When it comes to the cat-and-mouse game of stopping cheaters in online gaming, anti-cheat efforts often rely on technology that ensures that the broader system running the game itself is not compromised. On the PC, it can mean so-called “kernel-level drivers” that monitor system memory for changes that may affect the intended function of the game. On consoles, this can mean relying on system-level security that prevents unsigned code from being run at all (until and unless the system is effectively hacked, ie).
But there is a growing category of cheating methods that can now effectively circumvent these forms of detection in many first-person shooters. By using external tools such as capture cards and “emulated input” devices in conjunction with machine-learning computer vision software running on a separate computer, these cheat engines completely bypass the secure environments created by PC and console game makers. This forces the developers behind these games to look at alternative methods of detecting and stopping these scammers in their tracks.
How it works
The basic tool chain used for these external emulated-input cheating methods is relatively simple. The first step is to use an external video recording card to record a game live output and immediately send it to a separate computer. These display frames are then run through a computer vision-based object detection algorithm such as You Only Look Once (YOLO), which is trained to find human enemies in the image (or at least in a small central part of the image near reticle targeting).
Once the enemy is identified on the screen, these cheat engines can easily calculate exactly how far and in which direction the mouse should move to place the enemy (or even a particular body part, such as the head) in the center of the reticle. This data is then sent to an input flow device such as Titan Two or Cronus Zen, which mimics the correct mouse input and fires a shot at superhuman speed.
On their own, all of these peripherals and tools have legitimate uses (though the automated macros enabled by input flow devices are controversial in many competitive gaming circles). Put them all together and you get an effective cheat engine that does not require changes to the software or hardware that actually runs the game. In a way, it’s like printing a gun from basic 3D printer resin or building an explosive from chemicals derived from legal products.
“Why create a bomb that can destroy the world?” asked a cheat manufacturer rhetorically in a Discord conversation with Ars Technica. “But we did.”
The cheating factory
Cheating methods based on external tools and emulated inputs are not entirely new. But they have gained increased attention in recent days thanks to a promotional video from the makers of a specific cheat tool we call CVCheat (Ars does not name the actual cheat tool here or link to it in this piece). Many of CVCheat’s promotional videos were taken down from YouTube through an Activision copyright claim sometime in the last 24 hours, but the most recent is reflected in this tweet and contains no identifying information.
The current versions of CVCheat include some basic automation features, including a “trigger bot” that detects when an enemy is in the player’s crosshairs and automatically sends a shot command. The current tool also has automatic recoil adjustment that can stabilize players’ targets by almost moving the mouse to flip recoil after each shot (optical character recognition helps detect which weapon is used for specific recoil adjustments in this case).
But it’s the upcoming version of CVCheat that manufacturers promise to take things to the next level with computer-vision-based “undetectable, unstoppable full-size automation” [and] full auto-shots “that work on” any game “on PC, Xbox or PlayStation. The pro version of CVCheat, which promises these benefits, is offered in return for a $ 50” donation “to manufacturers, while the specific pro quo arrangement has disappeared from CVCheat’s website in recent days, it is still explicitly on the producers’ Discord channel.
The administrator of CVCheat Discord (which we will refer to here as LordofCV to hide the name of the tool) said that their tool was not intended to upset the competitive balance between online sliders. Instead, they say it’s meant to “give console players a chance [games] already exceeded by hackers. Xbox players do not stand a chance … the script would never have been created without request [from users]! “
The upcoming version of CVCheat can detect an enemy on the screen and shoot for about 10 ms according to LordofCV and works effectively on games running at up to 240 fps. The detection algorithm is currently “making some adjustments” on the part of the user, they explained, but the threshold can be adjusted “to pick up anything that moves.”
Still, the algorithm works best when the target is a large identifiable figure on the screen rather than a far away blob with small pixels. “When you lock it on [it] works really well [at] close to the middle class, [and] long range with a sniper range it works fine, “said LordofCV.
LordofCV claimed that he helped come up with the idea for the CVCheat tool and helps manage the community, while another coder performs all scripting and receives the donations. They say CVCheat currently has about 200 users.
Discover and avoid
Speaking to Ars, LordofCV expressed extreme confidence that their cheating method was completely undetectable because “we do not manipulate any game files … it is used at your own risk, but cheat search software cannot retrieve it.”
However, at least one person in charge of actually protecting online games from scammers grabbed that brag. “Ultimately, the ’emulated input’ vector is nothing new, and the Vanguard team is very aware of that,” Valuation Anti-cheat Lead Phillip Koskinas told Ars Technica. “Scammers are always looking for new corners to hide in, and ‘Kernel Drivers’ have never been the most important tool in our arsenal.”
Koskinas specifically pointed to a 12-month ban Riot issued for former Beşiktaş Esports player Yasin “Nisay” Gök back in February. Without going into too much detail, this announcement of the ban notes that Nisay was banned under “an automated system built by[[[[Valuation]Anti-cheat team to help with cheat detection marked the account for the use of a cheat that reads the user’s screen before mimicking corrective mouse movement with the help of external hardware. “Human confirmation after the automatic selection confirmed the cheat,” Riot said, suggesting a mix of software tools and human review can actually detect these “external” cheating methods just fine.
Koskinas did not go into detail with Riot’s method: “Anti-cheat is partly a game of ambiguity,” he said, “so we really did not want to bring unnecessary visibility to this topic.” But despite their “undetectable” bragging rights, LordofCV suggested that attentive gamers and / or analysis software could still notice the superhuman target-and-fire speeds that emerge when these cheats are used. “Killing cams becomes killer … which means they are suspicious,” they said. “People can only do things so fast, [and] this software makes it faster. “
LordofCV nevertheless suggested that it can be difficult to distinguish between external emulated inputs and legitimate human gameplay at the level, at least at a glance. “I have seen players who are [just] really good at [the] the game will be banned, “they said. You can be banned for no reason at most games. “
Whatever the case, it is clear that external techniques for computer vision will continue to be a front in development in the endless battle between cheaters and those who want to stop them. As artificial intelligence techniques continue to evolve, it may become even easier for these external tools to hide their use and harder for anti-cheating algorithms to even detect their existence. Cat-and-mouse battle continues.