Method to catch autoaimers and visibility hackers

I was thinking how autoaim and visibility hackers work and came up with an idea to beat them. These hacks bypass the human eye and reaction challenge of the games, typically in FPS games like PUBG. The server sends the location of enemy player to the client which animates it, appearing as pixels on his screen. The player has the task of spotting these pixels. It’s a trivial task if the enemy player is close (lots of pixels) or he is moving (pixels moving relative to the background). But if the enemy is far and stationary only a few pixels are different from the background, making such identification hard. For example look at this screenshot from the DrDisRespect vs Summit1G video:
doc

Can you spot the not-so-good Doc? He is visible on the screen! Look, there he is:
doc2

He was hard to detect as only a few pixels of his backpack were visible from the tree. It’s not a problem for a visibility hacker/autoaimer. The client is fully aware of his position and either telegraph it to the cheater by painting him pink instead of almost-as-brown-as-a-tree or simply aiming the gun on him.

The official solution is simply not telling anything to the client besides the position of the backpack pixels so only the human intelligence is capable of recognizing that the tree is out of shape and shoot it, telling the server that shots fired next to the tree, which the server calculates. This is very traffic and server load intensive. I almost don’t blame the developers for doing the easy way and let the client handle this, accepting some cheating as a consequence. Their defenses are hack detects (scanning the memory for known cheat codes) and statistical evidence (too many headshots, too few misses). Both are weak, able to only catch known cheats and blatant cheating.

I have an idea that can defeat the logic of the visibility/autoaim cheats. The server should place bots to the map. These bots are indistinguishable from players for any client. They generate the same traffic, they obey the same rules, they move and collect items just as players do and they have a name of a real player who isn’t online at the moment.

The trick is that these bots are very good at concealment. They hide in holes, they hide under foliage, they duck behind trees, they peek at the corner of windows. Since they are server-side bots, they know exactly where players are and always position themselves to avoid detection. They only move if no player look at their way. Of course they don’t shoot or attempt to win and do not interfere with the outcome by any means. If someone would run into them by accident, they would just vanish. Therefore a human player would never notice them. A client side hack on the other hand notices them and let the cheater kill them. So killing hiding bots would be a perfect proof of cheating, as humans can’t do it.

Please note how this trick defeats the purpose of the hacks: to let cheaters see what humans can’t. The cheater can’t tell if the hack revealed a hiding bot or a camping sniper player. If he doesn’t shoot hard-to-detect enemies, he might as well stop cheating.

Advertisements

Author: Gevlon

My blog: https://greedygoblinblog.wordpress.com/

22 thoughts on “Method to catch autoaimers and visibility hackers”

  1. Several problems I can see with your hide-bot.
    1) Due to latency, the hide-bots will not vanish instantly.
    a) Quick reaction players can land hits. It won’t be easy but it is possible.
    b) You have created an apparent epidemic of cheating players using teleport hacks and ESP threat detection.
    2) Cheaters can identify real targets by getting momentary LOS on them. If the target doesn’t vanish it is real player.
    3) The game is now rigged. Corrupt devs will drop an item-stealing bot on you and you cannot prove it because you caught momentary glimpses of other players in your area who might have picked up everything first..

    Like

  2. This is a great idea in the abstract, but the suggested implementation needs tweaking. Depending on what information is available to the client at what time, the anticheater bots could simply be invisible (0 collision, 0 opacity model) but the client would still know they are there. You could have literal millions of them to mess with aimbots at low performance costs (as no animation or rendering takes place).

    The only question for this type of fix is how much of the data is available to the client. If there is a simple flag that determines whether a model is rendered/animated it would be trivial for the cheaters to adapt the software. Likewise, if you use bots identical to players and put in a non-online player’s name, and that information is available to the client, it is also trivial to make the cheating software look up if a person is online or not and just ignore the offline people.

    Like

  3. @Dobablo:
    1) minor problem. You should never see the bot vanishing. Or actually, never see the bot. What I mean is that the bot is hiding somewhere and you are approaching (like it is in a building and you entered that building) it vanishes before you see it.

    a) not a problem. No one gets banned for killing a bot once in the blue moon. Getting 40 BP won’t break the game. Killing a dozens in a single game is what raises flags.

    b) no. The bots would never teleport hack. They would behave exactly like players, except for vanishing. When vanished, he is dead to the clients, except for no corpse and loot. Hell, if it’s problematic, forget vanishing. If the bot can’t escape, he should just “died from falling” and leave his collected items behind.

    2) No. The bot doesn’t care about LOS. It only vanishes if there is a serious chance of you walking into it. Just staring at a bot from 100m won’t do nothing. Actually this is the point. A normal player doesn’t see the bot from 100M since it’s hiding.

    3) Irrelevant. Whoever can modify the bots can also modify loot spawns or circles.

    @Nije: invisible bots would be known to the client to be invisible (otherwise they would render). My bots WOULD render, they would just be invisible by hiding very well, using methods available to players. My bots would be super-camper-players for the client.

    Sure, if the client can figure out the names of players targeted, the method is bad. But then one can use names of players online in other games. Or simply deny all names from the client, only inform the client when killing happened and someone is already dead.

    Like

  4. Instead of complicated dissapearing/hiding bots, just put fake player location ID that roam around and do nothing except exist. Once the hack start aiming everywhere at empty space because there is not even a shadow of a dissapearing bot there, the hack user will stop because it keeps throwing their aim point wildly everywhere.

    Like

  5. The major problem with your solution is that Field of View(FOV) and draw distance is set by the player. The bots are able to take their FOV settings even lower than the UI allows, thereby increasing their accuracy. The rest of the honest players are limited to 80-103 FOV in PUBG, so unless the server is sending a “no draw” command to the client to prevent the video system from rendering your proposed bot, there is no way to make them vanish as you propose. And if the server -is- sending a no draw command to the client, the aimbot already has its hooks into the .dll’s being used, so scanning for this no draw event is relatively easy and the Bot maker just updates his Aimbot to disregard such targets. Right now, the best protections, VAC and BE, are being employed and constantly updated. The developer has already stated that they will be “banning in waves”, so the players will have to wait and see who are the most “leet” coders – the aimbot makers, or the game developers and their 3rd party detection methods.

    Like

  6. @Noguff: under “vanish” I mean “completely remove from the map”. The bot would no longer be present as it is compromised and can no longer detect cheaters.

    Like

  7. No human attack these fake player because they can’t see them. They are immaterial except for the broadcast of their position. No model displayed at all. Just throw the auto-aim wildly everywhere because there is “someone” in that direction except it’s false. The auto-aim is just aiming at empty space where the server wrongly announce the presence of a player. You just give the bot hundred of false positive detection so it can’t be used effectively. Real player won’t bother because they don’t hunt player by tracking player ID broadcast but by looking for a visible model on their screen which would not exist in my proposition.

    Like

  8. Tragically, this is just another unworkable scheme that attempts to ignore the real problem. Why is it unworkable? Because there are millions of people with clients. hundreds or thousands of them are diligently working to hack it due to the profitability. Any scheme that can be implemented by devs will be circumvented. It’s simple market forces.

    The real problem is you can’t design a high speed, client side system without it being hackable. And the state of the network won’t allow you to push targeting onto the server unless the game is really slow or the targeting is like WoW or Eve… select a target, the stats decide the hits.

    The only way for these games to AVOID being hacked is to wallow in obscurity while the hackers focus on the high popularity titles.

    Now, they can eliminate some hacks by not telling the client info it doesn’t need, like where a weapon crate is unless you’re right on top of it, or what’s in it before you open it. But you can never eliminate aimbots when targeting and hit assessment is done on the client.

    You have to slow the game down and offload all that to the server. … At which point your game will wallow in obscurity behind the faster, more exciting hackfests the other guys put out.

    Perhaps when fiber goes from server to the home and pings are 5ms on your 1000 gigabit connection, things will be different.

    Like

  9. @Frosties: if no model is displayed, then the client is aware that they are bots (it must be to not animate them). Any client hack could figure it out.

    @Smokeman: it’s NOT a client side system. There is no way for the client or the player to know if the bot is a bot or a human camper. I’m not trying to eliminate aimbots. I try to prove their existence by creating targets only they can kill.

    Like

  10. “I’m not trying to eliminate aimbots. I try to prove their existence by creating targets only they can kill.”

    You’re missing the point. The only way to actually fix the problem is eliminate the client side aspect that is causing it. All your “solution” will do is cause the hack makers to adapt, which will trigger the next pointless “solution”, which will cause the hacks to adapt… etc.

    There is no magic scheme that can protect you from the laws of reality. You have to accept that this is a flawed product and you shouldn’t try to play it “competitively.”

    Like

  11. @Gevlon

    “I try to prove their existence by creating targets only they can kill.”

    The majority of Aimbots have more than one mode of operation:

    1. They can be in “freelook” mode and shoot at anything that moves without the player pulling the trigger or aiming. These are the obvious ones where players appear to turn 360 degrees and shoot out of their asses. But any smart player will lower their FOV settings in the Aimbot config to where the Aimbot disregards those outside of the FOV. – Much smarter.
    2 They can be in “hit only” mode where the player has to aim and also pull the trigger -the Aimbot only makes the shot hit in this case. In this case the FOV is set very low, and the Aimbot user will only pull the trigger if they have a target that is drawn inside of their FOV.

    It doesnt matter what “data” you try to spoof to the client from the server, the way these Aimbots work is that they are “hooked” into the .dll’s of the game files and readily intercept this “vanishing bot” code you propose to send and can disregard it with a simple update.

    Like

  12. Addendum: the only way to catch those using these Aimbots is to use a program like Blizzard used in the early days. Remember “Warden”? It scanned the memory of the users PC and would ban you if it found “certain” programs in resident memory. It was easy enough to do in 32-bit versions of windows, but 64-bit versions are a bit trickier to scan.

    Like

  13. @Smokeman, Noguff: I don’t think you understand what is explained here.
    – the bot is server side
    – the clients get the same format of information about them what it would get about a player
    – the bot doesn’t do anything what a player cannot do
    – the bot usually does what camping players do.
    – the bot vanishes only if it’s cornered and if it vanishes, it vanished. It won’t come back. At this point it’s obvious that it WAS a bot, but it doesn’t help any player or cheater.

    The cheaters can’t adapt because the bot isn’t a mechanical solution, but a strategic. The cheater (man or program) must analyze its behavior to assume that this *player* is neither going for kills, nor for survival, it’s just hiding in a purposeless place. Which of course false-assume on dumb players who get lost or lucky bots who happen to be in the circle in a good sniping spot.

    Yes, it’s harder to catch smart cheaters who cheat small. For example those who use aimbot to only do a few degrees aim correction. However these cheaters are not that problematic because they aren’t superhuman, they are merely good-human. You can beat them by better strategy. You can’t beat a bot that gives perfect headshots from behind.

    Like

  14. “@Smokeman, Noguff: I don’t think you understand what is explained here.”

    No. I get how your scheme works, and it will certainly be effective for a short time. Then it will go onto the pile of schemes that failed miserably. This is how FPS client security has always worked, and why it has always failed miserably. There are MORE MAN HOURS spent coming up with hacks than there are coming up with fixes. Hackers outnumber devs by a massive margin.

    And it’s all because the problem is impossible. They are trying to fit 10 pounds of bacon (game excitement and twitchiness.) into a bag (What the reality of multi player connections can actually deliver.) that can only hold 5 pounds.

    If they reduce the amount of bacon to 5 pounds, all the OTHER companies will promise 10 and drive them out of business. The sausage factory works by simply not providing an actual, fair, competitive game. Only the ILLUSION of competitiveness to hold the players. And as a side “benefit” extra income for all the players wave-banned who repurchase new accounts.

    And: “You can’t beat a bot that gives perfect headshots from behind.” So? Your new scheme won’t detect that either. Nor will the next brilliant scheme that comes along.

    Like

  15. “– the bot is server side”

    I’m not trying to speak for Smokeman, but that is what both of us are trying to tell you: In a client side system, the Aimbot works by hooking/hijacking the PUBG client .dll files(.exe’s in some cases). If your “hiding bot” is sending information from the server to either “confuse” or “trick” the Aimbot, the Aimbot maker will see this new information and update the Aimbot to totally ignore it. As long as the Aimbot is hooked to the PUBG .dll files, it can identify, alter or ignore any command/information sent from the server.

    One method game developers used in the past to reduce the use of client-side Autoaim cheats, was by simply issuing frequent game updates(patches) where small changes were made in the game code and netcode, which would render the Aimbots useless until the bot developer decided to update it. But still, it will always be a tit-for-tat affair depending on how dedicated the bot maker is.

    Like

  16. @Smokeman, Anon:
    I start to believe that you are purposefully trolling or just idiots. IT’S NOT SOMETHING YOU CAN HACK. The client has no information about bots, so no hackers can get any information. The bot appears as extra PLAYER as far as the client knows.

    The trick is that he is a VERY GOOD player (in terms of hiding), so human players can’t kill him (regularly). Anyone who kills him (more often than once in the blue moon) is considered a cheater. You can’t beat that with netcode hacking, only by a true AI that analyzes the behavior of other PLAYERS and determine who are likely bots.

    Finally, you don’t have to beat the hackers to beat them. You just have to be hard enough so they move to the next game and hack that.

    Like

  17. @Gevlon
    >You can’t beat that with netcode hacking, only by a true AI that analyzes the behavior of other PLAYERS and determine who are likely bots.

    NoGuff explained this point fairly well. You’re assuming that the aimbot is behaving as an “automatic turret” which instantly locks-on and headshots anything within LOS. And you’re right: that aimbot would *need* a genius AI in order to identify Gevlon’s sneaky fake dudes and *avoid* shooting them.

    But that’s not important. Anyone using that type of aimbot will have an absurdly high hit % and godly kill stats. You won’t need server-side injection of fake players in order to catch such cheaters. You can just wave-ban them based on heuristics (especially when their account is named “Visit Aimbots.com and use coupon code ARTHASDKLOL for 20% off your first purchase!”).

    If you want to get fancy then you could intervene in real time. “GM spawned into world 300m above and behind suspect player, well outside the player’s field of view. 2 frames later, suspect lined up a headshot and fired. Suspect scored six additional headshots within the next five seconds while performing serpentine dodge motions. Suspect was immediately kicked from the match by GM and banned from the PUBG game servers. A VAC ban request is currently being written up, and will be sent to Steam tomorrow alongside the relevant server logs.”

    The challenge is to catch players who use the aimbot as an “assist” feature – either snapping on to a target which is very close to the player’s aiming reticle, or automatically pulling the trigger when the player sweeps their reticle across a valid target.

    A “hiding” fake character will be of minimal utility in identifying such hacks, because the cheating process relies on human eyeballs. If the human cheater can’t see the super-concealed bot then they won’t move their reticle towards it, and so their aimbot won’t shoot it, and so the developers won’t gather any evidence with which to indict the cheater.

    You’ll get a few accidental bot-kills by lazy or unlucky cheaters, but the signal-to-noise ratio will be lousy and you’ll probably ban a few legitimate players. Even if you ban nobody, players will complain about how the stupid anti-cheat bots are getting in the way of combat, or stealing in-game resources, or screwing up K/D scores, or worsening the game’s lag. If you try to contradict such rumors then you’ll potentially reveal information which contributes to the next round of aimbot enhancements.

    And God help you if a popular streamer manages to kill a few of your anti-cheat bots and catches a ban for it. There are a lot of people out there who won’t *care* about the 96% overall reduction in cheaters, and who won’t wait to see whether the ban gets rescinded. Instead they’ll call your dev team incompetent, send in a few death threats via Twitter, switch en masse to the next FPS, review-bomb your game, and apply for Steam refunds.

    Like

  18. @Gevlon

    Not trolling, just responding based on your continued statements of how your “hiding bot” would work.

    From your original post: “A client side hack on the other hand notices them and let the cheater kill them.”

    How would a client-side hack be able to detect, target and kill your server-side bot, unless the server is sending them some kind of data about its existence and/or location?

    Like

  19. @edwardqjones: these “careful” aimbotters aren’t a problem because they are indistinguishable from well-aiming players. The victim will say “well played” instead of getting mad. The cheater will climb to top 5% and then gets stuck because there strategy wins. The problem comes from the “kill anything in LOS” cheaters and they are harder to catch than you believe because a good aimbot also shoots some misses and non-headshots. I also think that in PUBG a “visibility cheat” (that alerts the cheater about hiding players behind walls, trees, …) is much more valuable than an aim-assist. And the bot will catch those.

    Banning a streamer is impossible because those guys are whitelisted and not banned even if they cheat (I’d guess most do) unless a high-ranking GM bans them.

    @Noguff: because the bot data is sent to EVERY client, just like any other PLAYER data. So Adam’s client gets the info “bob_totally_not_bot is hiding behind a tree 500m from you” and renders a few pixels at the side of the tree which Adam can’t see. The very same data is sent to Cheater Cindy’s client. Cindy also can’t see the bot, but her aimbot does see it and shoots those few pixels next to the tree.

    Like

  20. @edwardqjones

    “And you’re right: that aimbot would *need* a genius AI in order to identify Gevlon’s sneaky fake dudes and *avoid* shooting them.”

    Not really.

    For example: If a player is using an Aimbot and is laying prone and scanning from right to left, to prevent it from shooting Gevlon’s “server side fake bots”, all the Aimbot maker has to do is introduce a small amount of latency between target acquisition and firing, say 30ms, and it gives Gevlon’s bot time to disappear, so now there is no target to pull the trigger on. Easily circumvented with no advanced AI needed.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s