DMA cheats
Share
The so-called DMA cheating refers to using Direct Memory Access (DMA) hardware for cheating. This method involves two machines: Machine A (the gaming machine) has its memory data directly read at the hardware level by Machine B (the cheating machine). The modified cheating data is then projected back to Machine A. When combined with Kmbox (which provides aim assist and trigger functions), all cheating activities occur outside of Machine A, making detection more difficult. Since DMA hardware is legally recognized as research hardware, it cannot be outright banned at the point of sale.
Before April 2023, DMA hardware lacked spoofing capabilities, meaning simply detecting the presence of DMA hardware in a machine was enough to identify potential cheaters.
Until April 2024, DMA spoofing could not perfectly match the firmware of legitimate devices. However, with the open-sourcing of firmware spoofing techniques online, DMA devices achieved firmware-level disguise, making them indistinguishable from legitimate devices. Fortunately, since these methods were relatively uniform, collecting enough unique signatures still allowed us to detect and ban these cheaters.
In August 2024, cheating firmware saw another upgrade, adopting a one-person-one-firmware approach for spoofing. At this stage, most techniques focused on mimicking network cards, leading us to implement deeper, customized detection mechanisms specifically targeting network adapters.
To date, we have disabled 45,000 device firmware variants, and the number of bans due to DMA cheating—including accounts and machines—has reached 11,000.
However, DMA spoofing continues to evolve. It now not only follows a one-person-one-firmware approach but has also expanded to mimic various device types, such as printers, sound cards, graphics cards, storage drives, and USB hubs, making detection more challenging. Despite this, we remain confident in our ability to continuously improve DMA detection and enforcement.