There are a number of Microsoft-signed drivers that have vulnerabilities in them that can be exploited allowing kernel-level access (memory read/write primitives, etc.) - they would load fine under Secure Boot - and, indeed, malware already has exploited this before.
This does make cheating harder, and does make it a cat-and-mouse game where signatures are revoked and they move on to a new driver, but the fact of the matter is - there are a ton of drivers out there and some of them will always be vulnerable in some way. To this end, I think focusing on client-side anti-cheat at all is a lost cause.
> Importantly, this work also highlights the defensive implications of such techniques. While Secure Boot and firmware integrity mechanisms would prevent this attack chain when correctly enforced, the explicit requirement for users to disable Secure Boot demonstrates how social and usability tradeoffs continue to undermine otherwise effective platform defenses.
Valorant and Battlefield 6 does require secure boot and they do not sell their cheat for those games. Though there are still cheats available for those games, in particular using DMA hardware.
You connect the DMA PCIe card to a laptop/pc with USB, then it can read any memory on the game PC and display a radar on the laptop screen. They even sell mouse and hdmi/dp mergers, these allow the laptop to show an ESP overlay over your game and aimbotting by sending mouse inputs.
Reminder the company had to spend time and money to get an EV cert and endured Microsoft’s nine circles of driver signing hell to ship this beauty.
Meanwhile they could have used EAC for free (with weaker protection than Rust/Apex/Fortnite, mind you, but still) which would both provide better game security and not be a vulnerable driver (until proven otherwise - and I’m not seeing a lot of proof despite any anticheat driver being reverse engineer targeted to hell and back)
> We all know they are inefficient and weaponized by hackers.
Name an exploit in EAC/BattlEye/Vanguard/FaceIT/whatever other big name anticheat middleware (though Vanguard and FaceIT don’t sell their services I think) that has actually been used for anything.
Genshin Impact’s driver got used as a vulnerable driver that one time, yeah.
EAC had an exploit to inject your own code into processes, but that quickly got patched (https://blog.back.engineering/10/08/2021/).
ESEA's anticheat was used to mine Bitcoin on the players' computers. They are/were a major competitor of FaceIt. They supposedly had to pay a $1 million settlement over it.
Fortnite is easy to run in a hypervisor and also cheaters are using hardware DMA to cheat these days anyway. The proposition that Linux enables more cheating relative to Windows is unproven.
reply