I talked to EQU8 who were kind enough to help me on a Saturday and asked them about the issues raised in this post and yesterday’s one.
Will the driver collect data (such as keystrokes when game window is not in focus, memory contents of other processes or of the kernel, files on the disk etc.) and if so what does it do with it?
Does it anonymize and encrypt personal data before sending it over the network?
About what exactly is read I’ve asked for a full list and they will get back to me on Monday (but they confirmed no keystrokes of unfocused windows). No personal data is transmitted. An exception would be filenames. If you named your cheat “tekn0z_wallhack.dll”, they would see that string. Even the username in a path would be stripped, so “C:\Users\Tekn0z\aimbot.dll” would become “5\aimbot.dll”. All communication is encrypted. Also, EQU8 is a Swedish company and subject to all EU data protection legislation. We inquired about privacy before choosing their solution. Given what we know, I don't have any concerns with EQU8 in the area of privacy.
I work on kernel drivers and use self signing as part of my work. It would be good to know if I should reboot my system after re-enabling testsigning every time I want to play Diabotical. (excerpt)
We want a lightweight anti-cheat solution, I think most people in the community would agree with that. It is my understanding that this reduces our options to EAC and EQU8 (I’m discounting other older solutions that are not effective enough). Tekn0z, am I right in assuming that when it comes to point 3 you'd have the same problem with EAC? Many people may peruse your post quickly and not realize that one of your concerns is not being able to play the game in the same session in which you disable kernel signature protection, something that you use for kernel development but that is also a requirement for cheating in certain scenarios. Unfortunately I don't think we'd go with any solution that allows that, nor do I think that the community at large would want us to do so if we explained the implications of that in detail. We might as well drop client-side anti-cheat protection at that point. I may be wrong, though, and the signing may be just a small part of it, do games with EAC allow you to do that? If that is the case then that'd change my perspective on this point.
Is this only the second game this anti cheat has been implemented in? (By somebody else in this thread)
It is a new company, yes, although by the time we launch we probably won’t be the second game to launch with it. It is being implemented in several games at the moment by major studios so you’ll probably be seeing it in more games next year. I have asked to be put in contact with a studio that put several anticheat solutions through exhaustive testing and chose EQU8 in the end. I'll probably have to sign an NDA so I may not be able to share all details. Check the earlier thread about this if you’d like to know more about the reasons we went with it. (TL;DR: lighter I think, faster loading times for sure, good support and easy access to engineers).
About yesterday’s thread, and about Sen7086 getting banned from TABG, he is somebody who uses a lot of “suspicious” tools due to his occupation like sniffers, disassemblers, debuggers, etc. He was banned when one of these tools was detected. Not saying that he being banned from TABG was justified but I think it’s important for context, since reading that thread people may think that EQU8 is trigger happy or random at scoring users, but this was a tricky scenario, that any other solution may also flag. Also keep in mind that EQU8 just scores and gives information, it’s up to human operators to act on that information. Perhaps it’s possible for us to do a better job at interpreting that information.
Also for better context regarding the effectiveness of EQU8, Sen7086 was under the impression that Diabotical was a Unity game, like TABG. According to him that made TABG very easy to tamper with and EQU8 wasn't able to prevent all cheating in that scenario.
The personal file that Sen7086 said EQU8 was reading was a sniffer capture log file. At first I thought that maybe EQU8 looks for that kind of file to find traces of people trying to reverse engineer the game network protocol. I've asked them about it and they say that they don't read that kind of file or arbitrary personal files that are not related to the context for that matter. They suggest that perhaps another process in TABG’s context is doing so, I will be contacting TABG on Monday to ask them if they have other anticheat solutions on top. It wouldn’t surprise me if, plagued by issues derived from having a C# game, they had to resort to using multiple solutions, but this is just speculation.
I tried to get Sen7086 to read over this post before I submit it so that he could confirm that I’m not misrepresenting anything but I couldn’t contact him today. If I misrepresented anything I apologize.
Go EAC. No risks pls. Not like this.
It would be very easy for us to go with EAC instead (I really like the guys at that company actually and their product is good too). But we would need a good reason, so far I haven’t seen confirmation of anything that is concerning. Let’s remember this started because a rather alarming picture was painted by somebody who was banned in another game for using a debugger. This could just have happened with any other anticheat, you can probably find multiple claims in Google of any given anticheat ruining any game (except maybe those which are basically useless). Also, we will just be using EQU8 for information, it’s up to us how we use that information. The situation would be very similar with EAC in that sense, if you are worried about false positives. We’ll be contacting studios that have used EQU8 and digging more, and if we see a real concern we’ll drop it. To be honest we would also have to drop it if the perception sets in that it is a real risk because otherwise this becomes a huge time-drain not to mention a real risk to the project. But I’d like to keep EQU8 if nothing else because it doesn’t affect loading times (which other solutions do, though this may have improved now or in the future).
Anyway, this is what we are doing atm regarding this issue.
- I have asked EQU8 for the full list of things being accessed and they’ll get back to me on Monday.
- I have asked the mods of /r/tabg permission to start a thread there and solicit opinions from their players at large.
- We’ll also continue talking to TABG players.
- I’ve requested NDA-access to a studio that tried many anti-cheats including EQU8.
- We’ll also be contacting TABG devs on Monday to inquire about that sniffer dump file that TABG was reading in Sen7086’s computer.
Cheers.
devtrackers.gg