Facebook Instagram Twitter Youtube
  • Get Started
    • Create Zwift Account
    • How To Get Started On Zwift
    • Zwift Course Maps
    • How to Race on Zwift (Setup, Strategy, and More)
    • Women’s Racing on Zwift
    • Links Every Zwifter Must Have
    • More “Get Started” Posts
  • Tips & Tricks
    • Training & Nutrition
    • Racing
    • Zwift Hacks
  • Reference
    • How Zwift Works
    • Course Calendar
    • RoboPacer Calendar
    • Climb Portal Calendar
    • Route of the Week Calendar
    • Upcoming Events
    • Game Updates
    • Smart Trainer Index
      • Current Models
      • Exhaustive Trainer List
    • Achievements & Unlocks
      • XP Basics for Riders
      • XP Basics for Runners
      • Kit Unlock Codes
      • Master List of Badges
    • Frames & Wheels
    • Routes & Maps
      • Master List: Routes
      • Master List: Climb Portal
      • Master List: KOMs
      • Master List: Sprints
      • Master List: Rebel Routes
      • Downloadable Watopia Map
      • Printable List of Routes by Difficulty
    • Speed Tests
    • Tiny Races
  • Women
    • Race Calendar
    • Why race?
    • Women’s Teams
    • Racer Spotlights
    • More Women’s Racing posts
  • Shop
    • Watopia Map and Other Posters
    • ZI Indoor Cycling Kit
Search
Logo
Logo
  • Get Started
    • Create Zwift Account
    • How To Get Started On Zwift
    • Zwift Course Maps
    • How to Race on Zwift (Setup, Strategy, and More)
    • Women’s Racing on Zwift
    • Links Every Zwifter Must Have
    • More “Get Started” Posts
  • Tips & Tricks
    • Training & Nutrition
    • Racing
    • Zwift Hacks
  • Reference
    • How Zwift Works
    • Course Calendar
    • RoboPacer Calendar
    • Climb Portal Calendar
    • Route of the Week Calendar
    • Upcoming Events
    • Game Updates
    • Smart Trainer Index
      • Current Models
      • Exhaustive Trainer List
    • Achievements & Unlocks
      • XP Basics for Riders
      • XP Basics for Runners
      • Kit Unlock Codes
      • Master List of Badges
    • Frames & Wheels
    • Routes & Maps
      • Master List: Routes
      • Master List: Climb Portal
      • Master List: KOMs
      • Master List: Sprints
      • Master List: Rebel Routes
      • Downloadable Watopia Map
      • Printable List of Routes by Difficulty
    • Speed Tests
    • Tiny Races
  • Women
    • Race Calendar
    • Why race?
    • Women’s Teams
    • Racer Spotlights
    • More Women’s Racing posts
  • Shop
    • Watopia Map and Other Posters
    • ZI Indoor Cycling Kit
More
    Zwift Hacks

    Video: Cheating in eSports: How to Cheat at Virtual Cycling (from DEF CON)

    Eric Schlange
    By Eric Schlange
    December 2, 2019
    LAST UPDATED December 2, 2019
    1

    DEF CON is one of the world’s largest and most popular hacker conventions. It happens in Las Vegas each year in late July/early August, and Zwift was featured at this year’s conference in a presentation by Brad Dixon titled “Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks”.

    Should We Even Talk About Hacking Zwift?

    Let’s start here.

    Hacking isn’t always a bad thing. Sure, some hackers are are malicious, breaking into systems to do damage, hold data for ransom, or perform other nefarious acts. But other hackers are actually paid to breach security systems so holes can be found and fixed. And others just do it for fun, enjoying the challenge of making a system do something it wasn’t designed to do.

    I would put Brad in the third category. And perhaps the second as well. He includes this line at the end of his talk: “Winners never cheat. Cheaters never win. Hackers sometimes cheat for fun.”

    The point of Brad’s presentation is to demonstrate the security flaws inherent in systems like Zwift, with the idea that such a demonstration may push Zwift and others to develop more secure systems.

    We’re featuring Brad’s presentation here for the very same reason. If Zwift wants to be taken seriously on the eSports level, more needs to be done to mitigate cheating.

    Of course, this isn’t news to Zwift. They, more than anyone, know the holes in their system and what it will take to be ready for the world stage (think 2020 UCI championships and the Olympics.)

    Presentation Summary

    Brad’s presentation begins with a look at the growth of eSports, and in particular the “sweaty eSports”, where Zwift is leading the way. He briefly touches on the colorful history of doping in cycling, then digs into the basics of how Zwift functions.

    Things get really technical next as Brad explains the details of the tools he’s developed to hack Zwift, but here’s a simple explanation.

    USBQ is a tool Brad helped develop commercially, then repurposed for the task of hacking Zwift sensor data. It’s basically a “man-in-the-middle” tool for manipulating data flowing through the USB bus.

    He then wrote a plugin that runs on top of USBQ. In a nod to Lance Armstrong it’s dubbed ELANCE: eSports Leet Automatic Network Cheating Enhancement. ELANCE is used to decode the ANT+ data coming in, manipulate it, then send it back out. It has two modes:

    • EPO Mode: boost your power with a multiplier, and set all grades to flat
    • Slacker Mode: no work required. Use a game controller trigger to set power levels!

    Brad demonstrates his tool in a recorded Zwift session, then discusses the possibilities of using the tool to cheat in actual Zwift races. He says it’s plausible, but you’d have to be careful about it–creating an IRL track record on Strava, using multiple accounts to test the limits of Zwift’s performance verification, etc.

    Watch his entire presentation:

    Brad’s work on this project, along with related links, can be found at his edope.bike website.

    My Thoughts

    In his wrapup, Brad makes two key points:

    1. Indoor cycling’s overall system was not designed for high-stakes competition. Insecure sensor networks and untrusted hardware are not a good foundation for security.
    2. Electronics and software are part of cycling, now more than ever. These are new domains for cheaters to exploit, and organizations governing cycling need to look at how this affects competition.

    Both of these points are obviously valid. But what can be done at this stage to deal with the problem of insecure sensors and other hardware, not to mention the ease of weight or height doping?

    To date, Zwift has always held real-world events for their high-stakes races–it makes for more exciting race streams, but it also makes for secure racing! (You can’t cheat weight, height, or power numbers in real-life settings.) Is this the way forward? Will the vast majority of Zwift races be open to edoping, while only a few top events per year are held in the real-world?

    I think we can do better.

    My hope is that Zwift’s new Fitness Tech division can lead the way in pushing for more secure communication protocols and hardware to help reduce or eliminate edoping. Because if Zwift racing is going to explode on the world stage, it must first be more cheat-proof for everyday races in our homes. A more trustworthy system will ignite a stronger spirit of competition and fair play which will raise the stakes and competition levels of all races, including the big ones.

    Your Thoughts

    Do you race on Zwift? How concerned are you about cheating in these competitions, and what solutions (if any) can you propose? Share your thoughts below!

    Related Posts

    Facebook
    Twitter
    Pinterest
    ReddIt
      Eric Schlange
      Eric Schlangehttp://www.zwiftinsider.com
      Eric runs Zwift Insider in his spare time when he isn't on the bike or managing various business interests. He lives in Northern California with his beautiful wife, two kids and dog. Follow on Strava

      1 COMMENT

      Subscribe
      Notify of
      guest

      guest

      1 Comment
      Oldest
      Newest Most Voted
      Inline Feedbacks
      View all comments
      wpdiscuz   wpDiscuz

      Get Started on Zwift

      Sign Up (Free Trial)
      Buy Zwift Ride
      Buy KICKR CORE One
      Read More...

      Newest Featured Posts

      Zwift Offers Free Play Controllers To Level 85+ Riders

      Hardware/Equipment

      Join the CommuniTTTy: On-Demand Zwift Time Trialing!

      Racing

      Support This Site

      Write a post, shop through us, donate or advertise. Learn more

      NEWSLETTER SIGNUP

      Zwift tips and news every 2 weeks! Click to subscribe.

      More Posts

      Zwift Will Not Be Hosting an Elite Zwift World Series This Fall

      Racing

      Zwift Charts: Climb Portal Growth

      Routes & Maps

      Friday Night Fun Races Announced

      Events

      Zwift Releases Fitness Trends Charts on Companion App

      Game Updates

      This community-driven site is maintained by Eric Schlange and a team of Zwift enthusiasts. Zwift Insider is independent of Zwift corporate (www.zwift.com), although Zwift does provide funding to help defray site costs.

      This site contains affiliate links to Amazon, Wahoo, and other brands. Zwift Insider makes a small commission on purchases made from these links, so please shop through them to support our efforts.

      Terms of Use/DMCA Copyright Policy

      Privacy Policy | Privacy Consent

      [email protected]

      Latest articles

      Zwift Route of the Week Schedule

      Notable Zwift Events for the Weekend of July 12-13

      Tiny Race Series – July 12 Routes – Lazy Race Organizer

      Popular Categories

      • Racing1509
      • Events1014
      • News833
      • Training & Nutrition712
      • Interviews564
      • Routes & Maps446
      Comment Author Info
      :wpds_smile::wpds_grin::wpds_wink::wpds_mrgreen::wpds_neutral::wpds_twisted::wpds_arrow::wpds_shock::wpds_unamused::wpds_cool::wpds_evil::wpds_oops::wpds_razz::wpds_roll::wpds_cry::wpds_eek::wpds_lol::wpds_mad::wpds_sad::wpds_exclamation::wpds_question::wpds_idea::wpds_hmm::wpds_beg::wpds_whew::wpds_chuckle::wpds_silly::wpds_envy::wpds_shutmouth:
      1
      0
      Would love your thoughts, please comment.x
      ()
      x
      | Reply
      You are going to send email to

      Move Comment

    • Related Posts