[AntiCheat] Game Security: An Introduction to Rapid Clicking

@codewiz · March 12, 2012 · 7 min read

Rapid clicking, as the name suggests, refers to clicking as fast as light photons. So, what benefits does rapid clicking bring in games? There are advantages, particularly in FPS (First-Person Shooter) games. While not applicable to all FPS games, in some, if the click speed falls below a certain interval, a distortion in gun recoil occurs. Normally, if you click the same spot twice, the first and second shots are fired in different directions due to gun recoil. However, using rapid clicking to quickly click the same spot twice can result in both shots being fired at the same point, a surprising phenomenon. This means it's possible to make a kill with one shot, even if it's not a headshot. Depending on the speed control, you can fire three or four shots at one point in one go. Impressive, right? While beginners who can't aim properly won't see much effect, intermediate players can significantly improve their skills by using rapid clicking.

Let's take a look at the evolution of rapid clicking. Initially, it was mostly in the form of software macros. Macros were used to write double-clicks or special fast input macros for certain keys or mouse buttons. However, there are limits to this software macro approach - they're easy to detect and even easier to neutralize. Then came the era of modified mice, either mechanically altered by users or factory-modified mice popular in places like China. In mechanical modifications, it's often impossible to process the modifications with software. From this point, detecting rapid clicking became virtually impossible. The next significant change was major vendors starting to release gaming mice with built-in macro functions, Logitech being a notable example. Early Logitech gaming mice emulated macros through software, but the latest high-end models come with an astonishing feature: a separate memory inside the mouse to store and use macros. You can input macros into this internal memory using Logitech software, and then use it on any computer without needing additional driver or software installations. This overcame the crudeness of mechanical modifications while avoiding easy detection like software methods. From then on, the use of such mice skyrocketed among gamers.

The serious issue here is that despite being a clear form of cheating, major vendors are releasing these products under the name of gaming mice, and these products are not being blocked in games, leading to a lack of recognition of this as hacking. Some players even think it's not a problem to use macro gaming mice in tournaments. More distressingly, there's a growing perception among gamers that the era of playing games based on skill is over; now it's about playing with money (as top-tier Logitech gaming mice are quite expensive). It seems like the real-world imbalance is extending into the online world, doesn't it? To correct this unfair reality, over the past few months, our XIGNCODE (read as 'sainkoud') development team has been researching rapid clicking. As a result, we've driven a considerable number of rapid clickers out of the games where this issue was raised, and we're instilling the perception that using rapid clicking is cheating. Of course, it's not over yet. We continue to research new ideas, algorithms, and alternatives to root out this issue. The following content will summarize the trials and thoughts we've experienced in this process.

#0

Our initial approach was to detect hardware. Since the gaming mice used by most players are from a limited number of major vendors, we thought we could block them by reading the contents of the memory embedded in those mice. It was a bright idea. We analyzed gaming mice relentlessly, with Logitech mice being our top priority. However, unfortunately, even the Logitech mouse software didn't have a function to read the macros stored in the mouse. Logitech's software could write to the mouse but not read from it.

Despite the disappointment, we reversed engineered the part of the software that writes to the mouse and created a sample program to do the same. Surprisingly, this rendered the Logitech mouse permanently unable to record macros. The development team thought it wouldn't be bad to render all gaming mice incapable of macros, but realizing the impact on users who bought expensive mice for purposes other than rapid clicking, we stopped this line of research.

#1

Next, we focused on speed. As the term "rapid clicking" suggests, we believed that speed was the crux of the issue. We assumed that the click speed of macro mice would be set at a rate unattainable by humans. However, measuring this speed wasn't easy, as there are not only automated mouse clicks set by macros but also events triggered by users using those macros or regular buttons. In other words, we couldn't solely rely on the speed of macro inputs; there was noise mixed in. Additionally, in FPS games, players do not always constantly click. Most of the time is spent searching for enemies, and actual combat clicks are not that frequent. Including this search time would result in significant noise.

The smart XIGNCODE development team simplified this complex and difficult problem and managed to significantly reduce the noise. They then measured the results. For reference, there are really smart people on the XIGNCODE development team. Seriously, haha~~

rapid clicking0

This graph shows the average input speed of users. As explained earlier, this is the average derived from complex calculations after removing noise. The horizontal axis represents speed in milliseconds, and the vertical axis represents the number of users in that range. Beautifully, it shows a normal distribution around 200ms. According to our internal tests, an average person's thoughtless double-click comes out to about 100-200ms. We started inferring that users below 100ms in this data range might be using rapid clicking.

rapid clicking1 We calculated the standard deviation for more insights. We thought if macro inputs were used, the standard deviation would naturally be low. This graph, like the previous one, has speed on the x-axis and the number of users on the y-axis. We consider users with deviations of 0-20ms as rapid clickers. It's unlikely for such a low deviation in human-triggered click events.

rapid clicking2 This is the correlation between the two data sets. The horizontal axis is the average, and the vertical axis is the standard deviation. It looks somewhat like an asteroid field. We are focusing on the dust particles from this asteroid that have low values on both the y-axis and x-axis. Setting the average at 50ms and standard deviation at 50ms resulted in about 1% of all users. More surprisingly, those users included in the data were already known to have a high macro detection rate. By this point, you might have caught on.

#2

Of course, the advantages of using gaming mice extend beyond rapid clicking. When we consider that a machine replaces human input, all kinds of macro inputs that are not permitted in games are essentially cheating. The XIGNCODE development team is researching new methods that can automatically identify various macro methods.

Currently, we are working on recording all inputs in a certain interval and then finding the longest common subset that repeats in that interval. The biggest vulnerability of this method is timing errors, but if we can approximate that part, it would be a very powerful technique. However, the biggest obstacle, as you might guess, is that while it sounds easy in theory, translating it into functional code is not a straightforward task. Nonetheless, the XIGNCODE development team is tirelessly coding with the belief of blocking all hardware input methods of macros in the world. Haha~

#3

How about that? As you can see, the XIGNCODE development team doesn’t just catch hacking tools. Remember, they deeply contemplate all forms of cheating in games and find alternatives. And don’t forget, if you're a game developer in New York, you'd naturally choose XIGNCODE for security products. Hehe~

Remember, you can probably omit the 'probably'!!!

Remember, you can probably omit the 'probably'!!!

@codewiz
Looking back, there were good days and bad days. I record all of my little everyday experiences and learnings here. Everything written here is from my personal perspective and opinion, and it has absolutely nothing to do with the organization I am a part of.
(C) 2001 YoungJin Shin, 0일째 운영 중