Researchers Analyze Anti-Cheat Systems in Shooter Games and Their Evolving Battle Against Cheaters

The Black Hat talk presented by researchers from the University of Birmingham explores anti-cheat (anticheat) systems in shooter games, analyzing their sophisticated defenses and the high-stakes battle between cheaters and anticheat developers. The team monitored cheat-selling websites over six months, finding subscriptions costing up to $200 monthly, with cheats often patched within days, demonstrating a faster attack-defense cycle than traditional malware. Key defenses included blocking "bring your own vulnerable driver" attacks by preventing driver loading or scanning memory at runtime, with anticheats like Vanguard using inline hooks to intercept kernel page faults and disable Windows PatchGuard to detect unauthorized code execution. Rainbow Six Siege’s anticheat employed software diversification, generating unique game builds with shuffled offsets, encryption keys, and obfuscation to disrupt cheat development. Anticheats also countered rogue hardware (DMA attacks) by scanning device metadata, disabling suspicious cards, and validating functionality, while Vanguard hid sensitive memory by cloning address spaces during context switches. Data showed stronger anticheats correlated with lower cheat uptime (50% for Valorant) and higher prices, proving their effectiveness. The researchers predicted future battles would shift to hypervisor-level defenses, citing early signs of cheats and anticheats leveraging virtualization-based security.