To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway. Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked. Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live). All I know is they use BattleEye.
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money. We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA. And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
When I clicked on this video I thought I was going to get some enlightenment on how anticheat manage to bypass working because tomorrow is monday and I was open to new ideas
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
one question about DMA do u really need a second pc to makeit work? or u can make one witha programable board? something like an arduino board for example
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
Here i was, thinking "how do anti-cheat allows you to bypass work" Me the entire video: "OK, but how do i work less on cheats by using this" Now i can't stop laughing.
4:41 in practice it also works. When adding junk code people always turn optimization off, the only time I've seen someone get banned with a pasted cheat with junk code is when a feature got detected or the cheat was too retarded to set valid viewangles There are even programs that add junk code to everything with 1 click - I also think there are ways to detect DMA tho? - What about intercepting network packets for an ESP? I wonder how difficult or possible that is
i use junk code in my applications, not to prevent detection but to make it harder for hackers to crack it. Not only i haven't disabled optimization but i have set it to do maximum optimization. This combination generating a very strong obfuscation and usually gets mixed with the real code very well. A game can still create a signature and give a ban even after adding junk code because even 1 line of code can generate probably a lot of bytes that is enough to detect the cheat
@@kipchickensout manually. i wrote my own junk code too based on my strings encryption. Basically i started with just a string encyption which remaining unchanged for years as every attempt to make it more powerful failed, its just perfect. Then i used this to create a macro that takes a bool and return the same value, but compiler cannot resolve it so whatever i have under this block will not removed even if will never run. this also allowed me to insert directly invalid instructions and modify registers or stack pointer that makes things even worse if try to parse binary with IDA or orher decompiler. I use all these and more for my public cheat and noone ever successfully cracked it or "stole" any unique feature since release (around 1.5 years)
@@kipchickensout i even saw people get automatically banned because they tried to use dnspy debugger to debug my application (dnspy is decompiler for c# but my application made with c++). This makes me assume that not only they are far away from crack but they not even know what language and compiler i have used! I saw other people say in forums that i used a custom virtual machine with themida etc...
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
Could you just make an external cheat that detects when an enemy head is on screen and moves your mouse on to it? That way the cheat is not in the game it’s self?
Theoretically, you could use a capture card and create a wireless receiver setup so that by using machine learning on the capture card output, you can automatically snap onto heads by adding inputs on top of the player movement in order to get kills.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
4:36 not entirely true junk code can be not optimized if you specify in the compiler i've seen viruses that do these and had a lot of assembly crap put into them they were constantly for example calculating sin and cos
Is there a way that a anti-cheat could detect you running the cheats on a different system and streaming the inputs to your other device like a wireless keyboard does?
Doesnt work for consoles because the hole memory is encrypted and also theres aslr so you cant find the process. Need to get a way around that but then it will work
Pixel, color, and AI object detection aimbots work extremely well on console. I prefer color aimbot but it depends on the game if they will work. A few examples where color works very well. Overwatch, Halo, Call of Duty, Apex Legends with digital threat scope, and more.
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
If i was looking to make a hardware script cheat, would i need a driver to cover the arduino/usb shield? Or with the right configuration it wouldn’t be detected the anti cheat runs on the kernel and its EAC
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
Windows has an OS anti-virus/malware, is such a platform level solution something that could be done for anti-cheat? It seems inefficient to have all these separate ac solutions, and a platform solution wouldn’t come with the same security compromises that installing multiple kernel drivers does
Question, does cheat developer target the anti-cheat itself, like patching the anti-cheat so it no longer work, or make it think that everything is working as intended. Wouldn't it be easier to cheat now that there's basically no anti-cheat.
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Hey i am going to pick a university major and i cant decide between CE / CS what did you study personaly and well not directly but in which can i learn more of this subject (ethucal hacking mostly games)
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
2 days ago... Riightt
video would of been unlisted-private and he commented on it@@x4dam
how did you even get a sponsorship as a game hacking channel?
So if i use it will i get an anti cheat to my game??
i will love if you talked more about DMA its a kinda interesting topic
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@@anon-y8w There are developers and programmers who actively make fun of Linux... so not all of them.
@@anon-y8w I'm pretty sure this video is meant for a general audience
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
This channel is very underrated, this video is edited really nicely!
Appreciate it!!
we appreciate you!@@cazz
@@cazz yo do u know how to like remove hwid lock from a exe in c++?
how do I bypass the divorce papers?
The Anti-cheat is very good, don't try to bypass it!
public static void main string args
@@JakeAnthrax420 I anti-cheated on my wife
@@mostlyrob3469 public static void main string arguments with my wife
@@mostlyrob3469 java cuck spotted
Compiler optimization is something you can usually turn off or restrict.
This is true, I failed to mention it in the video though. Junk code will work, with optimizations turned down.
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway.
Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
volatile gang
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked.
Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live).
All I know is they use BattleEye.
@@thedirector69 is there a framework for this?
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Just force ppl to use windows 11, this breaks DMA
@@I_SEE_RED Kernel DMA protection is for preventing attacks _against_ the user, not _by_ the user.
@@I_SEE_RED source ?
Pcileech
@@I_SEE_RED and how exactly are you going to force people to use one specific operating system? lol
Next generation cheats: Machine learning models that automatically aim and fire using the game’s video output
Oh 100%
Yup. Versus ML anti-cheating models 🤣
Very fun to cheat in a game when literally all you have to do is looking at your screen... lmao Cheaters gonna game out themselves
there has been machine learning cheats for 4-5 years now, there were a handful of projects with yolov4
they are called pixel bots
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
Or you could take all that spare free time and get good at whatever game
@@jgvtc559 It's not about cheating necessarily, it's about solving an engineering problem. Most hacking isn't done with malicious intent either.
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money.
We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
The sad thing is that not all mouses are compatible, and you may need to buy one that is (from my experience).
incel
As a Software Developer, it's nice to learn some "Ethical" hacking 😊
As a software Developer you would know the Windows Api and its functions for accessing other programs already
@@Tobias-t3k or they write in hundreds of other languages for hundreds of other environments…
@user-mj8bg3fw8w That would assume I develop for windows at a low level, it's many types of software
@@Tobias-t3k That greatly depends on if they've done any Windows application programming which many devs have not
No Not always@@Tobias-t3k
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA.
And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
That’s an even bigger security risk
@Butterscotch_96 True. But, that's why some ACs utilize boot-kits to load first than the operating system.
@@inqmusician2 yeah that’s still a security risk
@Butterscotch_96 Yeah, I forgot. Here's a like for you.
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
Cool 🎉🎉🎉🎉😮
i tried something similar and need some help do u have discord?
So that's why it wont let me start the game with hyperv enabled. Annoying for wsl userrs
@@testytea6138 really? thats beyond intrusive
@@testytea6138 that's odd, they let me start the game with hyper-v enabled
you can disable compiler optimization so that it will keep the junk
I wonder if a kernel driver could be used to bypass something like the respondus lockdown browser
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
Too much money to be made.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
@@thekillerbunny what competitive game can you play that isn't full of cheaters? I'll wait...
there are so many more interesting problems to solve and study.. These cheaters are the reason i can't play any competitvie game anymore
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
You can literally just tell your compiler to not do dead code elimination. It's not a hostile entity.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
Here's a hint: Polymorphism
@@henlofren7321 how there is any application for polymorphism in this context?
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
"Hardware cheats" are absolutely genius
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
Never subscribed so fast in my life. Excellent visuals, presentation and quality! Keep it up mate!
When I clicked on this video I thought I was going to get some enlightenment on how anticheat manage to bypass working because tomorrow is monday and I was open to new ideas
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
i'm really want to see a video about DMA, it looks cool !
The last method is really dangerous iam loving it
He slight question, wouldn't you be able to inject the anticheat with a dll, so that it doesn't find your program
it's possilbe , but also anticheats defend themselfs
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
in some games, e.x. bo2 you can do it this way
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
I actually pretty curious about a great AC like vanguard from Valorant. Is vanguard really can't detect DMA (at least for now)?
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
This one doesn’t work very well yet, so no body is using it
i dont know if you'd call it a cheat considering its worse than any human is going to be and puts you at a disadvantage
one question about DMA
do u really need a second pc to makeit work?
or u can make one witha programable board? something like an arduino board for example
you don't need another whole pc, this shit is still DD so don't even bother
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
if you specify for your compiler to not optimize code, junk code should still work though?
Yes, junk code will work. But at what cost? A better way to get around this is to not paste. Your own code will most likely have it's own signature.
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
i love how you explained just the right amount about dma without saying too much lol
I am against cheats in competition games, however this topic is pretty interesting to learn about!
Thanks!
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
Here i was, thinking "how do anti-cheat allows you to bypass work"
Me the entire video: "OK, but how do i work less on cheats by using this"
Now i can't stop laughing.
how do you know if an anticheat is user mode or kernel?
Usermode anti-cheats will load DLLs (or be another process) whereas kernel anti-cheats will load a driver.
@@cazz thank you :)
Clicked on this and didnt expect to hear a saffa, lekker vid bru
Shot my bru, I appreciate it!
Well this video was 100x better than I was expecting from my recommendations!
grats on the 100k btw
I love how this video has two titles
3:49 Someone forgot to remove the Airbrush on the highlighted parts ay?
Thanks for the tutorial.
bro, ur channel is a gem!
Cpngrats on 100k cazz
Interesting, so a DMA based anticheat is literally unfixable?
ehhhhhh somewhat. there are ways to detect it but the only real way to detect it is if the person making the cheat is completely incompetent
Understandable, ty @@Kuhav0001
4:41 in practice it also works. When adding junk code people always turn optimization off, the only time I've seen someone get banned with a pasted cheat with junk code is when a feature got detected or the cheat was too retarded to set valid viewangles
There are even programs that add junk code to everything with 1 click
- I also think there are ways to detect DMA tho?
- What about intercepting network packets for an ESP? I wonder how difficult or possible that is
i use junk code in my applications, not to prevent detection but to make it harder for hackers to crack it.
Not only i haven't disabled optimization but i have set it to do maximum optimization. This combination generating a very strong obfuscation and usually gets mixed with the real code very well.
A game can still create a signature and give a ban even after adding junk code because even 1 line of code can generate probably a lot of bytes that is enough to detect the cheat
@asdfghjkl-ug7xp encoding wise I'd expect it to be plain binary structs or something idk, but yeah encryption may be a hassle right
@@thedirector69 do you use an extension or application that is made for the sole purpose of obfuscation or do you "manually" do that?
@@kipchickensout manually. i wrote my own junk code too based on my strings encryption. Basically i started with just a string encyption which remaining unchanged for years as every attempt to make it more powerful failed, its just perfect.
Then i used this to create a macro that takes a bool and return the same value, but compiler cannot resolve it so whatever i have under this block will not removed even if will never run. this also allowed me to insert directly invalid instructions and modify registers or stack pointer that makes things even worse if try to parse binary with IDA or orher decompiler. I use all these and more for my public cheat and noone ever successfully cracked it or "stole" any unique feature since release (around 1.5 years)
@@kipchickensout i even saw people get automatically banned because they tried to use dnspy debugger to debug my application (dnspy is decompiler for c# but my application made with c++). This makes me assume that not only they are far away from crack but they not even know what language and compiler i have used!
I saw other people say in forums that i used a custom virtual machine with themida etc...
makes me wonder ..could one use a VM to emulate a second pc to communicate to a DMA device (or DMA driver) and bypass kernel AC on the same system?
yes
what is the best way to get around a HW ban?
Very nice video !
And where can we get this DMA device ?
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
Not viable as long as speed of light and distances exist..
Could you just make an external cheat that detects when an enemy head is on screen and moves your mouse on to it?
That way the cheat is not in the game it’s self?
Theoretically, you could use a capture card and create a wireless receiver setup so that by using machine learning on the capture card output, you can automatically snap onto heads by adding inputs on top of the player movement in order to get kills.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
"I run windows simply because I prefer the open source community run stuff as opposed to Windows"
@@soubs242 typo... Meant Linux. I wrote this comment as I rolled out of bed soooo....
No need to lie 😂👀
@@Crecross oh hey. funny seeing you here lmao
@@Crecross Ayo?
4:36 not entirely true junk code can be not optimized if you specify in the compiler i've seen viruses that do these and had a lot of assembly crap put into them they were constantly for example calculating sin and cos
Thank you so much. You explain things so well!
You're very welcome!
Isn't IOMMU enough to protect against DMA?
Is there a way that a anti-cheat could detect you running the cheats on a different system and streaming the inputs to your other device like a wireless keyboard does?
with heuristics, all it has to do is track your movements ingame, but that is very dystopian and the chances of that happening is slim
you can get verified now (congrats on 100k). GO FOR IT!
congrats on 100k :)
Can we use DMA to hack console games? very interested 😮
Interesting
Doesnt work for consoles because the hole memory is encrypted and also theres aslr so you cant find the process. Need to get a way around that but then it will work
🤔
Pixel, color, and AI object detection aimbots work extremely well on console. I prefer color aimbot but it depends on the game if they will work. A few examples where color works very well. Overwatch, Halo, Call of Duty, Apex Legends with digital threat scope, and more.
@@thomass9457 that's interesting...
how can you make a panel where you can generate keys for others to put in a panel?
Thanks, very useful video
"that a software anticheat cannot detect" - in 2023 there were 6 dma ban waves on faceit and 3 on vanguard tho haha
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
@@thomass9457 Can you bypass top anticheats like Vanguard and EAC with DMA?
cry harder peasant@@MEMUNDOLOL
@@MEMUNDOLOL sry, too old.
@@MEMUNDOLOL lmao :D
You can tell most compilers to do not optamilize?
If i was looking to make a hardware script cheat, would i need a driver to cover the arduino/usb shield? Or with the right configuration it wouldn’t be detected the anti cheat runs on the kernel and its EAC
Nicely put
The moment you explained DMA cheats my brain played the Giga Chad Music. XD
So how to secure a game from hooking common winapi functions from usermode and kernel mode ??
Very good video! Concise and easy to understand.
Why was 3A9 highlighted, @cazz?
I always find it crazy the lengths that people will go to just to feel good in a game
but do they if the game plays itself? I guess they can share it in cheaters forum but thats it.. they know they cannot play the gane
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
Hack a game..?NO, just want to play it on linux? YES
yes
It's extremely easy actually. All you need is some goddamn expensive ass software that nobody wants to share for free
Can u teach me how to make a menu just like the one on 1:13 minute
Hey I love the video and I have a question though on if this could work to bypass anti while playing on max Os? And if so how would I go about that.
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
Windows has an OS anti-virus/malware, is such a platform level solution something that could be done for anti-cheat? It seems inefficient to have all these separate ac solutions, and a platform solution wouldn’t come with the same security compromises that installing multiple kernel drivers does
So as Vanguard it has kernel anticheat. Powerfull as said in video.
Can you cover hypervisor cheats too? (Intel hyper-v )
Yes sir, I’ll make a video dedicated to hypervisors :)
@@cazz thanks!! 🤩
0:32, I got a youtube ad about this, skip, then you advertising it. They sure spent a lot of money on advertising...
Can you please make a video of basic making of ring 0 kernel driver for bypassing anti cheats
Question, does cheat developer target the anti-cheat itself, like patching the anti-cheat so it no longer work, or make it think that everything is working as intended. Wouldn't it be easier to cheat now that there's basically no anti-cheat.
If you could elaborate more on DMA, and recommend good hardware for beginners
The most effective anti-cheat is loving parents
Since the downfall of RaptorDMA, what is another good firmware option?
Is it possible by any chance that you show how to reverse engineering a save for console like ps4 or Xbox
Thank you.
Another video about DMA would be really interesting.
Very informative!
I understood nothing from this video but somehow this video was still entertaining
@@mahinsaniyan 🙏🙏🙏
so if the anticheat is kernal and so is the cheat what goes down?
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
I want to learn more about kernel drivers regarding game hacking. Can anyone recommend me what to read or what to explore?
how hard would it be to generate a faceit cheat? Is it very difficult? Just wondering.. thanks 👍🏼
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Future..
Now I actually understand. Thanks!
so DMA basically cant be deal with by anti-cheat forever, not just for now?
can you teach us how to make a hwid spoofer and bypass asus write Protication
Hey i am going to pick a university major and i cant decide between CE / CS what did you study personaly and well not directly but in which can i learn more of this subject (ethucal hacking mostly games)
I somehow read it as "how the software anti cheater bypasses job software" lmao