Last week, Ubisoft announced an “important security update” to prevent cheating on the popular Rainbow Six Siege. And while Ubisoft said it “cannot share details of the update in order to protect its integrity,” anti-cheat watchers think the developer might be thwarting cheat-makers using an interesting form of code obfuscation and frequent, semi-randomized game updates.
The popular Anti-Cheat Police Department Twitter account (ACPD) noted last week that “every 2 hours, a new unique build of R6 shows up,” citing SteamDB tracking data showing dozens of updates over a matter of days. The game’s frequent Steam updates seem to have stopped just as Ubisoft temporarily rolled back its new security features in order to implement fixes Wednesday, further establishing the link.
Prominent Rainbow Six data-mining account ScriptLeaksR6 also explained last week that Siege “has a new system in place where some [PC players] get custom builds of the game.” The proliferation of dozens of different versions of the game in a short period means “cheat devs effectively need to update 100 versions of the game to get their cheat to work,” as ScriptLeaksR6 puts it.
Hey, where’d that variable go?
Speaking to PC Gamer, New Avalon’s Paul Chamberlain (who previously worked on Riot’s Vanguard anti-cheat system) noted that generating “new versions” of the game could be as simple as shuffling the memory order of variables or logic flags inside some in-game programming structures or changing a single encryption key used for server communication. In each case, those small changes could necessitate a full-scale rewrite of a cheat engine to account for the new memory locations of crucial information.
ACPD also says that the multiple versions will “[make] cheat devs work even harder,” citing one cheat maker who noted in a private forum that “there will not be a single solution for all users.”
While Chamberlain says this could be an “effective” anti-cheat system, he notes that it comes with a lot of “operational complexity.” Because of that complexity, he speculates that Ubisoft developed many separate Rainbow Six builds before the new security system launched and is now distributing them randomly, rather than literally creating a new version every two hours.
ScriptLeaksR6 also notes that this kind of data shuffling has the unintended side effect of stopping stat tracking. Ubisoft cryptically noted that its security update “will have an impact on some third-party applications” and that it will “keep an eye out for any of your reports on changed behaviors.”
Cheat makers may eventually be able to automatically detect and account for the kinds of obfuscation Ubisoft seems to be using here, meaning this isn’t a “silver bullet” method for preventing cheaters in the long term. Still, it’s always interesting to see major developers seemingly trying novel strategies in the never-ending cat-and-mouse battle against cheaters.Source