a freedom fighter in the same way as someone who sprays tomato soup on a piece of art in a museum. Which is to say that they aren’t a hero, the ends don’t justify the means.
Just stop oil people have an interesting background, Nicholas did a video on them.
This is one major reason why I prefer to play single-player games
The anti cheat arms race has been a rollercoaster of a ride.
Just stop playing these games and eat popcorn on the side guys. There are better multiplayer games out there.
The true gems are the games that are so obscure and unknown that people don't bother to make cheats for them
I'd say the dude is not the asshole because of the accelerationist theory
He does it so hard that they cannot swipe it under the rug
Instead of a few randos being disappeared with no recourse
Maybe they'll even be able to sue, because they got banned at no fault
Also "because you didn't lock it" I think is an actual legal thing, because if there is no evidence of breaking in, there is no evidence of theft
yeh, besides the fact that the joke outweighs the "harm", the harm is done to activism as punishment for their stupidity, we want things like this to be as public and embarrassing as possible
Breaking and entering is a separate charge to theft.
You can prove the latter without the former, the person just wouldn’t be charged with breaking and entering.
Also, an unlocked door is an invitation for a cop to enter without requiring consent. If you don't answer, they are allowed to try the door.
@@Satook I assume you can do that with a recording? So if you happen to have surveillance on your property, because otherwise I don't see how
"breaking" just refers to breaking the threshold of allowed entry. No force is needed.
This way they weren't able to sweep it under the rug.
They are now forced to get their stuff together.
Also, maybe stuff that the client can't be trusted with shouldn't be there.
Kernel anticheat shouldn't be a thing at all.
The problem with auto-banning is that no matter what methods you use to detect cheaters, you will always end up with some false positives. Do you really think that a game studio would hire reviewers to check flagged players, even cheap ones? No way...
"that could have happened by accident in an image I assume" - Yes, in fact it was already a problem in CoD1 20 years ago. It was using PunkBuster anti-cheat and I remember at some point there was scandal of a very famous eSports player getting banned on a live event, and it was only then discovered that someone was posting malicious jpg images for months on frequently visited public forums that had the cheat signature encoded in it. Whoever visited such a website/forum got automatically banned (and publicly shamed in such an unforgiving environment as eSports).
Couldn't find any sources on this-even generally. Where can I find it? I am sure it happens and has happened, just can't find any concrete examples with facts, only anecdotes and speculations.
@@dealloc Honestly I have no idea how to find content from 20 years ago as most websites I knew of does not exist anymore and social media was pretty much non existent. Iirc it was a ClanBase event if that helps. I tried searching it, here's what I found: If you go on wikipedia/PunkBuster then under the "Attacks on PunkBuster" section, it cites an article (netCoders vs. PunkBuster) where Evenbalance finally confirms the existence of the exploit. That article explains the exploit in detail.
@@dealloc Not sure where my previous comment disappeared maybe I triggered some kind of filter. I don't know how to find anything from 20 years ago as none of the websites I knew of exists anymore and there was no social media back then either but iirc it was a ClanBase event. However if you go to the PunkBuster wikipedia page it cites [8] an article which was supposedly the first time the company behind PB publicly acknowledged the problem. The article is titled "netCoders vs. PunkBuster", there you can read about it in more details.
@@deallocprobably never happened
If it wasn't for this person making a stink about this issue, it could've gone months without being addressed, leading to many people being permanently banned unjustly for longer periods of time.
After watching the video from Low Level Security explaining the exploit, I'm totally sure the responsibility of this mess is 90% Activision's fault, and 10% the abuser. Activision received reports about the exploit, and they decided to ignore them.
If Activision ignored reports, it is 1000% their fault. Then it is negligence AND ignorance.
To me the whole idea of a client-side anticheat is kinda ridiculous. I am still waiting for an arbitary code execution in a kernel-level anticheat so everubody playing some AAA game will get hacked.
I dont like the robbery comparison. It's more like your Security system calls the cops to arrest everyone comming near your house because somebody is throwinh pebbels at a window.
Not if the person doing it knows that's going to happen and causes it on purpose. The guy throwing stones is basically swatting everyoneone who walks past.
He is the one who did this to people and was hoping to get even more people banned, rather than doing a resposible disclosure of teh issue.
Is more like the police came to your house and arrested you, because your security system called them after detecting someone rang your doorbell.
@@maushax and gave you a multi life sentence with no trial becasue they didnt wanna both with it
About the banning drama, I would say that's very subjective, if the person who's trying to ban lots os people has told Ricochet about the exploit; I can agree with his methodology
Sounds like they're literally throwing shit at the wall to see what sticks. Fuck that beta testing shit, shove it straight into production
String scanning is a common technique for anticheat and antivirus. They just didn't implement it well, because they didn't set boundaries on what they can and cannot scan. They shouldn't have been scanning the chat.
Not the worst vulnerability cod has had unfortunately
It's not a vulnerability at all.
I understand that developing an in-house anti-cheat is an expensive endeavour but game companies at some point need to understand that an anti-cheat solution is fundamentally a server-side input validation problem, you can't really solve this in the untrusted context of client devices, it's an endless race against arbitrary code that you cannot possibly win in the long run.
I agree they are taking the wrong approach, server-side is probably not viable, there's a whole bunch of confounding factors. I do however feel like FPSs have really easy vector for anticheat, just have ghosts on suspected cheaters. I know it's possible to work around by the cheat software, but it seems better to me than just scanning memory. And I'm sure they could iron out issues over time.
I'm sure a game has tried this but can't remember what it was.
@@farrongoth6712 "But server side won't detect a wall hack though!" is always the rebuttal, but no one ever stops to think that maybe you shouldnt send info to the client that they shouldn't be having anyways and magically client side hacks become WAY less effective
@@TurtleKwitty Doing actual work is way harder than installing actual malware on the paying customers' computers.
you're right but also every game committed to server side checks also have generally vastly more problems with cheaters. There really isn't any argument in terms of which is more effective.
@@TurtleKwittythat's because the data is there mostly because of latency, players out of sight aren't always in your memory but depending on the game there are various cases where they need to be, league for example has many cases where close by enemies will end up in memory even if they are hidden by fog. Developers aren't making these decisions without knowing the consequences and it's why they also are making sure trying to access it is difficult. The only real thing a anticheat is getting measured is how many players/how long were they playing before a ban, the idea of this simple perfect solution is as always a mirage that you only have because you haven't done any of the work
It's Ricochet's fault for being faulty. But that doesn't mean you can go ahead and exploit the system and ruin the experience for others. The exploiter had the choice to be responsible.
Yep, that's why there's a distinction between ethical hacking and just plain old hacking. They could've reported this issue without exploiting it for their own gain.
It's not an exploit. It is simply a game feature and this guy was having fun with a game feature. He was not being an ahole
@@Efecretion Having fun at the expense of other people, huh? I'm pretty sure there's a social term for that
@@Kreze202 Literally how every competitive game works.
WTF. This was not a game feature. It's a bug. Ricochet is responsible for this damaging bug. This guy is responsible for causing financial damage to the people he purposely got banned.
I love how Prime interrogated a spam bot. And the bot complied. Is he secretly a son of Chuck Norris and the visual similarity is not just a coincidence?
I like when streamers scans chat. Thumbs Up Prime! 👍🏻💯
Video game disruption does not compare to stealing money from Chase bank. That's a bad analogy, Prime.
I long for a day when anti cheat isn't needed, in the words of John "You may say I'm a dreamer" LOL. I remember guys bragging about sending obnoxious emails to C-suite from machines that were left unattended and were not locked "to teach people a lesson". I suggested they just lock the machine for the person and walk away being happy they helped someone.
8:24 just want to point out that bans were already happening because of this bug and it took getting streamers banned for them to look into fixing it, if you care about people losing money think about the unfair bans that never get reviewed.
6:00 "That's the one thing I don't understand, how do you have a friend?" This is so sad
If someone drives a car with a flaw and crashes due to that flaw, it is 100% on the manufacturer for releasing a flawed car.
Ricochet released a horribly written anticheat, which also likely triggered other permabans from random chat from others unknowingly.
They released this trash, full well knowing there would be false positives, they are 100% at fault.
Anticheat quality should be written to a higher standard because they are usually highly invasive, and false positives have horrible consequences. This is litteraly the worst possible method they could use.
Some classic “works on my machine so ship it 🚢“
Love your channel man, you're the goat
Trolls WILL weaponize all the lazy anticheat patterns.
@12:40 I think the check fraud thing was different. That was not a bug, that was a courtesy from the bank where they made money immediately available on deposit.
Yes, it was a “this is why we can’t have nice things” deal. Of course the transactions are validated after.
This isn't like blaming someone for getting robbed when they left their door unlocked, this is like blaming the cops for breaking into the wrong house because they read the warrant wrong. Some dude said "Nice Trigger Bot, dick" when they got killed and all the completely innocent players in that match got banned. Game company only cares about the money and doesn't care about those innocent players, there's not a mechanism to prove your innocence and get your account back. This isn't an exploit or hack, it's bad management and poor customer service. Exposing it like this seems to be the only method of getting it noticed.
"Your right to throw a punch ends at the tip of my nose."
9:04 idk preventing people from playing CoD seems like a net good for society 😂
I don't see how hard it is for people to comprehend that it's possible for more than one entity to be at fault here.
Despite all the scrutiny Riot faces for their kernel level anti-cheat, I still believe it’s one of the most effective AC out there. The developers behind it are top-tier game hackers themselves, which is a big part of what makes this AC so effective. What’s even more impressive is their ability to detect DMA based cheats.
Using the strings that *have* to be in memory for cheaters to use the software as a signature was smart by itself, it's the hardest thing for a cheat developer to obfuscate and it's inherently fast which is important to reduce the impact on game performance, but scanning all the game memory indiscriminately was the stupidest thing they could've done.
I will not install a game with kernel level anti cheat. This sounds like me being arrogant and proud, but the reality is if a game requires anti cheat, it's probably a game I won't enjoy.
Saying you forgot the door is a bad analogy. If someone i trusted left my door unlocked and someone stole my stuff then yes, the person who left my door unlocked is at fault (also) .
The user didn't make the code. They trust the program is safe but it wasnt and that got them banned.
Bad take.
It is Ricochet's fault for being incompetent, and it's moreso because client-side anticheat is absurd
A non human reviewed permaban in a product that you payed money for is just evil. Someones head should be on the line for every permaban, so that permabans are only issued when absolutely sure.
I'd argue for a mandatory refund for every perma ban due to them being unable to use the product now.
Permabans should only be used when the cost of having the player is higher than the revenue they provide.
I'd argue for a paid refund for permaban regardless of the reason for banning in the first place.
The company no longer wants to do business with someone, they closed the deal, they should refund them.
This is class-action lawsuit territory.
It's not vandalism. You are allowed to write inoffensive messages to anyone you like. That's a right! If someones gets banned for legal and inoffensive messages, that's simply a stupid police of the guys running the gameserver and providing the clients.
If a shop sells an item below the value the buy it, and I buy all those Items from them, then I'm not vandalizing their business. They bancrupted themselves on their own. That is not vandalism.
The guy writing text messages totally stayed inside the contract and the guy receiving those messges stayed inside the contract with the makers of COD . COD broke thousands of contracts with their customers when they banned them for no reason. In my opnion the whole procedure of automatic permabans sounds like a fundamentally illegal procedure . I can't imagine that this is legal in anyway in payed contract. But I'm no lawyer...
Exploiting somebody else is always wrong. You know that, and the only way you can argue otherwise is to dehumanize the person you're exploiting.
@@edwardallenthree So what you are saying is The makers of COD dehumanize the whole playerbase by exposing them to potentially get an automated permaban that is not reviewed by a single human, after they took their money away?
@@TremereTT I'm not not saying that.
When someone orders a crowdstrike in a COD game...
The most amusing part is that thousands of accounts are a "small number of affected accounts" to them. I know numbers go brrr but damn, that's a LOT of people bro
Signature scanning does check for values you might see in a debugger, which is the 'signature' for it being in memory.
Most tools will hash the signature so that cheat tools cannot read what they are scanning for. Richochet did not, it was loading the values in plain text which cheat devs could see in debuggers 😂
Prime finally heard the word of our lisp lord and savior!
They will not just be scanning COD memory , it will be other processes as well.
A good analogy: If i forget my home door open and someone gets inside break and shit on everything, i'm the one going to jail for forgetting to lock the door?
There is an analogous situation where you WOULD face legal repercussions for that. If you had a kid/pet/elderly person under your care leaving your door open might be considered criminal negligence. What if you replaced your house with something like a school/orphanage/hospital/old folks home. If someone breaks into those places they are criminals for sure but the institution also has a duty to maintain some level of security.
That's an awful analogy that doesn't take into account any aspect of any part of the discussion.
@@aliasjon8320 In fact, the door was closed and locked. Since lock picking is extremely easy, would i go to jail for not having a bank vault door installed instead of a regular door? My point is, the criminal is the one going around the house, poking at the doors, finding the easiest one to pick, and opening it. The guy sniffing through the source code/memory dump of software, obviously had the intention to cause nothing but harm. So now maybe cheating is ok, because the devs don't make games cheater proof... There's no excuse for acting with bad intent, you can never ever blame the victim. What kind of dark age shit this kind of thought would lead? Should i beat you because you're weaker? Rape you because you're defenseless? Don't go down this rabbit hole.
It is like being a guard in a warehouse and not closing the door. Of course you are liable for negligence.
@@jazzymichael This is an awful reply that doesn't take into account any aspect of any part of the comment.
15:14 The idea is pretty simple, you don't want cheat developers to be able to tell what you are looking for. If they can update their cheat and be able to tell if it worked, the anticheat already lost the battle. That's what banwaves are for. That's also why even with something like vanguard which is invasive af and basically knows everything about your system, there is still at all times some detected cheaters playing the game. They will wait a random number of hours before banning so the developer doesn't know what part of the cheat triggered the ban.
"If the thing takes 3gb of memory are they scanning entire thing?"
IDK about Ricochet, but something like BattleEye will scan ALL the memory of all running processes. And your disk. (And it's a ring 0 backdoor that gets its executable payoad from a remote server, but that's beside the point).
So yeah. Not a new thing.
So a smart way that Valve (VAC) does this for counter strike or other games is they look for recurring byte sequences that show up over time over a large player base. They then compare that with their human in the loop overwatch system that flags reported cheaters and then the community decides on whether they should be banned or not. Once enough players with the same byte signatures in RAM are found to be cheating, they can confidently implement a mass ban wave to all of the people with that same executable running with the same memory signature. They intentionally allow more players to get by with their cheats for a weeks to have a more confident ban wave that doesn’t impact users who aren’t cheating. I think this approach is one of the better ones and does not need kernel level permissions.
Have you ever played a multi player FPS ever? People will send "Trigger Bot" in chat. You can't blame the guy spamming stuff that will normally be said in chat for intentionally trying to get people banned. If it was a custom signature or smt sure but it's just an idiot spamming "Trigger Bot".
Yeah, I think prime and so many other commenters took a vague statement in the article and got all out of wack over a percieved "brown hat" hacker, without really knowing anything in the first place.
This is why mob rule is a bad thing.
What’s really insane to me is that companies running games are allowed to just ban you and not give you a reason why they did it
Like that guild wars 2 bug that banned people bcs it was hashing files on the players system and one of the hashes that flagged cheaters was the hash that you get when hashing a empty file
Idk why they are still allowed to play the security through obscurity card and get away with it
As long as they scan for any memory region with input (from other users) this might happen, just instead of the word trigger bot one could simply write a different (cryptic) message resolving to the hash (as you can reverse engineer the original data even if hashed)
That's why least paying Bounty hunting programs are important
i dont know the details but, it seems like the twitter guy did this to get rid of competition and enable his own cheat to not get the same treatment as trigger bot
Zebleer?
Talent is not falacy , Talent isn't an illusion . Talent is a currency.
The issue is they scan not only game's process memory. Cheat most of the time is a separate program that reads and alters game's memory to send needed values to server.
My 5 cents: the security in general is a huge problem. And many of security issues are rooted in irresponsive software development.
I truly believe such mishaps must be punished with extreme effort, including massive usage of that exploits just to create heavy cause. This may be* the only* way to force devs act seriously about security and safety.
The problem is that they require you to install a poorly made rootkit into your system. There is a much better, non-invasive method to deal with cheating.
Wow, they called the situation a "workaround"? That sounds like it would let you cheat without being detected...
Waiting when Thor joining the stream videos
@whette, he not says guns are great or defending the creator of the gun, he’s saying the gun didn’t do the damage. Someone used the gun to do damage. Obviously the gun is bad but doesn’t have to be used that way if that makes sense.
I think it's time too.
the odds of 11 specific bytes appearing in a row in 16GB of RAM is about 1 in 2*10^16
(i wouldnt trust my math tho)
the probability does increase a TINSY LITTLE BIT when those bytes happen to correspond to a COMMONLY TYPED CHAT MESSAGE
Since my car allows me to go over the speed limit, it's the manufacturer's fault I was speeding.
That makes sense, in the future you bet they will be limiting speed through software based on the state laws you're driving through
This is why I don't trust anti-cheats. There isn't any transparency, or concern about false bans. Nobody wants to do any kind of appeals for banned players because they assume they must have cheated because the anti-cheat banned them. The anti-cheat is infallible, and is never wrong is what they always say. They only care about false positives if it brings bad publicity.
But if you "bought" a game, and then get false banned so you don't get your money back, they keep your money, and you get nothing.
Call of duty's codebase has always been a shitshow. This reminds me of how Black Ops I, II, III, and I'm pretty sure IV's multiplayer was completely unsafe because there were RCE exploits that could let other players online (not just in your lobby) take control of your computer. These went unpatched for literal months,.
Exploiters are going to exploit. You can't blame this exploiter for using it, then disclosing it. Because if they didn't someone else would have, and possibly wouldn't have fessed up. Is it wrong to exploit? Yes. But being in the wrong and being the one to blame are not the same thing.
It's certainly all Ricochet's fault. They weren't scanning the right areas of memory. 1. Don't scan for strings, that's stupid. Scan for behavior. 2. Don't scan user generated content. This is the reason why you can message someone and get them banned.
Also, the chat member comparing this to "blaming the homeowner for leaving their door unlocked" is a bad comparison. Activision didn't suffer loss from this, their customers did. The real comparison would be like saying Richochet owns a safe deposit box, you pay to store belongings in it, and when Ricochet's lax or otherwise innefective security allows a bank robber to steal from your deposit box, you blame Ricochet. Which, if it came out that a thief was allowed in my safe because the manager of the safe is a dumbass, yeah, I'd be blaming the manager.
Also, now everyone knows that these strings are blacklisted, so the cheaters are just going to change what they call these tools. Good anti-cheat monitors behavior, not text...
I'm so glad the last time I played a Call of Duty game was back in the original MW3...
10:15 I love that logic. This is peoole needs to stop saying that weapons are bad, it is not that weapon that do the bad things.
The lesson: don't pay for online game loot boxes or virtual assets you'd lose because of a dick in lobby.
And don't pay for virtual content anyway. Just for the game.
Vandalism is not stealing. Motivation is different, means are different etc. Breaking something doesn't require taking ownership over it.
The fault is shared between Ricochet and the perpetrator with more blame on the latter. For example, when lawmakers make flawed laws with vague terms that get innocent people jailed, it's not just the cops who exploited the laws who are at fault.
DMA is an onboard card, using an anti-cheat at kernel you can check to see if one exists, which some have done. Soon, we'll see people wiring directly to the RAM itself to use cheats, crazy stuff all for money.
People even use machine learning, that's not really detectable.
it wasn't a bug in the system when you are fraudulently depositing checks... it's unironically a feature of a system used well before computers were a thing.
"This is like blaming the person for leaving the door open, because they get robbed". - No, this is like "blaming the company that makes shitty locks, for failing to secure someone's house, and then that house getting robbed".
We live in a world where corporations do the absolute minimum they can get away with, then when 1 issue gets raised by a good citizen, they patch that 1 issue and leave the other 999 there, because no one noticed them. That is even if your concern gets looked at.
Unless you cause a media shitstorm.
It's Ricochet's fault, because they left a gun on the table, so that anyone can grab it and do whatever they want. Sure, it was someone else who pulled on the trigger, and is also responsible, but the fault is Ricochet's.
Fault = Ricochet Team
Responsible = Guy who used the exploit
And imagine this kind of garbage is running in your kernel ...
I remember the early days of Civ4 when the game would refuse to start if a uTorrent process was running. My opinion hasn't changed since then, a game has no business looking at anything else my computer is doing and anti-cheat is merely an excuse for them to do just that.
9:50 Fully agree with Prime on that whole thing. Ricochet stupidly left the door open, someone entered, broke everything, planted a bomb on A main and now it's Ricochet's fault the bomb exploded? I wouldn't go that far.
They are both faulty. Ricochet's left a gun on the table without checking if everything is secure enough. It was a very simple and rookie mistake and you can say its their fault. Just because someone exploits that does not make Ricochet team less faulty, it makes them both faulty.
Or in another words, if you can't drive a bus correctly, then do not drive a bus full of kids. Ricochet devs did that without securing everything.
@@thingsiplay That was the whole point highlighted by both Prime and me, but in the other direction. Ricochet messing up does not excuse his actions. If we're using your example, Ricochet left a gun on the table and that guy took it and did a mass shooting. People in chat were acting like the mass shooter was justified.
8:00 tbf if it's quietly patched as oposed to being a big scandal it has less chance of beign fixed
If the guy attempted to contact the developers to fix the problem and got ignored, then what he did is the only right thing, to avoid banning innocent people in the future you need to make it so they ban some streamers who can raise the awareness about the bug so it gets fixed.
If anything this incident highlights that the people who design these things have neither imagination nor creativity. all they had to do to fix this is add some binary component to the signature scanning but they simply disabled it. maybe they have it written by the llm and can't make a prompt to fix it or something?
I don't think putting the blame with ricochet justifies what the guy did
They are simply both to blame
The chase "bug" wasn't a bug. It was meant as good service. Intentional. You deposit check and we make it immediately available, not make you wait.
That's not a bug. I just don't think they thought about people would actually be so stupid to just go do it cause they heard about it.
yeah the spambotguy was correct, most cheat providers have a build server that dishes out different builds which all have lets say a few different file protections like vmprotect, so it is literally impossible to sigscan for most cheats, the only reason games do it nowadays is to detect the cheats that are released online for free since no one has gone through the effort of protecting the binary / dll, and another way you can 'sig scan' which isnt really signature scanning, moreso footprinting is if you read the strings in an executable, again if its not protected with any type of string encryption then you will get scenarios like this silly cod exploit where they are scanning their memory for any strings like 'triggerbot' (known cheat options)
What about “Trigger Butt”?
Developer cheatsheet:
- Cut corners only if you are making circles;
- Don't cut corners if you are making rectangles;
I'm with you on the "not richochets fault" in regards to the "having bad security does not make abusing that security okay". It is their fault in the sense that they were responsible for the security against a known threat and not securing it properly.
Still shitty people to blame for them being shitty. Though
Wait did he say that string with all of the 00 in it is ASCII then he said UTF-8? Pretty sure that third string is not ASCII nor is it UTF-8 but is actually UTF-16. That's why it has 16 bits per character.
if your character data on the server says your walk speed is at X then when the delta normalized number exceeds the number it should boot you out, its that simple to stop cheaters. you dont even need bans, if at the first hint of cheating you get booted out the server you will never be able to play with cheats. Althoug there are some client side cheats that servers can not prevent, however client side anti cheat cant prevent it either because it can be bypassed with various methods. Personally i just dont bother with multiplayer unless i am self hosting and playing with people i know personally. I think this root-kitted anticheat is just spyware.
Yo Dave, how's the anti cheat going? We're going live next week
Oh, hmmmm yeah, I gave it to the intern
L take. Blaming the cheaters takes the responsibility off the bad anti cheat company's shoulders. However bad those actors are, the anti cheat is the thing that opened the doors for them and put legitimate players at risk. Period.
Wait... X has an article?? dang.