PUBG: A Full Letter from the Anti-Cheat Team

Here comes a letter from the anti-cheat team in PUBG game on hacking problems! You need to learn what they are doing to wipe all the hackers out of the game.

PUBG is still expanding its popularity all over the world even though it has been already released for months. Due to its never-ending popularity, it is unavoidable for the game itself to experience hacking/cheating problems. Players, who have been playing PUBG game for a while, can now check out some anti-cheat solutions which are what the PUBG team has been working on the last few months. It will be not a simple task to work on the anti-cheat solutions as there are plenty of things that need to be solved. The dev team cannot go deeper into particular things due to the possibility of harming the progress, however, they still want to keep players updated with several categories where they are at and where they will go. And the categories are:

The enhancement of Technical Measures
The enhancement of Anti-cheat Solutions
Unauthorized Program Detection Upgrades
Fixing Vulnerabilities in the Steam System
Enhanced Legal Action

The enhancement of Technical Measures

Cheat programs are on the rise on the Internet nowadays and caused PUBG game to experience many kinds of attacks, even though some actions have been seriously taken and several security methods have been upgraded by the development team in order to prevent the attacks, seemingly, it cannot come to an end. Below here is the way that the cheat programs function generally, and also, you can explore some technical enhancement given by the dev team.

The devs have improved the technical issues in PUBG

When a cheat program (exe) and the game (exe) are both commenced, the relevant data will load onto system RAM at once.
A third party anti-cheat program or default protection from the game process will be started up.
- Thanks to this basic protection stage, other processes will be stopped from reaching this process.
The cheat program process tries to generate the protection technology from #2 ineffective and efficiently get to the game process memory.
- When approaching the memory successfully, it means that it will be able to modify the information regarding the game.
- There are some ill-famed cheats utilized for this, such as DKOM, Process Hollowing, and SSDT
Both the cheat program and game process memory access can gather different data and modify or copy it to give illegal features that are not included in the game. DLL injection and Code injection are regarded as the most common technique that was used here.
- DLL injection Attaches the DLL file to a certain process and utilizes LoadLibrary() API from Windows.
- Code injection: Infuses execution in the target process. Utilizes CreateRemoteThread() from Windows.
The memory space achieved can be read comfortably or confounded/changed to deliver features that are not introduced in the game.

DLL injection is such the oldest and the most typical hack method that positions a certain DLL file into the game process in a forceful way. After being done successfully, the DLL code will obtain trust as if it is the main game code. As a consequence, the hacker can easily modify the game process at his will. He will make the most use of this DLL for hooking into and attacking data.

The anti-cheat team has been focusing on addressing blocking DLL injection attractions. At the beginning of advancing PUBG game, there were some troubles in which several programs, such as Steam and Discord, were perceived wrong as attempting to attach DLLs or had DLLs realized as a mischievous code.

Kernel driver attacks are another kind of hack experienced by the PUBG team. This is regarded as a file that is necessary for communication between hardware and it generates a process working under an unknown authority. Because it can overcome most of the anti-cheat solutions and is implemented with an authority more powerful than the overall user authority, detecting it will take a lot of effort!

In addition, in spite of being blocked by Windows OS internally, authorized kernel drivers are sometimes sold as if they are legal by utilizing security breaches and illicit traded certificates.

By using the identical method used for preventing DLL injections, this type of attack can be completely protected, nevertheless, it will be a low chance for the success because of new vulnerabilities found in the Windows OS constantly, furthermore, lots of the anti-cheat solutions utilize methods that are the same as those used by malicious code, meaning telling them apart will be very difficult. Therefore, the memory area is being well protected for now, which is easily attacked by the hackers, with the top concentration on using encryption to reply to attacks by using kernel drivers. In addition to this, PUBG team is also putting their effort into making this method more popular and it can be applied in more areas.

Further technical responses are being enhanced by enciphering the communication protocol between the client and server or admitting the result value in the client once again, and this will make the dev team the pioneer in the fight against many hack programs.

The enhancement of Anti-cheat Solutions

PUBG game utilizes outer anti-cheat solutions to keep the game process area safe, besides using the technical protections mentioned above. As previously mentioned through the press releases, two anti-cheat solutions are being used by the team, which are BattlEye and Uncheater. Thanks to the solutions, the game process will be protected and many attempts will be found, which were utilized to outplay the anti-cheat solution at the same time.

In addition to these protective anti-cheat solutions, the PUBG team also employed a machine learning a technique studying the usage styles of the team and creating a system that can totally search for the unusual game styles or actions barging in the usual functionalities of the game, which is coming from the hackers. Throughout the process of establishing these systems, the dev team worked with lots of skilled anti-cheat solution companies and experienced engineers that helped them strengthen the game’s security.

PUBG team will keep collaborating with further anti-cheat solution companies so they can research on brand new attack techniques and acquire modern technologies that can help protect against the attacks.

Unauthorized Program Detection Upgrades

Even with all the defenses that have been well prepared by the team, it is almost unable to stop all unauthorized programs. To several hack problems that are making their efforts to get through the game solutions given by the dev team, they are just finding if those programs are employed in the game or not and prevent them rapidly.

The anti-cheat team also looks into around 3TB of game logs, 60 or types of cheat logs as well as over 10 million reports on average on a daily basis. Out of this data, they pick the players who have unusual play styles, and after undergoing a verification process, there are several accounts that got banned. Besides, the styles of unauthorized programs keep being updated periodically to ensure that the banned programs will not be capable of changing to operate once again.

At the same time, the team is also putting their effort into upgrading their methods of sharing relevant updates to the players. An instance is the report feedback system that was already out in the August 23^rd update. Since this was finally implemented, over 100 million reports have been dispatched to the users. There were 83% of users that were permanently banned after getting a lot of reports in one session.

With the image below, you will learn the weekly report feedback data from August 23rd to November 30th.

The data of players' feedback — The data of players’ feedback

When it comes to the hardware bans, the anti-cheat team begun these back on November 19^th. This is such a sensitive way of banning, for this reason, the team decides to take extra protective measures to ensure that there will be no unfair influences on PC cafes or public PCs. They are also picking out the machines that are banned carefully in order to prevent innocent PCs from being attacked and affected. After implementing a hardware ban, there will be a message shown in the screenshot below, and that piece of hardware can no longer play the game. Along with hardware bans, the macro mice will be blocked as well. Thanks to this strategy, all devices will not experience the unfair advantage of using macro devices.

The common error that stops players from playing PUBG

Players cannot use an unauthorized device to play PUBG

Currently, there are over 100 people who watch over the areas where the hacks are sold, such as websites, messengers, discord, etc. Many communities that trade the information on hack programs are also observed carefully. If any factors threatening the safety of PUBG game will be also found and tackled quickly.

The ultimate objective here is to establish a preventive action to ensure that all the hackers will not even have a chance to play the game.

A system message has been included in the game recently. Players will get real-time alerts if someone from the same session is banned. Whenever there is a usual gameplay pattern is discovered in real-time, or a certain user is proved to be a hacker mid game, their account will be immediately banned when the game is still going on, and also, other players will be notified in the kill feed.

Fixing Vulnerabilities in the Steam System

Some vulnerabilities in outside platforms were also upgraded by the team. As you know already, PUBG uses the Steam platform, and there were some times when several weak areas in the platforms were employed for illicit gain, which was finally enhanced on Steam. Several vulnerabilities were also addressed to ensure that the ones who use a hack program would be punished as per a common procedure. Below here are several real instances you can explore.

A weak point in the Steam Family Sharing system is employed to get an upper hand on the restrictions of Steam and PUBG.
- If an account already purchasing PUBG utilized Family Sharing for sharing the game with a certain another account that didn’t purchase PUBG game yet, the account that was shared can no longer play the game.
Messing up with the playtime of the game on Steam to adapt the minimum refund requirements of Steam as well as refunding the game in spite of having played for a long time, therefore, playing the game without spending a dime on it.
- The anti-cheat team already worked with Valve (Steam) so as to strengthen their PUBG playtime calculation method as well as Steam user software refund requirements in order to make sure that this will not happen again.
Using a prohibited account on the Liver Server to get access to the Test Server and employ hacks, misapplying the fact that the Beta and Test Servers are considered to be in individual environments due to the way that Steam platform is built.
- Already made a change to the system, therefore, it will be easy to check all the ban records on all servers, and they will be shared among the Live Server, Test Server, together with other servers. This sharing action will ensure that a prohibited player on one server cannot employ the other servers to engage in the game.

At the moment, the PUBG team is still trying to upgrade the system through the collaboration with Steam in order to go against the abuses of the vulnerabilities of the system.

Enhanced Legal Action

There should be legal actions to stop both hack programs hindering a fair game environment and the ones that increase and sell those programs. For preventing the spread of hack programs, there is already collaboration between the anti-cheat team and law enforcement authorizes as well as overseas agencies. They will implement legal actions at home and abroad. You can check out the results of the legal actions carried out in 2018. For the CN area, it is a result of close teamwork with Tencent.

Arrested 41 in Lianyungang, China in January 2018
Arrested 3 in Huai’an, China in February 2018
Arrested 11 in Xiangyang, China in February 2018
Arrested 141 in Nanjing, China in April 2018
Arrested 1 in Huai’an, China in April 2018
Arrested 6 by Daejeon Metropolitan Police Agency, Korea in August 2018
Arrested 1 in Wenzhou, China in September 2018
Arrested 3 in Tangshan, China in October 2018
Arrested 34 in Wenzhou, China in October 2018
Arrested 11 by Yangcheon Police Station, Korea in October 2018

Besides the outcomes stated above, for now, the anti-cheat team is going into hack program sales with The Korean National Police Agency, law firms, and copyright protection offices, also, they will follow the hack developers themselves. All players will receive notifications on new investigation results.

Conclusion

There were always 100 players witnessed in each game of PUBG trying to beat incredible odds. It’s so easy to learn that just only one player playing unfair is kind of enough to have a serious effect on the enjoyment of other players. Therefore, the team will never stop keeping a higher level of security than any other games.

The entire anti-cheat team is working very hard on this mission and they are willing to dedicate themselves in order to work it out. They will not stop investigating and developing further better anti-cheat technologies to remove all the hack programs, hackers and hack developers as soon as possible.