[MA] Construction of Secure Anti-Cheat Systems
Construction of Secure Anti-Cheat Systems
Ge. 50.34, SR 252 und online: https://i62bbb.tm.kit.edu/b/mic-7xx-rfr
With the popularity of online multiplayer games there is also an inherent need for securing
a fair game to all players. Some players actively try to achieve an advantage over other
players by measures that are not part of the game. These measures are casually also
referred to as hacks or cheats. Hacks can be constructed in multiple ways, ranging from
social engineering to low level packet modification and network replay attacks.
For game developers the need emerged to counter these hacks with so-called anti-
cheat systems. The purpose of an anti-cheat system is to not let possible game hacks go
undetected and act on findings. The anti-cheat system should provide state-of-the art
detection and anti-tampering techniques to prevent hacks. If a game hack is detected
this often leads to permanent banning of the hacker from game services. This thesis
provides a technological deep dive into techniques used for constructing game hacks as
well as counter measures that help to prevent them. For this we have constructed our own
solution to the problem called Re:Guard anti-cheat. Foundation for Re:Guard anti-cheat
was an in-depth security analysis of existing anti-cheat solutions under consideration
of cryptographic primitives and general usability. Re:Guard anti-cheat was developed
with practices against state-of-the-art game hacking techniques as well as technological
knowledge of game hackers. Re:Guard provides a holistic approach to anti-cheat systems,
securing game servers as well as game clients from malicious activity. We implemented
Re:Guard anti-cheat with the following modules usable for further research and evaluation:
anti-cheat client and server, anomaly analysis server, hack tools for evaluation of cheat
development, obfuscator for binaries and a demo game as well as demo cheats for testing.
Some techniques used in Re:Guard anti-cheat can generally not be found in academia for
this use case. Hacking techniques such as Random API Hashing and Mid-Function-Hooks as
well as forensic investigation techniques such as Variadic Client Code Integrity Validation
or Code Entropy Analysis are introduced in this thesis for further use. These techniques
are listed for reproducibility of the thesis’ results as well as for educational purposes. The
source code for Re:Guard anti-cheat is protected under the AGPL license.
Our evaluation findings indicate that future research should be done regarding data
privacy in anti-cheat systems as well as extension of academic systems for fraud prevention.