Skip to content

Cheating: Three questions for sim racing developers

In the wake of this week’s furore, kicked up by a series of reports by Sam Tomlinson to expose another incident of cheating on iRacing, it is clear the subject is ‘the elephant in the room’ which no one appears to want to address or admit even exists.

As the dust settles, the reality is that Callum Cross2 actually did drive on iRacing and was banned when iRacing ace Bruno de Carmo reported suspicious behaviour on Twitter:


The reality is Callum Cross2 does exist; the insults our site received on forums, social media and YouTube – as well as abusive emails claiming this to be a fraud perpetrated by simrace247 is beyond offensive.

In short: shoot the messenger… a lot!

However, this simply inspires messengers (in a Rocky Balboa never-give-up-kinda-way) to roll with the feeble fanboy punches and then bounce back with facts, as we have done throughout the coverage of this saga about a video game.

However, it is has gone beyond that glib title. Sim racing is now also big business these days with cheating inevitably high on many agendas from early on.

Consider this: what if slightly smarter and more devious guys get this ‘CheatAPP’? All it takes is 2% or so more grip; a percent or two of extra power and fuel consumption tweaked for an extra lap or two – use it wisely and bingo.

The rest is left to your imagination…

This is a draft of an open letter we will be sending to the main professional sim racing game developers including iRacing, Sector-3 Studios (RaceRoom), Studio-397 (rFactor 2), Codemasters (and all their racing titles including F1 2020, Project Cars etc), Kunos (Assetto Corsa and ACC), Reiza (Automobilista series)

On behalf of serious sim racers out there, who simply want the truth, there are three key questions that we would like to ask the above-mentioned sim platform owners:

  1. What are you doing to police and ban cheaters?
  2. How many drivers are banned every month because of cheating on your respective sims?
  3. Are you prepared to partner with other developers to create a Name & Shame list of drivers and/or IP addresses found cheating? (Credit bureau style)

On a personal simmers note, I signed up for another three months of iRacing today, of which I have been a member (on and off) since 2013 but simply never had the time to commit.

And also limited to skills of a ‘gentleman driver’, it is no fun with the incredibly fast and talented guys in iRacing theses days – including young blokes in our team – kicking my arse.

Nevertheless, I do want to know if people are cheating in a platform where I have dropped quite a load of cash over the years; I know our Team SIMRACE247 drivers want to know if their endurance efforts are actually worth their time and energy, yet not many people are asking these questions in public.

Will the truth be so hard to accept? Are we wasting money on fancy rigs and software, devoting tons of time to training to get beaten by cheaters like Callum Cross2? How many are there flying under the radar?

Call me curious, but I would like answers as a simmer let alone editor of a sim site.

Not only on iRacing but also Assetto Corsa where I do occasional league races, on rFactor 2 where I have also dabbled in league racing. I also have RaceRoom and Assetto Corsa Competizione.

All have big bucks competitions as well as partnerships with real-life organisations plus more and more direct manufacturer involvement. (eg. Le Mans, FIA, BMW, Porsche, Ferrari, Hublot, CUPRA; corporate sim projects with blue-chip companies and sponsors are being launched almost on a weekly basis these days.)

Again I cannot be alone in wanting to know that there is integrity in these sim games and that they are trustworthy enough to plough big money into it, also for the sim drivers who slog it out training, day in and day out, only to be beaten by a kid whose hobby is to break games with some sweet code.

In reflection, the barrage of abuse triggered by this has not come as a surprise, but the lack of transparency and deafening silence by developers is certainly unexpected; which suggests – to this messenger – something sinister is going on, best kept swept under the sim-racing carpet.

Unfortunately, as the messengers for an esport we love and cherish, we are here to remove that carpet of corruption and clean up the dirt for everyone’s peace of mind.

We don’t need carpets anymore, times have changed. Simming was essentially nerdsville up until January when Coronavirus and lockdown turned it into a boomtown. Moving forward, transparency and working together is required to eliminate the scourge.

Therefore, containing the Callum-Cross2-Virus and whatever other viruses are out there, compromising virtual racing games, has become a cause we unexpectedly inherited thanks to information supplied to us by sim racers seeking answers and the community in general who have been forthcoming with information.

Think of it like this:

If this had not all come to light and made public, young fun-seeking Callum could well be kicking your butt on iRacing right now. After all he has been messing around with us for the past year undetected. Now no more, or at least until he finds another name to play with.

Instead of abuse, I believe Sam Tomlinson and his sources, who have stepped up to provide us information, deserve a standing ovation from the sim racing community.

In closing, be warned this is just the beginning of our journey of being sim racing’s messengers, for ourselves and others that are serious about this esport.

For the record in 2009 (as we started what has morphed into our sister site and the ethos of what we stand for regarding Formula 1 and, now, Sim Racing is simple: The Truth. (Paul Velasco – Editor in Chief)

Paul Velasco

Paul Velasco

7 thoughts on “Cheating: Three questions for sim racing developers”

  1. @Crossy, Just to be clear, I’m not trying to trap you into an answer, nor do I work for iRacing or any of its affiliates, I’m simply trying to get some clarifications around this issue and how prevalent hacks may be on racing sims. It seems to me that as software has developed so have the methods employed for security as evidenced by the fact that now we’re looking at the need for low level (near bare metal) circumventions.

    So maybe my question should be, do you think you have discovered anything new in this respect or do you think that what you have done is unique?

    Another version of this question might be, do you think developers can do much more to defend their products from the kind of hack you have developed or are we really looking at inherent vulnerabilities that exist at the OS level that the game developers are powerless to alter?

  2. I said not straight forward, not ‘really hard’ – meaning, you don’t get away with just an IP address change and a spoofed Mac Address, but have to address other machine identifiers..

    When you say that you built the code and app yourself, I imagine that you used some existing PoC code snippets? Even so, it’s a complex task to circumnavigate both the anti-cheat and iRacing’s measures – although I suspect iRacing’s measures are more focused on observation rather than capture barriers, or did you just focus on the anti-cheat and not worry about what iRacing may be doing with their own code?

  3. I like the article. I get tired of cheaters. Th I know I have encountered them in games and the same thought crosses my mind. Why can’t developers stop this. It is always what has kept me away from PC gaming. Not that it can’t happen on playstation, but it is definitely not as easy to do. Unfortunately, the only platform for Iracing is PC Soni have a rig and haven’t noticed anything to crazy although I do wonder at times how cold tires some of these guys can match their best practice times.

  4. “EAC and iRacing they record fundamental identifiers of your machine,
    identifiers that are also not straight-forward to change.”

    – You think it’s really hard to spoof these identifiers? Absoloutely not.

    “there a suggestion that cheat apps can be bought online for $$$ ?
    Presumably Callum Cross didn’t write the code he used to fool EAC and
    iRacing and successfully cheat. So is there some commercial operation
    here? Cos that would be a story worth doing and a target worth exposing.”

    – I built the code and app myself

  5. Maybe sensationalist if you do not know the background.
    We are talking 2-3 months of no developer getting back to us on cheating
    The fear is that with their heads so deep in the sand they might suffocate themselves to death…

  6. It might be a good idea to try and categorise and contextualise the kind of cheating that may be occuring. For instance, the Daniel Abt cheat you mention above is a good example of ‘gaming the system’ by using substitute drivers – and potentially, if done with real intent to deceive, an area where some of these games are quite vulnerable, especially now that there are decent cash prizes on offer.

    I don’t know details of the anti-cheat efforts of the other titles you mention – I only use iRacing – which uses the 3rd party Easy Anti Cheat software. So iRacing requires this EAC software to run when entering a session, but I believe that they also have their own parallel methods to try and combat cheating.

    Getting around software like EAC is a non-trivial exercise – also risky in games like iRacing where getting caught out will get you banned, and you can’t just circumvent a ban by opening a new account with a new IP address as between EAC and iRacing they record fundamental identifiers of your machine, identifiers that are also not straight-forward to change.

    So what’s really going on here?

    Is there a suggestion that cheat apps can be bought online for $$$ ? Presumably Callum Cross didn’t write the code he used to fool EAC and iRacing and successfully cheat. So is there some commercial operation here? Cos that would be a story worth doing and a target worth exposing.

    I’m also interested in what people’s expectations are.

    The bottom line is that these games are consumer grade software running on consumer grade hardware controlled by consumer grade Operating Systems over consumer grade network devices and consumer grade internet links – expectations that these conditions are capable of rendering a game impregnable to cheating are fanciful – for the truly dedicated and sufficiently talented this is simply an obstacle challenge to be overcome and be circumvented – all of these instances are susceptible to hacking and cracking.

    Whilst I’ve never really been a subscriber to the security through obscurity tactic, from the point of view of a developer protecting their product its a vital tool, as is lying about what you do. It might seem strange, but lying has been a factor in professional grade network security and administration for many years – devices lie on purpose, to mislead people poking around where they shouldn’t be poking around.

    Any full and frank disclosure from a developer creates a reveal of where vulnerabilities lie – and some of these vulnerabilities can be beyond their control ie. because of how Operating Systems work and interact with applications and hardware. The kinds of hacks required here are low level and non-trivial – and in context, developers don’t really have anywhere else they can run to – they can’t circumvent the OS nor its use of memory, cpu, gpu, inputs/outputs to controllers etc etc. This isn’t like cracking software in the 90s and early 2000’s where you could NOP around some code and prevent a registration process/check from running, and/or insert your own serial number, or putting a filter on an ethernet port to block phone home registration checks to the developers domain.

    TLDR: It’d be good to get really clear on your goals and expectations in pursuing this. Best goal would be to expose who is behind building and distributing such ‘hacks’ as its suggested Callum used.

  7. A little bit sensationalist. I mean, I’m not gonna not buy a sim-rig and stop playing racing games just because someone might be cheating in the game. Yes, cheaters should be called out and banned whenever they are detected but, for the majority of people, it’s just a game they enjoy playing. If Callum Cross2 was taking in part in one of the professional events and racing for real money such as the iRacing Tag Heuer eSports Supercup or eNascar Coca-Cola iRacing series it would be a different matter and I’d be a bit more outraged too.

    But, as Daniel Abt found out, these Pro events are seriously monitored for cheating. Just because you aren’t aware of the the cheat detection mechanisms that are in place, doesn’t mean they aren’t there. If anti-cheat mechanisms were made public they would be even easier to work around.

Leave a Reply

Your email address will not be published. Required fields are marked *