Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

VIC: Evasive Video Game Cheating via Virtual Machine Introspection

Panicos Karkallis, Jorge Blasco

TL;DR

VIC addresses the growing problem of online video game cheating by introducing a hypervisor-based, VM introspection technique that operates outside the game process and even outside the guest OS. The authors build a practical framework using QEMU LibVMI to read guest memory, intercept events via page guards, simulate input, and render overlays, demonstrating three cheats across three games. The results show that cheat radar is nearly stealthy with minimal FPS impact, while wall-hack and trigger-bot incur modest FPS penalties, and that existing anti-cheats do not detect these methods in tested settings. The work highlights implications for cheating-as-a-service and cloud gaming, and calls for new defenses and responsible disclosure.

Abstract

Video game cheats modify a video game behaviour to give unfair advantages to some players while bypassing the methods game developers use to detect them. This destroys the experience of online gaming and can result in financial losses for game developers. In this work, we present a new type of game cheat, Virtual machine Introspection Cheat (VIC), that takes advantage of virtual machines to stealthy execute game cheats. VIC employees a hypervisor with introspection enabled to lower the bar of cheating against legacy and modern anti-cheat systems. We demonstrate the feasibility and stealthiness of VIC against three popular games (Fortnite, BlackSquad and Team Fortress 2) that include five different anti-cheats. In particular, we use VIC to implement a cheat radar, a wall-hack cheat and a trigger-bot. To support our claim that this type of cheats can be effectively used, we present the performance impact VICs have on gameplay by monitoring the frames per second (fps) while the cheats are activated. Our experimentation also shows how these cheats are currently undetected by the most popular anti-cheat systems, enabling a new paradigm that can take advantage of cloud infrastructure to offer cheating-as-a-service.

VIC: Evasive Video Game Cheating via Virtual Machine Introspection

TL;DR

VIC addresses the growing problem of online video game cheating by introducing a hypervisor-based, VM introspection technique that operates outside the game process and even outside the guest OS. The authors build a practical framework using QEMU LibVMI to read guest memory, intercept events via page guards, simulate input, and render overlays, demonstrating three cheats across three games. The results show that cheat radar is nearly stealthy with minimal FPS impact, while wall-hack and trigger-bot incur modest FPS penalties, and that existing anti-cheats do not detect these methods in tested settings. The work highlights implications for cheating-as-a-service and cloud gaming, and calls for new defenses and responsible disclosure.

Abstract

Video game cheats modify a video game behaviour to give unfair advantages to some players while bypassing the methods game developers use to detect them. This destroys the experience of online gaming and can result in financial losses for game developers. In this work, we present a new type of game cheat, Virtual machine Introspection Cheat (VIC), that takes advantage of virtual machines to stealthy execute game cheats. VIC employees a hypervisor with introspection enabled to lower the bar of cheating against legacy and modern anti-cheat systems. We demonstrate the feasibility and stealthiness of VIC against three popular games (Fortnite, BlackSquad and Team Fortress 2) that include five different anti-cheats. In particular, we use VIC to implement a cheat radar, a wall-hack cheat and a trigger-bot. To support our claim that this type of cheats can be effectively used, we present the performance impact VICs have on gameplay by monitoring the frames per second (fps) while the cheats are activated. Our experimentation also shows how these cheats are currently undetected by the most popular anti-cheat systems, enabling a new paradigm that can take advantage of cloud infrastructure to offer cheating-as-a-service.

Paper Structure

This paper contains 24 sections, 1 equation, 8 figures, 1 table, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Virtual Machine Introspection Cheats (VIC)
  4. Threat model
  5. Overview
  6. Building Blocks
  7. Selected Cheats
  8. Cheat radar.
  9. Wall-hack.
  10. Trigger-bot.
  11. Evaluation
  12. Setup specifications
  13. Attack Validation
  14. Performance evaluation
  15. Mitigations & Discussion
  16. ...and 9 more sections

Figures (8)

  • Figure 1: GuidedHacking forum post discussing DBVM crashes. dbvmcrash3
  • Figure 2: VIC framework threat model.
  • Figure 3: Overview of VIC attack pipeline.
  • Figure 4: Cheat radars for each of the games used during the evaluation using VIC . The left-hand side shows the cheat radars for each game. The right-hand side is the actual game frame illustrated by the cheat radars.
  • Figure 5: Illustration of model space to screen dimension transformation used for the wall-hack cheat.
  • ...and 3 more figures