FACEIT. Can It Really Detect DMA Cheats?

FACEIT, in their most recent blog post, have stated that they can detect DMA cheats.

They had this to say on their blog.

"One of the most common misconceptions is that certain cheats, like Direct Memory Access (DMA) cheats, are undetectable. That’s simply not true. Our AC leverages Windows security features such as TPM 2.0 and crucially operates at kernel level, allowing us to detect all game-adjacent activity on a PC while the user is playing on a FACEIT server. Thanks to this, it’s only a matter of time before any cheater, including those using DMA hardware, gets caught."

Reddit user SaltMaker23 has given us an in-depth analysis on how DMA cheats can be detected:

"There are couple of cases where DMA cheats can be detected (even when using second PC):

The driver used to use the run the DMA card is detected, this shouldn't happen but sometimes dumbasses devs will make custom drivers instead of simply making their card pretend to be something else that is legit (like a network card)

The firmware id used is shared among multiple cards, one of them rage hacked allowing the AC team to flag a series of firmware ID as being cheat cards, all devices that have access to memory have signatures that they give to the PC to identify themselves, if many people are using the same firmware on their card then if one rage hacks, then the others could be toasted.

The "network card" or "audio card" connected to your PC doesn't respond properly when the AC sends network/audio kind of payloads meaning either the card is faulty or it's not what it's pretending to be

A noob person runs the cheat software or a portion of it on his main PC, meaning the AC can simply detect the cheating software and the whole purpose of DMA is lost

These are the most common failures of DMA cheats, there is no way to detect a private DMA cheat when properly done and used not today not in the future.

High profile cheaters will have a firmware that actually perfectly mimic an actual thing that they have on their computer and that works, it'll be impossible to tell the two things apart.

You can't safeguard a computer when the malicious actor has physical control of it, it's security 101.

Your only hope is that the guys rage hacks at some point so that you can ban him in a manual review process."

Another reddit user, Maidzen1337, suggests that:

"They can detect DMA when the Firmware on the DMA device is shit. But a well written custom Firmware on DMA devices is not detectable by anything on OS level.

I guess they scan all PCI ports and look for suspicious devices and if a leftovers of opensource DMA firmware is anywhere they can Ban for it. But that's it, you can only ban for things you can actually read and the info you get from PCI devices is limited."

Overall FACEIT still has a significantly reduced cheating problem than the likes of Valves own match-making servers, and if FACEIT really can detect DMA cheats then it is still one of the best platforms for fair competitive gameplay.