To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway. Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked. Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live). All I know is they use BattleEye.
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money. We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA. And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
Hack a multiplayer game is a crime and i hope the law will follow it. We'll probably first have to properly sue a game dev for millions in damages so that something happens.
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Here i was, thinking "how do anti-cheat allows you to bypass work" Me the entire video: "OK, but how do i work less on cheats by using this" Now i can't stop laughing.
I've heard that AI anti-cheat could be a thing in the next few years, the AI could detect if someone is cheating just by watching their gameplay. Most people think that would end cheating for good but I'm sure some cleaver person would find a bypass for that.
@@kaarelk274 kinda like every anti-cheat in the history of anti-cheats? obviously you would have to adjust it to where false positives are minimal, kinda like, you know, every other anti-cheat. the most useful application for AI anti-cheat would probably be to get rid of obvious cheaters. by analyzing exhibited behavior instead of poking around on people's computers you can maintain users' privacy and it's not inherently incompatible with modern security models. it also just bypasses the eternal-by-design arms race that they're currently taking part in-it doesn't matter how well you hide your cheat in software or hardware, if you're being obvious enough it'll catch you regardless. in fact such an anti-cheat would be eerily similar to the often used method of having admins manually identify cheaters, except it can be cost-effective without volunteers.
Some great info! Any chance you could make a video where you show a basic setup for creating cheats? Like, showing how to setup the environment to create our own Kernel scripts, manipulate memory, etc.
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
one question about DMA do u really need a second pc to makeit work? or u can make one witha programable board? something like an arduino board for example
Not only hackers dislike kernel level anti-cheat, Security expert are furious about them and don't even want to touch games with it without beeing inside two burner virtual machines 😂 Imagine giving kernel level access to some random gaming company. Privacy nightmare. It is like giving your scholl principal all your keys from all doors and safes as well giving credentials from your videocameras including bedrooms and bathrooms. Sure, I will prove my kid didn't cheat math test, but at what cost😮
That's one of the reason why modern CPUs, including phone processors, have IOMMU. They remap the DMA address and limit them to specific ranges. This is sometimes optional in your EFI settings though.
My cheat runs in System Management Mode (also called Ring -2) with a simple protocol for peeking/poking memory, using a slightly modified BIOS, so to say a BIOS rootkit with a C2. I only patched the original SMM routine to check a memory region for commands and added said region to the ACPI description, to ensure safe access. That way I can have full read/write access on the complete physical memory address range. (This is a joke, but it should work. However your PC could catch fire, if stuff misbehaves in SMM)
Kernal level anticheat is so sketchy, no one should be messing around at the kernel level unless you are a kernel developer. It feels like messing with plastic explosives to make a firework show.
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
Just for the casual gamer here thinking that every hacker is bad, no, this is ethical hacking, that is used for education and learning about game behavour, and has not caused any damage
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
I hope you don't grow anymore. I don't understand how you get sponsors. How do you get off on ruining people's free time? It's like if you went to a soccer game and started poking holes in all the balls and put rocks in the players' shoes. Why would anyone celebrate OR SPONSOR instructions on how to ruin soccer games? Let people have fun. I get that you enjoy the coding, but you can't expect people not to get mad when it comes at their expense. Couldn't you use your energy for something more productive and less degenerate? @@cazz
I like these video bot because I want to make game hacks but because I actually learn a lot about how things work maybe someday you could explain some more general stuff
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
2 days ago... Riightt
video would of been unlisted-private and he commented on it@@x4dam
how did you even get a sponsorship as a game hacking channel?
So if i use it will i get an anti cheat to my game??
i will love if you talked more about DMA its a kinda interesting topic
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@@rama-rao-y8u There are developers and programmers who actively make fun of Linux... so not all of them.
@@rama-rao-y8u I'm pretty sure this video is meant for a general audience
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
This channel is very underrated, this video is edited really nicely!
Appreciate it!!
we appreciate you!@@cazz
@@cazz yo do u know how to like remove hwid lock from a exe in c++?
how do I bypass the divorce papers?
The Anti-cheat is very good, don't try to bypass it!
public static void main string args
@@JakeAnthrax420 I anti-cheated on my wife
@@mostlyrob3469 public static void main string arguments with my wife
@@mostlyrob3469 java cuck spotted
Compiler optimization is something you can usually turn off or restrict.
This is true, I failed to mention it in the video though. Junk code will work, with optimizations turned down.
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway.
Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
volatile gang
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked.
Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live).
All I know is they use BattleEye.
@@thedirector69 is there a framework for this?
As a Software Developer, it's nice to learn some "Ethical" hacking 😊
As a software Developer you would know the Windows Api and its functions for accessing other programs already
@@Tobias-t3k or they write in hundreds of other languages for hundreds of other environments…
@user-mj8bg3fw8w That would assume I develop for windows at a low level, it's many types of software
@@Tobias-t3k That greatly depends on if they've done any Windows application programming which many devs have not
No Not always@@Tobias-t3k
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Just force ppl to use windows 11, this breaks DMA
@@I_SEE_RED Kernel DMA protection is for preventing attacks _against_ the user, not _by_ the user.
@@I_SEE_RED source ?
Pcileech
@@I_SEE_RED and how exactly are you going to force people to use one specific operating system? lol
Next generation cheats: Machine learning models that automatically aim and fire using the game’s video output
Oh 100%
Yup. Versus ML anti-cheating models 🤣
Very fun to cheat in a game when literally all you have to do is looking at your screen... lmao Cheaters gonna game out themselves
there has been machine learning cheats for 4-5 years now, there were a handful of projects with yolov4
they are called pixel bots
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
Or you could take all that spare free time and get good at whatever game
@@jgvtc559 It's not about cheating necessarily, it's about solving an engineering problem. Most hacking isn't done with malicious intent either.
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money.
We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
The sad thing is that not all mouses are compatible, and you may need to buy one that is (from my experience).
incel
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA.
And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
Cool 🎉🎉🎉🎉😮
i tried something similar and need some help do u have discord?
So that's why it wont let me start the game with hyperv enabled. Annoying for wsl userrs
@@testytea6138 really? thats beyond intrusive
@@testytea6138 that's odd, they let me start the game with hyper-v enabled
you can disable compiler optimization so that it will keep the junk
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
Too much money to be made.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
@@thekillerbunny what competitive game can you play that isn't full of cheaters? I'll wait...
there are so many more interesting problems to solve and study.. These cheaters are the reason i can't play any competitvie game anymore
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
You can literally just tell your compiler to not do dead code elimination. It's not a hostile entity.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
Here's a hint: Polymorphism
@@henlofren7321 how there is any application for polymorphism in this context?
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
i'm really want to see a video about DMA, it looks cool !
The last method is really dangerous iam loving it
I wonder if a kernel driver could be used to bypass something like the respondus lockdown browser
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
This one doesn’t work very well yet, so no body is using it
i dont know if you'd call it a cheat considering its worse than any human is going to be and puts you at a disadvantage
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
Never subscribed so fast in my life. Excellent visuals, presentation and quality! Keep it up mate!
"Hardware cheats" are absolutely genius
i love how you explained just the right amount about dma without saying too much lol
I am against cheats in competition games, however this topic is pretty interesting to learn about!
Thanks!
Another video about DMA would be really interesting.
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
Not viable as long as speed of light and distances exist..
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
Thanks for the tutorial.
I love how this video has two titles
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
bro, ur channel is a gem!
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
Thanks, very useful video
Well this video was 100x better than I was expecting from my recommendations!
Before watching, my guess is virtual machines are used to "get underneath" the whole system.
grats on the 100k btw
I always find it crazy the lengths that people will go to just to feel good in a game
but do they if the game plays itself? I guess they can share it in cheaters forum but thats it.. they know they cannot play the gane
Hack a multiplayer game is a crime and i hope the law will follow it. We'll probably first have to properly sue a game dev for millions in damages so that something happens.
its not illegal, selling the cheats is though
He slight question, wouldn't you be able to inject the anticheat with a dll, so that it doesn't find your program
it's possilbe , but also anticheats defend themselfs
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
in some games, e.x. bo2 you can do it this way
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
Nicely put
Very nice video !
And where can we get this DMA device ?
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
Cpngrats on 100k cazz
I understood nothing from this video but somehow this video was still entertaining
@@mahinsaniyan 🙏🙏🙏
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
"I run windows simply because I prefer the open source community run stuff as opposed to Windows"
@@soubs242 typo... Meant Linux. I wrote this comment as I rolled out of bed soooo....
No need to lie 😂👀
@@Crecross oh hey. funny seeing you here lmao
@@Crecross Ayo?
DMA with Virtual Machines too!
Clicked on this and didnt expect to hear a saffa, lekker vid bru
Shot my bru, I appreciate it!
you can get verified now (congrats on 100k). GO FOR IT!
Interesting, so a DMA based anticheat is literally unfixable?
ehhhhhh somewhat. there are ways to detect it but the only real way to detect it is if the person making the cheat is completely incompetent
Understandable, ty @@Kuhav0001
So as Vanguard it has kernel anticheat. Powerfull as said in video.
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Future..
The moment you explained DMA cheats my brain played the Giga Chad Music. XD
congrats on 100k :)
The most effective anti-cheat is loving parents
Very good video! Concise and easy to understand.
Here i was, thinking "how do anti-cheat allows you to bypass work"
Me the entire video: "OK, but how do i work less on cheats by using this"
Now i can't stop laughing.
Now I actually understand. Thanks!
To this all this exists because some people were crap at games online.
Hack a game..?NO, just want to play it on linux? YES
yes
that DMA example reminds of Radar hack for PubG, even that got detected and thousands got banned, but it lasted a few years I think.
I’m almost certain that some top streamers use the DMA approach
Anti-cheat? You mean kernel rootkit spyware?
t. cheater
I've heard that AI anti-cheat could be a thing in the next few years, the AI could detect if someone is cheating just by watching their gameplay. Most people think that would end cheating for good but I'm sure some cleaver person would find a bypass for that.
on the flip side of that you could train an AI to cheat while looking human. i don't think the arms race is ending anytime soon
Oh yea false bans incoming
@@kaarelk274 kinda like every anti-cheat in the history of anti-cheats? obviously you would have to adjust it to where false positives are minimal, kinda like, you know, every other anti-cheat. the most useful application for AI anti-cheat would probably be to get rid of obvious cheaters. by analyzing exhibited behavior instead of poking around on people's computers you can maintain users' privacy and it's not inherently incompatible with modern security models. it also just bypasses the eternal-by-design arms race that they're currently taking part in-it doesn't matter how well you hide your cheat in software or hardware, if you're being obvious enough it'll catch you regardless. in fact such an anti-cheat would be eerily similar to the often used method of having admins manually identify cheaters, except it can be cost-effective without volunteers.
every system will have a hole
Some great info! Any chance you could make a video where you show a basic setup for creating cheats? Like, showing how to setup the environment to create our own Kernel scripts, manipulate memory, etc.
Kernel scripts 🤣
"that a software anticheat cannot detect" - in 2023 there were 6 dma ban waves on faceit and 3 on vanguard tho haha
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
@@thomass9457 Can you bypass top anticheats like Vanguard and EAC with DMA?
@@thomass9457 i hope u'll get drafted
cry harder peasant@@MEMUNDOLOL
@@MEMUNDOLOL sry, too old.
I don’t like the people who use the cheats but I respect the people who make them
if you specify for your compiler to not optimize code, junk code should still work though?
Yes, junk code will work. But at what cost? A better way to get around this is to not paste. Your own code will most likely have it's own signature.
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
I wouldnt trust any sort of kernek anticheat.
one question about DMA
do u really need a second pc to makeit work?
or u can make one witha programable board? something like an arduino board for example
you don't need another whole pc, this shit is still DD so don't even bother
how do you know if an anticheat is user mode or kernel?
Usermode anti-cheats will load DLLs (or be another process) whereas kernel anti-cheats will load a driver.
@@cazz thank you :)
If you could elaborate more on DMA, and recommend good hardware for beginners
Thank you so much. You explain things so well!
You're very welcome!
0:32, I got a youtube ad about this, skip, then you advertising it. They sure spent a lot of money on advertising...
valve should watch this
Not only hackers dislike kernel level anti-cheat,
Security expert are furious about them and don't even want to touch games with it without beeing inside two burner virtual machines 😂
Imagine giving kernel level access to some random gaming company.
Privacy nightmare.
It is like giving your scholl principal all your keys from all doors and safes as well giving credentials from your videocameras including bedrooms and bathrooms.
Sure, I will prove my kid didn't cheat math test, but at what cost😮
the DMA is scary dangerous , how many bad things can be done with it i only imagine
That's one of the reason why modern CPUs, including phone processors, have IOMMU. They remap the DMA address and limit them to specific ranges. This is sometimes optional in your EFI settings though.
It's extremely easy actually. All you need is some goddamn expensive ass software that nobody wants to share for free
Very informative!
Nice of youtube giving this for a recommendation, its nice to know how some hacks work, like those GTA mod hacks
what is the best way to get around a HW ban?
Interesting to see how cheats work
I would never ever use cheats in multiplayer anyways though ^^
did the views count just increase by 1000 in 45 seconds? deserved tbh
well actually should be 1 billion but eh
:))
3:49 Someone forgot to remove the Airbrush on the highlighted parts ay?
My cheat runs in System Management Mode (also called Ring -2) with a simple protocol for peeking/poking memory,
using a slightly modified BIOS, so to say a BIOS rootkit with a C2.
I only patched the original SMM routine to check a memory region for commands and added said region to the ACPI description,
to ensure safe access. That way I can have full read/write access on the complete physical memory address range.
(This is a joke, but it should work. However your PC could catch fire, if stuff misbehaves in SMM)
Kernal level anticheat is so sketchy, no one should be messing around at the kernel level unless you are a kernel developer. It feels like messing with plastic explosives to make a firework show.
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
should talk about the arduino cheating scene too
underrated
Just for the casual gamer here thinking that every hacker is bad, no, this is ethical hacking, that is used for education and learning about game behavour, and has not caused any damage
MY SORRY ASS THINKING DMA WAS DYNAMIC MEMORY ALLOCATION
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
Honestly i feel like no matter what people will always find a bypass especially for cod
Don't kid yourself Activision makes the cheats
Ive seen people use external devices like a rasberry pi to bypass kernel ac's
Nice to see someone from the cheating community growing like that, great video btw
Thanks for the kind words brother, I appreciate it. The growth is unprecedented…
you people suck
I hope you don't grow anymore. I don't understand how you get sponsors. How do you get off on ruining people's free time? It's like if you went to a soccer game and started poking holes in all the balls and put rocks in the players' shoes. Why would anyone celebrate OR SPONSOR instructions on how to ruin soccer games? Let people have fun.
I get that you enjoy the coding, but you can't expect people not to get mad when it comes at their expense. Couldn't you use your energy for something more productive and less degenerate?
@@cazz
@@rush1041weep
Very interesting!
taking notes
I like these video bot because I want to make game hacks but because I actually learn a lot about how things work
maybe someday you could explain some more general stuff