top of page
  • Writer's pictureAndrew Hogan

2024 - The year of the hardware cheat?

The iconic Konami Code, Up-Up-Down-Down-Left-Right-Left-Right-B-A, made its debut on the Nintendo Entertainment System in 1986. Originally created by a Konami developer, the code served as a debugging tool for the game ‘Gradius’, intended to facilitate testing by making the game easier to play. However, players stumbled upon the code after it was inadvertently left in the final release. This discovery transformed the code into a cultural phenomenon, leading to its inclusion in numerous other titles and revolutionizing gameplay.

Inspired by the success of the Konami Code, developers began intentionally incorporating cheat code combinations in their own games. Whether shared through word of mouth, scribbled in blue biro and stowed away in disk boxes, or posted on forums, cheat codes became a nostalgic part of 90s/2000s gaming, bringing an extra layer of enjoyment for players looking to bend the rules. 

Fast forward to the present, cheaters are no longer content with bending the rules; in the era of PVP multiplayer games, they want to rewrite them entirely. 

The evolution of cheating in gaming has been both fascinating and alarmingly quick.  Today, developers find themselves grappling with the persistent challenge of combating the abundance of software cheats impacting their games. As anti-cheat methods have advanced, so too have the methods and tools used by individuals seeking to exploit or manipulate game systems. 

As security measures have become more proficient at identifying software cheats, there has been a noticeable surge in the demand for hardware cheats. Operating beyond the realm of game software protected by anti-cheat measures, hardware cheats can be incredibly difficult to detect. 

Unlike software-based cheats, hardware cheats don't directly interact with your PC or console, making them more challenging to detect. This characteristic also appeals to players concerned about viruses and malware compromising their PC - although in reality they still can.

Now, a new era is emerging, marked by the increasing prevalence of hardware and Direct Memory Access (DMA) cheats introducing an entirely fresh set of challenges for developers. If you’re not already familiar with these advanced cheating methods, their escalating impact on the gaming community means you'll likely encounter them soon. 

This briefing seeks to unravel the intrigue behind hardware cheating, shedding light on why it has reached a critical juncture that demands our collective attention. 

What are Hardware Cheats and how do they work?

Hardware cheats have historically been associated with a niche community interested in exploring the limits of gaming technology, rather than a mainstream avenue for cheating. Essentially, most of these cheats were conceived more as an intriguing challenge for developers than as an intended widespread method of cheating. 

Of course one infamous exception to this was the Game Genie. Launched by Codemasters back in 1990 this would eventually be the subject of a critical lawsuit between Nintendo and the main seller Galoob. But that’s a whole other story…

An image of the Game Genie
The Game Genie. Sega endorsed it. Nintendo didn't.

Nowadays, Game Security teams are having to manage various types of hardware cheats, with some of the most popular examples being Cronus Zen, CronusMax Plus, and FPS Strike Pack Dominator. These encompass:

  • Modded controllers: Controllers enhanced with features like rapid-fire shooting.

  • Console modding: Altering hardware to run cheat software.

  • Macro devices: Devices automating player actions, such as shooting.

  • Input lag devices: Introducing intentional delays for a competitive advantage.

  • Direct Memory Access (DMA): With the addition of a second PC, a DMA card can be used to run aimbots/ESP cheats, making them harder to detect

Despite DMA cheats being available in China for over five years, and gaining attention on the competitive scene during the pandemic, we are now hearing an increasing amount of noise about them as they become more commercialized.

So what are they? A DMA (Direct Memory Access) card is inserted into a gaming PC. This card is connected via USB to a separate "Cheat" computer where cheats like aimbots or ESP are executed, and the DMA card facilitates data transfer between the two PCs without involving the CPU. 

Most importantly, cheats do not need to be injected into the gaming PC

Direct Memory Access diagrams
Diagrams from vendors and streamers showing how DMA cheats work

To further enhance safety and evade detection, cheaters often employ a KMbox (Keyboard and Mouse) to disguise their input devices. They may also use Custom Firmware to avoid being caught in widespread bans triggered by other players' detections. However, some streamers suggest that these precautions are necessary only for specific games with stringent anti-cheat measures and that for others you don't need to bother and still won’t get caught.. (Can you guess which ones?)

An image of a Kmbox used to avoid anti-cheat detection
A Kmbox can be used to control the mouse making detection even harder

For those of us “seasoned gamers” who remember life before digital downloads, an analogy may help. 

Think of your PC as a TV, the hardware device as a DVD player, and the cheat as the disk.  To cheat in a game, the PC reads instructions from the hardware device, similar to how a TV follows instructions from a DVD player to show a film. The cheat doesn't directly interact with the PC, much like the disk doesn't interact with the TV - the process is facilitated by the devices in between. 

Image of two PC monitors
Cheats use two monitors for the Gaming and Cheat PC's

How widespread are they?

Determining the prevalence of hardware cheats is challenging. They often circulate in underground communities with limited visibility. Nevertheless, increased availability in various marketplaces indicates a shift towards more mainstream cheat landscapes. This is also evident in the volume of coverage they now receive from content creators.

This change can partly be attributed to the landscape becoming more saturated and vendors reducing prices to remain competitive. 

Initially, hardware cheats were quite expensive, especially for exclusive products (some costing over $2000 or even more historically). Although prices have dropped since then, they still require a significant financial commitment.

Image of LynxTech online shop
The LynxTech online store front

The cost of hardware cheats can vary depending on the supplier, and purchasing directly from manufacturers on platforms like Taobao can help reduce costs, but you're still likely to spend a few hundred dollars. Additionally, operating a DMA cheat requires a second PC, adding to the expense. Furthermore, there's the cost of a monthly cheat subscription, which typically ranges from approximately $20 to $100.

In contrast, software cheats don't require any additional hardware and can be acquired for as little as $5. This makes hardware cheats a more substantial financial investment.

However, for players who frequently cheat across multiple similar games, hardware devices, whether that's a Cronus Zen or DMA cheat, offer further convenience as they are compatible with various games and cheats, which makes them a worthwhile investment for players who cheat regularly.

The killer app

What distinguishes hardware hacks is their high level of undetectability. Operating without running software on the gaming PC makes them very hard to detect and this is driving their popularity.

When a AAA game’s anti-cheat system is effective, our research indicates there is a corresponding increase in inquiries about Hardware cheats, specifically Direct Memory Access (DMA) cheats. In some respects, the emergence of DMA cheats can be seen as a testament to the effectiveness of the Game Security team's efforts.

This trend underscores the growing allure of hardware-based exploits within the gaming community, offering a more complex and strategic means to circumvent traditional anti-cheat software. While hardware is detectable, it is challenging to identify the nature of devices with malicious intent.

Even if a hardware device is detected, cheaters still enjoy an extra level of security. Unlike software cheats, the detection of one player using the device doesn't always trigger a mass detection, especially if other players have safeguarded themselves by using Custom Firmware instead of the shared or default option.

Furthermore, the subtle adjustments offered by a hardware device can yield significant benefits without drawing excessive attention. This is particularly evident in first-person shooters, where such devices can elevate a good player to greatness with little interference.

Where are they causing the most harm?

While not as prevalent as software cheats, hardware cheats of many varieties are progressively becoming a challenge in competitive esports tournaments, especially in those with substantial prize money. 

In an interview with YouTuber Sparkles, a hardware cheat developer claimed to have been approached by professional players seeking to cheat in professional leagues, which underscores the gravity of the issue and the potential widespread impact:

“I don’t know all the names of the esea leagues, but there’s main and challenger…that’s where it’s definitely used. I’ve had people claiming they are playing in those leagues and they want to cheat…I don’t think they can detect it...they can detect the default settings but not if you configure it properly” 

While esport tournament organizers often impose hardware restrictions, many allow players to bring their own mouse and keyboard, so it’s little surprise when  some players are tempted to cheat by bringing compromised hardware.

In 2023, there was an increase in hardware cheat vendors advertising their cheats as “Undetected in Tournaments”, further suggesting their widespread use.

Example ad from Elitepvpers
Vendors promote DMA cheats as undetected in tournaments

If hardware and DMA cheats in particular are impacting professional leagues with rules and regulations, they’re almost certainly impacting casual leagues and regular play, which is indicated by their increasing prevalence in online marketplaces. 

Streaming is another facet of gaming affected by hardware cheats, with ongoing accusations circulating. As you may recall, using a DMA cheat requires operating two PCs and two monitors, which can present challenges. For instance, when utilizing an ESP cheat, the user must glance at the second monitor, a telltale sign of cheating when streaming on platforms like Twitch. However, this problem can be tackled using a Fuser which merges the two inputs, enabling users to view everything on a single screen.

Rising to the challenge

With limited resources and budget, Game Security teams currently maintain fair play and a positive gaming experience by prioritizing software-based cheats. These have a more widespread impact on the general gaming community, so it is logical to invest more into combating them. 

However, as hardware cheats become increasingly popular, and their features continue to evolve, it is essential that security teams increase their efforts to combat them. 

But how do you detect an ‘undetectable’ cheat? 

Well, the good news is that despite the claims made by developers in their marketing, hardware cheats are not completely foolproof.

Firstly, hardware cheats can be detected by server-side anti-cheat systems which analyze player behavior.

Secondly, while aimbots are often advertised for use with a DMA, some have been designed to bypass the need for a Kmbox. Unfortunately for the cheater these will be susceptible to detection.

Finally, if the DMA card isn't disguised as a legitimate device through sufficiently altered custom firmware, it may be detected by more advanced anti-cheat software.

That said, if a user properly configures a DMA cheat with custom firmware and a Kmbox, they can be extremely difficult to detect and prevent. The extent to which they go undetected remains uncertain, making it challenging to assess how many cheaters are successfully evading detection.

The most effective way to combat hardware cheating is by preventing players from obtaining the cheats themselves in the first place—this is where Intorqa plays a crucial role. 

Intorqa actively monitors cheat communities, examining where hardware/DMA cheats are sold, how they are distributed, and the impact they have on both cheaters and legitimate players. 

This proactive monitoring enables security teams to stay updated on market trends, enabling them to effectively mitigate against these cheats. Intorqa’s unique ability to access private cheat communities also provides valuable insights into the development and distribution of hardware cheats. 

Moreover, a focused effort to disrupt the marketing strategies and business models of cheat developers is crucial. Removing their marketing materials from social media platforms can significantly impede their ability to sell enough cheats to justify their efforts.

Lastly, Intorqa can purchase and test these cheats to understand how they operate, which is essential for engineering teams to develop effective strategies to minimize their impact.

In the face of the escalating challenge posed by hardware cheating, as well as the existing battle against software cheats, Intorqa’s capabilities can help game security teams stay ahead of cheaters and contribute towards maintaining a gaming landscape which is more secure and enjoyable for all.

1,204 views0 comments


bottom of page