During our annual Hack Week, Modux employees take a break from their normal day-to-day work and instead spend the week working on an innovative idea that they are passionate about. Given the chance to experiment outside of his normal scope of work, one of our Senior Security Consultants, Ben, set himself the challenge of creating a sophisticated cheat that would help him gain the upper hand in first-person-shooter video games. Unlike existing video game cheats, which are often detected and banned by game developers, Ben wanted to make something that would be impossible for current anti-cheat software to detect.
A superior aim bot
There are a few different cheating tricks for video games that are commonly used. Trigger bots, for example, make the weapon automatically fire when the target is in the crosshairs, speed hacks make the player move faster or slower and camera hacks give the player a wider view of the game than the other players. Aim bots, meanwhile, ensure that the player has the perfect aim at any opponent, and this is what Ben planned to focus on. He saw the chance to innovate and improve on existing aim bots by making one that wouldn’t be identified by anti-cheat software:
“An aim bot is often one of the more desired and overpowered cheats but usually one of the easiest to detect from an anti-cheat perspective. I thought there was potential to make a more novel aim bot that would be less detectable by using out-of-band techniques.”
How to beat anti-cheating software
Unfortunately for cheat developers, modern anti-cheat solutions are very hard to beat. They are run as independent and often highly-privileged applications, separate to the game itself, and detect all software that is modifying or reading from the game.
While some cheats will try to interact directly with the game, others will try to read the screen in order to obtain information. But what they have in common is that nearly all video game cheats run software on the PC that is playing the game.
Ben’s solution to avoid his aim bot being detected by anti-cheat software was to perform all the cheating activity on a secondary computer.
An undetectable cheating set-up
Ben’s plan was to use a capture device to mirror the video stream from the game, and ship it to a secondary ‘processing’ PC. There, the system would use software which could recognise people on the screen. The second computer would recognise the person shape and aim at the target by controlling the cursor on the first computer. For this he needed the following hardware:
Two PCs: one to play the game on and another to do the processing
A video capture card to send the video stream from the ‘playing’ PC to the ‘processing’ PC
An Arduino microcontroller to act as a computer mouse
A 3D-printed game show style buzzer to trigger the software via click
A second Arduino inside the game show buzzer to send the mouse clicks
The following software stack was used:
Python
OpenCV, a cross-platform computer vision and machine learning library of algorithms which can be used to detect objects in videos
MobilenetSSD, a machine learning model designed for object recognition, trained to recognise 'people'
Nvidia CUDA, used to accelerate the OpenCV detection by offloading processing of computationally ‘expensive’ image processing tasks to a graphics card instead of solely using a CPU
Despite not having used object recognition frameworks before, Ben found development fairly straightforward. The application of various Arduinos and other hardware elements from previous projects also greatly sped up production of the final solution. With the extra time, Ben was able to assess other methods of detecting target enemies on screen such as the YOLO algorithm or HSV colour space differentials before finally settling on MobilenetSSD.
The cheating sequence
With PC1 playing the game and PC2 running the cheat software, let’s look at the sequence of steps involved in this cheat in more detail:
The video feed from the game on PC1 streams via a video capture card to PC2.
PC2 runs the object detection algorithm against the video feed to look for objects classified as 'people'. This step is only performed against the inner red square you see in the demo video to make aim movement seem less unnatural and speed up processing times.
If enemies are found, the software computes the distance between the current mouse pointer location and the enemy’s head. This step is performed for each on-screen enemy detected. The software marks the closest enemy with a red bounding box and all the rest with blue bounding boxes. This is not visible on the PC1, only on PC2.
If the trigger button is pressed, the software then uses the Arduino to move the mouse on PC1 on top of the closest enemy’s head (and optionally fires). Whilst the big buzzer was used in the video demo to visually demonstrate the 'trigger' process, a secondary much smaller device was used when Ben actually wanted to try the solution in a real game. This device was a tiny button attached to the mouse or keyboard of PC1.
Cheaters sometimes prosper
Ben tested his aim bot in Counter-Strike: Global Offensive. It was extremely effective and could hit enemies with pinpoint precision with any in-game weapon. The majority of testing was conducted offline so as not to not ruin real players’ fun, but limited online play demonstrated the effectiveness of the solution against real life players as well as its ability to not get Ben banned!
Although most of the time the bot does an excellent job of mimicking how a human would play the game, it has certain limitations. After attempting to play on a winter-themed map, Ben realised that he hadn’t fine-tuned the image learning recognition enough to differentiate between an enemy human and a similarly proportioned snowman
The snowman incident aside, Ben’s prototype has a lot of potential. Unlike most other computer game cheats, which target a single game via software modification or screen reading, Ben’s cheat currently works in any first-person game providing the enemy player model looks like a human. With additional training of the machine learning model, the bot could easily be updated to work with games where this is not the case.
Interested in joining us for the next hack week and becoming part of the Modux team? Email contact@modux.co.uk