Catching Cheaters in Dead Zone

Cheating is a problem that all online games face.  There will always be people that will look for a way to gain an advantage and unless you are running everything on your own server you are going to face a battle trying to stop them. Until you really have to deal with them, it is easy to underestimate the problem, let alone come up with a solution.

Before I started working on Dead Zone we had already had some instances of people cheating.  Due to a couple of security oversights there were a couple of simple minor exploits discovered that caused a few problems for a little while.  A couple of tweaks and data checks and those exploits were no longer a problem.

It wasn’t until about a year into our games life that cheating really became an issue for us. It was around that time that we introduced a points based competition to the game and some players began looking for any advantages they could find.

We began getting emails and complaints from users telling us that players had done the impossible.  Being that little bit egotistical that all developers are, I originally blew off the complaints as people being sore losers.  It wasn’t until a player sent me a link to a ‘game cheats’ site that featured our game that I began to really pay attention.

Looking at what the site was offering was a real eye opener for me.  There were a bunch of ‘features’ being offered that I would never had thought were possible.  Invincibility. Extra enemies (for extra xp). Super fast movement.  Infinite range. The list was impressive as it was depressing.

Initial Response

Our first response was bad.  In our anger we reached out to the site hosting the cheats and called them out.  Being as it was there business, they didn’t care.  They just thought it was funny and told us where to go.  It was pretty obvious afterwards that this was always going to be the result, but this interaction did help motivate me into dealing with the situation in a more effective agay.

Strategic Response

To try and figure out how bad it was I started out by collecting crude data.  Using the list of exploits as a guide I created a logging system that tracked key events in the game.  I basically dumped as much info as I could to a giant database and began to painfully pour over the results.  Sure enough, patterns began to emerge and I could see that there were indeed a number of players cheating.  Values that were impossible achieve via normal game play were appearing in the logs.

Using a few simple SQL queries I was able to generate a list of players that had obviously been cheating.  In a coordinated attack we banned all of the cheating accounts and any accounts that were linked to them.  At the same time we also posted a message to our forum explaining what had happened and listed who the offenders were.

This shock attack caught a lot of the cheaters off guard and the reverberations were also witnessed in the cheat site’s own forums (I had secretly signed up so that I could monitor them :p)  The responses from the people we banned varied from ‘ha ha your caught me’ to ‘I am so offended that I will never play your game again!’.

We repeated this process again multiple times over the next few months and many accounts were banned.

There were still two major problems though:

  1. The data that I was collecting only revealed a few of the cheats that were being used, and;
  2. A lot of the cheaters were creating new accounts and cheating again.

Understanding the enemy

I decided that if I was going to be able to catch the cheaters I needed a better understanding of how they were cheating.  To do this I dug through all of the forums and learnt about the software they were using.  I set up an isolated dev environment on my old laptop and set about running their cheats on the game.

It took a bit of playing around but I eventually discovered that they were doing things like hacking the system timers, injecting their own values into variables and swapping out the memory locations of functions that perform in game checks.  I have to admit that it was all pretty clever, especially when you realise that they are reverse engineering all of this.

Bespoke solutions

Coming up with a way to detect all of these required a number of different solutions.  For security reasons I can’t go into the exact details of everything I did, but I can give a rough explanation.

The system clock was the obviously the easiest.  Our game already had a keep alive ping with the server, so sending the system ticks on that and comparing it to the server was pretty trivial.  Having a result that went outside of a threshold would raise a flag.

The injecting of their own values was a bit trickier to deal with. As our game generated a lot of dynamic data it was hard to know what the exact range of values should be. The solution I came up with was to inject some control data into the client and then check if that data is ever modified.  If it is then the player has obviously been messing around in the game and their account is flagged.

The replacing of the functions was a little bit trickier to deal with as you can’t put anything in the actual function because it is, well.. replaced.  To get around this I did a variety of things. One of those things was to ping the function randomly with values that I knew what the result would be.  If they came back different then we had a problem.  In the places where that wasn’t feasible I did a disgusting thing and literally duplicated the method.  I altered it slightly to give it a different signature and then my new function randomly from the old function.  If the values didn’t match then they were cheating.

To help obscure all of this I made used a combination of regular checks and randomness.  Some of the checks require strict execution times in order be considered valid, whilst other rely on randomness to hide obscure their working from would be hackers.  To help mix things up, I occasionally change the order in which the server expects data from the client, so if we issue an update their cheat utils we be out of date and hopefully trigger a flag on our system.

All of these approaches were combined with basic data sanitation techniques that we should have been applying in the first place.

Once these changes were applied catching out a bunch more cheaters.

A new approach

Now that we had all this new data to work with we decided to take a different approach with the cheaters.  Instead of applying blanket bans we instead decided to waste their time.

Whenever the system detected that a cheat was being used all saving on the account would be disabled.  This meant that any progress that the player made whilst using cheats would be lost and their account would be reset the next time they signed in.  To make it more confusing / frustrating we made it so that the save fails would not start happening until they reached a certain level, insuring that a significant proportion of time was invested in their account before we took it away.

On top of this we decided to change our banning policy for first offenders from permanent to 30 days.  We found that this helped reduce the number of new accounts cheaters would create after they had their account banned.  Every few weeks we run through the list of ‘cheaters’ and apply the bans.

I have to admit that it is fun to deal with the support email asking ‘why is my account not saving?’  It was also fun digging through the cheat site’s forums and watching them slowly realise what was happening.


Overall I think that the approach to finding and dealing with cheaters has been a success.  Looking at various cheat site forums I can see that a number of the users there have become frustrated and lost interest in the cheats they are offering.



Leave a Reply

Your email address will not be published. Required fields are marked *

Name *

This site uses Akismet to reduce spam. Learn how your comment data is processed.