• Gamma@beehaw.org
    link
    fedilink
    arrow-up
    73
    ·
    edit-2
    13 days ago

    Vizor explained that Ricochet uses a list of hardcoded strings of text to detect cheaters and that they then exploited this to ban innocent players by simply sending one of these strings via an in-game whisper. To test the exploit the day they found it, they sent an in-game message containing one of these strings to themselves and promptly got banned.

    Vizor elaborates, “I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives.”

    This is insane, they had an automatic script to connect to games and ban random people on loop so they could do it while away

    • renegadespork@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      29
      arrow-down
      1
      ·
      13 days ago

      a list of hardcoded strings

      Violating a core programming tenet right off the bat. I wonder how much money Activision payed for this software…

      • ramjambamalam
        link
        fedilink
        arrow-up
        14
        ·
        12 days ago

        We and the hacker have no idea if this list is config driven or truly “hard coded” i.e. a const in the source code. It’s hardly an indicator of violating a core programming tenet.