• tiberius@lemmy.caM
    link
    fedilink
    English
    arrow-up
    41
    ·
    edit-2
    6 months ago

    Great job PC Helldivers. Can the community do something about the Kernel-level rootkit?

      • Rusty Shackleford@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        6 months ago

        Noob question: has anyone confirmed that it’s really running in userspace on linux or win gaming tech forums yet? Doesn’t effective anti-cheat require root privileges?

        This is a pretty important thing to validate, in my opinion.

        • Sonotsugipaa@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          11
          ·
          edit-2
          6 months ago

          Unless it actually behaves like malware and attempts multiple workarounds to obtain root privileges that I should know about, it does run in userspace for me.

          Perhaps later today I’ll spin up the game and check lsmod, but if I’m wrong that’s a massive black flag that has absolutely no chance of being legal no matter how many eula roofies they spiked my drinks with.


          Done, no weird kernel module was loaded: unless nProtect is pulling a sneaky, it’s running in user mode.

          • Rusty Shackleford@programming.dev
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            6 months ago

            This is a subject I’ve been meaning to start researching and poking around with a bit. Due to work/time requirements, I haven’t been able to run a profiler on anti-cheat services on either of my Windows or my Kubuntu boxes. Any information that you’re willing to share is much appreciated. Thank you, in advance!

            • Sonotsugipaa@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              4
              ·
              6 months ago

              I’m not using a VM, I don’t think it would work with Windows + the kernel level anticheat; I also haven’t tried poking around with the AC, I guess it does prevent simple memory manipulation with things like scanmem but I’m not willing to risk 40€ just for science.

              I’ll try doing the lsmod thing and edit the comment you replied to, in a bit

          • brbposting@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            ·
            6 months ago

            Thank you for your service

            Without people like you we’d all be relying on hearsay… I mean like even moreso than relying on a stranger’s comment :)

        • AProfessional@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          6 months ago

          It is impossible to run in kernel without being explicitly given that permission.

          Client anitcheat is never perfect, it is slightly better in kernel but that just caused more issues for legitimate customers.

          None of this even makes sense as HD2 isn’t a PvP game.

          • Rusty Shackleford@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            6 months ago

            I suppose that a legitimate argument for anti-cheat could be griefing, but then the host could just boot the player based on a basic voting system. In general I was curious to see “what’s under the hood” of a kernel-level and a userspace-level anti-cheat service and what are the implicit security risks for an average user.

            • AProfessional@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              6 months ago

              In general I was curious to see “what’s under the hood” of a kernel-level service and a userspace-level anti-cheat and what are the implicit security risks for an average user.

              This answer isn’t very satisfying, but the risk is complete and total. A kernel module can do anything and can hide what its doing.

              A userspace anti-cheat has a wider range of risk. For example on Linux you can sandbox it so its quite safe in that case.

              On Windows the most common issues user report are things like kernel crashes, corruption, etc. Things that should never happen in kernel space and potentially break an installation. These are honestly amateur projects that don’t belong there.

            • Jakeroxs@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              3
              ·
              6 months ago

              I think the most compelling for me was something like in MW2 back in the day hacked lobbies fucking up a your stats. Something similar in hd2 could ruin it for some.

              • AceCephalon@pawb.social
                link
                fedilink
                English
                arrow-up
                2
                ·
                6 months ago

                In Helldivers 2’s case, say a cheater forces everyone in that mission to max out samples/medals/super credits, it entirely kills the progression and takes away a reason to keep playing unless it’s reverted safely, which then means that mission was pointless because someone else used cheats.

                • Tlaloc_Temporal@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  6 months ago

                  The solution to that is to rework how rewards are calculated, maybe do some sanity checks with the server, not seize super admin control of personal hardware.

        • MajinBlayze@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          6 months ago

          For me, since I use the flatpak version of steam, at no point have I ever provided the admin password in order to install steam or any game. It, like all of my desktop software, runs in it’s own little sandbox that has limited access to the rest of the computer. It would take a somewhat sophisticated attack for an anticheat to actually run in kernalspace on the host os.

          But that’s also why companies like riot have their anticheat block Linux from running the game at all.

          If Linux becomes a populate enough platform, I’m sure cheaters will start using it to get around anticheat and something else will have to be done. Until then, I’m happy knowing this is a problem that I can mostly avoid.