damium

joined 2 years ago
[–] damium 1 points 1 year ago

They fail because you can't trust a machine that an adversary has in their physical possession.

Software running on an untrusted computer can have code and memory injected or modified without modifying the executable files. Binary executable files are by necessity readable and someone with enough time can parse through them to fully deobfuscate and figure out what they are doing. Anti-anti-cheat systems basically perform the same code as the anti-cheat but slightly modify the result to hide the cheating. This can be done either by code swapping in the anti-cheat or at a higher level. If the anti-cheat system is looking at which processes are running then have the system feed it the real list of processes with the cheat processes removed... etc.

Trusted computing requires hardware level monitoring, validated certificates, and zero vulnerabilities since the time the certificate was provisioned. In addition, current technology would also require those base certificates to be regularly rotated and device decertified if it didn't rotate in time to prevent physical offline hardware attacks on the certificate data. Even game consoles don't have this level of platform trust and are often physically modified to enable cheating/piracy.

The only successful way to prevent most cheating is to run the simulation entirely server-side and then only send data to each client according to what they should know. Even then you won't be able to prevent assisted cheating like aim-bots or texture replacements.

[–] damium 2 points 1 year ago

You can still enter audit mode and change some registry settings to switch to a local account. Last time I did an 11 install on a device with Wi-Fi it also let me create a local account after trying to continue with a blank password a few times.

[–] damium 5 points 1 year ago

If it isn't showing up in lspci then it isn't currently attached to a PCI port. lspci will show all devices with or without a driver, known and unknown. You can try lsusb to see if it is attached internally to USB (very uncommon). It might also have a firmware level power saving disconnect feature that needs to be either disabled or managed by the OS in some way. It might also be showing up as a different device than you expect (also very uncommon) most cards will show as either Ethernet controller: or Network controller:.

Make and model of the laptop and any identification details from the ethernet device under windows would be helpful for diagnosis.

[–] damium 2 points 1 year ago

Your best bet is likely a scheduled task. You can have that configured to run at startup before you login.

[–] damium 2 points 1 year ago

When rsync copying the active root I like to bind mount / to /mnt/root_fs first. This avoids the issue with needing to exclude folders with sub-mounts and will expose files to copy that might be hidden by the mounts.

view more: ‹ prev next ›