1 6.857 Project Paper Charles Wang, Philip Tegmark Abstract—Speedruns are an increasingly common An important consideration when designing counter- method of competition where competitors attempt to measures to cheats in speedrunning is intrusiveness. A complete a video game in the fastest time possible. As with primary concern expressed by runners is that security any competition, cheating is an issue. Here we discuss a measures will increase the barriers to entry and impact number of speedrun cheating methods, such as splicing, the amateur nature of the sport. Therefore, any additional playing prerecorded inputs, and game code modification, and propose two countermeasures against some of those setup on the part of the runner, such as requiring a live methods. The first countermeasure is a method of verifying internet connection or requiring the runner to set up a that livestreamed speedruns of 3D games are not spliced. camera, should be minimized. The second countermeasure is a way to make it harder Since we were unable to create a system with adequate to cheat using prerecorded inputs, by recording a player’s security that does not have any such intrusiveness, we hands during their speedrun. Limitations of both of these will present an approach that requires no filming but countermeasures are also discussed. requires live gameplay and developer support and an approach that requires filming but does not require liveness or any special consideration on the part of the I. INTRODUCTION developer. Typically, speedruns are verified by the runner—the The former approach is specific to 3D games and player who is doing the speedrun—submitting a screen defends against splicing attacks specifically. It works by capture video of them speedrunning the game in ques- having the game re-texture objects upon request in a tion. These videos can be faked and manipulated in a way that attests that a livestreamed speedrun of a 3D number of ways, and cheating in speedruns has been game is in fact being played live, and is therefore not documented across games for more than a decade. a recording. This is important because if a speedrun is Current methods for determining if a speedrun is not a recording, then that speedrun cannot be a spliced fake are ad hoc, and require specific mistakes to be recording, and therefore this approach gives us a way to made by the forger of the speedrun. There have been certify that a speedrun is free of splicing. proposals for stricter requirements, such as requiring The latter approach consists of requiring the player’s inputting randomly generated button inputs during down hands to be filmed and for the player inputs to be time and submitting videos of the recordings of the recorded and submitted along with the gameplay video. player’s hands. These proposals have not been adopted The recorded inputs can be compared against the game- due to feelings that cheating in speedrunning is not a big play footage and the video for verification. enough issue to justify such invasive measures. However, We will then discuss under which circumstances these as speedrunning grows in popularity, preventing cheating schemes will be effective and potential attacks on them. is becoming a more pressing issue as it gets harder for the community to self-police. II. FORGERY TACTICS Achieving a fully computationally secure solution to There are a number of types of methods for forging a preventing speedrunning in cheating is impossible. With- speedrun. Of the following, the most common is splicing, out any in-person verification, all that a runner can be but the other methods are also common [6]. asked to supply is video streams. If one permits arbitrary video editing capabilities, then the runner could always A. Splicing shim the game controller to output computer generated Splicing consists of stitching together segments of controller inputs and then edit any video or audio feeds recordings of multiple playthroughs of the game to create so that the recorded behavior of the runner matches the a gameplay video of a time that is faster than would be inputs sent to the game. Therefore, the countermeasures achievable by the runner otherwise. Splicing allows the discussed in this paper will be more limited in scope, runner to retry sections at will instead of having to have relying on assumptions limiting the capability of the a good time on every segment of the game all in a single runner to edit video and reverse-engineer code. attempt. 2 B. Tool Assisted Cheating These detection methods are all community based and An legitimate category of competition for determinis- there is no common system for finding cheats. There are tic games is the Tool Assisted Speedrun (TAS), where no security measures imposed on the runners other than a sequence of inputs to the game is designed frame by submitting a video of gameplay. frame to be played by a machine into the game. These runs are compared against each other, separately from the IV. MODELING runs by human players. TASes allows for frame perfect Here we will be considering the case where there tricks and performing reliably feats that are impossible is a runner seeking to achieve a verified run with the for a human runner. A method of cheating is to take a desired time and the verifier attempting to distinguish TAS and attempt to pass it off as a normal run, which between real and fake runs. When a game is played, is known as ‘TASbotting’. If the inputs sent to the game the player is generating a sequence of inputs. The game are constructed by stitching toghether inputs recorded inputs could either be the sequence of button presses from legitimate runs, this can be nearly impossible to for a console game controlled by a game controller or detect when examining only a recording of the gameplay a sequence of key presses and mouse movements for a footage. PC game controlled by keyboard and mouse. In each of these cases, the inputs can be represented by a sequence, C. Game code modification with each element of the sequence corresponding to the Another approach to cheating in a speedrun is to state of the controller at a single frame. modify the code of the game. One example would be The output of the game is a sequence of video to modify the settings of a car so that it drove slightly frames. In the case of a non-livestreamed game, the input faster. If the game is non-deterministic, another approach sequence and output sequence can be lumped into single would be to alter the random number generation code of objects, giving the game as a (possibly deterministic) the game so that better events are more likely to happen. function taking the inputs k to the output video G(v). When considering adding code to games for the Another case is that of a livestreamed game. A runner purpose of verifying a speedrun, another game mod livestreams a speedrun of a game to an audience via consideration is the potential for reverse engineering a streaming service (e.g. Twitch.tv). The livestream has and tampering with the verification code. This will be some known and fixed stream delay D. That is, any- presumed to be difficult and countering this possibility one in the audience will see the events of the Stream will not be considered here. unfolding an amount of time D after they occur on the runner’s computer (stream delays are a common practice III. CURRENT DETECTION METHODS in livestreaming done to prevent a the livestream from buffering). Requests can be sent to the game by the Currently, there are no computational security mea- verifier. sures preventing speedrun forgery. Fakes have been detected through inspection of videos for mistakes by the forger, such as jumps in the video or audio and V. DIFFICULTY ASSUMPTIONS analyzing the video for consistency with known prop- For the case of a splicing attack, we will be consid- erties of the game. A splice was detected by counting ering the case where the player has access to an large frames of animation lengths and comparing with the number of videos of legitimate gameplay and decides to known number frames that the animation lasts. A game attempt to forge a speedrun with a faster time using the code modification was detected by noting that a specific aforementioned videos. The 3D live verification system car was emitting smoke effects that should not have is designed for a slightly more powerful attacker that is happened without game code modification. There was able to access information in the game’s code but unable also a recorded instance of detection of TASbotting by to re-implement sections of the game’s code, such as the noting that a player’s hands in a livestream did not rendering engine in particular. match up with the sent video [6]. Another case of game We will additionally be making assumptions about code modification was detected by performing statistical the difficulty of editing videos. Due to the fact that analysis of the recorded gameplay to show that the game outputs are an especially regular type of video, probability of the quality of the drops matching that editing such videos are not necessarily always difficult. in the recorded gameplay was less than 10−26 and thus For example, consider a 2D game with a low pixel count, could have only a negligible probability of having been sprites, and no anti-aliasing. Under these conditions, achieved legitimately [4]. even without any machine learning, such things as the 3 foreground and background can be perfectly segmented using simple pattern matching algorithms.