Minimize the possible advantage by not sending the client other players' positions until absolutely necessary (either the client can see the other player, or there's a movement the client could make that would reveal the other player before receiving the next packet), and eliminate the cheaters you can with server-side behavior analysis and regular less-invasive client-side anticheat.
Ultimately even games with kernel anticheat have cheating issues; at some point you have to accept that you cannot stop 100.0% of cheaters. The solution to someone making an aimbot using a physically separate device (reading monitor output, giving mouse input) cannot be to require keys to the player's house.
> not sending the client other players' positions until absolutely necessary (either the client can see the other player, or there's a movement the client could make that would reveal the other player before receiving the next packet)
I think the problem with this is sounds like footsteps or weapons being fired that need to be positional.
Which makes me wonder if you could get away with mixing these sounds server-side and then streaming them to the client to avoid sending positions. Probably infeasible in practice due to latency and game server performance, but fun to think about.
To whatever extent the sound is intended to only give a general direction, I'd say quantize the angle and volume of the sound before it's sent such that cheaters also only get that same vague direction. Obviously don't send inaudible/essentially-inaudible sounds to the client at all.
They need to just make CPU's, GPU's, and memory modules with hardware level anti-cheat. Totally optional purchase, but grants you access to very-difficult-to-cheat-in servers.
That sort of already exists - I believe a small number of games demand that you have Secure Boot enabled, meaning you should only have a Microsoft-approved kernel and drivers running. And then the anticheat is itself probably kernel level, so can see anything in userspace
It may still be possible to get round this by using your own machine owner key or using PreLoader/shim [1] to sign a hacked Windows kernel
The only reason wallhacking is possible in the first place is a server sending a client information on a competitor that the client should not know about.
IE the server sends locations and details about all players to your client, even if you are in the spawn room and can't see anyone else and your client has to hide those details from you. It is then trivial to just pull those details out of memory.
The solution forever has been to just not send clients information they shouldn't have. My copy of CS:GO should not know about a terrorist on the other side of the map. The code to evaluate that literally already exists, since the client will answer that question when it goes to render visuals and sound. They just choose to not do that testing server side.
Aimbotting however is probably impossible to stop. Your client has to know where the model for an enemy is to render it, so you know where the hitbox roughly should be, and most games send your client the hitbox info directly so it can do predict whether you hit them. I don't think you can do it behaviorally either.
To some extent though- the games do need information about players that are behind walls.
In CSGO/CS2, even if you can’t see the player you can hear their footsteps or them reloading, etc. the sound is very positional. Plus, you can shoot through some thin walls at these players. Even if they can’t be seen.
I don’t believe server side anti cheat can truly be effective against some cheats. But also Vanguard is trash and makes my computer bluescreen. I’ve stopped playing league entirely because of it.
You don't happen to have used some means to install win 11 on an unsupported device have you? People bypassing the windows install requirements and then vanguard making false assumptions have been a source of issues.
I’m on windows 10. Vanguard always complains about some driver that it prevents from running. (Might be fan control I think? Hard to figure out) And in addition to that it’s caused several blue screens for me. (Kernel access violations I think?) The blue screens say the error was in vgk.sys which is vanguard.
It’s not at all consistent, but when it happens it’s as I’m getting into a game, so I miss part of a match for it every time.
> The only reason wallhacking is possible in the first place is a server sending a client information on a competitor that the client should not know about.
Some information is required to cover the network and server delays.
The client predicts what things should look like and then corrects to what they actually are if there is a discrepancy with the server. You cannot get around this short of going back to in-person LAN games.
> So the server must render the 3d world from each players perspective to do these tests?
Just some raycasts through the geometry should be sufficient, which the server is already doing (albeit on likely-simplified collision meshes) constantly.
If you really do have a scenario where occlusion noticeably depends on more of the rendering pipeline (a window that switches between opaque and transparent based on a GPU shader?) you could just treat it as always transparent for occlusion checking and accept the tiny loss that wallhackers will be able to see through it, or add code to simulate that server-side and change the occlusion geometry accordingly.
Server side hit detection is nowhere near as complex as occlusion, you need to make sure you account for latency or you get people popping into existence after they round the corner.
Here is one for CS:GO, server occlusion geometry must be made separately as auto generating from map is another hard problem.
Not "just some raycasts" otherwise everyone would be doing it:
> Not "just some recast" otherwise everyone would be doing it:
Only needing raycasts through the geometry was in response to the idea that the server would need to "render the 3d world from each players perspective to do these tests". I don't intend to claim that it's as a whole an easy engineering problem, but rather that the tests don't need to involve much/any of the rendering pipeline.
Of course you can. You can measure telemetry like where the aimpoint is on a hitbox. Is it centered or at least more accurate than your globabl population? Hacker, ban. How about time to shoot after hitting target? Are they shooting instantly, is the delay truly random? If not then banned. You can effectively force the hacking tools to only be about as good as a human player, at which point it hardly matters whether you have hackers or not.
Of course, no one handles hacking like this because its cheaper to just ship fast and early and never maintain your servers. Not even valve cares about their games and they are the most benevolent company in the industry.
Valve does not have kernel level anticheat. Faceit does. Most high ranked players prefer to play on Faceit because of the amount of cheaters in normal CS2 matchmaking.
VAC is not kernel level. Valorant’s Vanguard is kernel level - it runs at all times and if you exit it out, you must reboot your computer to play Valorant
You have no idea what you're talking about. Even mediocre FPS players use positional sound as a huge cue for how to react, which means the client is going to know the positions of every player and non-player entity in a medium range. That's a _huge_ advantage to any hacked client.
Even if the FPS had no sound, an aimbot-free hacked client that knows the positions of only the players that you can see would still provide a significant benefit because a high fidelity radar and pointers can be placed on the screen. No one can sneak up on you. And no you can't base it on which way the player is looking because you can turn around faster than network latency.
Can you limit the impact of hacked clients? Sure, people might not be able to do egregious stuff like X-ray your position from across the map. Locally, though, game clients need a large amount of information to provide a good experience.
It's not ok for people playing those games. They'll quit playing that game and go to one with invasive client-side anti-cheat instead.
The incentives and priorities are very different for people who want to play fair games than they are for people who want to maximize their own freedom.
This is a solved issue already. Vote kicks or server admin intervention. Aimbotting was never an issue for the old primitive fps games I would play because admins could spectate and see you are aimbotting.
A modern game need only telemetry that captures what a spectating admin picks up, rather than active surveillance.
Hackers are only a problem when servers are left unmoderated and players can’t vote kick.
That stopped being a solution when winning online started mattering. There are real money prizes for online game tournaments. Weekly events can have hundreds of dollars in their prize pools. Big events can have thousands.
Suddenly vote kicking had to go, because it was abused. Not in the tournaments themselves, but in open ranked play which serves as qualifiers. An active game can rack up thousands of hours of gameplay per day, far beyond the ability of competent admins to validate. Especially because cheating is often subtle. An expert can spend more than real time looking for subtle patterns that automated tools haven't been built to detect.
Games aren't between you and your 25 buddies for bragging rights anymore. They're between you and 50k other active players for cash prizes. The world has changed. Anti-cheat technology followed that change.
You can't have vote kicks/server admins/hosted servers with competitive ranked ladders. If your solution is "don't have competitive ranked ladders" then you are just telling the majority of people who even care about anti-cheat to just not play their preferred game mode.
Why can’t you have that with competitive ladders? Presumably theres still mechanisms to kick people in game if they start for example spewing racist messages in the game. What difference is it to kick someone one way or another? Not to mention plenty of games with vote kick mechanisms did have strong competitive scenes.
If you only allow users to kick their teammates for suspected cheating, they will have little incentive to do so.
If you allow users to kick opponents for cheating, they will have an incentive to kick legitimate players who are playing well.
You cannot have a global competitive ladder if the ladder is split into a ton of different admin-run servers. overwatch had a version of this problem where people would queue into the Australia region during low traffic times to boost their rank.
I play one of those games that doesn’t strongly enforce anti-cheating, and I agree with you that it’s a huge detraction compared to games with strong anti-cheat.
But I strongly disagree about the use of invasive client-side anti-cheat. Server-side anti-cheat can reduce the number of cheaters to an acceptably low level.
And chess is a game where I feel like it would be relatively hard to detect cheating. An algorithm looking at games with actors moving in 3D space and responding to relative positions and actions of multiple other actors should have a great many more ways to detect cheating over the course of many games.
And frankly, I think the incentive structure has nothing to do with whether tournaments are happening with money on the line, and a great deal more whether the company has the cash and nothing better to do.
Anti-cheat beyond a very basic level is nothing to these companies except a funnel optimization to extract the maximum lifetime value out of the player base. Only the most successful games will ever have the money or reach the technical capability to support this. Nobody making these decisions is doing it for player welfare.
Stop thinking about trying to catch wallhackers. Instead, make wallhacking impossible. Do that by fixing the server to, instead of sending all player positions to everyone, only send player positions to clients that they have an unobstructed view of.
You're confusing wallhacking with noclipping. Wallhacking is being able to see through walls, like drawing an outline around all characters that renders with highest z-order, or making wall textures transparent.
It does not result in any server-side-detectable difference in behavior other than the hacker seemingly being more aware of their surroundings than they should, which can be hard to determine for sure. Depending on how the hack is done, it may not be detectable by the client either, eg by intercepting the GPU driver calls to render the outlines or switch the wall textures.
