How Hackers Bypass Kernel Anti Cheat

Поділитися
Вставка
  • Опубліковано 20 лис 2024

КОМЕНТАРІ • 2,7 тис.

  • @Ryscu
    @Ryscu  4 місяці тому +212

    Check out 365Games here! ✅
    win.365games.net/Ryscu

    • @zengd8017
      @zengd8017 4 місяці тому +4

      You should talk about DMA's next

    • @Maski500
      @Maski500 4 місяці тому +16

      Erm, don't wanna

    • @teknixstuff
      @teknixstuff 4 місяці тому +9

      Stop with the sponsorblock bypasses!

    • @MacGuffin1
      @MacGuffin1 4 місяці тому

      Kernel AC is a complete waste of time (almost)PCs can never be fixed or patched(HW/FW Ppl wake the fuck up), if ur not playing on Xbox with crossplay off every SINGLE game you play will be 30-80% cheaters, it's just facts, has been this way for a long time and the whole NVIDIA #PCMASTERACE has sold everyone a lie and ruined the actual fun of gaming. Now there will be no safe-space, if you want an awesome video idea (no one is talking about.. idk why) but Microsoft/Activision are forcing people to play crossplay-on because they make more money from the higher account/microtransaction turn-over from the very occasional ban waves... The Xbox console is a work of art and purpose built around this exact problem: Locked Bootloader/Signed Code with actual real Kernel and Memory isolation.. For the first time in 12 or so years a kernel sploit was 'found' exactly the same time I started making a lot of noise about this (this exploit can never lead to cheating online, as the xbox engineers are the best in the world and everything has overlapping security) Playstation isn't too bad either, but they tend to do their patching by HW/SKU, one of the reasons they employ planned obsolescence...

    • @malzaharbeasttheone
      @malzaharbeasttheone 4 місяці тому +2

      Loved this

  • @alterranlongbow5067
    @alterranlongbow5067 4 місяці тому +5591

    "do you trust the developer of the game you're playing?"
    the entire league community: no but its not gonna stop us

    • @maciejmalewicz9123
      @maciejmalewicz9123 4 місяці тому +170

      the genral consensus is that people have your data anyways + your data is not important and not worth the risk for them

    • @supershid464
      @supershid464 4 місяці тому

      @@maciejmalewicz9123 it's not the data though, it's an anticheat that runs 24/7 through which anyone malicious can get literally everything. One vulnerability and it's over

    • @magicalnoodles
      @magicalnoodles 4 місяці тому +362

      Idk about others, but I did stop playing. People really undervalue how much data they generate, and how much can be gained from it. A better solution for Riot would have been to only require the anti-cheat in platnum+ lobbies. Cuz realistically, ppl below this LP score aren't gonna be able to get far with cheating anyway. Even if they climb to plat and above, the cheat gets detected, and that's that.
      By forcing all LoL players to intall kernel level chinese spyware, it's really hard to earn the trust of the playerbase.

    • @meerpirat3418
      @meerpirat3418 4 місяці тому +255

      it stopped me. I will not install Chinese Kernel Level spyware.
      And tbh League is not worth it.
      the fun thing is on mac you don't have to deal with that Vanguard BS.

    • @meerpirat3418
      @meerpirat3418 4 місяці тому

      and regarding Code Quality of Rito Code i will just say: ૮ - ﻌ • ა

  • @vert2048
    @vert2048 4 місяці тому +1667

    Dude I didn't expect a whole documentary, this is sick

    • @shedblood1645
      @shedblood1645 4 місяці тому +3

      He has alot of them, why wouldn’t it be?

    • @vert2048
      @vert2048 4 місяці тому +11

      @@shedblood1645 Huh, good point. I hadn't realized but I haven't watched/been recommended a Ryscu video in over 6 months when he did shorter videos.
      Glad to know I have several more high-quality videos like this to go back to :)

    • @Margen67
      @Margen67 4 місяці тому

      birb

    • @Twisted_Code
      @Twisted_Code 4 місяці тому +1

      TBH the fact that all of UA-cam isn't quality Edutainment like this disappoints me. I really like learning things, and doing so in 20 minute intervals is quite convenient. Fortunately, UA-cam algorithm (for all its flaws, including some that make it feel a bit like a miniature Vanguard due to loss of privacy) makes it pretty easy to find more of what I'm genuinely interested in. It's hard to hate the algorithm if it works, even if I hate how it works.

    • @SioxerNikita
      @SioxerNikita 4 місяці тому +1

      This is not a "whole documentary", it is a video essay. A "whole documentary" would be about the whole 1½ hours....
      It is frankly in-depth enough to be called a documentary though, but doesn't have the length... otherwise you could call any few minutes long video talking about a subject a "documentary".

  • @PopeMical
    @PopeMical 4 місяці тому +3472

    You know normally I hate kernal level anti-cheat, but maybe I should thank Vanguard for making me quit my 8 year league addiction...

    • @BoredCoat
      @BoredCoat 4 місяці тому +197

      This right there. Literally me

    • @asdfbeau
      @asdfbeau 4 місяці тому +90

      kernel-level ac is everywhere now- you're going to have a hard time playing anything.

    • @popopapi
      @popopapi 4 місяці тому +66

      so true lmao vanguard coming to league finally pushed me to quit

    • @PopeMical
      @PopeMical 4 місяці тому +204

      @@asdfbeau While partially true, it actually has been relatively easy for me to completely avoid it with the type of games I specifically enjoy.
      Also it's a minor difference but I do dislike Vanguard a lot more for requiring boot on startup and not just game launch. That small annoyance will likely keep me away from League specifically even if I do end up installing a game with say current EasyAntiCheat.

    • @CrunkNuts
      @CrunkNuts 4 місяці тому

      ​@@PopeMicalit has to be run at start up to load before user level stuff. You can't have a kernel level anticheat that starts when you open the game.

  • @Alcaline-hu2vu
    @Alcaline-hu2vu 4 місяці тому +404

    Allat just for most games to still be full of hackers
    Vanguard classifies people trying to play on Linux as hackers more often than it does actual hackers, basically because Linux doesn't just let people start writing shit to the kernel because that's stupid
    Also, having Vanguard boot up on startup, you know that kinda sounds like a virus

    • @Coconut-219
      @Coconut-219 4 місяці тому +59

      It's like the same hell-worthy development sin as every single phone application which magically decides to not work if you don't allow it to access microphone and GPS at all times for no reason.

    • @jfbeam
      @jfbeam 4 місяці тому +10

      Actually, it's pretty trivial to mess with kernel memory in linux. There are ways to be 100% invisible, too.

    • @BlancheOmori
      @BlancheOmori 4 місяці тому +25

      I mean League really barely has any scripters left and Valorant also has barely any cheaters
      Vanguard classifies 'Linux players' as cheaters because they are actively bypassing the anti-cheat requirements to play the game, they don't allow for League or Valorant to be played on Linux because they can't attest to the sanity of the OS it's on
      This video is full of misinformation but at *least* the part where he explains how Vanguard needs to be an UEFI RT Driver to sanitize the entire OS and it's APIs is correct

    • @SteveSunny
      @SteveSunny 4 місяці тому +1

      @@BlancheOmori You're probably one of the few people who actually knows what they're talking about int his entire comments section lol. Do you think the vanguard outrage over overdrawn?

    • @BlancheOmori
      @BlancheOmori 4 місяці тому +17

      @@SteveSunny Eh I think a tiny portion of the outrage is warranted, Riot isn't known to ship the best software out there and I completely understand the stability concerns
      Privacy wise though, they have to abide by US/EU laws, while it doesn't completely prevent them from breaking them there's a risk/benefit ratio here so bad for them that's it's not even close to being worth it
      Also all the 'omg but it's a security risk!!!' stuff is blatantly wrong, if anything vgk.sys is the most heavily protected driver on your machine, and you probably have anywhere between 80 to like 300 WDF/KMDF running on your system at all time so like...
      On the other hand, people have been complaining so much about scripts/botted accounts, and realistically going kernel is the only long-term solution to these problems

  • @hiiver436
    @hiiver436 4 місяці тому +144

    I've stopped playing league after implementing vanguard (linux user) and holy shit, my life got better from that point. I will never return to league

    • @Stormlywing
      @Stormlywing 3 місяці тому

      is only made for giving them full access over your PC as you play ( you know the thing that every game ask for admin rights like is takes a driver to install is the problem where did it get the driver from than because is never installed locally
      Kernel Anti Cheat ( Admin rights ) - this made fun for people who are easy to trick into thinking they playing the game and return Malware that coverup as a anti-cheat
      Not like everyone got administrator rights when to play their game that needs it

    • @anapple6912
      @anapple6912 3 місяці тому

      thats pretty funny not gonna lie

  • @rekscoper
    @rekscoper 4 місяці тому +1472

    Honestly with how many more people make cheats vs employees making anticheat, i dont think it will ever be possible to make an uninvasive anticheat that has no workaround, one of my favourite bits of real life lore was when ubisoft (i think it was them at least) put new anti piracy measures in and the guy who cracked it left a note file in his pirated version of the game saying something like "good job with all those months of development, it made my team take about 7 minutes longer to pirate"
    Cheaters will always find a way, no matter what

    • @TKDMwastaken
      @TKDMwastaken 4 місяці тому +172

      only way is hardware lockdown. Standardised hardware like consoles. But then consoles will be a target. beacuse with freedom of PC comes freedom of executing whatever code we want. if they start detecting DMA there will be DMA boards mascarding as GPUs or other normal PCI-E devices. nothing you can do about short of total hardware lockdown (with 100% patched devices so if something is exploited then EVERYONE needs to update). But ppl will start soldering wires and running linux on it as soon as they can like ppl do with everything.
      Only thing that can prevent that would be Streaming like Stadia.

    • @rekscoper
      @rekscoper 4 місяці тому +113

      @@TKDMwastaken like i said, there can never be an unbeatable anticheat that is unintrusive. People will always inevitably find a weakness or exploit, unless you can somehow stop them from even starting up a cheat or having basic freedoms on their system and its hardware

    • @mityab20
      @mityab20 4 місяці тому +40

      @@rekscoper honestly anti cheats aren’t meant to be uninvasive not like they could. Cybersecurity is an eternal cat and mouse game where one side always try’s to outsmart the other if that makes sense. In my opinion (while I hate kernel level anti cheats) vanguard is essentially the perfect anticheat, it has made cheating such a massive pain the ass that 99.99% wouldn’t bother. Yes there are 100% ways to get around it but I think cheats that use pci-e cards were like the last frontier where it wasn’t insanely difficult to setup. While I never messed around with vanguard so I’m not super sure what exactly it does I would assume now that they can detect hardware level cheats you probably need highly specialized hardware to get around it. While spoofing something like a pci-e card is definitely possible to hide what it’s truly doing or what it really is to do it on the hardware level is no easy task. Anyway I rambled on for too long I just wanna say that while it’s not uninvasive the cheats that could bypass it would either require you to have a deep understanding of how computers function to do it yourself or require you to pay a whole lotta money to somebody who does because I doubt it can be as easily mass spread as normal pci-e hacks.

    • @laersonverissimo1715
      @laersonverissimo1715 4 місяці тому +14

      There’s an easy solution: Confidential computing.
      Using stuff like SGX from Intel CPUs to make data impossible to read from unauthorized applications.

    • @LegioXXI
      @LegioXXI 4 місяці тому +68

      @@TKDMwastaken "only way is hardware lockdown. "
      This already exists, it's called "Mac".
      Hardware cheating is also a thing where a camera or HDMI-grabber gets the visual information and moves the mouse (or controller) mechanically. While it's not as effective as software cheats and limited to specific game genres where reflexes matter, it's basically undetectable and completely independent from the gaming hardware and software. PC, Mac, console - nothing matters. Even game-streaming can't prevent that since all this cheat system needs is the visual information, which is what you also need as a legitimate player.
      If a cheater has enough money to buy stuff like that, he will always get the upper hand.
      No matter how much spyware the game devs force onto their clients.

  • @SleepyFen
    @SleepyFen 4 місяці тому +383

    A correction for 2:40 - the cheat shown with Flash having zero cooldown was possible not because of cheating software, but because runes and masteries used to be saved locally on your PC, allowing people to open those files with a text editor and sink 30 mastery points into summoner spell cooldown reduction. This exploit was fixed by moving runes and masteries to be stored server-side.

    • @MaakaSakuranbo
      @MaakaSakuranbo 4 місяці тому +55

      And this is why the argument of "Devs neeeeeed anticheat!!!" is dumb. Server-side verification and such will catch a lot of things. They just want to save on server costs though, since it owuld be expensive to avoid wallhacks (i.e. you'd have to only send player positions the player can see, so you'd have to check for that on the server)

    • @SleepyFen
      @SleepyFen 4 місяці тому +20

      @@MaakaSakuranbo anticheat is still necessary for a lot of reasons, but I'm just pointing out some misrepresentation.

    • @thechugg4372
      @thechugg4372 4 місяці тому +10

      @@MaakaSakuranbo the more shit you put server side the harder the game to preserve (or modify for the community)

    • @MaakaSakuranbo
      @MaakaSakuranbo 4 місяці тому +5

      ​@@thechugg4372 Okay?
      Strange line of argument really, since it's not like it's "easy" exactly even with games that don't do that.
      If you don't have the server software anyway (for preservation), then you need to write some. So if you don't want client anticheat that doesnt' get updated anymore and is basically useless anyway, you'd need serverside checks or your own anticheat to begin with.
      If you have the software, I don't see the issue.
      And removing anticheat from the client in case you want to go that route instead also has its challenges depending on how the game implements it

    • @illuminoeye_gaming
      @illuminoeye_gaming 4 місяці тому +2

      @@MaakaSakuranbo and aimbot?

  • @morosov4595
    @morosov4595 4 місяці тому +1042

    DMA users have been caught only because they all used the same driver for their DMA cards. In order to hide the DMA card, it pretends to be a network card, but Vanguard just banned every user that used that one network card. Those who used different drivers (not many) for their DMA didn't get banned.
    Edit: Yes that means legit users of that network card did get banned. But when was the last time Riot cared.

    • @meneldal
      @meneldal 4 місяці тому +115

      Yeah as long as you do the spoofing right there's no way they can ban you. And there are still so many ways to spoof stuff.
      Also I can't believe they can't just not send all the info that DMA exploits use in the first place, you'd remove so much cheating with that. Why send the enemy position data in the first place?
      Also, I'm surprised there aren't some fun tricks where you MITM your own connection to get the packets on another computer and analyse that.

    • @morosov4595
      @morosov4595 4 місяці тому +92

      ​@@meneldal They already do not send the data they don't need.
      League only sends the data about champions that are close to the edge fog of war. They can't do the same with Valorant, as there is no fog of war in that game. And if they tried to calculate what does a player see for 10 players per match, the servers would explode.

    • @nerd_nato564
      @nerd_nato564 4 місяці тому

      ​@@morosov4595Why not just use a system similar to Source's rooms? Draw a line between two players, and if they're not in view just don't send the data. It can't be that expensive in terms of performance.

    • @KeinNiemand
      @KeinNiemand 4 місяці тому +30

      what if somone used that network card legitamtley as a network card

    • @Resetium
      @Resetium 4 місяці тому +59

      ​@@meneldalHonestly if you can MITM yourself with a second computer in order to cheat, you really should get yourself some six figure job working network security at that point. Your skills will be put to better use.

  • @Rajala1404_y
    @Rajala1404_y 4 місяці тому +21

    Client side anti cheat isn't even crucial because Server Side Anti Cheat is way better and can't be just killed or disabled. For example if you want to prevent players from looking through walls just don't send the other Players Position if there not visible or if you have a speed hack the server could just check if this is even possible and just don't let you. Minecraft is a good example because almost all Minecraft Anti Cheats are Server Side, and they work without needing any Client modifications

    • @DiscordCriminal
      @DiscordCriminal 2 місяці тому +1

      So no more bullet penetration ? No more UAV?

    • @samleevideos
      @samleevideos 2 місяці тому +3

      I see this comment about server side AC all the time and it's always the same problems.
      For example, Valorant does have a system to send a 0,0,0 position of opponents not on the player's screen called Fog of War, but it can't just do a simple visibility check because if a player swings a corner, the enemy will just materialize on screen out of nowhere because of latency, therefore you need to be somewhat generous with when a player's position is sent.
      Then there are cheats which are purely "read-only" like Wall Hacks. Server-side AC cannot detect these because they need to look for known cheat binaries or do heuristic analysis which require a program on the player's computer -- unless you can develop a server-side neural network which can detect the very subtle behavior changes of a player who has these advantages.

    • @dreamy97836
      @dreamy97836 Місяць тому

      @@DiscordCriminal Hit detection is done on the server too, client doesn't need positional data for bullet penetration to work. UAV is radar if I remember correctly, so only X and Y coordinates are needed not Z, and those can just be sent when UAV is active not at all times.

    • @dreamy97836
      @dreamy97836 Місяць тому

      @@samleevideos Those same problems exist for client-side anticheat since it is easily bypassed, and only getting easier as time goes on with AI advancements. Server side AI detection using subtle behavior like you said but that's never gonna be 100% effective either without creating a lot of false positives. A 100% effective solution is never gonna exist, the best thing to do is keep as much server side as possible and have non-intrusive anticheat client sided to stop casual cheaters. Intrusive anticheat doesn't do much to lower the cheating numbers, only perceived cheating numbers, it's a placebo at best. You could be playing against a really good player in CS2 and a lot of people will be quick to assume he's cheating, and those same people could be playing against a subtle cheater in valorant and will assume he must just be a good player. This is the main benefit developers get from intrusive anticheat, it's perceived to be more effective than it is. Meanwhile if you actually look into cheating communities the user counts between those two games is relatively similar.
      Personally I think anticheat is a red herring any way, I think the real reason cheating has become so prevalent is because games have a much weaker community nowadays due to matchmaking, there's too much anonymity, you might as well be playing against bots. There's no more community servers where you play with the same couple dozen people every day and have a reputation to keep up. You can cheat and ruin someones day and it will have zero impact on you because you will never run into that person again. As OP said Minecraft is a good example, but not because cheating is hard in it; there are completely undetectable AI cheats that will gather any resources for you, but it's not a big issue because most people just play with friends or on community servers with moderation that takes care of those. Of course that isn't viable for every game and matchmaking is very convenient for FPS games like Valorant and CS, and community servers have their own issues like power hungry admins, but I feel like there should be some middle ground solution that's still convenient but brings back some sense of community to these games.

  • @D0Samp
    @D0Samp 4 місяці тому +25

    Even with (some) PCIe cards out of the picture, there's still so many possible avenues to get memory access, like DMA via Thunderbolt, stealth VMs that obscure their identity and hypothetically SMM if you are able to get in on the hardware OEM's level (which would sit even deeper than UEFI malware). Failing that, your second cheating PC still could act on the video feed to give you super-human reflexes, combined with a modded physical mouse.

    • @sunbleachedangel
      @sunbleachedangel 4 місяці тому +3

      that's why I don't really bother with competitive online games

  • @Rivalrvn
    @Rivalrvn 4 місяці тому +4392

    Bros videos are an artform now

    • @oussemabentaher2983
      @oussemabentaher2983 4 місяці тому +40

      Learn from bro

    • @tudorique24
      @tudorique24 4 місяці тому +9

      your videos are high quality aswell

    • @Yobamos
      @Yobamos 4 місяці тому +34

      You two aren’t fooling anyone we know you’re the same person

    • @dashyz3293
      @dashyz3293 4 місяці тому +4

      you 2 are different people?

    • @egg-mv7ef
      @egg-mv7ef 4 місяці тому +9

      glazing someone for divulging basic ass information with 1337 super hacker videoclips in the background is crazy

  • @Sin1234Nombre
    @Sin1234Nombre 4 місяці тому +986

    For the last question: no, I don't trust Riot and Tencent with my information

  • @shanematthews1985
    @shanematthews1985 4 місяці тому +591

    Do i trust riot games with a kernel level driver?
    Having seen the shitshow that is the league client for 13 seasons, the shitshow that is the league API and the general decline in QA quality since they laid off a bunch of staff, the answer is
    Fuck No
    This was the straw that broke the camels back and what drove me away from league, been league free since vanguard was added and i don't regret that decision for even a second

    • @JordaanM
      @JordaanM 4 місяці тому +21

      I'm in the same boat. I ended up installing and Android App player for Windows so I could play TFT with friends again, but I'm gonna be miffed if Vanguard is required for 2XKO as well.

    • @rainchopper898
      @rainchopper898 4 місяці тому +9

      dota 2 is good if u want a replacement
      and ur data is safe w/ volvo

    • @shanematthews1985
      @shanematthews1985 4 місяці тому +7

      @@JordaanM Oh its almost a guarantee that it will use it, its safe to assume that any of their online games going forward will probably use it

    • @tommyfanzfloppydisk
      @tommyfanzfloppydisk 4 місяці тому

      same here, maybe i'll come back to league once i got enough money to buy a pc merely for that and other games. they'll get their own special house.

    • @JordaanM
      @JordaanM 4 місяці тому +1

      @@tommyfanzfloppydisk I've considered doing that as well, just having my 8 year old PC as a dedicated Rito box.
      Good thing league runs on a toaster.

  • @druffel46
    @druffel46 4 місяці тому +91

    2 Weeks later Crowdstrike killed half the internet. The irony :D

    • @lumikarhu
      @lumikarhu 3 місяці тому

      the irony is that if CS goes bankrupt i can assure you massive attack waves will start happening. It is the only EDR solution that can fight my malware and (most of the time i'd say) win. Now imagine the world using something even a little bit worse. CS dun goofd but their solution is #1 on the market :-) can't wait for these bigger paychecks if cs sunks down

  • @blueparagongamer9498
    @blueparagongamer9498 4 місяці тому +26

    4:43 - lol that just recently happened with Crowdstrike

    • @HTRAD-sc9dm
      @HTRAD-sc9dm 2 місяці тому +1

      Daaaaamn it has been 2 months

  • @matthewdavis3421
    @matthewdavis3421 4 місяці тому +454

    The question of balancing user privacy with game integrity is one that developers are simply going to ignore, forever, until large enough percentages of their games' player base collectively boycott the game. As it is, this question won't even appear on their radar of concerns.

    • @jost_ae
      @jost_ae 4 місяці тому +3

      I personally don’t care at all about privacy on my computer as long as the reason I risk it is working but as of right now vanguard cannot efficiently detected dma cards that are sighted I think the only way to lose cheater completely is using a ai anticheat that can scan for unnatural movement and keep a data base of you play style as an alternative to hwid band.

    • @johanestebanramirezbarrios1411
      @johanestebanramirezbarrios1411 4 місяці тому +2

      they are not ignoring that, because we have rights that they cant ignore, and they still always fixing problems with vanguard

    • @ДюсековИльяс
      @ДюсековИльяс 4 місяці тому +27

      ​@@jost_ae it literally does detect dma cards... It's even in this video

    • @jost_ae
      @jost_ae 4 місяці тому

      @@ДюсековИльяс it detects normals dma card I’m a bit more deep in cheating what cheaters nowadays do is sign custom firmware to there dma cards so vanguard thinks it’s a real device and there is nothing really vanguard can do about this accept making a list of the firmwares but that’s hard bc cheaters are just buying 1/1 firmwares and staying fully undetected

    • @soundspark
      @soundspark 4 місяці тому

      @@ДюсековИльяс Doesn't a DMA card have to enumerate itself into the system to even work?

  • @itchylol742
    @itchylol742 4 місяці тому +410

    the endgame for cheaters is having a robot with a camera pointed at the monitor and using mechanical hands to press buttons on the keyboard and move the mouse around, and the endgame for anti cheat is either AI that just bans people for looking sus, or having thousands of human moderators review replays and ban people for looking sus

    • @qlx-i
      @qlx-i 4 місяці тому +99

      The problem being, the best cheat is essentially indistinguishable from a good player. And the error margin is much wider than the cheat accuracy.
      This nicely flows into philosophy. Being optimized is the direct opposite of being random. It is being predictable. It means the lack of character. And we already saw that. We saw a chess GM pre-moving the entire game and auto-mating another GM.
      There are few perfectly good plays. There are few perfectly bad plays. And there are much more random plays that average somewhere in-between. A player that trained a near-perfect aim is not much different from a neural network sitting on a PC doing the same. And a trained neural network is no different to a written algorithm. Being good means to sacrifice personality and the lack of personality makes to entities indistinguishable.

    • @user-qq4dh3rk3u
      @user-qq4dh3rk3u 4 місяці тому +8

      ​@@qlx-i If a neural network always does the best move in each scenarios (or what it thinks is the best move) then it may be possible to detect. For example, it might rush A first all the time on Ascent or buy the same guns. With enough of these events tracked by Riot they could use probability to detect people using neural networks. Of course you could add some variability into the input to make the output more variable, but this would also decrease the strength because it will no longer be doing the "best" move. Maybe a manual algorithm to move from the start and then a neural network takes over in order to mitigate these predictable events?

    • @konstantinsotov6251
      @konstantinsotov6251 4 місяці тому +13

      being able to almost always choose the best move is basically a definition of skill. And AIs are random, they are not like chess bots that have deterministic algorithm to follow, their approximation of "good"ness of a move is dependant on random factor, thus they will be making mistakes to some extent, like humans. Maybe not mistakes, but at least not taking the best move is very possible

    • @lainverse
      @lainverse 4 місяці тому +6

      I heard there's already server-side AI-based anti-cheat in development (no idea is it actively used anywhere) based solely on behavior detection. So, yes, it literally detects sus players. We are at this stage already or will be quite soon. Furthermore, it learns from your previous inputs, so it should be able to detect when you start using a cheat since behavior will change noticeably enough.
      So, next phase are cheats that learn from your inputs and start gradually add on top of them over time, I guess. So, they won't even do anything for a while... and the cheater may legitimately learn to play the game in the process. XD

    • @rico4.700
      @rico4.700 4 місяці тому +7

      "having thousands of human moderators review replays and ban people for looking sus" valve overwatch in a nutshell lol

  • @RocoPwnage
    @RocoPwnage 4 місяці тому +630

    Anticheat was never about making cheating literally impossible, just enough of a pain in the ass that most people won't bother, and those who do can be caught manually.

    • @crashniels
      @crashniels 4 місяці тому +115

      Yeah it just deters the "casual" cheaters. Professionals still have their ways

    • @user-tq3cn9ct2e
      @user-tq3cn9ct2e 4 місяці тому +51

      ​@@crashniels thats why a good game would have anti cheat and moderators i think. Not everything can be automated.

    • @pineappleenjoyer9297
      @pineappleenjoyer9297 4 місяці тому

      Its frightening how naive you non IT people are.
      You‘re literally downloading a rootkit that can spy on you without you ever having the slightest knowledge. Just wait till a RCE is found, gl.

    • @GdBearman
      @GdBearman 4 місяці тому +39

      And in the end, nothing happens to the cheater, they just move a level and the regular consumer suffers the consequences. I'd make this shit illegal.

    • @mikeybayne7985
      @mikeybayne7985 4 місяці тому +43

      @@GdBearman my man... Less cheaters is good last time I checked...

  • @MistyStarStrike
    @MistyStarStrike 4 місяці тому +6

    Really enjoying these video essay-styled videos, man. They're always such a damn good watch

  • @sido6587
    @sido6587 26 днів тому

    I remember watching these videos when I was just starting my career in IT. After a few years I got into the malware development world and now I have a new appreciation for the quality and information. Thank you and good speed

  • @Hylofear
    @Hylofear 4 місяці тому +833

    Hearing the compilation of cheater screams was music to my ears

    • @PiFsc2
      @PiFsc2 4 місяці тому +8

      Timestamp? :D

    • @dhimitrinano2276
      @dhimitrinano2276 4 місяці тому +21

      @@PiFsc2 17:20

    • @ascend2046
      @ascend2046 4 місяці тому +24

      bro sounded like shaco

    • @johanestebanramirezbarrios1411
      @johanestebanramirezbarrios1411 4 місяці тому +2

      @@PiFsc2 17:10

    • @asdf0747
      @asdf0747 4 місяці тому +33

      lmao it's just one person who recorded it. The fact is that majority of the population hates privacy violation and probably quit. Those who stayed are helpless addicts who can't get off the game. also, the cheat developers probably adapted quickly, probably figured out vanguard's code from valorant, which makes the release on LOL even more unjustified.

  • @MrAntiKnowledge
    @MrAntiKnowledge 4 місяці тому +341

    Honestly I repect the bravery of people who played League for more than a couple games and decided
    that's the company they trust to not (intentionally or unintentionally) fuck up their system with Kernel level software.

    • @FunctionallyLiteratePerson
      @FunctionallyLiteratePerson 4 місяці тому +34

      Most dont know/understand, and the rest are more apathetic than brave

    • @venkaramon
      @venkaramon 4 місяці тому +4

      Vanguard has been on Valorant for years. How many systems has it fucked up there?

    • @ivan19119
      @ivan19119 4 місяці тому +27

      @@venkaramon quite a few some stopped working and others had massive preformance issues after installing it

    • @w花b
      @w花b 4 місяці тому +9

      ​@@FunctionallyLiteratePerson you're right. I've met a lot of league players and they're either insane (like constantly on caffeine) or apathetic.

    • @yGKeKe
      @yGKeKe 4 місяці тому +17

      Brother, people have been playing games with kernel level software for over two decades. No one bitched about VAC or EAC. Most people don't complain about nGuard or any of the other plethora of kernel level anti-cheats from various Chinese companies. It's cringe AF that people suddenly care about kernel anti-cheats more than 20 years later.

  • @LMD100797
    @LMD100797 4 місяці тому +15

    Bro, the animation, the sound effect usage, to the utilization of abrupt breaks and silence is phenomenal.
    Just want to let you know your editing earned you a sub, I will try my best to learn about video planning and editing from your videos from now on, and your content is really cool too!

  • @sarahstark2953
    @sarahstark2953 4 місяці тому +1

    can i just say how well this video seems organized, and how the graphics and explanations provided make this really easy for even non-computer people to understand. great video!

  • @G0LD3NR0D
    @G0LD3NR0D 4 місяці тому +30

    This is why I have been telling my friends for years that serverside anticheat is the future. Kernel level anti cheat is basically an attack vector waiting to be used, because all it takes is an exploit in one and boom, not only can a cheater break the anticheat, but cybercriminals can use it to deploy malware payloads, utilize privilege escalation exploits, etc. Serverside anticheat on the other hand, doesn't run locally and hackers can't even gain black box access to it. Plus, it can be continually refined without cheaters gaining access to it. On top of that, small, specialized AI can be built in order to create and refine heuristics that allow for catching cheaters that otherwise appear to be just skilled at the game when they're really just skilled at toggling their cheats to blend in their cheating with legitimate gameplay. It's probably the best way to win the war against cheaters. Cheaters vs developers will remain a cat and mouse game, but it will give developers a significant advantage in fighting back against cheating.

    • @OCovilDoMarcos
      @OCovilDoMarcos 4 місяці тому +8

      Server side anticheat has been something that was implemented a lot in the past (Hell VAC has been around since 2002, it's nothing new). The only one that still stands today to my knowledge is Steam's VAC and if you ask anyone about cheaters in valve games you'll see that everyone complains about it, since serverside needs time to compile a databank on a specific player and then analyze it afterwards it has to be sure false positives don't happen (It's also why they implemented the overwatch system on the games, because it couldn't reach high levels on confidence on specific cases, so those cases that were suspicious but not enough to be bopped by VAC got delegated to trusted players with high overwatch scores)
      Given this model takes weeks to months in order to get enough data to guarantee that the ban is not a false positive, cheaters go on to ruin a considerable amount of games before they actually get banned from the system.
      It has very open and specific weaknesses, most people who cheat in CS2 already knows they'll get bopped in two weeks or a month or so, they really don't care about that it's that free time they get that gets them going, they don't want to win and they don't care about losing money on new accounts they just want to ruin games because it's how they get their kicks.

    • @0x204
      @0x204 16 днів тому

      trust me dude this not going to make it impossible, bypasses will happen and it will be exploited its only matter of time until new cheat arrive ( i am not cheater btw but ik what i am saying)

    • @G0LD3NR0D
      @G0LD3NR0D 16 днів тому

      @@0x204Can't create a bypass for an anticheat that you can't disassemble. You can infer the anticheat's behavior and create software that goes undetected, but that's not a bypass, that's flying under the radar and necessitates that cheat makers and sellers be more selective over who has access to their cheats, as the game devs can get access to the cheats, but the cheat makers can't gain access to the anticheat, so creating detection methods is a lot easier. It's also why games do bans in waves, they can't know if they're detected or not until a banwave hits. Serverside anticheat is significantly harder to exploit and you should know this if you're actually aware of what you're talking about. Throw in a game that's significantly more server authoritative, and now a lot of hacks become impossible without figuring out a way to purposefully send specifically crafted packets, and that can be caught by heuristics looking for packets indicative of incorrect program behavior by the game client.
      The TL;DR is that while it's not impossible, it becomes much, MUCH harder to develop cheats when there is no clientside anticheat to reverse engineer. And the few cheats that get through? Those can be caught if the game is configured with in depth player input telemetry and analytics in mind, especially for server authoritative games.

    • @G0LD3NR0D
      @G0LD3NR0D 16 днів тому

      @@OCovilDoMarcos Actually, VAC can detect cheats rather quickly, they just don't autoban zealously because that can provide info to cheat developers on what methods are already known by the anticheat, allowing them to rapidly iterate on their cheat software. banwaves exist for that reason, primarily.

    • @Max128ping
      @Max128ping 6 днів тому

      @@G0LD3NR0D yeah, but that what they're doing with Vanguard and Raven too. In fact, that's just industry standard.

  • @lainverse
    @lainverse 4 місяці тому +18

    Another method I heard about is to run cheat completely "offline", solely based on screen data to control the inputs. No special cards attached, no memory access, nothing. Cheats like this are really limited since what it can see on screen is all it has to work with, but still provide some advantage. As I know, the only way to detect such cheats is scanning for presence of inhuman reaction and impossibly smooth motions in input. As in, behavioral detection.

    • @meyers0781
      @meyers0781 4 місяці тому +6

      that would be a trigger for false positive.
      With virtualization and increasingly powerful system, i have an idea...
      game creates virtual machine for the session (like a virtual PC where the only app is the game and the supporting components), what happen in the game stay in the game, no cheating
      this will have another side effect of the game being playable on Linux (theoretically).

    • @fujinshu
      @fujinshu 4 місяці тому

      @@meyers0781 Yes, but much like kernel-level anticheats, there will always be a vulnerability waiting to be exploited, even when in a VM.
      It also reduces game performance, which isn't a big deal until you consider that many esports games are mostly run on lower-end hardware, which contributes to its mass-market appeal and popularity, and making the game run worse or even barring older PCs from playing because of virtualisation requirements may decrease the overall market share of the game. Just look at the number of Windows 11 users compared to Windows 10 due to TPM 2.0 requirements.

    • @sun3k
      @sun3k 4 місяці тому

      ​@@meyers0781if the player can do it legit, they can do it with cheats

    • @vablo-yt
      @vablo-yt 4 місяці тому +2

      How do they stop the Virtual Machines program memory from being manipulated? Hackers are very crafty and could easily manipulate the VM imo

    • @nirantali
      @nirantali 4 місяці тому +2

      The Next Level then gonna be additional mandatory Livecams in your Room that livestream (The Gamer, Screen, Keyboard, Mouse, back+front+sides and the inside of your PC and the rest of your room) while you play online. And during competitive sessions, there must always be two notarized observers to the left and right of the player. Anyone who has nothing to hide will certainly allow this, right? And anyone who doesn't allow it is automatically suspicious and probably a cheater.

  • @chaficchamchoum1469
    @chaficchamchoum1469 4 місяці тому +285

    You know when a creator cares about his viewers. This is one example.
    Loved it

    • @nadvic1797
      @nadvic1797 4 місяці тому +1

      And yet, i feel like he sided WAAY too much with Vanguard at the end. As if it banned 100 % of the cheaters?!?! Big lol...
      Surely, it will get rid of a good percentage with every banwave. VAC does the same. And then the cheaters creep back. Like they always do. There's nothing you can do about that.
      But at some point you'll have a retina scanner up against one of your eyes during the game, and an anal bead in your ass in order to measure its contractions during the game. How does that improve the community that consists of at least 10-20 % toxic players that ruin probably 90 % of solo q games?
      League has MUCH more issues than those few bots, that i personally have never noticed.
      But sure, Riot China was able to counteract cheaters way more effective, which is why they don't need Vanguard!
      Let's say it like that: i don't trust their nonintrusive anticheat measures until i've seen the asshole of every chinese player during gameplay.

  • @eleven5707
    @eleven5707 4 місяці тому +15

    DAMN, this longer video format is awesome, and the editing is amazing, keep it up!

  • @adiyn_
    @adiyn_ 18 днів тому

    was downloading stuff needed a video in the background, loved it

  • @hujumsec
    @hujumsec 3 місяці тому

    Information / explanation is pretty accurate and editing is beyond phenomenal.
    Well done.

  • @_Dearex_
    @_Dearex_ 4 місяці тому +36

    Only Addition I have to make: definetly not that good as memory access, but you can feed the Video singal to an external device and do Image recongition to implement aimbot/Auto trigger.
    At this point it is more like statistical analysis if you are cheating

    • @Mano-us7ct
      @Mano-us7ct 4 місяці тому +13

      Yes, that is true, and there is no reason to add any kernel level anti cheat, just monitor what players do in game, and use some ml algorithm to predict.
      But in modern days your main source of profit is usually data gathering.

    • @cewla3348
      @cewla3348 4 місяці тому +1

      @@Mano-us7ct if a game has demos, then almost everything but ESP can be detected very quickly with ml - if they're making insane, frame perfect flicks every shot, then that's silentaim. if their aim is completely locked onto someone's center of mass, then that's aimbot.

    • @LiEnby
      @LiEnby 4 місяці тому

      @@cewla3348 dropped packets: "lol get banned scrub"

    • @ougonce
      @ougonce 4 місяці тому +9

      @@cewla3348 What makes you think ML can’t be used to mimic human inputs to an undetectable, or at least plausible, degree?

    • @itsTyrion
      @itsTyrion 4 місяці тому

      @@Mano-us7ct ...you could gather all inputs, screen content, browser data, personal files, audio (in/out) with just the game or a user level anticheat service. you do not need Ring 0 for a lot of data grabbing on Windows.

  • @grcatm
    @grcatm 4 місяці тому +16

    I was just yesterday watching many videos like this one (hacking cia, cicada 3307, etc...) which I gained some proper interest in, and I stumbled upon your Vanguard video, and wondered "Wait, what happened to the guy that was in my recommended all the time?". Glad to have this mashup! I really like this video's style, keep it up

  • @FreedomRoseStein
    @FreedomRoseStein 4 місяці тому +97

    You know what's crazy. I clicked the video finished the video and then went, Wait hang on, THIS IS RYSCU? THE LEAGUE GUY? 💥Blown away mate, Excellent video

  • @KEROVSKI_
    @KEROVSKI_ 4 місяці тому +4

    Great video man, editing, story and the video/audio quality.

  • @sherrykda3511
    @sherrykda3511 4 місяці тому +6

    I like how he tries to give examples how you can trick Vanguard, but does so with the worst ones and the ones most easily detectable

    • @battokizu
      @battokizu 4 місяці тому +3

      remember he has to be nice to riot otherwise he'll lose his ad money and sponsorships.

    • @Bleiser3
      @Bleiser3 4 місяці тому

      As he said, he doesn't want to inspire anyone to cheat.

    • @battokizu
      @battokizu 4 місяці тому +1

      @@Bleiser3 He doesn't want to lose sponsorships, not that he cares about cheaters.

    • @octav7438
      @octav7438 4 місяці тому +4

      @@battokizu dma isn't detected either. all you need to do is just make your own driver, which skids have already learned how to do. Only issue with dma is the entry cost of buying an actual hardware device.

    • @丷
      @丷 4 місяці тому

      ​@@octav7438 DMA cheats don't use "drivers"...? guessing you're talking about firmware. valorant & faceit have already detected plenty of DMA firmware providers, only chance of staying undetected now is using a proper emulated firmware which is not easy to make, especially for "skids"

  • @atlas_carry
    @atlas_carry 4 місяці тому +84

    Side note on vanguard, riot recently added "in-game detection" where it pops up a message in game that says "CHEATER DETECTED", but they didn't actually implement any server-side detection for cheaters as they would have you think, all they've done is made it so that once your account is banned, if the account is in game at the time of banning it will terminate the match, and these bans are always delay bans from the first game injection being detected, but riot likes to let scripters play 10-20 games per account before ban to "obfuscate" the detection, but they will actively let someone script in your games and then pop up a "CHEATER DETECTED" message as if they've just discovered it to make you feel like theyve done something new

    • @deagle2yadome696
      @deagle2yadome696 4 місяці тому +2

      they’re one of the only games that hwid bans on first offense what more do you legits want?

    • @atlas_carry
      @atlas_carry 4 місяці тому

      @@deagle2yadome696 their hwid bans are shit any spoofer avoids them

    • @dakota9821
      @dakota9821 4 місяці тому

      @@deagle2yadome696 HWID bans are garbage; It's extremely easy to spoof.

    • @Cheato
      @Cheato 4 місяці тому

      @@deagle2yadome696 easily bypassable

    • @nerd_nato564
      @nerd_nato564 4 місяці тому +40

      Letting cheaters play for a while after they've been detected is good. It's why you do banwaves instead of banning immediately, so whenever developers try to figure out why they were caught, they get as few clues as possible.

  • @MyReXaR
    @MyReXaR 4 місяці тому +19

    I never knew you or your Group could do such an Amazing Edit. gotta say, nice editing Touch.

  • @RamenEnjoyer404
    @RamenEnjoyer404 4 місяці тому +19

    clean editing, tight script, and about an issue that is incredible important. Good job!

  • @Rokusu
    @Rokusu 4 місяці тому +1

    your editing has become so crazy good, you deserve all the views and likes you can get

  • @einargs
    @einargs 4 місяці тому +1

    Started watching this in the background, but the editing is so good I need to watch it with my full focus

  • @CJTallon
    @CJTallon 4 місяці тому +18

    watching the evolution of this channel has been great. this in depth reporting + extra focus on video doc feel has just been next level...

  • @chohsena627
    @chohsena627 4 місяці тому +5

    This was insanely interesting to watch and well edited as well. I enjoy these docu-series/deep dives.

  • @moderniselife
    @moderniselife 4 місяці тому +7

    These videos are amazing but I keep finding myself answering the questions before you give us the story and it breaks my heart because you’re an amazing story teller! I need to tell my brain to shut up haha

    • @hilkmeister1382
      @hilkmeister1382 4 місяці тому +3

      Nothing wrong with being informed about the subject

  • @feranks3211
    @feranks3211 4 місяці тому +1

    insane production value, keep up the great work!

  • @slendydie1267
    @slendydie1267 4 місяці тому +5

    Its true there are less hackers but I'd rather see them more often than have this invasive hazard on my PC

  • @zwingler
    @zwingler 4 місяці тому +164

    18:35 "do you trust the delevoper" ... Riot ??? xD Suuuuuuuuuuuuuuuuuuuure.

    • @kosmonauta577
      @kosmonauta577 4 місяці тому

      "Sureeeeee" Clueless

    • @baribari1000
      @baribari1000 4 місяці тому +4

      @@kosmonauta577 not "sureeeeee!", "suuuuuure..."

    • @stevejelly2782
      @stevejelly2782 4 місяці тому +2

      yeah trust me Xi Jinping won't know it xdd

    • @Stormlywing
      @Stormlywing 4 місяці тому

      They don't trust their players you know why would they ban players than just block them accessing the game join buttons
      because think if they pay lot of money for a hack in their background being used remotely

  • @DarkinWithin
    @DarkinWithin 4 місяці тому +6

    The editing on these is artful

  • @4bSix86f61
    @4bSix86f61 4 місяці тому +146

    I will not play any game with obligatory spyware.

    • @MaoRatto
      @MaoRatto 4 місяці тому +4

      This is why I don't blame any or much F2P games.

    • @MrAdeelAH
      @MrAdeelAH 4 місяці тому +9

      If valve copies this shit I officially quit cs2... The future of this stuff is probably AI. Anyone else remember that one server side ai anticheat demo that was like it's ai can detect any aimbot? What happened with that

    • @w1z4rd9
      @w1z4rd9 4 місяці тому +8

      You already do. It’s called your computer.

    • @4bSix86f61
      @4bSix86f61 4 місяці тому +1

      @@w1z4rd9 Debloated windows

    • @motiv8462
      @motiv8462 4 місяці тому +2

      So 90% of any new game along with your pc and phonei hope you follow what you say and throw your phone pc delete all your accounts and live in a mountain

  • @SnapWireOnlyOne
    @SnapWireOnlyOne 2 місяці тому +26

    Buddy you forgot about the CUDA driver and using it to inject into the memory :) btw DMA and arduino is not patched if you know how to code an anti debug and attach it to your driver you bypass vanguard anyway here u go for the leaks script kiddies enjoy bypassing them all :)

  • @Masterpouya
    @Masterpouya 4 місяці тому +5

    Amazing video here Ryscu ! Thanks a lot man!

  • @markandreikinkito8253
    @markandreikinkito8253 4 місяці тому +4

    the production is godlike and educational.

  • @CB-ls2xn
    @CB-ls2xn 4 місяці тому +14

    I don’t know if anyone else has this issue but my computer is always crashing to the blue screen of death but simply restarting moments later. After testing my entire computer to find some broken or corrupted parts i found nothing. After seeing other people having different types of issues with vanguard, I Later found out that is was Riots Vanguard Anti cheat that was causing my random crashing and simply uninstall it, I no longer has any more random crashes

    • @johanestebanramirezbarrios1411
      @johanestebanramirezbarrios1411 4 місяці тому +1

      windows 11 right?

    • @ViciousVinnyD
      @ViciousVinnyD 4 місяці тому +6

      Vanguard is likely causing your pc to crash. It's running at kernel-level priority, meaning this program *must* run and if it doesn't, windows shuts down immediately to prevent issues and starts over, aka a bluescreen.
      By installing vanguard you're effectively relying on it to not crash because if it does, so does your pc.
      If any of this sounds absurd it's because it really is. Kernel-level priority is meant exclusively for running critical tasks such as, you know, windows. Running anything else on this level is risky and should only be done if absolutely necessary. Running anti-cheat software for a video game at this level is both unstable and insecure.

    • @Waskomsause
      @Waskomsause 4 місяці тому

      @@johanestebanramirezbarrios1411 The same issue happens to a lot of Win 10 and win 11 PCs with Helldivers 2 and their anticheat, NProtect. The issue isn't the OS, it's legit a fault in the anticheat that detects windows drivers as cheat software. NProtect killed some VERY important sys32 programs for some people, or bricked their SSDs because it stopped the read/write software on the SSD itself. Shit is terrible, and Vanguard, while not as bad, likely STILL screws this up sometimes.

    • @lucasLSD
      @lucasLSD 4 місяці тому

      @@ViciousVinnyD Remember that we are only here, because the cheaters did this with software made by hackers just to win at some game.

    • @cin2110
      @cin2110 4 місяці тому

      Yeah it did that to my friend's pc looked at the crash logs it was vanguard, it was also stopping him from installing pirated games lol so he gave up on valorant and deleted it and no blue screens since.

  • @ThaPugster
    @ThaPugster 4 місяці тому

    genuinely one of the best videos ive ever watched on this platform, pure class

  • @deidara_8598
    @deidara_8598 4 місяці тому +4

    The very very simple fact is that what happens client-side, stays client-side, and is within full control of the user. As long as game logic is processed by the client, which it has to due to performance, there will be ways to cheat. In other words, no matter who hard developers try, a water-proof anti-cheat is literally impossible. The same with DRM.

    • @deidara_8598
      @deidara_8598 4 місяці тому +1

      At worst, a cheater could literally just write their own game client without the anti-cheat. Or patch the game client to not check for the precense of anti-cheat and thus be able to disable it altogether.

    • @OCovilDoMarcos
      @OCovilDoMarcos 4 місяці тому

      It's not about being 100% impossible to break, it's about being hard enough that most people won't.
      It's how denuvo won, denuvo might not be 100% secure which was proven that empress was still cracking some denuvo games even after everyone dropped, but it was so unbearable that only she was doing it and after she disappeared we can safely conclude that denuvo won the war against piracy. (obviously most publishers will drop denuvo after a year or two, all that matters is that the initial sales don't get disturbed)

  • @lzxty6024
    @lzxty6024 Місяць тому +4

    17:50 Man I'd love to work at an anticheat company, send out a banwave and just have a bunch of streams playing of people cheating getting banned. Live show

  • @SuperNuketown2025
    @SuperNuketown2025 4 місяці тому +36

    Tbh, a combo of hardware and kernel modules is probably the way to go in terms of cheating in basically 100% of games. DMA, rerouting input through a second PC instead of an arduino, and writing a custom driver to neuter anti-cheats would probably make it practically impossible for any anti-cheat to do literally anything about it. How’s riot gonna scan your PCIe port if it doesn’t know it exists because you hide it from its view during boot up?

    • @dahahaka
      @dahahaka 4 місяці тому +9

      Not only that, you can literally have dual firmware on one of those DMA devices and "act" as a real PCIe device during bootup for all Vanguard knows it's just a network card :D

    • @jhax
      @jhax 4 місяці тому +4

      They can still detect other factors such as this "custom driver", the way you map your driver, injected keyboard/mouse input, even the way the cheating software itself works e.g. attempting to override rotation. For DMA, you will need to emulate legitimate PCIe devices 1:1 as well as have valid drivers for them, otherwise the device will be blocked and no long able to send TLP packets for reading/writing. It's a constant cat & mouse game, and if you get banned, RIP your HWID. Time to fork out more money for a new motherboard, or TPM chip, finding a spoofer that actually works. But then maybe that spoofer eventually gets detected too.

    • @dahahaka
      @dahahaka 4 місяці тому +1

      @@jhax there is no unspoofable HWID, and "emulating" is relative, what I meant by emulating is you can literally just run the NIC firmware and they can't discern it from a normal NIC

    • @jhax
      @jhax 4 місяці тому

      @@dahahaka 99% of temp spoofers on the market are not working rn for Valorant. Only a couple of perma spoof methods that work reliably. Most people have to buy a new mobo or TPM chip, this is being realistic not pretending like everyone is some 999 IQ user who can bypass VGKs AC on their own. I currently have a ZDMA with firmware emulating as an Intel network card and with valid drivers, doing so is only enough for EAC/BE. It is still blocked on VGK. It requires more work than just copying the config space of another device.

    • @kugelblitz1557
      @kugelblitz1557 4 місяці тому +4

      The security risk of allowing kernel access isn't worth it for a game. There are very few ways to fix a malware attack from the kernel level short of formatting your drive and restoring it from a backup. You can write a program to be injected and be stored on a separate partition that boots first in the bios and essentially sits between the hardware and OS while hiding its partition from the system after the next reboot. That can log any input or output that goes to the OS that it wants, and send it to whoever you want. Without kernel level access, managing drive partitions without permission is hard. The only way you'd ever notice that is if you opened bios and checked your boot order. No antivirus is going to detect that your whole OS is running in a virtual environment with hardware inputs just being duplicated from the bare metal.

  • @thebyzocker
    @thebyzocker 4 місяці тому +5

    i knew pretty much all of this already but it was still entertaining to watch :D

  • @reidmock2165
    @reidmock2165 4 місяці тому +1

    I don't care about League of Legends. So I really liked how your video was a generalized documentary. I'll have to keep an eye out for more of this from your channel. Well done man

  • @maxdemontbron9720
    @maxdemontbron9720 Місяць тому

    Nice production quality. Thanks for making this video

  • @lukapogo
    @lukapogo 4 місяці тому +4

    “Ring 0 is the most privileged level of your system”
    Chris Domas has entered the chat

  • @jetzesmit2111
    @jetzesmit2111 4 місяці тому +4

    I really love this type of content. Really well done!

  • @aliceintera5131
    @aliceintera5131 4 місяці тому +9

    The video was interesting and well edited but what are the sources for this? Maybe I just missed them but I don't see them anywhere. So far, for those wanting to read more, I've found
    "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus" By: Ryan Soliven, Hitomi Kimura,
    "The inside story of the biggest hack in history" By: Jose Pagliery,
    "Hunting Vulnerable Kernel Drivers" By: Takahiro Haruyama,
    and some parts _might_ be sourced from "An In-Depth Look at Windows Kernel Threats" By: Sherif Magdy, Mahmoud Zohdy.

  • @Ipanienko
    @Ipanienko 4 місяці тому +2

    "Do you trust the developers of the game you are playing?"
    It’s not about trust for the developers. They will make mistakes and no amount of trust is going to change this. I don’t trust the bad actors who will exploit these mistakes.

    • @Ipanienko
      @Ipanienko 4 місяці тому

      Any software which doesn’t need to run in kernel space absolutely shouldn’t run in kernel space. It’s an agregious disregard of the users cyber security. Anticheat can absolutely run in user space.

  • @Vzduch2
    @Vzduch2 4 місяці тому +2

    As a compsci student, I still learned something new. Good to know it's possible to detect DMA. And I'm a lot more terrified now for the future of multiplayer gaming.

    • @eweer5398
      @eweer5398 4 місяці тому

      It was only detected due to most of DMA cheaters using the same (really) unpopular driver. Those who didn't are still free

    • @Vzduch2
      @Vzduch2 4 місяці тому

      Which is what makes me terrified. This arms race could leave most multiplayer games as an unplayable mess, because there is always a workaround, that can eventually be detected by punishing everyone with heavier security.

  • @HaveYouTriedGuillotines
    @HaveYouTriedGuillotines 4 місяці тому +60

    I will always be rooting for the cheat developers, because there's no way in hell I'm ever going to root for rootkit developers.
    Kernel level anti-cheat should frankly be illegal, and should be considered a form of malware.

    • @BinToss._.
      @BinToss._. 4 місяці тому +6

      If Secure Boot and TPM worked as advertised, then perhaps they could be leveraged for a standardized anti-cheat implementation.
      Unfortunately, these UEFI-level security systems-the latter being a Windows 11 requirement-are flawed, exploitable, and can be bypassed.

    • @superlad6684
      @superlad6684 4 місяці тому +14

      It's insane how many people are just fine with willingly downloading and installing literal rootkits on their PC because "it's from a big company, they surely won't let anything bad happen, right?" If they knew what can and will eventually happen when an exploit is found, they would remove it from their PC instantly. The second it happens you already know people are gonna be crying and shitting their pants as if they weren't told a million times that this IS going to happen eventually, it's not an if, it's a when.
      What's even worse is that Vanguard is now required to play LoL, one of the most played games in the world. It is going to be the biggest shit show ever when Riot fucks something up with Vanguard and someone finds a way to exploit it.

    • @randomnessnecesity9627
      @randomnessnecesity9627 4 місяці тому +8

      I especially hate the people who say “it’s no big deal, I don’t care snout my privacy/they have my information/I’m probably infected my something anyways”
      It’s like saying that your leg is already broken, so there’s no point in not jumping out the window to get to the ground floor.
      People need to realize that they should learn how devices and the internet work, and not just how to use them. I’m not paranoid just because I don’t want a company to be able to watch everything I do on my computer, and possibly open it for anybody to watch me.

    • @emperorborgpalpatine
      @emperorborgpalpatine 4 місяці тому

      ​@@randomnessnecesity9627
      it's not big deal, I don't care snout my privacy.

    • @kyuuujinnn9425
      @kyuuujinnn9425 4 місяці тому +4

      Imagine how bad your logic is that you cheer for malware and hate rootkit.

  • @ButterFromDiscord
    @ButterFromDiscord 4 місяці тому +12

    Imo nothing related to a video game should ever need to run on kernel level
    In fact nothing related to a video game should ever be allowed to restrict your usage of software they are not affiliated with (or even are)
    If you have to use a rootkit to protect your software, do not protect your software.

  • @ovencake523
    @ovencake523 4 місяці тому +5

    this is an incredible video and i have so many spinoff ideas from it
    like whats stopping a developer company for using that extreme level of invasive access for data collection?

    • @ovencake523
      @ovencake523 4 місяці тому +2

      oh wait he made a video about basically exactly that.

    • @Coconut-219
      @Coconut-219 4 місяці тому

      You're implying that there is a single company NOT doing that. 😂

    • @ovencake523
      @ovencake523 4 місяці тому +1

      @@Coconut-219 companies are using kernel lv anticheat for data collection?

    • @Unknown_Genius
      @Unknown_Genius 3 місяці тому

      @@ovencake523 nah, that you can't tell if someone is collecting data either way unless you constantly check for it - as you don't exactly need kernel level or admin rights for that to begin with.
      friendly reminder to the first rule of cyber security: trust no one - and yes, that pretty much means never having anything important on a PC/VM where you use programs that aren't absolutely necessary for the required tasks with those infos.
      it's why gaming on a seperate PC is pretty much recommended - and no, just having a user without admin rights isn't a guarantee of nothing happening, as a privilege escalation is always possible.
      Essentially: If you set up your gaming environment correctly and fully seperate it from important info it doesn't matter either way.

  • @obsolete9734
    @obsolete9734 2 місяці тому

    Your videos have such a high production quality! They remind me of disrupt or lemmino

  • @heetsoneji3694
    @heetsoneji3694 4 місяці тому

    You deserve more viewers for this work. keep it up man.

  • @eberlix
    @eberlix 4 місяці тому +5

    1:01 I'm just gonna answer that quickly for you guys: they're cheating!

  • @darkjackl999
    @darkjackl999 4 місяці тому +22

    I planned to initially uninstall when vanguard came out, but arena was so fun i decided to stick around for the update but after ~2 weeks i uninstalled because not only was i bored of the changes, but also even with me forcing it to not open on startup it was affecting my other games so i straight uninstalled it

  • @mx338
    @mx338 4 місяці тому +10

    You can avoid using third party drivers, by using linux, which has a monolithic kernel design. With very few exceptions every driver is part of the linux kernel codebase directly.

    • @brinza888
      @brinza888 4 місяці тому

      What about linux kernel modules?

    • @splicedbread
      @splicedbread 4 місяці тому

      @@brinza888 The simple answer for that is to require a distribution that has approved secure boot implementation, where it is a pain in the ass to get working signed KO modules that most do not bother to boot with secure boot, as historically it is microsoft who controls those keys.
      Linux offers a way for anti-cheat to exist, and honestly, has better ways of implementing anti-cheat without kernel level access but would require further development. This means more money towards the platform, which is unlikely to ever happen...

  • @ceadeusx
    @ceadeusx 4 місяці тому +1

    one of the few documentations that are pretty acurate on this subject. Really good video

  • @__vha
    @__vha 4 місяці тому

    I think everyone should watch this video, a lot of misconceptions about Kernel Anti Cheat going around and this is super informative and factual. This was a very well put together video.

  • @Makanoyasha
    @Makanoyasha 4 місяці тому +4

    Very well put together video, also accurate to the T. The video edits were very clean as well, transitions/positions/angles were very smooth. Have a great one.

  • @wigmanmania259
    @wigmanmania259 4 місяці тому +31

    I mean, that's cool and all, but how do I stop my mid from AFKing after feeding first blood?

    • @tyfyh622
      @tyfyh622 4 місяці тому +2

      lol

    • @tom_from_myspace
      @tom_from_myspace 4 місяці тому

      Just stop playing these games. Riot Games fucking sucks. Fuck this company. See VideogameDunkey about his ban few years ago for example.

    • @thecipher8495
      @thecipher8495 4 місяці тому +2

      You got to kernel access them so you can play in their PC, simple as that.

  • @FOGoticus
    @FOGoticus 4 місяці тому +13

    That kid almost crying when he got banned live in valorant had me smiling ear to ear.

    • @CookyMonzta
      @CookyMonzta 3 місяці тому

      He's lucky he only got flagged and banned, and that flag didn't _BRICK_ his machine! ☠️

    • @FOGoticus
      @FOGoticus 3 місяці тому +2

      @@CookyMonzta That would be an instant lawsuit lol. No bans will ever brick pcs.

  • @yungren.
    @yungren. 4 місяці тому

    You made seemingly complex ideas actually digestible and easy to understand, kudos to you!

  • @ivangarcia3456
    @ivangarcia3456 4 місяці тому +1

    Such an amazing video, great edition and amazing summary of all the things that are involved in an anticheat. Congratulations

  • @koshkamatew
    @koshkamatew 4 місяці тому +36

    4:44 oh so that's why valorant keeps bluescreening my pc like its a daily routine

    • @sfnsansub
      @sfnsansub 4 місяці тому +2

      ITs because of faulty RAM you had, atleast for me, I had upgraded my RAM from 8 to 16 and at first only the valorant seems to get crashed all the time [Getting blue screen even before main menu comes up]. After wondering through internet I went to the workshop and swap the faulty ram and ever since its working like a charm (It was frustrating when I had to restart every 10 min or so and also got a 1 week of ban for being AFK)

    • @h3ll924
      @h3ll924 4 місяці тому

      @@sfnsansub in my case all I did is downclock my ram to the recommanded value supported by cpu , all other apps didn't complain and system was stable but not valorant

    • @octav7438
      @octav7438 4 місяці тому +2

      @@sfnsansub it can also be because of cpu, gpu, drivers, etc.. Just because you had that problem doesn't mean everyone does

  • @Etrical_
    @Etrical_ 4 місяці тому +19

    Ad ends at 1:48

  • @阮榮強
    @阮榮強 4 місяці тому +14

    No one should trust some random video game company to run software as soon as your system boots up, especially one that is known for having buggy client and game code. Vanguard is a gross violation of system security and user privacy with its "always on" model.
    If it's not open source or hasn't been audited by trusted third parties then something like this shouldn't be installed. Vanguard forced me to quit League a few months back and there's no way I'm returning if this continues. It's much more preferable to have a few advanced cheaters than this.

    • @ArchaicTTV
      @ArchaicTTV 4 місяці тому

      Its mostly cheaters saying this shit everywhere, trying to use fear to also get noncheaters against the level of anticheat needed to be effective these days.
      Gg cheater. Throwaway name using asshole

  • @kurisumakise1883
    @kurisumakise1883 3 місяці тому

    A very easy to understand explanation of cheating and anti-cheating, love your video

  • @pedr9vskcray2102
    @pedr9vskcray2102 4 місяці тому

    the sheer quality of this video is f*ing amazing, congrats mate!

  • @skeley6776
    @skeley6776 4 місяці тому +7

    If only Riot put in 1% of that effort into punishing people that ruin the game. Leaving mid game is barely punished (a laughable 1min que 1 time). Baus Fans ruining the game. People openly stealing camps with smite from their jgler. Soft inting and wintrading even in Tyler1 streams. But Type anything barely negative and u might get a ban.

  • @111michiel
    @111michiel 4 місяці тому +7

    Imagine making literal malware to stop a cheater in your game and they make a malware to defeat your malware.

    • @Stormlywing
      @Stormlywing 4 місяці тому

      basicly they willing to report the program that infecting their PC to play with people not bots

  • @reinhartdrial8060
    @reinhartdrial8060 4 місяці тому +18

    League just isnt worth this

  • @kingoscots9535
    @kingoscots9535 4 місяці тому

    I actually really like this form of content from you Ryscu. I think you should do more :)

  • @furryfan1416
    @furryfan1416 4 місяці тому

    editing n sound design is top tier here. bravo to the editor.

  • @SkinShowcase-zm3rs
    @SkinShowcase-zm3rs 4 місяці тому +13

    Finally someone make video about it. I see many scripters on PBE every day.

    • @atlas_carry
      @atlas_carry 4 місяці тому +1

      League of legends refuses to ban scripters as soon as they are detected, so it always has a delay ban for detection (unless its a wave) so you will always have scripters in this game as we can buy 1000 cracked accounts for 1 dollar total and script 10-20 games even on a detected platform

    • @eweer5398
      @eweer5398 4 місяці тому

      @@atlas_carry No game developer bans scripters as soon as they are detected. We love to call game devs dumb, but they aren't THAT dumb.

    • @Stormlywing
      @Stormlywing 4 місяці тому

      @@atlas_carry just think if they used the same name as your lol account they may ban the wrong users

    • @atlas_carry
      @atlas_carry 4 місяці тому

      @@Stormlywing ?

  • @motafu1
    @motafu1 4 місяці тому +12

    hey what a coincidence, I was just watching videos about if vanguard is safe

    • @ericgranderil7045
      @ericgranderil7045 4 місяці тому +3

      It is safe. But sadly its also completely safe to cheaters which completely nulifies whole idea of using it.

    • @crazagres1839
      @crazagres1839 4 місяці тому

      @@ericgranderil7045 It has only bricked a couple pcs, I'm sure its worth the risk to play league lmao.

    • @motafu1
      @motafu1 4 місяці тому

      @@ericgranderil7045 safe until some cheater uses all of his braincells and finds a way to bypass it and has access to all of our information and whatever

    • @walkelftexasranger
      @walkelftexasranger 4 місяці тому +1

      @@ericgranderil7045 Maybe this will finally be wake up call for those people, who keep preaching that kernel anti-cheats are good, because I'm really tired of naivity of these people.
      Kernel anti-cheats do more harm to user than to cheater.

    • @arkg171
      @arkg171 4 місяці тому +5

      It's safe.. till it's not.

  • @drinkurtishi6225
    @drinkurtishi6225 4 місяці тому +8

    This aged very well

  • @alvemaster
    @alvemaster 4 місяці тому

    Great video. I think its really important to show people what they are dealing with. When Vanguard was coming to league there was such a massive scare about how it would ruin everything and how it would be a massive privacy issue. This video shows how Anti cheats are much better than what people think, but at the same time they are not foolproof. They can give an attacker a ride right into your PC, but most often it will keep them out and only be positive. Really goes to show that only you as the consumer can decide what to trust or not. Great video!

  • @ragganmore6113
    @ragganmore6113 4 місяці тому

    Great Video. And since i still hear a ton of people complain every day about how Vanguard isn't good enough because it doesn't stop all cheating (and probably never will). Look at it like a Seatbelt. It is way safer to have one, but you can still suffer injuries in an accident.

  • @stefankuhn7830
    @stefankuhn7830 4 місяці тому +4

    Server side verification is the gold standard. Just look at any online-chess: nobody is making illegal moves because anyone can proof that the move was illegal.
    Kernel level anti-cheat is security-theatre that makes everyone less secure.

  • @koneserchleba2137
    @koneserchleba2137 4 місяці тому +3

    im not trusting any developer owned by tencent

  • @BoneWalker
    @BoneWalker 4 місяці тому +12

    I do not, and uninstalled months back. All I've recieved for my efforts so far has been accusations of being a cheater by randoms online. Sure bud, I'm also the Queen's long lost grand nephew, 47th in-line to the throne.

    • @snowsleaves
      @snowsleaves 4 місяці тому +5

      Same boat here, installed League two weeks after Vanguard was announced and haven't been back since. I've also seen the accusations of being a cheater, but I wouldn't have been stuck in the Iron 1-Bronze 3 range for 3 seasons if I was. Like ok sure I can be a cheater if you say so- but I'm also a Nigerian Prince who will transfer you a bunch of money, like billions, and all I need you to do is pay me the $1000 transaction fee first of all

    • @CertifiedArab
      @CertifiedArab 4 місяці тому

      47?…..
      *Agent 47-*

    • @draconic5129
      @draconic5129 4 місяці тому +2

      Here's a great tip many of the people who are so willing and eager to accuse you of being a cheater are also extremely bigoted, I learned this when having a similar discussion and these types of people popped up, ended up looking through their Post history and wow many of them do indeed say a lot of slurs. So for the people like that the best way to combat that is saying "yeah the opinion of somebody who is a rampant homophobe/transphobe/antisemite is absolutely valid in determining whether I'm a good person or not" whichever name you use is dependent on the kind of slurs they use.

  • @effleurager
    @effleurager 4 місяці тому

    Thanks for putting the work in to creating high quality captions. TTML would allow captions to be rendered by UA-cam's closed captioning system, making them even better for end users!

  • @Carhill
    @Carhill 4 місяці тому +1

    Firstly, amazing video. Informative and insanely good visuals mate.
    Secondly, I had a laugh after my machine bluescreened whilst watching this at 4:10, only to reboot, continue playing and see the bluescreen at 4:47.