To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription. Thanks for watching :) Corrections: - Socket communication isn't bad because of speed. Rather, it requires a system thread which is easily detectable. - MmCopyVirtualMemory is detected. - Manually mapping your driver is not a "free" or perfect solution to mapping your driver. Buying a certificate is obviously not undetectable either. Public communication methods are certainly detected as well. Some advice from Sariaki: "If i had to start over right now i would start by reversing the devirtualized battleye driver, thinking of a comm method myself and then going straight to the next step, thinking of a way to inject without getting detected"
windows sucks because if something go wrong in the kernel the system just dies, in linux the system survives way more to even severe kernel faults. windows is a weak system that if one thing goes wrong, all the rest break together.
Exactly what a cheat dev was telling me. If the cheat you are using has an undetectable driver that hasnt been picked up by anti cheat and only one person uses it. You have an undetecable cheat.
@@UNTHESUNTHESUNTHES whos saying I have they are just malware at this point a full on invasion of privacy and windows was bad enough that you have to take this stuff out of it and now games need this too
thats....the entire point, to spy on your machine to try and make sure your not cheating, and there is no reason to get upset at the anti cheats, they would all vanish if cheating wasn't a problem in games, they just add extra development time and cost, but cheating is such a problem in online games nowadays that that extra cost is near mandatory for your game to be playable
You’re videos are informative and concise. Many game hacking related videos are made by people that don’t know how to explain what they are doing (usually because they are copy and pasting)
"The Windows Kernel is public and very well understood" as someone who interacts with the guys who write kernel cheats regularly, i can tell you right now that "well understood" is not a descriptor most of them would use for the windows kernel. I regularly hear stories about guys using poorly or completely undocumented functions that tbey found by scouring decompiled code and header files. Otherwise, great video 👍
the windows kernel for a previous version of windows NT is completely decompiled afaik its called the windows research kernel. so if you consider decompiled as "well understood" then there's that, but for comprehension-wise, sid6645 is more correct
Would love to see a video on DMA devices, I read a post about using a virtual machine/ second s PC + a DMA device and found it very interesting as it avoids HWID bans.
@@Karltyyy DMA allows you to bypass the need to read from memory locally, but you still need to write to memory for most cheat features. Most ACs will also be able to tell that you have a device installed and that might triggler flags. Also has nothing to do with avoiding HWID bans, just reduces detection vectors, if you get banned you're still HWID banned (there are other ways around this, just not DMA).
@@xman10110 It also makes sure that any exploit in the anticheat software can be utilized by bad actors to do much worse things than cheating in a videogame.
@@somdudewillson what would stop said bad actors from doing that while the game is running? having it run 24/7 is no more a security risk then having it run AT ALL
1:20 This isn't entirely true graphics drivers can be recovered in windows it's called "Timeout Detection and Recovery (TDR)" and it's pretty cool IMO.
Also you can manually reload/restart a gpu's drivers with Ctrl+Win+Shift+B. You'll hear a beep, the screen will blank out/flicker, and you'll be back in business.
2:40 It should be noted, as a random piece of Windows History/Trivia. That the OS Controlling RAM Access was first done in Windows NT. And has been more or less this way since XP. 95, 98 and ME did not follow this convention. But XP and new Windows Versions do.
now obviously, the future of cheating in video games is in machine learning. You don't even need access to the game AT ALL to read the image data from screen, where an advanced deeply trained AI can interpret imagery and adjust mouse inputs accordingly. Super simple but there's currently nothing that can be done on a system level to prevent these cheats (that have been out there for years, you may even have encountered them but they are usually so subtle yet effective it get's called "smurfing")
@@itsv1p3r he's saying they think it is smurfing but it is actually machine learning bots (which is ridiculous they have only recently had any traction) as an occasional smurf myself in OW1 back in the day (peaked GM hitscan, if I play in anything below master it is unfair, it is not really that fun for me. But sometimes I would help friends rank up or whatever. It loses its charm fast but later on I was coaching so I would play with lower ranked players and even when not trying to specifically win just me being in the game tilts the balance significantly) I can tell you most of them were boosting or toxic, but they are real people. When you are one you know the other ones usually. So I do not think 'smurfs' are just robots, its literally toxic high ranked people who are for whatever reason either being paid to boost accounts or just want to sh on bad players. But when I do play seriously in a very low ranked game (if i am boosting a friend I obviously want to win) it does absolutely look like I am cheating sometimes but usually you can tell the difference because the way I would play was not, like, overly risky. Cheaters who were taking it seriously would bring a duo to protect/pocket them to stop people like me from being able to counter them (playing a oneshot hero counters a cheater if you can hit shots). But if you can't even try to hit a shot then they will always win. Almost beat a cheater who got to 4900 SR or something because he was braindead and would just run into the open and aimbot everyone on soldier. But they had a dva pocket so by the end of the match I could not even try to kill him and it was a waste of time. It is really discouraging, because a smurf you can learn from, when I was getting better I did pay attention to how they played and adapted (later on it was nice finding the same people and destroying them in return :) really felt like I had made progress improving, seeing an account a year later that had ruined my day playing far worse than me). iirc there was actually one bot in Overwatch and it was kind of funny, but it was pretty clearly not human and not very good. They also streamed it live. That was years ago so I am sure things have improved, but to make a truly human-like bot, well, the decisions AI or machine learning make is sometimes really weird in a competitive format. Something is always really off. Apparently they are getting very good, but the hope is that anti-cheats will use the same techniques in reverse. I don't know what that will say for false positives.
I'm not planning on making hacks but somehow this made me understand understand what a kernel is and how its used. I have a way clearer picture now, of what before was more like a black box. Thanks!
sockets are easily deteceted, for some games people use a rasperberry with port W (wifi) so it can recieve info directly from your wifi and then you configure it to seem as your mouse. But you will still need to make a bypass to make the rasperberry invisible (make it so it seems its not connected to any socket, normally it will be connected to the USB-3.0 socket)
@@Nickjack0310 sure, but that is a much much harder task and would require far more moving parts in your program to circumvent the anticheat. the idea of not doing this is so that your cheat is efficient and as light weight as possible. some games ac is easier to "patch" but other more popular games require a lot of reverse engineering on the ac and i mean a *lot*
I mean, the absolute ultimate cheat driver would be a separate machine that you could connect HDMI/DisplayPort to, and two usb ports to. It'd fudge a display, keyboard, and mouse, and since there's no way for any in-machine program to prove that those signals aren't legit since nothing in the machine itself is being modified. And I wouldn't be surprised if they came out with an A.I. that could subtly adjust your actual inputs to improve your game. Since some anti-cheats rely on seeing either unrealistic inputs, or a sudden change in input styles. So, an A.I. program that could slowly adjust your inputs more and more would be indetectable to it.
This yt channel is such a blessing! Hacking in general always seemed like black magic to me and I just didn't know where to start until I stumbled upon this channel. Keep it up!
Basic question.. How do you call functions from a driver's source file? I have a USB (VID0A46 / PID9621) Ethernet Adapter and found driver source code for it, qop_kernel/drivers/net/usb/dm9620 I'm interested in using the device and adding/modifying that driver. But not sure how to get started (compile, load, call functions). For example, I installed gcc and plugged it in , but how do I call load it, in order to call its functions.. like "dm_write_eeprom_word"?
The best way to cheat is the 2 computer method using a hardware debugger to bridge the host and debugger, it's undetectable to the host running the game. Example of this is using a PCI card that opens up a DMA pipeline. I break anti-cheat engines for fun.
@@ting1561 Define easily, because in the end of the day all it can do is try to parse known signatures of access, if i make a cheat and don't publish it's truly indetectable, DMA tracking is tricky as FUCK, and theoretically all you would need to do to write your own driver is to pay microshit to sign a buggy code like with VMWARE, or buy a driver exploit for a device you own, Heck, write your code to use the video card as DMA then it's a complete and absolute clusterfuck madness blackhole to try to block the cheat.
@@fss1704 Couldn't have said it better. Infact one of my favorite ways to access memory and bypass Anti-cheat doesn't even require DMA. You can use something like CosMapper to just manually map your driver before you launch the game. Works like a charm
@@adversemiller sweet, didn't knew this tool, i have a pc with a compromised intel me that was a legend reverse engineering hacks, watch god mode unlocked to have a grasp, used to cheat very well, just small fov aimhelp and triggerbot with esp invisible to the software, i exfiltrated the esp box data trough pci slot like i was using a gpio and the o.s. had absolutely no clue that there was anything connected, i used a bluepill to draw the esp boxes on top of a vga signal.
So many people in these comments just wanting to get cheats lol with no interest in learning anything. So sad, such little effort. They would be so easy to give malware to. They will download anything you give them and run any batch file you want just because they want to feel better at the game than they are. We optimized games for competitive play in windows (not for any cheating, just tweaks to windows to make it not shit), and kids would literally do anything we gave them. My friend gave someone a bat file that was mostly gibberish obfuscated and it had a command somewhere in the middle to check all drives for fortnite and uninstall it. Most harmless thing but the kid really saw it uninstalled, reinstalled it, and did this 4 more times before asking why it wasn't working. If you did anything worse than that it is just so easy. It is sad. But we need to be aware of the danger in these communities because people who cheat for malicious reasons are often willing to also do malicious things to people.
What are the most ussable functions which have to be in driver? Memory read, memory write, and...? If i read memory and it is function address, how to call it from kernel mode using user mode application and um km communication? Is it needed at all? Or i can just call it from user mode?
Bro your explanation on windows driver is so slick and understandable i can listen to your explanation all day what are the beginner level resources you would suggest to someone getting started on windows kernel programming not in game hacking but in general thank you for your contents :)
Is this why these games have taken so long to support linux, because of how windows specific their methods are? Are the versions of easy anti cheat now available for proton also as potentially invasive?
No, AFAIK the proton version of eac is much less potent because, linux being a bit more secure than windows, it simply won't allow it to run in kernel mode.
Great way to start the video. You've made me angry. Phenomenal start to a surf run then blue screen... it was like deja vu and made me feel that feeling all over again.
Very well made video ,I just loved it but sadly, right when I was expecting you to go into more technical stuff you were just getting to new part. Please do a more in depth video giving us some of the tricks that helped you in your "journey" because I I did knew about most of the stuff you said, but this is somewhat basic knowledge, and I want to learn more technical stuff. Keep it up
As you say he only mentions each stage of development briefly, but for the length of video he is aiming for that's nessecary. Hopefully more to come :)
@@yoshimurahirihito For the video length it's incredible, he covered all the basics in a very easy understanding way. But I want to learn the actual technical part. Hope he will do that
Its a channel mostly targeted at complete beginners, he has to explain the basics first, lets just hope he goes more in-depth in a future video. Would be nice since you usually have to read for this kind of information but reading is for nerds
I have a question that when i using Kernel driver cheat hooking function of modules in process, read write memory of process so i have to inject dll like i do in internal cheating user-mode ?
Can you make a video on how to make a spoofer for any mobo? Since people get hwid bans and we also wanna learn how to do it ourselves. Please tell me any sources you recommend
What if you directly burn your cheat or driver onto the motherboard. I remember hearing about some 3rd party compagnies that sold motherboard in some asian countries burn a info stealer malware so it literally cant be detected by anti viruses which has kernel level permission. So we can make the same situation happen but instead of a malware and anti viruses, we have a cheat and anti cheats
Game genie basically. Thing is, legitimate peripherals are registered and have officially assigned identifiers. Now you can forge one of those, so automatics may not pick it up, but if enough sightings of an unusual device ID get associated with reported cheating, manual review is just going to get it flagged as a malicious peripheral. There are really only two ways around kernel monitoring. Either switch your memory injector's ID frequently enough that it doesnt get intercepted, or run the entire kernel in a virtual environment, and modify memory from outside the scope of its virtual kernel. This can go as far as airgap isolation and hardware debugging feom a second compuiter. At that point becomes impossible to detect the memory modification, and anti cheat has to fall back on reviewing performance, most likely with machine learning algorithms.
I had the idea to get into game hacking about 6 months ago. I'm now a certified IT Specialist and have zero interest in games anymore. The computer world is so damn big.
having a vid on this channel of this method makes me feel better about following these instructions from some shady site that looked straight outta the 80's..
This would've worked back in like 2019-2021; Go look at Sinmapper, it's your idea but already done with only a couple "fixes" for detection vectors. Mapped drivers almost always pass detection vectors now, if you can make one that doesn't pass any I'd be shocked. You're better off making an EFI runtime driver calling to exported ntoskrnl functions from there; depending on your communication to your usermode program, this is one of your safest options, of course if you aren't using any bad imports also.
Legit question. Why cheat in video games? This video popped up on my reccomended so I'm just curious. The obvious reason I come up with is "because I want to see if I can get away with it", so is that it?
There's two sides of it, making them and using them. Making them is largely a "To see if I can, for the challenge" kind of thing, using them is likely more for attention and power fantasy and such. Yuh.
Most games with anti cheat, you just can't play on Linux. The amount of people using Linux is low, and the amount of people using Linux to game is even lower. So they don't bother, because it's so difficult to, and the amount of people isn't worth the effort.
I wish all the faceit kids on faceit would watch this video and realize, just because they have anti-cheat, doesn't mean zero hackers exist on faceit lol. It just means they have to pay a few extra dollars.
it is better than matchmaking though, but i get your point hell i cheated in faceit with a free shit built in java paste that barely worked but account never got beaned
Some day someone will create a RAM that has additional USB-C port where you can connect your phone to and directly manipulate memory data without operating system even knowing about it.
I'm interested to see how hacking evolved over time, back then it was just basic damage hack, now people start making ESP mod menu and stuff. last time, I saw hacker start spawning weapon in a multiplayer game/ teleporting everyone in the map. which is insane. how do you even manage to get that far with hacking.
How the hell are cheaters so desperate to cheat that you all somehow find more privilege escalation zero-days and create 10x more resources about driver programming, reverse engineering, and process hijacking than actual highly funded security research teams combatting malware? That's just the people providing the info for free as well. I'm sure there's a lot more information people don't disclose since they sell paid cheats. Every time I do research about this stuff, resources with a focus on game hacking always seems to pop up and they have more resources and better explanations than the alternatives. Hate multiplayer cheaters, but gotta concede that that make useful stuff. I just hope most of y'all are learning this for fun and not to cheat in actual competitive games or make malware. Reminds me of when I learnt that of this realistic tank based game called War Thunder that is apparently responsible for countless leaks of classified military information from different countries to win arguments on the forum or get certain vehicles buffed/nerfed. When the recent Pentagon leak happened, I remember people were joking about it being related to War Thunder. Turns out it actually was. Some gamers are truly lunatics.
It was not countless leaks, iirc it was just one about the F-16. It was non-critical information and something some random enlisted probably knew and had access to on something that wasn't SIPRNET. I have a lot of documents about the planes I flew on (Far more sensitive than the F-16) that are unclassified, but the general public doesn't really have access to them easily because they are part of our training, and what the public has is just generalized information. I have talked with some cheat devs of very expensive paid hacks and they are very talented people. Much more talented than the average pixelbot writer. You can tell the difference in class, it's like a drug dealer vs. the drug lord. They are able to get around anticheats long before anyone else and able to keep it updated, somehow. Their value becomes less and less useful as the anticheat is compromised, and this was the case for Overwatch, which started out having a decent anticheat (it stopped most memory cheats, which were the most dangerous for that game, where most things were server side, so most things could not be touched), but Blizzard neglected it and since it was in-house, it was fairly obfuscated but only got easier and easier to defeat. Most of the lower tier cheaters who sell stuff include malware (hwid spoofers are almost always malware for some unsuspecting kid) and they tend to be really dumb and scammers, who steal other people's cheats and resell them with some minor modifications. Many cheaters that do not develop are also very talented because they too enjoy reversing. It was annoying I had to do all this in secret despite myself never cheating because learning about these things was very informative for what was really possible, and what was out there; and what to look out for. I also forwarded cheats to Blizzard's line quite often but I doubt it made a difference. The community is very scummy and dangerous. Cheating is addictive like a drug if you lack empathy in some regard. But for every intelligent engineer and software dev (one I knew specifically would teach me how jank some of the worst cheats were) there are like 100 kiddos and scammers or more, treating it like a business, or trying to get people to do things for them for free while they do not care to learn anything. at some point in time many people need a lockpicker... someone has to be able to do it. There are also grey hats who go for reward money in return for finding exploits. It is a very interesting dynamic and I found cheaters to be interesting people. At the end of the day, though, the majority of them are ruining these games and often for very stupid reasons (everyone else is cheating is a common one by people coping they are bad).
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription. Thanks for watching :)
Corrections:
- Socket communication isn't bad because of speed. Rather, it requires a system thread which is easily detectable.
- MmCopyVirtualMemory is detected.
- Manually mapping your driver is not a "free" or perfect solution to mapping your driver. Buying a certificate is obviously not undetectable either. Public communication methods are certainly detected as well.
Some advice from Sariaki:
"If i had to start over right now i would start by reversing the devirtualized battleye driver, thinking of a comm method myself and then going straight to the next step, thinking of a way to inject without getting detected"
ok
ok
Before we continue guess which sponsor I won’t buy from and will skip.
windows sucks because if something go wrong in the kernel the system just dies, in linux the system survives way more to even severe kernel faults.
windows is a weak system that if one thing goes wrong, all the rest break together.
It would be great if Brilliant actually adhered to GDPR instead of just invading your privacy
Would love to see how those companies would react if we were to install kernel level system loggers...
or kernel level hacks rofl
@@DiamondBroPlayz has been done and is being sold for multiple years now, still detectable and detected numerous times.
@@rengomero1576 oof
@@DiamondBroPlayz that's how all Valorant hacks are, although I'd never recommend installing an unknown kernal level hack
@@MartianV2GG "kernal"
i've always wanted to understand how drivers work, thank you!
just asked a taxi driver he said he works all day.
@@robsonrobbi1763 💀
@@robsonrobbi1763 i can't tell if you're serious or not but you're supposed to ask a truck driver, DUH!
@@lucaslindgren3237 i am very serious person.
@@robsonrobbi1763 can he work for me?
Exactly what a cheat dev was telling me. If the cheat you are using has an undetectable driver that hasnt been picked up by anti cheat and only one person uses it. You have an undetecable cheat.
Got it, we should ban the use of "unlicensed drivers" in the game
@@Otherwise_1 that wouldnt work the amount of false bans/ issues yiu would have is crazy
@@Mohennep-c6m No, it will be done differently, the game will just crash/not start if something like this is enabled
@@Otherwise_1 how do you differentiate between a cheat driver and a driver for some unknown pcie card
@@null7639 I don't know, I'll have to test it when I create the game, at least it will be possible to manually add drivers to "trusted"
at this point anti-cheats are basically becoming spyware
Windows rivals
Maybe shouldn't have cheated
@@UNTHESUNTHESUNTHES whos saying I have they are just malware at this point a full on invasion of privacy and windows was bad enough that you have to take this stuff out of it and now games need this too
Always have been, actually
thats....the entire point, to spy on your machine to try and make sure your not cheating, and there is no reason to get upset at the anti cheats, they would all vanish if cheating wasn't a problem in games, they just add extra development time and cost, but cheating is such a problem in online games nowadays that that extra cost is near mandatory for your game to be playable
For anyone wondering : yes the QR-Code at 1:23 is a Rickroll.
did you know 1.93% of all QR-Codes are rickrolls
A true hero
You poor soul.
Thx, i couldnt be bothered grabbing my phone in the next room
When I scanned it, it only went to youtube's main page, hmm... I got lucky lol.
Little correction: Ring 0/the kernel is NOT the most privileged part of your computer, Ring -2/the IME or AMD PSP is.
not if you remove it :trolley:
@@chinh4thepro Have fun booting without them 🚎
Heck, i'd like to have fun with the ime, imagine the kind of sh1t you could do.
Can you give further reading about ring -2? I have having trouble finding information about it.
@@0xfadead *Libre/Core booting
never understood how anyone would happily allow Anti-Cheat or even Cheats to run at kernel level and trust them.
...that is why you disable the anticheats and create your own cheats.
I trust them to run on a separate hard drive with a separate windows install, for anything that isn't gaming i don't see a point ever using windows.
Why wouldn't you trust an anti cheat 💀
@@theFishy_ why would you?
@@theFishy_ how can you trust they dont take your data, same with cheats you dont make.
what an excellent video on fighting back against invasive software. Well done.
too bad it will make more invasive software because of you
@@handlesrtwitterdontbelivethem It's actually not invasive because it will fight the already existing invasive software.
@@reidafesta9131 and i will fight the existing soul you have
@@handlesrtwitterdontbelivethem but can they go higher than the Kernel?
@@kajojo2399 yes sir all security in computing can be defeated by a gods computer that changes 0s and 1s nobody can defeat the 0 and 1 find find
You’re videos are informative and concise. Many game hacking related videos are made by people that don’t know how to explain what they are doing (usually because they are copy and pasting)
Any other subjects of game hacking you're interested in?
or maybe they don't want you/us to learn easily what they learned that spend so much time and effort yk.
You...are...videos 🎉
@@tim.martin Check out mine!
Man, he really is the videos ✊✊
"The Windows Kernel is public and very well understood" as someone who interacts with the guys who write kernel cheats regularly, i can tell you right now that "well understood" is not a descriptor most of them would use for the windows kernel. I regularly hear stories about guys using poorly or completely undocumented functions that tbey found by scouring decompiled code and header files. Otherwise, great video 👍
I dont believe any kernel to be well known by a single person lmao. Well, any kernel that is as large as the windows/linux kernel in scope.
the windows kernel for a previous version of windows NT is completely decompiled afaik its called the windows research kernel. so if you consider decompiled as "well understood" then there's that, but for comprehension-wise, sid6645 is more correct
Would love to see a video on DMA devices, I read a post about using a virtual machine/ second s PC + a DMA device and found it very interesting as it avoids HWID bans.
Why would it avoid hwid bans💀 Maybe for the PC that the cheat is running on, but the other one where the game is running is still gonna be banned lol
@@Nioxs I’m not sure that’s why I’m asking. But if the memory is being read from a 3rd party device then it wouldn’t affect the main PC, no?
@@Karltyyy lmfao
@@Karltyyy It affects the PC where you play the game and start the AntiCheat
@@Karltyyy DMA allows you to bypass the need to read from memory locally, but you still need to write to memory for most cheat features. Most ACs will also be able to tell that you have a device installed and that might triggler flags. Also has nothing to do with avoiding HWID bans, just reduces detection vectors, if you get banned you're still HWID banned (there are other ways around this, just not DMA).
Low level security with video game examples, your channel is a gold mine!
@georgedick1521 neka what???
The biggest issue I have with Kernel level anti-cheat software is when it remains active even when I do not ACTIVELY PLAY the game.
this is to make sure you're not rigging your install to allow you to cheat before you boot up the game
@@xman10110 It also makes sure that any exploit in the anticheat software can be utilized by bad actors to do much worse things than cheating in a videogame.
cough cough *vanguard* cough cough
@@somdudewillson what would stop said bad actors from doing that while the game is running? having it run 24/7 is no more a security risk then having it run AT ALL
@@flamingscar5263 well imagine you play that game only like once a month and a zeroday in the anti-cheat is revealed while you were not playing
1:20 This isn't entirely true graphics drivers can be recovered in windows it's called "Timeout Detection and Recovery (TDR)" and it's pretty cool IMO.
Thank you, I didn’t know about that !!
Also you can manually reload/restart a gpu's drivers with Ctrl+Win+Shift+B. You'll hear a beep, the screen will blank out/flicker, and you'll be back in business.
@@HobkinBoi where do you even learn this kind of shortcut lol
@@HobkinBoi I tried it. Worked exactly as you described.
2:40
It should be noted, as a random piece of Windows History/Trivia. That the OS Controlling RAM Access was first done in Windows NT. And has been more or less this way since XP. 95, 98 and ME did not follow this convention. But XP and new Windows Versions do.
now obviously, the future of cheating in video games is in machine learning. You don't even need access to the game AT ALL to read the image data from screen, where an advanced deeply trained AI can interpret imagery and adjust mouse inputs accordingly. Super simple but there's currently nothing that can be done on a system level to prevent these cheats (that have been out there for years, you may even have encountered them but they are usually so subtle yet effective it get's called "smurfing")
You're correct. I recently found a Poker Cheating Bot that does exactly this, using ML and mouse inputs.
Pretty sure smurfing is just when you are skilled at a game but make a new account to play with/against lower skilled players temporarily.
@@itsv1p3r he's saying they think it is smurfing but it is actually machine learning bots (which is ridiculous they have only recently had any traction)
as an occasional smurf myself in OW1 back in the day (peaked GM hitscan, if I play in anything below master it is unfair, it is not really that fun for me. But sometimes I would help friends rank up or whatever. It loses its charm fast but later on I was coaching so I would play with lower ranked players and even when not trying to specifically win just me being in the game tilts the balance significantly) I can tell you most of them were boosting or toxic, but they are real people.
When you are one you know the other ones usually. So I do not think 'smurfs' are just robots, its literally toxic high ranked people who are for whatever reason either being paid to boost accounts or just want to sh on bad players. But when I do play seriously in a very low ranked game (if i am boosting a friend I obviously want to win) it does absolutely look like I am cheating sometimes but usually you can tell the difference because the way I would play was not, like, overly risky. Cheaters who were taking it seriously would bring a duo to protect/pocket them to stop people like me from being able to counter them (playing a oneshot hero counters a cheater if you can hit shots). But if you can't even try to hit a shot then they will always win. Almost beat a cheater who got to 4900 SR or something because he was braindead and would just run into the open and aimbot everyone on soldier. But they had a dva pocket so by the end of the match I could not even try to kill him and it was a waste of time. It is really discouraging, because a smurf you can learn from, when I was getting better I did pay attention to how they played and adapted (later on it was nice finding the same people and destroying them in return :) really felt like I had made progress improving, seeing an account a year later that had ruined my day playing far worse than me).
iirc there was actually one bot in Overwatch and it was kind of funny, but it was pretty clearly not human and not very good. They also streamed it live. That was years ago so I am sure things have improved, but to make a truly human-like bot, well, the decisions AI or machine learning make is sometimes really weird in a competitive format. Something is always really off.
Apparently they are getting very good, but the hope is that anti-cheats will use the same techniques in reverse. I don't know what that will say for false positives.
AIMr does this for free
Yet again, a really well put together and informative video. Great stuff Cazz!
He's indeed a great source of information for game hacking and allaround
I'm not planning on making hacks but somehow this made me understand understand what a kernel is and how its used. I have a way clearer picture now, of what before was more like a black box. Thanks!
sockets are easily deteceted, for some games people use a rasperberry with port W (wifi) so it can recieve info directly from your wifi and then you configure it to seem as your mouse. But you will still need to make a bypass to make the rasperberry invisible (make it so it seems its not connected to any socket, normally it will be connected to the USB-3.0 socket)
or just patch the anticheat
@@Nickjack0310 ???? LOL
@@Nickjack0310 sure, but that is a much much harder task and would require far more moving parts in your program to circumvent the anticheat. the idea of not doing this is so that your cheat is efficient and as light weight as possible. some games ac is easier to "patch" but other more popular games require a lot of reverse engineering on the ac and i mean a *lot*
You dont need to make the rasp invisible, just connect it with usb cable and make it seem like elgato streamdeck or something else
@@ashxxiv better than ???? LOL guy
I mean, the absolute ultimate cheat driver would be a separate machine that you could connect HDMI/DisplayPort to, and two usb ports to. It'd fudge a display, keyboard, and mouse, and since there's no way for any in-machine program to prove that those signals aren't legit since nothing in the machine itself is being modified.
And I wouldn't be surprised if they came out with an A.I. that could subtly adjust your actual inputs to improve your game. Since some anti-cheats rely on seeing either unrealistic inputs, or a sudden change in input styles. So, an A.I. program that could slowly adjust your inputs more and more would be indetectable to it.
Those kind of things already exist and can be readily bought.
AIMr, its free and does this
This yt channel is such a blessing! Hacking in general always seemed like black magic to me and I just didn't know where to start until I stumbled upon this channel. Keep it up!
🤓
@@jordan13377 👺
Why would you even start?
@@Mart-E12 Cuz its fun and you learn a lot about the windows api and how games work
Very insightful, never knew the integrities of kernel drivers until now. Keep the up good work!
Basic question.. How do you call functions from a driver's source file?
I have a USB (VID0A46 / PID9621) Ethernet Adapter and found driver source code for it,
qop_kernel/drivers/net/usb/dm9620
I'm interested in using the device and adding/modifying that driver.
But not sure how to get started (compile, load, call functions). For example, I installed gcc and plugged it in , but how do I call load it, in order to call its functions.. like "dm_write_eeprom_word"?
the only two acceptable uses for this software:
-anti invasive drivers
-forcing eac to let me set core affinity
It's so annoying that games won't allow you to change the affinity or priority.. just LET ME DO IT I NEED IT
I like how the surf gameplay is just spectating the 38.02 run replay bot
your videos are always interesting and well done, thank you
2:37 ad end
The best way to cheat is the 2 computer method using a hardware debugger to bridge the host and debugger, it's undetectable to the host running the game. Example of this is using a PCI card that opens up a DMA pipeline. I break anti-cheat engines for fun.
👍
"undetectable" -> This isn't true [anymore]. VGK and ESEA have proven, that you can easily detect DMA these days. Even with custom firmware.
@@ting1561 Define easily, because in the end of the day all it can do is try to parse known signatures of access, if i make a cheat and don't publish it's truly indetectable, DMA tracking is tricky as FUCK, and theoretically all you would need to do to write your own driver is to pay microshit to sign a buggy code like with VMWARE, or buy a driver exploit for a device you own, Heck, write your code to use the video card as DMA then it's a complete and absolute clusterfuck madness blackhole to try to block the cheat.
@@fss1704 Couldn't have said it better. Infact one of my favorite ways to access memory and bypass Anti-cheat doesn't even require DMA. You can use something like CosMapper to just manually map your driver before you launch the game. Works like a charm
@@adversemiller sweet, didn't knew this tool, i have a pc with a compromised intel me that was a legend reverse engineering hacks, watch god mode unlocked to have a grasp, used to cheat very well, just small fov aimhelp and triggerbot with esp invisible to the software, i exfiltrated the esp box data trough pci slot like i was using a gpio and the o.s. had absolutely no clue that there was anything connected, i used a bluepill to draw the esp boxes on top of a vga signal.
One of the most useful videos ive ever seen. Very helpful
The TF2 surf gameplay in the background caught me off guard. Nicely done video!
I really like this format & the breakdowns
Thank you so much for the video, you explained the process very well!
great video expalanation of general driver's meaning and development process
So many people in these comments just wanting to get cheats lol with no interest in learning anything.
So sad, such little effort. They would be so easy to give malware to. They will download anything you give them and run any batch file you want just because they want to feel better at the game than they are. We optimized games for competitive play in windows (not for any cheating, just tweaks to windows to make it not shit), and kids would literally do anything we gave them. My friend gave someone a bat file that was mostly gibberish obfuscated and it had a command somewhere in the middle to check all drives for fortnite and uninstall it. Most harmless thing but the kid really saw it uninstalled, reinstalled it, and did this 4 more times before asking why it wasn't working.
If you did anything worse than that it is just so easy. It is sad. But we need to be aware of the danger in these communities because people who cheat for malicious reasons are often willing to also do malicious things to people.
What are the most ussable functions which have to be in driver? Memory read, memory write, and...? If i read memory and it is function address, how to call it from kernel mode using user mode application and um km communication? Is it needed at all? Or i can just call it from user mode?
bro do yk how to bypass eac
@@meth6922 what you want to if you want bypass it?
Bro your explanation on windows driver is so slick and understandable
i can listen to your explanation all day
what are the beginner level resources you would suggest to someone getting started on windows kernel programming
not in game hacking but in general
thank you for your contents :)
Mom! New Cazz vid just dropped
love to see surf in the background
Is this why these games have taken so long to support linux, because of how windows specific their methods are? Are the versions of easy anti cheat now available for proton also as potentially invasive?
No, AFAIK the proton version of eac is much less potent because, linux being a bit more secure than windows, it simply won't allow it to run in kernel mode.
Problem with linux is that you can just make a patch for your own kernel or anyone can modify it. Thats why no anticheat support.
@@iwky1930 problem for enforcing anticheat on someone elses pc perhaps, great for using your own pc the way you want to though...
@@johanngambolputty5351 well yea i meant it as a problem in the case of anticheat support.
problem is that anticheat developers are control whores, linux can't run anticheat on root level only user level unlike windows.
this video was helpful, thank you!
could you make a video about physical hacks like gaining access to the memory by using pci device?
Can we just connect gaming PC thru other PC, and use that other PC for scaning network trafic, to get informations that we need ?
network traffic is encrypted
Great way to start the video. You've made me angry. Phenomenal start to a surf run then blue screen... it was like deja vu and made me feel that feeling all over again.
I was just about to get started with drivers and then I see that you just uploaded this video xD
Very well made video ,I just loved it but sadly, right when I was expecting you to go into more technical stuff you were just getting to new part. Please do a more in depth video giving us some of the tricks that helped you in your "journey" because I I did knew about most of the stuff you said, but this is somewhat basic knowledge, and I want to learn more technical stuff.
Keep it up
As you say he only mentions each stage of development briefly, but for the length of video he is aiming for that's nessecary. Hopefully more to come :)
@@yoshimurahirihito For the video length it's incredible, he covered all the basics in a very easy understanding way. But I want to learn the actual technical part. Hope he will do that
Its a channel mostly targeted at complete beginners, he has to explain the basics first, lets just hope he goes more in-depth in a future video. Would be nice since you usually have to read for this kind of information but reading is for nerds
@@IstAuchEgal_ Lmao, ikr 😂😂 Same mentality her3
Exactly. More technical stuff please!
ty so much this helps clear alot of things up.
Best explanation on how to make hacks I ever heard.
For alot of things having a good driver is a decent idea, case and point Baby Driver
This is amazing, great work!
Also you do not "create your own versions of reading and writing memory" to get around hooked syscalls or anything else the anticheat looks for.
I have a question that when i using Kernel driver cheat hooking function of modules in process, read write memory of process so i have to inject dll like i do in internal cheating user-mode ?
if you still need this, no you shouldn't since it is directly operating on the kernel
Great explanation! Could you make a video which talks about how to write a window driver for game hacking?
Of course i scanned the Qr Code and got Rick rolled
Funny how the most played time in the video is at the end of the sponsor lol
thats how to game works G
Not me getting a f stroke when you put a blue screen with the sound and I instantly thought I got a bluescreen xDD
This is top quality content, you deserve way more views.
do you have a dx11 internal imgui tutorial?
It’s easy to make, you would need to hook present and then check out imgui’s implementation
Can you make a video on how to make a spoofer for any mobo? Since people get hwid bans and we also wanna learn how to do it ourselves.
Please tell me any sources you recommend
return of the king
nice video, although what was 4:23 about? =)))))
What if you directly burn your cheat or driver onto the motherboard.
I remember hearing about some 3rd party compagnies that sold motherboard in some asian countries burn a info stealer malware so it literally cant be detected by anti viruses which has kernel level permission.
So we can make the same situation happen but instead of a malware and anti viruses, we have a cheat and anti cheats
How does the installation process even happen on Windows?
Game genie basically.
Thing is, legitimate peripherals are registered and have officially assigned identifiers. Now you can forge one of those, so automatics may not pick it up, but if enough sightings of an unusual device ID get associated with reported cheating, manual review is just going to get it flagged as a malicious peripheral.
There are really only two ways around kernel monitoring. Either switch your memory injector's ID frequently enough that it doesnt get intercepted, or run the entire kernel in a virtual environment, and modify memory from outside the scope of its virtual kernel. This can go as far as airgap isolation and hardware debugging feom a second compuiter. At that point becomes impossible to detect the memory modification, and anti cheat has to fall back on reviewing performance, most likely with machine learning algorithms.
I was waiting for this ❤
What about internal hacks? How does an AC detect that if you're not using the win32 api?
I had the idea to get into game hacking about 6 months ago. I'm now a certified IT Specialist and have zero interest in games anymore. The computer world is so damn big.
What are you doing, though
@D: I'm currently learning C language and then transitioning to C+ for development.
@@reverenddick8562 do you mean c++
@Realm Slayer yes, or CPP, as I've also seen it.
@@reverenddick8562 okay because I was a little bit confused when you said C+
having a vid on this channel of this method makes me feel better about following these instructions from some shady site that looked straight outta the 80's..
Thanks for the video. Could you make a video on how to manually map drivers? Thanks
that blue screen of death scared me i thought it actually happened
With Great Power Comes Great Responsibility
Hey, just curious if you know how to make ImGui examples (Premade ImGui) Work in csgo, I’m still learning but it would help if I got a guide
github
This is a LEGEND channel
I remember when you were a small little dude you really blew up im happy for you bro don't stop
can you use gefroce drivers to use as a "base" for your cheat?
herz 5
Create a driver that can inject to other driver -> find a trusted verified driver that have vulnerability -> inject to that driver -> cheats.
This would've worked back in like 2019-2021; Go look at Sinmapper, it's your idea but already done with only a couple "fixes" for detection vectors. Mapped drivers almost always pass detection vectors now, if you can make one that doesn't pass any I'd be shocked. You're better off making an EFI runtime driver calling to exported ntoskrnl functions from there; depending on your communication to your usermode program, this is one of your safest options, of course if you aren't using any bad imports also.
short question do anyone know how to get vulkan drivers in the vmware windows virtual machine?
Legit question. Why cheat in video games? This video popped up on my reccomended so I'm just curious. The obvious reason I come up with is "because I want to see if I can get away with it", so is that it?
There's two sides of it, making them and using them. Making them is largely a "To see if I can, for the challenge" kind of thing, using them is likely more for attention and power fantasy and such. Yuh.
"I want the numbers that go along with being good at the game without putting in the effort to learn how to be good at the game."
sometimes games can get boring
Fire Video Mate!
absolutely amazing video - thorough and well said. thanks cazz!
Ok, ive gotta ask. Ive seen that run and jump game sooo many times on voiceover videos. Does anyone know the name of that game?
Pretty sure that's just a surf map in CS:GO
Would it get our accounts banned? (ie: Epic Games and Hoyoverse)
How does anticheat software work in GNU/Linux?
It just doesnt u can do whatever u want on Linux with all processes
Most games with anti cheat, you just can't play on Linux. The amount of people using Linux is low, and the amount of people using Linux to game is even lower. So they don't bother, because it's so difficult to, and the amount of people isn't worth the effort.
When i try to load a cheat it keeps saying
Failed to initialize driver
to add on something, vbox lets u take snapshots without a premium sub, i find it quite useful, not sure if vmware does the same.
Happy Chrismas everyone
I wish all the faceit kids on faceit would watch this video and realize, just because they have anti-cheat, doesn't mean zero hackers exist on faceit lol. It just means they have to pay a few extra dollars.
Faceit Anticheat is almost as bad as vac. I remember back in the day almost every cheat available worked on vac and faceit.
it is better than matchmaking though, but i get your point hell i cheated in faceit with a free shit built in java paste that barely worked but account never got beaned
@@assssss3661 - 🤡🤡
.data ptr can be detected if not going through proper sources
You got me rickrolled at 1:25
Some day someone will create a RAM that has additional USB-C port where you can connect your phone to and directly manipulate memory data without operating system even knowing about it.
Not gonna lie, when that BSOD came up, I was genuinely scared.
very well explained!
A minute long sponsor for 7 minutes of content?
most replayed is the end of the sponsor 💀
i think “most replayed” = “most skipped to”, so that makes perfect sense
I'm interested to see how hacking evolved over time, back then it was just basic damage hack,
now people start making ESP mod menu and stuff. last time, I saw hacker start spawning weapon in a multiplayer game/ teleporting everyone in the map. which is insane. how do you even manage to get that far with hacking.
Wdym now? Esp was literally something you could download for free in cod 2
How the hell are cheaters so desperate to cheat that you all somehow find more privilege escalation zero-days and create 10x more resources about driver programming, reverse engineering, and process hijacking than actual highly funded security research teams combatting malware? That's just the people providing the info for free as well. I'm sure there's a lot more information people don't disclose since they sell paid cheats. Every time I do research about this stuff, resources with a focus on game hacking always seems to pop up and they have more resources and better explanations than the alternatives. Hate multiplayer cheaters, but gotta concede that that make useful stuff. I just hope most of y'all are learning this for fun and not to cheat in actual competitive games or make malware.
Reminds me of when I learnt that of this realistic tank based game called War Thunder that is apparently responsible for countless leaks of classified military information from different countries to win arguments on the forum or get certain vehicles buffed/nerfed. When the recent Pentagon leak happened, I remember people were joking about it being related to War Thunder. Turns out it actually was. Some gamers are truly lunatics.
It was not countless leaks, iirc it was just one about the F-16. It was non-critical information and something some random enlisted probably knew and had access to on something that wasn't SIPRNET. I have a lot of documents about the planes I flew on (Far more sensitive than the F-16) that are unclassified, but the general public doesn't really have access to them easily because they are part of our training, and what the public has is just generalized information.
I have talked with some cheat devs of very expensive paid hacks and they are very talented people. Much more talented than the average pixelbot writer. You can tell the difference in class, it's like a drug dealer vs. the drug lord. They are able to get around anticheats long before anyone else and able to keep it updated, somehow. Their value becomes less and less useful as the anticheat is compromised, and this was the case for Overwatch, which started out having a decent anticheat (it stopped most memory cheats, which were the most dangerous for that game, where most things were server side, so most things could not be touched), but Blizzard neglected it and since it was in-house, it was fairly obfuscated but only got easier and easier to defeat.
Most of the lower tier cheaters who sell stuff include malware (hwid spoofers are almost always malware for some unsuspecting kid) and they tend to be really dumb and scammers, who steal other people's cheats and resell them with some minor modifications. Many cheaters that do not develop are also very talented because they too enjoy reversing. It was annoying I had to do all this in secret despite myself never cheating because learning about these things was very informative for what was really possible, and what was out there; and what to look out for. I also forwarded cheats to Blizzard's line quite often but I doubt it made a difference.
The community is very scummy and dangerous. Cheating is addictive like a drug if you lack empathy in some regard. But for every intelligent engineer and software dev (one I knew specifically would teach me how jank some of the worst cheats were) there are like 100 kiddos and scammers or more, treating it like a business, or trying to get people to do things for them for free while they do not care to learn anything.
at some point in time many people need a lockpicker... someone has to be able to do it. There are also grey hats who go for reward money in return for finding exploits. It is a very interesting dynamic and I found cheaters to be interesting people. At the end of the day, though, the majority of them are ruining these games and often for very stupid reasons (everyone else is cheating is a common one by people coping they are bad).
@@felicitycno, there are at least three. One was on the specifications of some Chinese tank shell, don’t remember what the third one was.
Who remembers swapping dayz keys on steam and u we’re back in an instant
Awesome video bro, can u do a internal/external using rustlang e show it to us?
You're the best Man ♥
did anyone else scan the qr code of the blue screen?
1:23
Cheeky rickroll. Jokes on you, I've memorized the link.
what else did i expect to be hiding behind that qr code😂😂