Video games are a massive industry. With more people playing competitive online games than ever before, we see an increased demand for cheats, mainly cheats that provide players with a distinct advantage, and that does not get them banned.
A lucrative grey market
Hackers have become more sophisticated in the past decade, charging significant sums of money for their cheating software. They often use a subscription model, promising regular updates to keep up with anti-cheat methods. It is not uncommon for these subscriptions to cost more than the actual game that is played.
Generally, (semi) anonymous payment methods are used – such as Bitcoin and gift cards – because many laws are broken. Furthermore, cheat developers risk serious legal consequences. Gaming companies argue that they are violating the terms of service, by illegally reverse engendering their code and exploiting it which falls under copyright law. In addition, cheaters diminish the experience of legitimate players which in turn results in money loss.
South Korea is a country notorious for its video game cheaters, which the government takes very seriously. Being found guilty can lead to fines of thousands of dollars and even jail time. However, in North America and Europe, we have not seen much in terms of punishment. Cheat developers frequently evade legal action, because they are untraceable – residing in countries such as Russia – or are hard to identify. Most cheaters get away with just a ban and a warning.
Nevertheless, the market is far from legitimate as scams, code theft, and false advertisements are rampant. Sellers offer stolen software for sale, or falsely advertise their cheats as ‘undetectable.’ They disappear when their reputation is too tarnished to attract new customers, or they discontinue support for software when they cannot overcome new anti-cheat methods. Subsequently, they abandon their customers with lifetime licenses (that cost hundreds of dollars) without a working product. There is no way to refund the purchase.
The market is predominantly trust-based, and many forums and discord groups surged, helping potential buyers to navigate the market. Such platforms include reputation scores and verified reviewers. Yet, it is likely sellers artificially boost their reputation scores trough false reviews and other methods, with or without the help of forum owners and moderators.
Most popular games have cheats, some being more sophisticated than others. In the Multiplayer online battle arena (MOBA) genre, one can identify several forms of hacks. Examples are targeting prediction and zoom hacks, allowing the user to zoom out further then the developers intended. In strategy games such as StarCraft, hacks provide the user with visual information that would otherwise be hidden.
Most cheating however happens in online shooters. Games, such as Counter Strike and Battlefield, have long been targeted by cheat developers, providing players with features such as ESP (Extra Sensory Perception) allowing you to spot enemy through walls and terrain. An ‘aimbot’ moves your crosshair towards the enemy automatically. Given the continually evolving anti-cheat software, there is a constant need for new and improved hacks, creating a lucrative industry.
PlayerUnknown’s Battlegrounds (PUBG), the game as shown on the image’s above, costs thirty euros on Steam. A cheating client from a ‘respected’ seller costs the same amount of money but merely runs for a week. In their promotion video, they show the incredible advantage the cheater has over regular players. Therefore, it comes as no surprise game developers and third-party anti-cheat developers have put enormous resources into their anti-cheat software, although with mixed success.
The response of anti-cheat
Most anti-cheat software runs by checking the users’ memory for code that should not be there, like an anti-virus program. Also, methods such as data encryption and taking screenshots of the players’ client are utilized. Nonetheless, these methods are just catching up to cheaters not preventing cheating outright. And when the developers clamp down on specific cheating code, It takes little effort for the developer to improve the ‘camouflage’ of his hack and the cycle starts over again.
Companies such as GameBlocks promise a better solution. With their fair play application, they put themselves between the game server and client: instead of merely checking game files and data integrity, they focus on player behavior. The idea is that cheaters who have such an unnatural advantage – such as seeing other players through walls – demonstrate this in their in-game behavior. such as aiming at targets not visible to a regular player. Or heaving an unusually high kill death ratio. Hover these methods could lead to more false positives than traditional anti-cheat solutions. And are heavily criticized by community members who claim they have been the victims of a false ban.
‘Undetectable’ package-based cheats
With the rise of a new subgenre called Battle Royale, we saw a demand for new cheating methods and software. Due to an overall slower game pace and higher risk-reward-fights, many players are more willing to get an illegitimate edge over their opponents.
At the same time, traditional cheating methods are more easily detected – resulting in game developers barring you from playing based on your hardware ID – and becoming a less useful option.
Consequently, developers came up with a creative solution: instead of running cheats in the game client or even on the gaming pc, they do so on an entirely different device. They either use a Virtual Machine (VM) or a second computer. Developers then duplicate the game data stream – containing information about enemy positions – with software (such as Zenmap) to a device that is not monitored by anti-cheat software.
A client on the second device reconstructs this game data in a form that the user can understand and apply. Examples are a map with enemy and loot locations or even a 3D environment where you can see an enemy player screen, similar to traditional cheats.
Some cheat developers plan to expand on this technology and create a cheating client. That client essentially acts as a gameplay client, with all the cheating overlays such as ESP and radar. The difference is that the actual game client remains clean from any “bad” code or behavior, making it significantly harder to detect by anti-cheat.
cat and mouse game
A potential solution for these cheats would be more draconian anti-cheat software running on the players pc. combined with packet encryption. Like we have seen with the recently released Valorant. Anti-cheat software that runs inside your computer kernel, and is actively scanning your system even when not in-game.
implementing packed encryption would force cheat clients to obtain a decryption key in the game client. witch is something that could more easily be detected. in addition, this always-on anti-cheat could actively scan and block vpn’s, virtual machines, and suspicious drivers.
The video game cheating market is an interesting one: it is a constant cat-and-mouse game between small and often self-taught developers against multimillion-dollar companies. For now, the legal system appears ineffective and far too slow. Even though scammers, false advertisements, and player bannings are commonplace, the market is still massive and growing.