DMA (Direct Memory Access) is a technology originally developed for computer design. Its original intent was noble: to allow hardware devices such as hard drives, network cards, and graphics cards to exchange data directly with memory without frequent CPU intervention, thereby significantly improving the computer’s operational efficiency. However, this technology has been maliciously exploited by the Game Black/Gray Industry, leading to the emergence of today’s DMA Cheats.
In this article, we will conduct an in-depth case study to analyze the principles behind DMA Cheats and the challenges of detecting them, and propose reliable and effective detection solutions.
DMA hardware cheats maliciously exploit the Direct Memory Access mechanism. First, the cheats developer inserts a specially designed hardware device (typically based on an FPGA development board or a custom chip) into the motherboard’s PCIe slot or connects it via a USB port, disguising the device as legitimate hardware (such as a network card or storage controller). Simultaneously, with the assistance of another computer (the secondary machine), they directly read data from the game console’s memory (such as enemy coordinates, health bars, and item locations). Cheats run on the secondary machine to generate wallhacks or calculate aim-assist data, and finally send simulated keyboard and mouse signals back to the game console to execute the actions.
In this dual-system setup—where the primary machine runs the game and the secondary machine runs the Cheats—DMA hardware Cheats can enable powerful features such as “wallhacks” and “auto-aim,” which severely undermine the fairness of competitive games.
Traditional cheats that provide wallhacks and auto-aim functions require a program to run on the gaming computer; they work by injecting code or reading memory. Anti-cheat systems can detect these cheats by scanning processes and checking memory integrity. However, since DMA devices read memory data at the hardware level, traditional anti-cheat measures struggle to detect them.
Addressing the challenge of DMA cheats in competitive games, JikGuard Game Hardening leverages multiple proprietary technologies to provide comprehensive security protection throughout the game’s entire lifecycle.
Kernel-Level Detection
For DMA hardware cheats, this solution effectively blocks data access at the system level. Utilizing a massive DMA hardware blacklist and mapping blocking technology, it achieves a 99.6% intrusion interception rate with a response time as low as 2 ms.
AI Behavior Detection
The AI behavior detection engine is based on deep learning algorithms and utilizes an AI behavior detection model trained on billions of data points. It analyzes micro-level features such as players’ input sequences, reaction times, and trajectory smoothness. Combined with an AI model for detecting abnormal behavior—also trained on billions of data points—it can accurately identify cheating behaviors such as “AI aim-assist” and “hidden wall-hacking,” achieving an identification accuracy rate of 99.99%.
Report Verification
JikGuard offers comprehensive evidence chain retention capabilities. When a player reports or identifies a suspected cheater, the player’s historical behavior logs and environmental data can be retrieved for further verification.