Here's a bit of interesting news to end the week with, BattlEye have said they are working with Valve to get their anti-cheat working with Steam Play/Proton.
The curious thing here, is that I did speak to BattlEye back in March where they told me they would only be able to support native Linux games. In my email to BattlEye I did mention our previous chat, but it seems the below quote is the standard line they're giving out on this.
Inspired by this Reddit post, I did my own digging and contacted them again to verify the information. To my surprise, within minutes they replied to me to say "Currently we do not officially support Wine, but we are working with Valve to add support for Proton (SteamPlay) on Steam.".
I have to wonder if this started after my previous article, perhaps it got some people talking? Good to see some positivity on this though, in future it could mean titles like PLAYERUNKNOWN'S BATTLEGROUNDS will become playable on Linux with Steam Play.
I've said numerous times now that multiplayer titles will be a pain point for Steam Play but perhaps not for much longer. There's a lot more games that use it and no doubt more will in future, so the idea of BattlEye working in Steam Play is obviously quite exciting to expand Linux gaming even further.
I was wondering though, to my knowledge (I'm not at home in this domain) this kind of anti-cheat software mostly ensure that no one tampered with the game files, related libraries and game state in memory . If one wanted to cheat on Linux, wouldn't it be far easier to keep the game, libraries and Steam (Play) related files as is, but directly target the GPU drivers (kernel modules, mesa etc) and tinker there to lets say make things transparent in a game? Is there even a chance to detect something like this with anti-cheat software?
Last edited by jens on 11 May 2019 at 12:34 pm UTC
Nice to read that. I'm not into multiplayer games, certainly into the type of games where this is needed, but still very cool and I hope that this will get more users to switch to Linux.I think that a good question to ask as well is how different it is from Windows situation? It's still possible to disassemble any DLL or EXE file, modify it, recompile it, and here goes your cheating solution.
I was wondering though, to my knowledge (I'm not at home in this domain) this kind of anti-cheat software mostly ensure that no one tampered with the game files, related libraries and game state in memory . If one wanted to cheat on Linux, wouldn't it be far easier to keep the game, libraries and Steam (Play) related files as is, but directly target the GPU drivers (kernel modules, mesa etc) and tinker there to lets say make things transparent in a game? Is there even a chance to detect something like this with anti-cheat software?
So how BattlEye and EAC can prevent that, do they require everyone to sign every file? If so, why not doing so on Linux as well? I mean, although restrictive, I would be fine with "if you want to play this game online, you need your official distributions drivers".
I think that a good question to ask as well is how different it is from Windows situation? It's still possible to disassemble any DLL or EXE file, modify it, recompile it, and here goes your cheating solution.Yes, I guess on Windows it is kind of doable to have a list of all drivers with their dll's and corresponding checksums, signatures or similar. But on Linux it is much more common to have a different kernel, and even more common to run e.g. Mesa from source. (Nvidia driver won't have that issue, but restrict Anti-Cheat to NVidia wouldn't be a cool thing)
So how BattlEye and EAC can prevent that, do they require everyone to sign every file? If so, why not doing so on Linux as well? I mean, although restrictive, I would be fine with "if you want to play this game online, you need your official distributions drivers".Yes, this could be a consequence. But dunno if this is how this kind of software is supposed to work.
Last edited by jens on 11 May 2019 at 1:44 pm UTC
Nice to read that. I'm not into multiplayer games, certainly into the type of games where this is needed, but still very cool and I hope that this will get more users to switch to Linux.I think that a good question to ask as well is how different it is from Windows situation? It's still possible to disassemble any DLL or EXE file, modify it, recompile it, and here goes your cheating solution.
I was wondering though, to my knowledge (I'm not at home in this domain) this kind of anti-cheat software mostly ensure that no one tampered with the game files, related libraries and game state in memory . If one wanted to cheat on Linux, wouldn't it be far easier to keep the game, libraries and Steam (Play) related files as is, but directly target the GPU drivers (kernel modules, mesa etc) and tinker there to lets say make things transparent in a game? Is there even a chance to detect something like this with anti-cheat software?
So how BattlEye and EAC can prevent that, do they require everyone to sign every file? If so, why not doing so on Linux as well? I mean, although restrictive, I would be fine with "if you want to play this game online, you need your official distributions drivers".
That would rule me out entirely from playing anything. The official drivers for my distribution are from source, and often with a custom patch set. Driver updates even on Windows are beyond the control of the anti-cheat, so any kind of signing there is just pointless really, not to mention far more intrusive into a system than is acceptable for any level of security.
On Windows drivers are already signed as part of the shipping process, see https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing As far as I remember all libraries from Microsoft are also signed by Microsoft itself.
The Linux kernel supports this too for kernel modules, but no idea if desktop oriented distributions are using this. But even if it is used, this would not cover Mesa and friends.
But as stated, I'm no expert in this area, don't know how relevant this is.
Last edited by jens on 11 May 2019 at 2:46 pm UTC
Nice to read that. I'm not into multiplayer games, certainly into the type of games where this is needed, but still very cool and I hope that this will get more users to switch to Linux.
I was wondering though, to my knowledge (I'm not at home in this domain) this kind of anti-cheat software mostly ensure that no one tampered with the game files, related libraries and game state in memory . If one wanted to cheat on Linux, wouldn't it be far easier to keep the game, libraries and Steam (Play) related files as is, but directly target the GPU drivers (kernel modules, mesa etc) and tinker there to lets say make things transparent in a game? Is there even a chance to detect something like this with anti-cheat software?
On Linux you can override symbols with LD_PRELOAD and your own library so it's possible to modify a e.g. a driver without actually patching and recompiling it. I assume Windows have something similar, so just checksums for the driver is pointless. You need to detect this kind of behavior too.
Fun article on the subject:
http://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/
On thing might be for the game/anticheat to do off screen rendering tests and compare to some predefined output. If the tests are substantially different (transparent textures or wireframes for example) you're probably up to no good.
(No idea if anticheats on Linux use any of this stuff, just some idle musings...)
Nice to read that. I'm not into multiplayer games, certainly into the type of games where this is needed, but still very cool and I hope that this will get more users to switch to Linux.
I was wondering though, to my knowledge (I'm not at home in this domain) this kind of anti-cheat software mostly ensure that no one tampered with the game files, related libraries and game state in memory . If one wanted to cheat on Linux, wouldn't it be far easier to keep the game, libraries and Steam (Play) related files as is, but directly target the GPU drivers (kernel modules, mesa etc) and tinker there to lets say make things transparent in a game? Is there even a chance to detect something like this with anti-cheat software?
On Linux you can override symbols with LD_PRELOAD and your own library so it's possible to modify a e.g. a driver without actually patching and recompiling it. I assume Windows have something similar, so just checksums for the driver is pointless. You need to detect this kind of behavior too.
Fun article on the subject:
http://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/
On thing might be for the game/anticheat to do off screen rendering tests and compare to some predefined output. If the tests are substantially different (transparent textures or wireframes for example) you're probably up to no good.
(No idea if anticheats on Linux use any of this stuff, just some idle musings...)
Ah, nice thinking, indeed some kind of build-in E2E tests sounds like a completely different, but more likely feasible approach.
PS: Thanks for the link!
Last edited by jens on 11 May 2019 at 5:36 pm UTC
On Windows drivers are already signed as part of the shipping process, see https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing As far as I remember all libraries from Microsoft are also signed by Microsoft itself.
The Linux kernel supports this too for kernel modules, but no idea if desktop oriented distributions are using this. But even if it is used, this would not cover Mesa and friends.
But as stated, I'm no expert in this area, don't know how relevant this is.
I doubt that anticheats programs relies on drivers/libraries signatures/checksums. In fact, many cheats works by modifying the memory of the running program from a privileged program that runs in parallel, so the ac software definitely do something more than just "check for know files" (probably they do something similar to an AV heuristic).
I wouldn't be surprised if they *only* support steam games in Proton and not generic wine.
Well its not really an issue as the patches proton are sent upstream so no reason why wine wont just run out the box like proton but yeah if you have an issue it wont be supported. Why i guess brings people on to I dont use steam because DRM etc etc personally I admire the mindset it's just not one i share.
Last edited by Whitewolfe80 on 11 May 2019 at 6:37 pm UTC
EAC have not paused it.Finally some good news again! Awesome.
C'mon Epic/EAC... it's your turn now!
You are aware that EAC's devs mysteriously 'paused' their linux support efforts just the other day right?
Apparently it's just Epic trying to mess with Valve in whatever way they can, damned be who else they piss off in the process.
We have to say it honestly: Without Valve, Linux and games would never have worked out. That's why other people take Linux seriously as a gaming platform. FeelsGoodMan.
I wouldn't be surprised if they *only* support steam games in Proton and not generic wine.
Well its not really an issue as the patches proton are sent upstream so no reason why wine wont just run out the box like proton but yeah if you have an issue it wont be supported. Why i guess brings people on to I dont use steam because DRM etc etc personally I admire the mindset it's just not one i share.
I meant that it will be made in such a way that it can't work in a generic Wine. After all, the purpose of the thing is to see everything that happens. That's simply not going to be possible with generic Wine. Well, maybe if they interface with a root level module on the native side.
I wouldn't be surprised if they *only* support steam games in Proton and not generic wine.
It makes sense if Valve pay for to have support on SteamPlay/Proton. And I guess it will be for specific whitelisted games using an specific Proton version.
If this is accomplished, it will also likely allow Planetside 2 to work, which would be very exciting...
Oh damn is that still around i thought the servers died for that a while back cool to see its still online had a bunch a fun with that game few years back.
See more from me