Proof of Play

**Chapter 1: Fire Drill in Ring 0**

The Vanguard update shipped at 2:47 AM Pacific. By 6:00 AM, Adrian had seventeen forum threads open and a Discord notification from archie Ozu that read simply, *"bro."*

He grabbed his glasses and read the error report. A routine allowlist tightening—blocking vulnerable fan-control drivers being weaponized as BYOVD loaders—had also swept up SpeedFan, Argus Monitor, and three popular RGB utilities. Rigs without airflow management were thermal-throttling into single-digit framerates. Some were shutting down mid-match.

By 8 AM, "Vanguard is a rootkit" was trending in four languages.

His phone rang. Seattle area code, no name.

"You wrote the callback taxonomy," said the voice.

"I wrote *a* callback taxonomy."

"Close enough. Mara Chen, Nexus Circuit tournament ops. I need you in San Francisco today. We have something worse than the allowlist."

She sent a file while they talked. FACEIT telemetry on a player called Vorpal—top contender for the $10M Circuit Finals. Reaction-time distribution like a barcode: 87 milliseconds, perfectly spaced, match after match. But every forensic artifact was immaculate. TPM attestation clean. Process tree clean. PCR measurements matching a known-good image down to the hash.

"Ghost kit," Adrian said.

"Three more players flagged by behavior, cleared by attestation. Sponsors are making calls. Our lead investor goes on CNBC Monday." A pause. "I need someone who understands both sides well enough to fix it. And I need you to run silent flags on the suspects while we investigate. Retroactive if it comes to that."

Adrian looked at the burn scar on his right index finger. "No."

"Excuse me?"

"No silent flags. No shadow bans. If your system can't show a player exactly why they were removed, it's not a system—it's a rumor with a database." He kept his voice level. "I'll come. But every verdict gets an audit trail and an appeal window. That's the condition."

The silence stretched long enough that he thought she'd hung up.

"That's going to make this harder," she said finally.

"Yes," he said. "It will."

He flew out that afternoon.

The Nexus meeting room held eight people. R. Collings from CheckMATE folded an origami crane from a printed confusion matrix. J. Souva spun a mechanical keyboard on one finger. archie Ozu had silver-dyed hair and the expression of someone who'd already found three bugs in the room's AV setup. Rhaym Tek handed Adrian a pocket privacy booklet before he'd sat down.

On the projected screen behind Dev, the Riot Vanguard lead, was a clip someone had screenshotted from a qualifier stream: a pro's rig going dark mid-round, the player staring at a black monitor with six minutes left in the map. Below it, a Slack snippet from a sponsor: *"Legal wants us to freeze spend until this is resolved. Watching the hashtag."*

Dev had her arms crossed. "The update was correct. Those drivers were being weaponized."

"The update was correct and it bricked six million players," archie said. "Both things are true."

"FACEIT's position," said a voice on the conference line, "is a server-side stopgap. Behavioral flags only, no kernel component, until the allowlist is stable."

"That won't catch Vorpal," Mara said.

"EAC wants to table the whole attestation layer," said another voice. "Secure Boot fragmentation across OEM firmware is already a nightmare. You add PCR measurement requirements, you're locking out a third of the player base."

Adrian pulled up something on his laptop and turned it toward the room. A screenshot, watermarked *REDACTED* across the center, but legible at the edges: a cheat shop ad. *TPM-clean for all major tournaments. Finals-ready. Undetected since March.* Below it, fragments of a kit README: attestation bypass, PCIe device emulation, input injection at microsecond precision.

"They're already advertising," he said. "They have a finals build. Whatever stopgap we ship in the next four hours, they've tested against it."

The room went through several kinds of quiet.

Adrian uncapped a Sharpie and drew a line down the whiteboard. "Left side: what attestation can prove. Right side: what it can't." He tapped the right. "Vorpal lives here. Clean TPM, inhuman timing. The cheat runs beneath the attestation layer—hypervisor cloak, DMA device impersonating a USB controller. The proof is immaculate because it's measuring the wrong thing."

He pressed the marker against the board and held it there a moment. Eight months ago he'd published a driver-hygiene post. The Vanguard team had cited it. The cheat authors had also read it, built from it, and now here was the downstream consequence projected on a screen in four languages. He'd handed them half the blueprint without knowing it.

He wrote two words: *BEHAVIOR. ATTESTATION.* Drew a circle around both.

"Project Sentinel. Per-match TPM attestation with PCIe anomaly fingerprinting to catch the hardware impostors. Kernel input filters timestamping raw HID at microsecond resolution. Server-side models learning human motor signatures. Ulf Frisk is flying in tomorrow for the PCIe layer."

"The PCILeech guy?" Collings looked up from the crane.

"He proved the attack surface. He can help us measure it." Adrian turned to Souva. "Transformer inference on the input stream—can you prototype in forty-eight hours?"

"If I get clean training data. Real variance. Tremors, high-sensitivity players, unconventional grips. Sterile lab curves will flag legitimate players."

"Rhaym."

Rhaym Tek didn't look up from his notes. "Data minimization, purpose limitation, retention bounds. Input stream data stays scoped to match integrity, purged after adjudication. We publish the data-handling contract before the finals. Non-negotiable."

Dev's jaw tightened. "That narrows our detection window."

"It's the only version Adrian agreed to ship," Mara said. "So it's the version we're shipping."

"EAC needs a compatibility carve-out for legacy OEM firmware," the second voice said. "Or we're back to the fragmentation problem."

"You get the carve-out," Adrian said, "and you sign the risk memo acknowledging the detection gap it creates. I want dissent on record, not buried."

A pause. "Fine."

archie raised a hand. "Timeline?"

Mara spoke from the doorway. "Finals in ninety-six hours. Regulatory hearing Monday. Sponsors watching the hashtag."

Adrian looked at the whiteboard. The circle. The clock he drew beside it.

Outside, somewhere, a finals build was already running.

"Okay," he said. "Let's build it."

---

**Chapter 2: Noise on the Bus**

Ulf's lab smelled like solder flux and old coffee. Three PCIe risers sat zip-tied to a sheet of plywood, each one wired to a different FPGA board, each FPGA impersonating a different USB controller. The setup looked like a crime scene. Ulf called it Tuesday.

"Watch the power rail," he said, not looking up from his oscilloscope. The probe tip hovered over a capacitor the size of a pencil eraser. "Real controller pulls clean. Impostor stutters on the first enumeration burst—microseconds, but it's there."

Adrian leaned over the bench. On the scope, two waveforms overlapped: one smooth, one with a faint serration near the leading edge. Easy to miss. Impossible to fake away.

"That's the tell?" Adrian asked.

"That's one tell." Ulf zoomed in. The serration sharpened into a small, distinct notch. "Thermal noise signature changes too, once you push the bus under load. Legitimate silicon has consistent dissipation profiles. Cloned firmware doesn't know how to breathe."

Adrian photographed the trace with his phone. "How long to instrument this into Sentinel's pipeline?"

"Logging the raw ADC samples? Two hours. Turning it into a verdict?" Ulf finally looked up. "That's your problem."

Adrian was already typing.

The first integration test ran at 2 a.m. J. Souva piped Ulf's power-trace samples into a lightweight classifier sitting beside his input-timing transformer. The idea: if the PCIe signature looked wrong *and* the input timestamps looked inhuman, the combined score crossed the threshold for a flag.

The classifier ran. Flags appeared.

Too many flags.

Souva scrolled through the output log, frowning. One device ID kept surfacing. He pulled the product name.

"Adrian." Souva's voice had a careful flatness to it. "This is a Titan 500. It's an adaptive controller. High-latency polling by design—reduces input jitter for players with motor impairments."

The room went quiet.

Adrian walked over and read the log. The Titan 500's power signature matched the impostor profile almost exactly. Its enumeration burst had the same timing quirk because it used a slower, more deliberate handshake—accessibility-first engineering that happened to look, from a certain angle, like a cheat.

"Who uses one?" Adrian asked.

Souva pulled up a tournament registration database. "Semi-pro. Handle is Crux. Plays with one functional hand. His mouse is mounted to a custom bracket."

Adrian sat down. He thought about the whiteboard back at HQ. The circle. The clock.

"We can't flag him," he said.

"Obviously," Souva said. "But we also can't carve out a manual exception for every accessibility device. That's a bypass waiting to be exploited."

archie-ozu had been quiet in the corner, three browser tabs open and a VM log scrolling in a terminal. Now she looked up. "There's another problem." She rotated her laptop. "The input timestamp pipeline has a regression. Somewhere between the HID filter driver and the logging layer, timestamps are getting rounded to the nearest millisecond. For most players, that's fine. For Crux—and anyone else running a slow-poll device—it inflates the apparent jitter variance by a factor of four."

Adrian stared at the number. "Four."

"Four," archie confirmed. "If this goes live as-is, low-speed polling devices look like they're spraying input erratically. The model sees noise and calls it inhuman."

Souva pulled up his confusion matrix and went very still. "That would have burned him. On stage."

"It would have burned anyone with a non-standard poll rate," archie said. "I caught it because I was stress-testing against my VM farm. One of my birds—Kestrel—runs a 125Hz poll rate for legacy compatibility. It started flagging inside twenty minutes."

Adrian rubbed his face. "How bad is the fix?"

"Not bad. Two-line patch to preserve raw timestamps before they hit the logging buffer. But it has to go in before any model retraining. Otherwise we bake the error in."

Souva was already cloning the branch.

Adrian messaged Ulf: *Power trace signal is real but it's catching adaptive controllers. We need to rethink how we weight it.*

The reply came fast: *Expected. Hardware is advisory. Always was. Don't let a clean signal become a dirty verdict.*

That line—*don't let a clean signal become a dirty verdict*—Adrian wrote it on a sticky note and pressed it to the edge of his monitor.

The next four hours were surgical. Rhaym joined the call and walked them through a tiered schema. Hardware noise: advisory. Input telemetry anomaly: advisory. Attestation drift: advisory. Any two together: elevated. All three: flag for human review, never auto-ban.

"And every flag gets an entry in the audit UI," Rhaym said. "Player can see what triggered it. Not the model weights, not the raw traces—but the category and the confidence bracket. Enough to file an appeal."

Dev, joining late from the tournament operator's side, unmuted. "Players can see their own flag reasons?"

"Players under review can," Rhaym said. "It's not a public leaderboard of suspicion. It's due process."

Dev was quiet for a moment. "Okay. Yeah. Okay."

Donna Skies drafted the audit UI spec in a shared doc while they talked—clean, minimal, three fields: *Signal Type, Confidence Tier, Review Status*. No raw data, no identifiers beyond the match ID. She added a comment at the top of the doc: *If you can't explain a verdict to the player, you shouldn't issue it.*

Adrian read the comment twice.

By 6 a.m., the patch was in. Souva reran the classifier against the full registration dataset. The Titan 500 dropped out of the flag queue entirely. Everything else held.

"Crux is clean," Souva said. He sounded relieved in a way that went beyond engineering.

archie closed her terminal. "Run it again with the noisy poll-rate devices."

Souva ran it. Clean.

"One more time with the FPGA impostors from Ulf's bench."

Flags. Correct flags.

archie nodded slowly. "Okay. That's a model."

Adrian looked at the sticky note. *Don't let a clean signal become a dirty verdict.* He thought about Crux, somewhere asleep, not knowing how close it had come.

The commit message Souva pushed read: *Downgrade PCIe noise to advisory; fix timestamp rounding regression; add audit trail per Rhaym schema.*

Forty-two words. Seventy-two hours left.

---

**Chapter 3: The Drift Window**

The PCR log came in at 4:47 a.m.

Adrian had been staring at the attestation pipeline for three hours when the file dropped—FACEIT's overnight pull. Forty-seven matches, forty-seven clean TPM measurements. He almost scrolled past it.

He opened a diff tool and stacked Tuesday's measurements against Wednesday's. A TPM replay on the same hardware should produce the same hash chain every time. Most did.

He'd spent the first hour chasing PCR[0]. Boot sequence, firmware init—the obvious target. Nothing. He was halfway through a reindex when an MSRC advisory pinged his feed, flagging OEM tolerance buffers in PCR[7] as an underexamined attack surface. He pivoted.

There it was. Match ID 2291. Handle: **KESTREL-7**. The PCR[7] value had drifted six bits between pre-match attestation and a mid-match re-check. The system had smoothed it over as firmware version skew and issued a green verdict.

An hour wasted. Forty-seven hours left.

He typed into the war room channel.

`s4dbrd: PCR[7] drift in match 2291. Six-bit delta, swallowed by the OEM tolerance buffer. Not noise. Entropy profile is wrong.`

Souva: `how wide is the buffer`

`s4dbrd: Wide enough to swap a measurement if you know the exact OEM offset.`

archie's reply came lowercase, already deep in a terminal. `checking kestrel-7 input logs`

The logs confirmed it: 800-microsecond crosshair arcs, confidence 0.97. Souva's model had screamed. The attestation system had overruled it, because the TPM said the machine was clean.

Except the TPM had been told to say that. A hypervisor running below Windows showed it a clean image—adjusted six bits of PCR[7] to account for a runtime modification, then used the tolerance buffer to bury the delta.

Adrian photographed his sketch of the attack chain and posted it.

Ulf: `Classic. The buffer was always the soft spot.`

Then: `How many matches used this attestation version?`

Adrian checked. `s4dbrd: Eighty-three.`

Eleven seconds of silence.

R. Collings: `if kestrel-7 is the proof of concept, the syndicates have been running this for weeks. quarantine, not revoke.`

Right. Revoking eighty-three verdicts four days before a $10M final would torch the season. Quarantine meant: hold, re-adjudicate on telemetry alone.

Adrian drafted the proposal fast, before the political weight of it could slow him down. Tighten PCR[7] drift threshold to two bits. Flag anything above as DRIFTED. Route DRIFTED matches to Souva's model as final arbiter. Finals stage runs a semi-cloud read-only OS image—no local state, no OEM firmware skew, no buffer to exploit.

He tagged Riot's Vanguard lead, EAC, FACEIT, and Rhaym.

Riot's lead responded first. `One-bit threshold. Two bits is still exploitable if you're careful.`

EAC came back hard. `One bit bricks half our OEM cohort. We tested this. Forty percent of legitimate Asus and MSI boards drift by two bits on cold boot. You'll false-positive half the field.`

FACEIT: `we shouldn't be arguing thresholds. server-side telemetry should be the verdict by default. attestation is corroboration, not authority.`

`s4dbrd: That's a different architecture. We don't have time to rebuild the trust model before finals.`

`faceit-ops: then set two bits, accept the risk, and document the dissent.`

It went back and forth for forty minutes. Riot wouldn't move off one bit without a reference dataset proving two bits was safe. EAC had the dataset but wanted the threshold decision logged as a coalition risk memo with their objection on record. FACEIT signed the memo but attached a note: *server-side primacy at next standards revision or we revisit coalition terms.*

Adrian read the note and felt the shape of the compromise—nobody happy, everybody committed. He'd take it.

`s4dbrd: Two-bit threshold, EAC reference implementation, dissent logged. Let's move.`

archie posted her KESTREL-7 analysis at 6:15 a.m. The input signature matched a known GatorCheats profile—same micro-timing clusters across three other flagged handles. Different hardware, different accounts, same motor pattern. A product, not a person.

`archie: byovd loader dressed as an rgb utility, hypervisor cloak, pcr drift exploit pre-tuned for the buffer. it's a kit.`

Souva: `so we're not chasing one cheater. we're chasing a pipeline.`

`s4dbrd: Which means the patch ships before they retune.`

Then a sponsor email landed in Mara's inbox and she forwarded it without comment. A tier-one energy drink brand, threatening clawback provisions if any finalist was removed within 72 hours of broadcast. *Reputational harm to the event.* Legal had signed it.

Mara's follow-up was two words: `your call`

Adrian stared at it. KESTREL-7's telemetry confidence was 0.97. Not a rounding error. Not a borderline case.

`s4dbrd: Quarantine stands. Log the sponsor threat in the incident record.`

He didn't hear back from Mara for twenty minutes. When he did, it was a single word: `logged`

At 6:50 a.m., a journalist DM'd Rhaym a partial screenshot—the read-only image's driver manifest, lifted from a build artifact someone had left public for eleven minutes. The message read: *planning to run "tournament deploys kernel-level rootkit" in two hours. want to comment?*

Rhaym forwarded it to the channel. `we publish the data-handling contract before anything else ships. i don't care if it costs us three hours. if this drops without context we're back to rootkit week.`

Nobody argued. Donna had the audit UI spec ready; she expanded it into a full disclosure document in ninety minutes—what the finals image collected, what it didn't, retention limits, access controls. Rhaym added the shared hardware protections clause. Adrian wrote the scope statement.

The journalist got an embargoed copy at 9:40 a.m. and held the story.

At 10:15 a.m., Souva pushed the commit: *Tighten PCR[7] tolerance to 2-bit; quarantine DRIFTED attestations; route to telemetry-only adjudication. Ref: EAC branch 441. Coalition dissent: see risk-memo-v3.*

CI ran. Green.

archie: `what happens to kestrel-7`

`s4dbrd: Telemetry verdict. 0.97. They're out.`

`archie: and if the kit updates before finals`

`s4dbrd: Then we catch the next version. That's what the pipeline is for.`

R. Vello needed a signed policy brief for the Senate hearing delay. Adrian copied Donna's comment from the top of the audit spec—*If you can't explain a verdict to the player, you shouldn't issue it*—and built the brief around it. Signed copy delivered at 11:58 a.m. Hearing delay confirmed forty minutes later.

Forty hours left. One sponsor gone. The rest of it still standing.

---

**Chapter 4: Cold Stage, Warm Hands**

The arena smelled like industrial carpet and three hundred people who hadn't slept.

Adrian arrived at 6 a.m., dragging a roller case with a cracked wheel that caught every seam in the floor. Stage PCs already booted—read-only images, driver hashes pinned to the Sentinel manifest. Ulf had spent the night behind the rigs with a thermal camera. He'd taped handwritten reference cards to each chassis, numbers small enough only someone looking would find them.

"Sleep?" Adrian asked.

Ulf rolled his neck. "Enough."

At 8:47 a.m., the first attestation packets arrived. Green tiles filled the dashboard. Adrian watched the stream and felt nothing. Green was just the absence of bad news.

Tile seven flickered amber.

He crossed the room before deciding to move. Kestrel-7's machine. PCR[7] had drifted three bits from enrolled baseline. The system quarantined silently, routed to telemetry adjudication. No public flag. Crowd still filing through security.

Souva's voice came through comms: "Pulling HID from warmup."

The transformer model had been running since check-in. Verdict rendered in forty-one milliseconds.

*CONFIDENCE: 0.97 / SIGNATURE: NON-HUMAN / PATTERN: CONSISTENT WITH HID-LAYER TRIGGER ASSIST*

Three corroborating signals: PCR drift, a thermal anomaly on the PCIe bus, a reaction-time histogram with an 87-millisecond median and standard deviation of four. Humans didn't do that. Humans were messy.

Adrian printed the summary. Four pages. Plain language up top, raw data in the appendix.

He walked it to tournament director Selene, who had eleven years of competitive circuits behind her and the composure of someone who'd absorbed every possible disaster. She read the first page twice.

"No public announcement?" she asked.

"Not from us. Your call."

She picked up her radio.

Kestrel-7's coach intercepted Adrian in the corridor before the player arrived. He was a compact man, mid-forties, eyes already doing the math. "Show me."

Adrian handed him the printout. Three fields: what was observed, what it indicated, what the player could contest. The coach read it without expression, then looked up. "He's seventeen."

"I know."

"He's going to say it's the keyboard firmware."

"Page three addresses firmware. The thermal anomaly is hardware-layer. Different chain."

The coach stood there a moment, jaw working. Then he folded the printout once, precisely, and put it in his jacket pocket. "He'll want to see the histogram."

"He can have the full appendix."

The conversation in the private room lasted twenty minutes. Adrian didn't watch. He went back to the dashboard.

The remaining fourteen players checked in clean. The broadcast team adjusted camera angles. Someone brought pastries nobody touched.

At 10:15, archie messaged from their sacrificial VM.

`archie: new BYOVD variant in the wild. rgb wrapper, signed cert from secondary OEM chain. not in the manifest.`

`s4dbrd: Flag the cert hash in local deny list.`

`archie: done. MSRC submission is in but propagation is 72 hours minimum.`

`s4dbrd: Too slow. Local block holds for today.`

The match started at noon. Adrian watched from a folding chair behind the broadcast desk, dashboard on one monitor, live feed on the other. Fourteen green signatures, all within human variance.

At 1:47, Souva sent: *models holding. no drift. this is boring and i love it.*

Then, at 2:23, machine three's signature shifted. Not amber—not even close—but a fan-favorite mid-match, confidence reading 0.89. Adrian's hand stopped over the keyboard.

On the live feed, the caster was mid-sentence: "—absolutely filthy positioning from—"

"Hold," Adrian said into comms.

"We're live," Souva said.

"I know. Thirty-second extended sample. Don't touch the flag."

The broadcast filled with vamp chatter—casters pivoting to a replay, production buying time. Adrian watched the histogram build. The 0.89 was a warmup artifact: the player had been running a shader pre-load that spiked input latency, compressing their reaction-time distribution into a non-human-looking cluster. The additional sample showed the spread normalizing. Human variance returning, messy and real.

Confidence dropped to 0.74. Below threshold.

`s4dbrd: Stand down. Clean.`

The caster landed back on live action without a visible seam.

At 3:12, Ulf appeared at Adrian's shoulder with a thermal printout. "Machine seven. PCIe anomaly was a DMA board impersonating an onboard USB controller. Power draw off by eight percent under load." He paused. "Machine three had ambient sensor drift—I had to normalize against the room baseline. Took me twenty minutes to trust the number."

"But it held."

"After normalization. Software can be spoofed." He tapped the printout. "Heat leaves a record."

The finals ended at 4:58 p.m. The winner was a seventeen-year-old from Guadalajara who'd been playing on the same mechanical keyboard for three years. Her reaction-time histogram was a gorgeous mess—spikes and dips, a human signature in every sense.

The hearing convened the following Tuesday. R. Vello presented the capability-versus-intent framework. Adrian walked through the four-page verdict structure. The carve-out language passed committee: bounded defensive tooling, purpose-limited data, mandatory audit trails.

The term sheet arrived ten days later. One sponsor had already walked—privacy SLAs too stringent, they said, though Adrian suspected they'd wanted broader data rights and hadn't liked the answer. The remaining investors had added KPIs to the contract: maximum 0.3% false-positive rate, maximum 4ms added latency per match tick. Hard ceilings. Some features they'd sketched wouldn't survive those constraints.

Adrian read the term sheet in the same hoodie he'd worn for four days. He made one note in the margin: *explain it to the player.*

He signed it. Then he went to find coffee.