Reverse engineering Call of Duty anti-cheat

Original Article ↗ Hacker News Discussion ↗

Learning reverse engineering & game hacking

  • Many describe learning RE through:
    • Old forums and cheat communities, “crackmes,” and classic books on Windows internals and reverse engineering.
    • Tutorials (e.g., Lena151), CTF-style sites, and modern courses like pwn.college.
  • Recommended tooling and approach:
    • Get comfortable with x86 assembly, ELF/PE formats, PLT/GOT, and dynamic linking.
    • Use Ghidra, IDA, Binary Ninja, radare, x64dbg, gdb/windbg; lean on decompilers plus manual renaming/annotation.
    • Start with small binaries and exercises; don’t begin with AAA anti-cheat.

Technical discussion: signature scanning & obfuscation

  • Signature/pattern scanning:
    • Identify relatively stable byte patterns for functions, with wildcards for addresses, offsets, and jump lengths.
    • Goal is a unique “shape” of code that survives builds and can be found at runtime.
    • Scripts (e.g., in Ghidra) can automate signature generation.
  • Obfuscation challenges:
    • Heavy use of unconditional/fake jumps and shared “thunks” breaks decompilers’ function models.
    • Many functions don’t end with ret (early returns, tail calls, jmp-to-ret thunks, slow paths).
    • Some schemes deliberately corrupt the stack or jump into the middle of instructions to confuse tools.
    • Symbolic execution (angr, miasm), Intel PIN, and CFG unflattening are suggested counter-techniques.

Cheating prevalence and impact on multiplayer

  • Several argue cheating has always been a major issue; others feel it has recently “destroyed trust” in many FPS titles.
  • Experiences vary:
    • Some report relatively clean experiences in games like Overwatch or CS with premium anti-cheat/ecosystems.
    • Others describe rampant cheating in titles like Escape From Tarkov and public CS matchmaking, plus “private” ecosystems (Faceit/ESEA, private servers) as refuges.
  • Cheating is also framed as a learning gateway into low-level programming and RE, but many acknowledge it ruins games for others.

Anti-cheat techniques, hardware, and limitations

  • Consensus: as long as attackers can read/write game memory, cheating can’t be fully stopped.
  • Discussion of:
    • Kernel-mode anti-cheats (EAC, Vanguard, Battleye) and vulnerabilities in “trusted hardware” stacks (ring -2, CET, shadow stacks).
    • Hardware/DMA cheats and IOMMU: some claim DMA can be robustly constrained; others argue real systems often need broad DMA for performance (swap, zero-copy I/O, GPUs, exotic hardware).
    • External CV-based aim-bots using a second machine and USB input are noted as fundamentally hard to detect.
  • Some suggest future trends toward “trusted” hardware will be dangerous for everyday users while still exploitable for determined attackers.

False bans, due process, and consumer rights

  • Multiple anecdotes of false permanent bans (CoD, League, console games), often with:
    • No explanation, opaque appeals, and major emotional impact.
    • Public “cheater” flags that taint entire gaming profiles across titles.
  • A notable case describes a two‑year legal battle to overturn a CoD ban where the publisher allegedly produced no evidence and ultimately lost.
  • Others report indirect punishments (e.g., CS:GO “trust factor” issues on Linux with certain GPUs) that effectively push players into low-quality lobbies until fixed.
  • Strong disagreement on acceptable trade‑offs:
    • Some favor aggressive heuristic/statistical bans with minimal recourse, accepting rare false positives as a cost to clean games.
    • Others argue there should be legal protections: bans shouldn’t remove paid-for functionality without refunds, and there should be human-reviewed, capped-cost appeals.
    • Concerns include minors, account value (skins, time investment), and reputational harm from public flags.

Server models, moderation, and community governance

  • Many praise the era of user‑run dedicated servers with visible admins, votekick/voteban, and community moderation:
    • Cheaters could be removed quickly; players gravitated to well-run communities.
  • Critics argue this doesn’t scale to modern matchmaking-based games with huge concurrent player counts.
  • Some propose hybrid ideas:
    • Community servers for serious players; official matchmaking for casuals.
    • Reputation systems, phone verification, playtime requirements before ranked, and AI-based review (e.g., Valve’s claimed high detection rates).
  • Skeptics note players frequently misidentify “legit but skilled” opponents as cheaters, making player-driven hunting alone unreliable.

Ethics of reverse engineering and cheating

  • The original technical RE work is lauded as impressive research, but some question the morality of dissecting anti-cheat systems that protect fair play.
  • Several reflect on youthful cheating or related abuse (e.g., DDoS in games) with lingering guilt, even as they credit it for their technical growth.
  • Others draw a hard line: no matter how educational, writing or using cheats ultimately degrades the experience for paying, honest players.