Escape From Tarkov Cheating

Nearly every player in Tarkov has a map they avoid because they’re tired of dying to some suspicious gaming chair. Depending on who you believe, there’s between 5 and, somehow, “negative 2” people cheating in some way in every raid. The general consensus is the problem is getting worse, and rarely better. Escape From Tarkov clearly has a cheating problem.

Now this isn’t a problem that’s unique to EFT, but prevalent throughout not only all online games, but all online systems. The issue for EFT now is that cheating has become ’especially noticeable’ in most recent patch. It feels as if the baddies are winning this patch¹. Not exactly ideal – but it is something that’s to be expected, because there will always be cheaters, right? As I write this I feel as if I should try to preempt the whole “well we can’t win so we might as well give up” idea. The people preventing users from abusing systems, the good guys, they have to be perfect, every single time. Where the abusers, they only have to be right once to win any given battle. It’s an arms race, one where even the largest online services have given up on the goal of attempting to prevent people from abusing their services. If even the largest, best funded services have given up on trying to prevent abuse, Why shouldn’t everyone with an internet facing service cry that; “the only winning move is not to play”? That’s because winning the fight against cheaters really doesn’t matter. Well, kind of, let me explain.

The users cheating in EFT are without a doubt abusing the games intent. They’re aware this isn’t allowed and violates the TOS, and don’t care. They’ll continue to abuse any of the system they’re able to. The design of EFT allows them to do this. It’s design is needless problematic in a number of ways.

For now, I’ll defer the argument if preventing users from cheating is the responsibility of the game developers, or if this is something best left to off the shelf, 3rd party software libraries/services. Battleye is clearly not functioning well enough to meet the current demands of the games users, just read a few links from the subreddit if you don’t already agree. So instead, I’m going to assume that detecting cheating software and code, is the job of BE, and detecting cheating is the job of BSG. Human nature is unavoidable, so when you put cheaters in position where they can cheat, eventually they will. Which leaves the only remaining gap in abuse prevention to be detecting the in game behavior of cheaters with enough specificity to stop them from cheating, importantly, without hurting legit users.

One of the many factors of why cheating is so problematic in the EFT community, is because cheaters have an extra-ordinary, and longer lasting impact on your gameplay. In other games, when you run across a cheater, they can only ruin your ability to enjoy that raid, or that match. In Tarkov, cheaters also get to ruin the next few. Die to a cheater, (head, eyes). Now you’ve lost your best kit, or your last kit, or that specific loadout you need to complete that one quest that you hate so much. It feels extra unfair.

That feeling, where just playing the game feels like it can be unfair is part of the spirit of EFT. You can bring in a 2mil ruble kit, find a bunch of sick loot, only to die (head, eyes) to some one hiding in a bush near extract. Everyone who plays knows that feeling, and it sucks, but it’s not really unfair. You have the exact same chance to do that. The real unfairness is playing against cheaters, because you know you can’t do what they can do, unless you’re willing to cheat too. Cheaters know this, and they avoid killing players, because when it feels unfair, they get reported, and sometimes get banned.

Remember when I said that “winning” against cheaters doesn’t matter? Well, if our definition of winning is: “No one can cheat in any way”. That is a battle you’ve already lost. But the point shouldn’t be to prevent any and all abuse, the only thing you actually need to care about is if real players can enjoy the game. Blatant cheating ruins the game. Rather, it ruins the ability of other players to enjoy the game. Honestly that’s only the cheating that you really even want to prevent.

There’s a common question in computer security. Once you’ve identified and prevented all the abusive behaviors you don’t want, when you know there’s still people abusing your services, you just can’t seem to find them, how do you stop those people from abusing your services?

The answer is… you don’t.

When you’ve finally reached the point where you’ve forced anyone who wants to abuse your services to be so good, to be so perfectly hidden, that you can’t even differentiate them from legit users? You simply don’t stop them. Because at that point you’ve already won.

In this case you’re left with players who are cheating, but they lose enough, and they play in such a way that no one can tell they cheating. Everyone will stop complaining about the “cheating problem”, because they won’t even notice it anymore. Sure, there will always be that one guy who claims it’s a cheater². And people will still find something to complain about… * looks at netcode * But at least I will be able to enjoy the game. And isn’t what I want, all that really matters?

Please, for the love of God, don’t ban legit users!

The remainder of this document comes with the following disclaimer. It took me a surprising amount of ethical consideration before I decided to even start writing this. Enumerating a number of behaviors you can use to detect cheating, when those same behaviors could also reasonably come from legit players carries some ethical weight. If these observations and suggestions are misused, or the level of confidence is broken. Then this will only serve to harm legit users who’ve done nothing wrong. It’s unambiguously immoral to hurt someone “for the greater good”. I hate the idea of giving away knowledge when I have no way to verify that it’s not being misused to hurt legit players. But given BE is also banning legit players who’ve never cheated; I hope that makes it unlikely to change the status quo much.

[ Only the next two paragraphs were written after the 18th ]

I’d written the vast majority of this paper, almost all of it well before the drama explosion on Feb 18th. My warnings above, while clearly prophetic, are now obviously insufficient. Without clear and convincing evidence of a repeat offender, you can not simply ban users because they’ve interacted with a seller. If the rational of why is still unclear, even after the numerous other opinions, from people who are undoubtedly better experts at EFT than I will ever be. All of whom, currently infuriated about how fucked up it is that BSG has banned content creators for playing with a viewer. There’s another reason as well. Mixing the good in with the bad is standard operating procedures for these guys. That’s the reason none of the large tech companies ban people for “buying” followers, or subscribers. Generally, the most anyone with a competent security team will do, is delete the followers/subscribers. That’s because most of the people they follow, are innocent. They intentionally mix in a large number of users that didn’t pay them for the “service” so you security can’t tell who did pay them.

It goes well beyond just pissing of a few innocent players. The chilling effect that banning legit players will have, is it makes people afraid to actually play the game. This very topic came up in a discord that I hang out in. There’s no guidance on where the line is, if you’d asked 48h ago, if you could get in trouble for playing with a random, if they ever bought from RMT, everyone would have been sure the answer was a resounding no. But today? No one actually knows. The general consensus in a few Discord servers now is that it’s dangerous to play with anyone you don’t already know really well, and can trust deeply. In large part because BSG hasn’t said anything. Operational security is important, you’ll see me rant a lot about that exact thing next. But if the strategy you use to try to prevent cheaters from ruining the game, just ruins the game… Well, what’s the point? I can’t express the harm this does better than my friend already has.

Don’t suck the remaining enjoyment out of the game because you’re trying to stop cheaters. All of the strategies have to, very specificlly, target cheaters, without hurting legit players. That’s the primary reason preventing cheaters is such a hard task.

There’s a few bugs

Bugs in Tarkov

All the information you provide to someone abusing your systems will be used against you. That is to say, all of the information, will be used against you! EFT is now just another example of this unfortunately ultra common mistake. The “good” cheaters, claim that they only kill other cheaters. Now, I’m not one to believe this claim outright, but I do believe that they try. The number one metric they admit they use is the players KDR. I don’t know what to believe about what a “normal” KDR is. But this information absolutely should never be available to players in a raid. EFT is leaking information like a sieve.

While not quite as bad, but in the same vein as the KDR, is player names. There’s nothing quite like seeing a name pop up in the chat of your twitch stream, just before he wipes your whole squad. Names also shouldn’t be available to everyone in a raid³.

It gets worse from there. The newest strategy cheaters employ to evade detection, is flying up to someone reading off their inventory saying “drop everything or I’ll kill you.” It seems absolutely insane to me that the entire contents of a players inventory is sent to everyone on the server. I might have found a way to understand some of this, but when not only the keys in a secure pouch are sent, but the number of uses remaining, on items that players aren’t even able to drop because it’ll just get deleted. somethingsfucky.gif. Full disclosure, I’m a security person and not a game dev, and sadly, I don’t have access to any EFT source code so while I can guess at some of the optimizations this has allowed here, from a security only POV, it’s leaking information when it’s technically possible not to.

All loot, everywhere, across the whole map, is sent to the client on raid start.

“Silly security engineer, that’s so you can see it!”

From hundreds of meters away?

“Yeah, otherwise clients won’t be able to show loot or items.”

Inside containers and locked rooms?

“…”

But, I digress. You could build the game without sending all contents to all players. Which is better? There’s a reason security engineers don’t make games.

Cheaters are able to loot through walls and aren’t instantly banned for that.

Cheaters are able to use macros to load into a raid, run around spawn aimlessly all the while gaining experience, level skills, and artificially crashing their KDR/survival rate.

Bugs in Ragman

The flea market makes it easy for cheaters to get away with their asshattery. If you want to sell rubles to some player, you can just buy items they list on the market. A few patches ago, a upper limit on ping was added before you’re kicked from raid. Mixed reception to be sure, but the number of cheaters per raid cratered, or at least the perception of it did. The flee market itself doesn’t appear to be region locked. You can build your gold farm in countries with cheap daily labor, but sell to any and everyone. Thus the direct cheating effects of RMT aren’t actually locked to any specific region.

I remember when you used to be able to buy bitcoins on the flee market. They were removed because it was a huge target for RMT. Now instead of sellers needing to convince or teach buyer not to use bitcoin, because it’s to obvious. BSG has done that part for them. Ditto with THICC cases. Huge, very high value item, one that had a lot of people who’d willing buy it, both legit, and via RMT. In it’s current state, the RMT transactions have to be split among a larger number of smaller value items. Making it much harder to track and find.

Why do I have to do a captcha when I’m buying stuff on the flee market? I’ve looked but I’ve been unable to find an explanation anywhere. I’m assmuing that it’s to prevent bots from abusing the market? Is it working? Or is it hitting mostly real users just trying to upgrade their hideout? Ignoring the flee market’s number of usability issues. Even without knowing exactly how it’s implemented; I’d bet money it’s not actually working. API scripts will have access to the raw data, and probably don’t have to do anything special to complete the captcha. If the goal is to prevent on-screen macros/clickers. Well, the problem is trivially solved… OpenCV has been able to do this for years. I’ve even built something years ago⁴.

Understanding your adversary

I have no idea how much information on raids, and play styles, or in game actions is recorded server side. But I assume it’s nearly nothing. I have to guess because, while BSG or BE hasn’t been very good at catching cheaters. They’ve been very good at preventing information about cheaters from becoming publicly available. Content creators that try are admonished, to such an extent they willfully censor themselves, or are excommunicated. The argument that it’s passively advertising cheats doesn’t hold water, but that’s a topic for another paper⁵.

Seeming everyone has their own, rarely overlapping, RCA for the primary cause of cheating in EFT. I’ve identified 2 main causes⁶. People cheat for ego, or for money.

Ego

I know I’m better than you, look I’ll even cheat to prove it!

Because “ego” players are cheating because of emotion. They’re a lot easier to manipulate. Put them in a situation they feel is unfair, and they’ll react by toggling on the most egregious features. Those cheats that are the easiest to detect.

The players that buy rubles, items, and boosting actually fit into this category. They do what they do in an attempt to enjoy the game. Knowing exactly which means, justify which ends is much harder. But you have many more options for compelling this group to behave. You just have to make cheating slightly less enjoyable than playing normally.

Money

From the sources I have access to, the three most popular methods are, selling rubles and/or items, selling levels/boosting, and selling full accounts. These people don’t care about the game, they don’t attempt to enjoy the gameplay, their actions are a means to an end.

Anyone selling rubles or items, everything under that will be what makes sense from a cost benefit analysis context. If you can slightly increase the cost of doing business, you can kill the market. Or at the very least weaken it to the point where it’s hardly noticeable.

The gold standard is undetected, limited sale cheats. The best of the best, or rather, the worst of the worst, they aren’t trivial to make. The authors of this cheating software need to sell them to make money so they can stay ahead of the game. It’s very hard to sell them for the prices they need to make in order to keep the software a secret. If people doing the cheating can’t make money from cheating, they won’t keep paying monthly. Most of the authors will move on to better paying games, or sell for prices where you can’t keep the software a secret. Then BE will find it, and eventually they can start to detect it.

What does cheating look like?

As I wrote above, cheaters believe they are able to identify each other by KDR. I’m sure that’s at least partly accurate, (clearly not accurate enough to ban players.) What other metrics are available? I don’t have access to the data that BSG has access to, but I have some guesses, or rather questions.

• What’s the mean level of players killed by cheaters?
• Do any players only kill others if they have an expensive loadout?
• What’s the mean amount of time a player spends looking at their inventory while in raid?
• Are there any players that never get killed while looting another player?
• What’s the mean number of empty loot containers that cheaters interact with?
• What’s the mean amount of time spent on “hard” quests like grenadier?
• What’s the distribution of loot value someone gets out of a raid?
• How many players will raid with a few standard deviations lower level players?
  • Which players are doing the damage in these raids?
• How many raids is a player able to get out with a lot of loot they got from an opposing player, without killing that player?
• What’s the average velocity of a player?
  • Is that velocity correlated with other metrics, levels, skills, maps?
• Do any players “tab out” at the start of the game more often if there’s someone with a TTV username in their raid?
• Do any players kill streamers more often?
  • Do any players actively avoid fights with streamers, devs, sherpas?
• Do any players run right at high value loot spawns, but only when there’s high value loot there?
• Are there any players that never run toward empty loot spawns?
• Are there any players that login to the game, only to buy or sell something on the flea, before logging off without playing?
• Do any players with a KDR in the 95th percentile, get max level traders, logging into to a never before used computer & IP addr, where their KDR crashes to a much lower level?
• How many of these are correlated with other known cheating behaviors?
• How often do players leave the raid (or die) with less value than they started with?
• Do any players always hit(head, eyes) when fighting scavs, but always hit arms and legs when fighting players?
• What’s the KDR for players vs just scav raiders?
• What is the mean bullet velocity?
• What’s the average distance a grenade is thrown?

On to the solutions!

The very first suggestion I get to make is: Return “stolen” loadouts to players. If I die to a cheater, it’s annoying. But as my friend always has to remind me…

That is just part of the cost of playing online games.

But then I remember all that money I spent on insurance. That’s when I feel bad a second time.

You may not have enough confidence to ban a player, when they wipe a lobby with a pistol. Even when every single player they kill reports them for cheating. But then they wipe the next lobby, and the next, again, and again. Eventually, they’ll cross the line, and get themselves banned. Returning the stolen loadouts to the players they cheated would do a lot to improve the painful experience of dying to someone’s gaming chair. If you need an in-lore reason, maybe you can have Fence’s scav’s catch them, “interrogate” them, and say they eventually admitted to stealing this from you. Maybe Fence will ask for a favor in return one day.

But I get it, you’re more interested in stopping the cheaters, rather than just undoing the harm they wage. Me too!

Stop sending data to clients they don’t need. Don’t send usernames. Don’t send the contents of player inventories. Yes, a lot of what makes up a player inventory needs to be known at all times so the game can remain playable. But for items that can’t be dropped, like keys, or things that will never be lootable, like the contents of the secure pouch. Simply don’t send them, at least not at raid start. Wait until the player dies, Or at least not until a player moves it into lootable inventory. Then again, I can only make that suggestion from the factitious and ideal world I get to live in as an armchair game developer. It’s likely that when talking about loot, the value here doesn’t outweigh the work required. But please, for the love of god, if you do nothing else, stop sending KDRs! (Or, maybe keep sending it, I’ll explain the reason for that in the next section.)

I don’t know what the current state of dynamic loot is. But as something that was teased quite a few wipes ago, it could very much be part of the solution to combating cheaters. Don’t spawn any high value loot until someone or something dies. Don’t spawn high tier loot near people who are currently suspected of having RGB on their gaming chair.

Banning users doesn’t have to be the be all and end all. Especially for gamers cheating for ego. If you have a player that’s constantly selling items for well above the current market price. And those items sell. But their KDR is low, or they effectively never get reported for cheating from in game raids. You don’t want to ban this person. The more they look like a buyer for RMT, someone never cheating in raid, the more you want to keep them around, and allow them to continue playing the game. You can then leverage these players to get intel about the harmful cheaters that you do want to ban. Sure, if you ban the buyers, and do so publicly. You make players scared of buying rubles, and while this is likely to hurt the RMT economy a bit. It’s sacrificing long term wins, trading it for only short term gain. Instead, once you have enough data to “prove” someone is buying from RMT using the flea. Instead, ban that buyer from the flea for a few weeks. Even better if you’re able to do so publicly. Get people to complain about it, and that will not only discourage legit players from buying from RMT. But because the ban wasn’t permanent, it also wont stop everyone. This is exactly what you want. Those users will keep buying rubles from RMT sellers, and finding and punishing the sellers is the goal. Because the sellers are the people cheating and ruining the fun of the game. Special note: extra care is needed here, because once you start using this information to ban cheaters. The cheaters will quickly figure that out, and will start to launder their money through both shell accounts, and legit players, if they’re not doing so already. Remember banning legit players is bad!

I don’t think using macros are cheating. Some people do, and some games disallow it outright. To me, macros are a very fuzzy line between accessibility, and advantage. For the people loading in naked to a raid running around just to die, for the trivial XP gain. 1 health isn’t enough to discourage the behavior. So make those raids hurt a tiny bit more. If you die without a weapon in your hand. Not only should you lose both level XP, but physical skill XP as well. That’ll end that behavior in seconds.

Start creating cheater lobbies. If you change nothing else, but group people into raids by survival rate, KDR, whatever metric you choose, if that metric is actually good for detecting cheating. Complaints about cheating will go to zero. Cheaters will either avoid each other in raid, or they’ll try to kill each other for the lulz. But the rage about the problem across discords, reddit, twitch, will drop.

If cheater lobbies are far to high a technical lift, how hard would it be to create cheater flea markets? Cheaters don’t need to buy and sell to other cheaters. If cheaters can’t buy and sell to players on the flea, then either they’ll need to drop items in raid, or they’ll abandon the account. (Or something else I can’t predict).

Finally, when you get to the point where you’re 100% done with battling with cheaters. When you’re willing to piss off some real users if it’ll kill the market. Once you catch someone cheating, once you ban them, delete all the rubles, all the items they’ve sold on the flea, and any item they’ve dropped in raid, from everyone’s inventory. This will without a doubt piss off some real users who just happen to have bad luck. But ideally it’ll enrage everyone who buys from RMT sellers. Once this new policy is discovered publicly. This will absolutely kill the RMT market. No one will pay for items they think will just get deleted once the cheater they bought it from is banned. What will the down stream effects be here? That’s a good question that I don’t yet have a good answer for. But I’d be willing to risk a few of the items in my stash getting deleted if I knew they came from a cheater, and I also knew it was killing the RMT market.

Incase I didn’t make it clear: You do not want to risk punishing real users! The outcome from harming legit users will be bad for everyone. You’ll still have the exact same number of cheaters, they’ll still be pissing off the users that they kill. The only thing you’ll add is a growing group of users pissed off that instead of banning cheaters, your ruining the game for legit players.

Game Security for Chads!

Because the basis is to use human nature, against the people using cheats. Give cheaters plenty of opportunities to expose themselves. Start spawning in traps that no one but cheaters would be able to step on.

No one with any remaining sanity would bring T-7’s into any raid currently. Another unfortunate example of one of the best parts of the game that has been ruined to the point where players just avoid it because of cheaters. It doesn’t have to be that way. Once you have an account that’s doing all the wrong things. Give them a chance to blow it. Spawn them into a raid with a player wearing T-7’s. If they run right at him, well… The smart cheaters will avoid that player, but given most cheaters don’t fit into that category, It’ll be a quick way to get them to do something that should be “impossible”.

If for some reason, you decline to stop sending all game loot to all players when the raid starts. You can also use that to set a trap for gamers. Put 3 LEDX, or 5 GFX cards in a single room, and see how many players book it straight for that room. Even better if it’s a remote room that no one runs straight to. There’s some things that take more self control, or more intelligence than most cheaters have.

Limitations

As mentioned above, I have to make a lot of guesses, and assumptions to write this. It’s all true to the best of my understanding. But I don’t have access to EFT source code, I’m not privy to any internal decisions, actions, or rationale. Additionally because BSG has done a really good job at making people afraid of sharing information about cheats, and cheating. Reliable and reputable intel is hard to come by, (hard for the amount of time I’m willing to spend on counter intel research). I also don’t have access to any cheating software that I’d be able to reverse engineer. (If you have any software that’s not publicly available and you’d be willing and able to send me a copy, I might be interested! Let’s talk. Or you could try to make tarkov better and submit it to BattlEye)