• Gamma
    link
    fedilink
    73
    edit-2
    13 days ago

    Vizor explained that Ricochet uses a list of hardcoded strings of text to detect cheaters and that they then exploited this to ban innocent players by simply sending one of these strings via an in-game whisper. To test the exploit the day they found it, they sent an in-game message containing one of these strings to themselves and promptly got banned.

    Vizor elaborates, “I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives.”

    This is insane, they had an automatic script to connect to games and ban random people on loop so they could do it while away

      • @ramjambamalam@lemmy.ca
        link
        fedilink
        1413 days ago

        We and the hacker have no idea if this list is config driven or truly “hard coded” i.e. a const in the source code. It’s hardly an indicator of violating a core programming tenet.