Valve used secret memory access “honeypot” to detect 40K Dota 2 cheaters

Artist's conception of Valve's anti-cheat tentacles rising up to catch those caught by its memory honeypot.
Enlarge / Artist’s conception of Valve’s anti-cheat tentacles rising up to catch those caught by its memory honeypot.


The cat-and-mouse battle between game makers and cheat makers has seen plenty of inventive twists and turns over the years. Even amid that backdrop, though, Dota 2 stands out for a recently revealed “honeypot” trap hidden inside the game’s memory buffer.

In a blog post this week, Valve revealed the existence of this trap, which was released as part of an earlier update to the game. Valve says that update included “a section of data inside the game client that would never be read during normal gameplay.” But that memory could be read by third-party cheat tools that used exploits to sniff out (and share) internal data normally invisible to players.

To activate its honeypot trap, all Valve had to do was watch for any accounts that tried to read from that “secret” memory area, an event that would lead to “extremely high confidence that every ban was well-deserved,” according to Valve.

While Valve says it has now closed the exploit that made this illicit data access possible in the first place, rolling out the honeypot first means it was able to also unleash a “particularly large” ban wave on over 40,000 accounts. The company is revealing its shadowy methods now, it says, “to make our position clear: If you are running any application that reads data from the Dota client as you’re playing games, your account can be permanently banned from playing Dota.” In doing so, Valve likely roped in a lot of players who cheat for status and in-game content, while also helping to stymie those who cheat to earn money or exert power over the game makers.

Now that Valve’s honeypot has been revealed publicly, though, similar systems seem a lot less likely to be effective at catching cheaters in the future. A careful cheat maker could likely analyze a game’s memory structure to carefully pinpoint only valid and useful memory addresses, then design their cheat tools to only access that “safe” data in a harder-to-detect manner.

Still, as a pure message-sending power play, it’s hard to beat a big reveal showing how, exactly, you caught tens of thousands of cheaters who probably thought they were untouchable. And as the cat-and-mouse battle continues, Valve promises it will “continue to detect and remove these exploits as they come, and continue to ban users who cheat.”

https://arstechnica.com/?p=1919706