To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway. Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked. Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live). All I know is they use BattleEye.
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money. We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA. And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
Not only hackers dislike kernel level anti-cheat, Security expert are furious about them and don't even want to touch games with it without beeing inside two burner virtual machines 😂 Imagine giving kernel level access to some random gaming company. Privacy nightmare. It is like giving your scholl principal all your keys from all doors and safes as well giving credentials from your videocameras including bedrooms and bathrooms. Sure, I will prove my kid didn't cheat math test, but at what cost😮
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
Hack a multiplayer game is a crime and i hope the law will follow it. We'll probably first have to properly sue a game dev for millions in damages so that something happens.
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
I've heard that AI anti-cheat could be a thing in the next few years, the AI could detect if someone is cheating just by watching their gameplay. Most people think that would end cheating for good but I'm sure some cleaver person would find a bypass for that.
@@kaarelk274 kinda like every anti-cheat in the history of anti-cheats? obviously you would have to adjust it to where false positives are minimal, kinda like, you know, every other anti-cheat. the most useful application for AI anti-cheat would probably be to get rid of obvious cheaters. by analyzing exhibited behavior instead of poking around on people's computers you can maintain users' privacy and it's not inherently incompatible with modern security models. it also just bypasses the eternal-by-design arms race that they're currently taking part in-it doesn't matter how well you hide your cheat in software or hardware, if you're being obvious enough it'll catch you regardless. in fact such an anti-cheat would be eerily similar to the often used method of having admins manually identify cheaters, except it can be cost-effective without volunteers.
Here i was, thinking "how do anti-cheat allows you to bypass work" Me the entire video: "OK, but how do i work less on cheats by using this" Now i can't stop laughing.
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
That's one of the reason why modern CPUs, including phone processors, have IOMMU. They remap the DMA address and limit them to specific ranges. This is sometimes optional in your EFI settings though.
Just for the casual gamer here thinking that every hacker is bad, no, this is ethical hacking, that is used for education and learning about game behavour, and has not caused any damage
Kernal level anticheat is so sketchy, no one should be messing around at the kernel level unless you are a kernel developer. It feels like messing with plastic explosives to make a firework show.
So that is how memory hacking works. Interesting. Usually I just mod single player games, so I have not really hit that kind of meaningful active anti-cheat software.
4:41 in practice it also works. When adding junk code people always turn optimization off, the only time I've seen someone get banned with a pasted cheat with junk code is when a feature got detected or the cheat was too retarded to set valid viewangles There are even programs that add junk code to everything with 1 click - I also think there are ways to detect DMA tho? - What about intercepting network packets for an ESP? I wonder how difficult or possible that is
i use junk code in my applications, not to prevent detection but to make it harder for hackers to crack it. Not only i haven't disabled optimization but i have set it to do maximum optimization. This combination generating a very strong obfuscation and usually gets mixed with the real code very well. A game can still create a signature and give a ban even after adding junk code because even 1 line of code can generate probably a lot of bytes that is enough to detect the cheat
@@kipchickensout manually. i wrote my own junk code too based on my strings encryption. Basically i started with just a string encyption which remaining unchanged for years as every attempt to make it more powerful failed, its just perfect. Then i used this to create a macro that takes a bool and return the same value, but compiler cannot resolve it so whatever i have under this block will not removed even if will never run. this also allowed me to insert directly invalid instructions and modify registers or stack pointer that makes things even worse if try to parse binary with IDA or orher decompiler. I use all these and more for my public cheat and noone ever successfully cracked it or "stole" any unique feature since release (around 1.5 years)
@@kipchickensout i even saw people get automatically banned because they tried to use dnspy debugger to debug my application (dnspy is decompiler for c# but my application made with c++). This makes me assume that not only they are far away from crack but they not even know what language and compiler i have used! I saw other people say in forums that i used a custom virtual machine with themida etc...
I like these video bot because I want to make game hacks but because I actually learn a lot about how things work maybe someday you could explain some more general stuff
I hate people that somehow WANT more intrusive and "better" anticheats. You're at best just buying some time and at worst causing major security, privacy and performance issues without fixing anything. Despise those people with a passion,
See for the average player it's not really a big deal i guess but it really sucks playing a game with a bad AC (see cs2/csgo) at any higher lvl as it literally just becomes unplayable so i'd gladly take an anti-cheat like vanguard or so if i can play the game at high lvl without having to sit there getting cheated on every game or 2.
@@Sara-sain98 the AC in cs2 is not bad by any means, and having it be a kernel anti cheat will not make those cheaters magically go away. You can gladly take vanguard and all the problems that come with it somewhere where everything must be sacrificed to fight cheating (yet still have cheaters) or you can not have those issues and have the same number of cheaters? Also something is absolutely going wrong with your trustfactor if youre getting cheated on in every game or 2.
Seems like the issue could be solved by simply making intrusive anti-cheats "opt-in" and giving users the option to only play with other people running intrusive anti-cheats. All the points you raised are valid but I can definitely understand the desire for more effective anti-cheats.
@@wfjhDUI Oh don't get me wrong, I'm not fine with the status quo. But intrusive anti cheats don't "solve" or even "help" anything or anyone. Sure you can opt in but... so can the cheaters? Again it's not really an issue of if the anti cheat is intrusive or not.
@@ThompYT FaceIt has a better anti-cheat still cheaters but a lot more rare than cs2's premier - and idk a lot of ppl at 15k+ rating seem to have similar experiences tbh. But yea, i feel like if they wanna make the premier leaderboards worth something and not just a show-off of who has the better cheats they should just atleast add a decent opt-in anticheat just for premiere or so
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
2 days ago... Riightt
video would of been unlisted-private and he commented on it@@x4dam
how did you even get a sponsorship as a game hacking channel?
So if i use it will i get an anti cheat to my game??
i will love if you talked more about DMA its a kinda interesting topic
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@@rama-rao-y8u There are developers and programmers who actively make fun of Linux... so not all of them.
@@rama-rao-y8u I'm pretty sure this video is meant for a general audience
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
This channel is very underrated, this video is edited really nicely!
Appreciate it!!
we appreciate you!@@cazz
@@cazz yo do u know how to like remove hwid lock from a exe in c++?
how do I bypass the divorce papers?
The Anti-cheat is very good, don't try to bypass it!
public static void main string args
@@JakeAnthrax420 I anti-cheated on my wife
@@mostlyrob3469 public static void main string arguments with my wife
@@mostlyrob3469 java cuck spotted
Compiler optimization is something you can usually turn off or restrict.
This is true, I failed to mention it in the video though. Junk code will work, with optimizations turned down.
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway.
Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
volatile gang
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked.
Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live).
All I know is they use BattleEye.
@@thedirector69 is there a framework for this?
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Just force ppl to use windows 11, this breaks DMA
@@I_SEE_RED Kernel DMA protection is for preventing attacks _against_ the user, not _by_ the user.
@@I_SEE_RED source ?
Pcileech
@@I_SEE_RED and how exactly are you going to force people to use one specific operating system? lol
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
Or you could take all that spare free time and get good at whatever game
@@jgvtc559 It's not about cheating necessarily, it's about solving an engineering problem. Most hacking isn't done with malicious intent either.
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money.
We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
The sad thing is that not all mouses are compatible, and you may need to buy one that is (from my experience).
incel
Next generation cheats: Machine learning models that automatically aim and fire using the game’s video output
Oh 100%
Yup. Versus ML anti-cheating models 🤣
Very fun to cheat in a game when literally all you have to do is looking at your screen... lmao Cheaters gonna game out themselves
there has been machine learning cheats for 4-5 years now, there were a handful of projects with yolov4
they are called pixel bots
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
As a Software Developer, it's nice to learn some "Ethical" hacking 😊
As a software Developer you would know the Windows Api and its functions for accessing other programs already
@@Tobias-t3k or they write in hundreds of other languages for hundreds of other environments…
@user-mj8bg3fw8w That would assume I develop for windows at a low level, it's many types of software
@@Tobias-t3k That greatly depends on if they've done any Windows application programming which many devs have not
No Not always@@Tobias-t3k
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA.
And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
Cool 🎉🎉🎉🎉😮
i tried something similar and need some help do u have discord?
So that's why it wont let me start the game with hyperv enabled. Annoying for wsl userrs
@@testytea6138 really? thats beyond intrusive
@@testytea6138 that's odd, they let me start the game with hyper-v enabled
you can disable compiler optimization so that it will keep the junk
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
Too much money to be made.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
@@thekillerbunny what competitive game can you play that isn't full of cheaters? I'll wait...
there are so many more interesting problems to solve and study.. These cheaters are the reason i can't play any competitvie game anymore
"Hardware cheats" are absolutely genius
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
You can literally just tell your compiler to not do dead code elimination. It's not a hostile entity.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
Here's a hint: Polymorphism
@@henlofren7321 how there is any application for polymorphism in this context?
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
i'm really want to see a video about DMA, it looks cool !
The last method is really dangerous iam loving it
I am against cheats in competition games, however this topic is pretty interesting to learn about!
Thanks!
Never subscribed so fast in my life. Excellent visuals, presentation and quality! Keep it up mate!
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
This one doesn’t work very well yet, so no body is using it
i dont know if you'd call it a cheat considering its worse than any human is going to be and puts you at a disadvantage
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
I wonder if a kernel driver could be used to bypass something like the respondus lockdown browser
i love how you explained just the right amount about dma without saying too much lol
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
Thanks, very useful video
Well this video was 100x better than I was expecting from my recommendations!
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
Thanks for the tutorial.
To this all this exists because some people were crap at games online.
I love how this video has two titles
So as Vanguard it has kernel anticheat. Powerfull as said in video.
bro, ur channel is a gem!
The most effective anti-cheat is loving parents
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
Not viable as long as speed of light and distances exist..
Another video about DMA would be really interesting.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
"I run windows simply because I prefer the open source community run stuff as opposed to Windows"
@@soubs242 typo... Meant Linux. I wrote this comment as I rolled out of bed soooo....
No need to lie 😂👀
@@Crecross oh hey. funny seeing you here lmao
@@Crecross Ayo?
you can get verified now (congrats on 100k). GO FOR IT!
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
Not only hackers dislike kernel level anti-cheat,
Security expert are furious about them and don't even want to touch games with it without beeing inside two burner virtual machines 😂
Imagine giving kernel level access to some random gaming company.
Privacy nightmare.
It is like giving your scholl principal all your keys from all doors and safes as well giving credentials from your videocameras including bedrooms and bathrooms.
Sure, I will prove my kid didn't cheat math test, but at what cost😮
Cpngrats on 100k cazz
Hack a game..?NO, just want to play it on linux? YES
yes
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
Hack a multiplayer game is a crime and i hope the law will follow it. We'll probably first have to properly sue a game dev for millions in damages so that something happens.
its not illegal, selling the cheats is though
Nicely put
I wouldnt trust any sort of kernek anticheat.
grats on the 100k btw
Clicked on this and didnt expect to hear a saffa, lekker vid bru
Shot my bru, I appreciate it!
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
Thank you so much. You explain things so well!
You're very welcome!
Now I actually understand. Thanks!
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
I always find it crazy the lengths that people will go to just to feel good in a game
but do they if the game plays itself? I guess they can share it in cheaters forum but thats it.. they know they cannot play the gane
I've heard that AI anti-cheat could be a thing in the next few years, the AI could detect if someone is cheating just by watching their gameplay. Most people think that would end cheating for good but I'm sure some cleaver person would find a bypass for that.
on the flip side of that you could train an AI to cheat while looking human. i don't think the arms race is ending anytime soon
Oh yea false bans incoming
@@kaarelk274 kinda like every anti-cheat in the history of anti-cheats? obviously you would have to adjust it to where false positives are minimal, kinda like, you know, every other anti-cheat. the most useful application for AI anti-cheat would probably be to get rid of obvious cheaters. by analyzing exhibited behavior instead of poking around on people's computers you can maintain users' privacy and it's not inherently incompatible with modern security models. it also just bypasses the eternal-by-design arms race that they're currently taking part in-it doesn't matter how well you hide your cheat in software or hardware, if you're being obvious enough it'll catch you regardless. in fact such an anti-cheat would be eerily similar to the often used method of having admins manually identify cheaters, except it can be cost-effective without volunteers.
every system will have a hole
I understood nothing from this video but somehow this video was still entertaining
@@mahinsaniyan 🙏🙏🙏
Before watching, my guess is virtual machines are used to "get underneath" the whole system.
Here i was, thinking "how do anti-cheat allows you to bypass work"
Me the entire video: "OK, but how do i work less on cheats by using this"
Now i can't stop laughing.
It's extremely easy actually. All you need is some goddamn expensive ass software that nobody wants to share for free
"that a software anticheat cannot detect" - in 2023 there were 6 dma ban waves on faceit and 3 on vanguard tho haha
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
@@thomass9457 Can you bypass top anticheats like Vanguard and EAC with DMA?
@@thomass9457 i hope u'll get drafted
cry harder peasant@@MEMUNDOLOL
@@MEMUNDOLOL sry, too old.
voice crack at 5:09
Interesting to see how cheats work
I would never ever use cheats in multiplayer anyways though ^^
The moment you explained DMA cheats my brain played the Giga Chad Music. XD
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Future..
Very good video! Concise and easy to understand.
Nice of youtube giving this for a recommendation, its nice to know how some hacks work, like those GTA mod hacks
Everyone I just want to let you know that I did not-in fact-search for this video and was bestowed upon me by the Elder RUclips Algorithm
Good day
Very informative!
DMA with Virtual Machines too!
valve should watch this
He slight question, wouldn't you be able to inject the anticheat with a dll, so that it doesn't find your program
it's possilbe , but also anticheats defend themselfs
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
in some games, e.x. bo2 you can do it this way
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
I’m almost certain that some top streamers use the DMA approach
I don’t like the people who use the cheats but I respect the people who make them
did the views count just increase by 1000 in 45 seconds? deserved tbh
well actually should be 1 billion but eh
:))
Anti-cheat? You mean kernel rootkit spyware?
t. cheater
congrats on 100k :)
Just wait till virtualizers become mainstream
the DMA is scary dangerous , how many bad things can be done with it i only imagine
That's one of the reason why modern CPUs, including phone processors, have IOMMU. They remap the DMA address and limit them to specific ranges. This is sometimes optional in your EFI settings though.
Just for the casual gamer here thinking that every hacker is bad, no, this is ethical hacking, that is used for education and learning about game behavour, and has not caused any damage
0:32, I got a youtube ad about this, skip, then you advertising it. They sure spent a lot of money on advertising...
If you could elaborate more on DMA, and recommend good hardware for beginners
hmm yes I understand all of this
Most cheaters are too dumb to understand any of this.
Skeet menu 💀
Kernal level anticheat is so sketchy, no one should be messing around at the kernel level unless you are a kernel developer. It feels like messing with plastic explosives to make a firework show.
An executable hacked by de-assembling.
So that is how memory hacking works. Interesting. Usually I just mod single player games, so I have not really hit that kind of meaningful active anti-cheat software.
4:41 in practice it also works. When adding junk code people always turn optimization off, the only time I've seen someone get banned with a pasted cheat with junk code is when a feature got detected or the cheat was too retarded to set valid viewangles
There are even programs that add junk code to everything with 1 click
- I also think there are ways to detect DMA tho?
- What about intercepting network packets for an ESP? I wonder how difficult or possible that is
i use junk code in my applications, not to prevent detection but to make it harder for hackers to crack it.
Not only i haven't disabled optimization but i have set it to do maximum optimization. This combination generating a very strong obfuscation and usually gets mixed with the real code very well.
A game can still create a signature and give a ban even after adding junk code because even 1 line of code can generate probably a lot of bytes that is enough to detect the cheat
@asdfghjkl-ug7xp encoding wise I'd expect it to be plain binary structs or something idk, but yeah encryption may be a hassle right
@@thedirector69 do you use an extension or application that is made for the sole purpose of obfuscation or do you "manually" do that?
@@kipchickensout manually. i wrote my own junk code too based on my strings encryption. Basically i started with just a string encyption which remaining unchanged for years as every attempt to make it more powerful failed, its just perfect.
Then i used this to create a macro that takes a bool and return the same value, but compiler cannot resolve it so whatever i have under this block will not removed even if will never run. this also allowed me to insert directly invalid instructions and modify registers or stack pointer that makes things even worse if try to parse binary with IDA or orher decompiler. I use all these and more for my public cheat and noone ever successfully cracked it or "stole" any unique feature since release (around 1.5 years)
@@kipchickensout i even saw people get automatically banned because they tried to use dnspy debugger to debug my application (dnspy is decompiler for c# but my application made with c++). This makes me assume that not only they are far away from crack but they not even know what language and compiler i have used!
I saw other people say in forums that i used a custom virtual machine with themida etc...
MY SORRY ASS THINKING DMA WAS DYNAMIC MEMORY ALLOCATION
With Bungie’s battle eye all you gotta do is just look at the servers weird
underrated
kinda morbidly fascinating seeing how cheats work
Imagine doing all of that just to cheat in some video game
I like these video bot because I want to make game hacks but because I actually learn a lot about how things work
maybe someday you could explain some more general stuff
that DMA example reminds of Radar hack for PubG, even that got detected and thousands got banned, but it lasted a few years I think.
I hate people that somehow WANT more intrusive and "better" anticheats. You're at best just buying some time and at worst causing major security, privacy and performance issues without fixing anything. Despise those people with a passion,
See for the average player it's not really a big deal i guess but it really sucks playing a game with a bad AC (see cs2/csgo) at any higher lvl as it literally just becomes unplayable so i'd gladly take an anti-cheat like vanguard or so if i can play the game at high lvl without having to sit there getting cheated on every game or 2.
@@Sara-sain98 the AC in cs2 is not bad by any means, and having it be a kernel anti cheat will not make those cheaters magically go away. You can gladly take vanguard and all the problems that come with it somewhere where everything must be sacrificed to fight cheating (yet still have cheaters) or you can not have those issues and have the same number of cheaters? Also something is absolutely going wrong with your trustfactor if youre getting cheated on in every game or 2.
Seems like the issue could be solved by simply making intrusive anti-cheats "opt-in" and giving users the option to only play with other people running intrusive anti-cheats. All the points you raised are valid but I can definitely understand the desire for more effective anti-cheats.
@@wfjhDUI Oh don't get me wrong, I'm not fine with the status quo. But intrusive anti cheats don't "solve" or even "help" anything or anyone. Sure you can opt in but... so can the cheaters? Again it's not really an issue of if the anti cheat is intrusive or not.
@@ThompYT FaceIt has a better anti-cheat still cheaters but a lot more rare than cs2's premier - and idk a lot of ppl at 15k+ rating seem to have similar experiences tbh.
But yea, i feel like if they wanna make the premier leaderboards worth something and not just a show-off of who has the better cheats they should just atleast add a decent opt-in anticheat just for premiere or so
Very nice video !
And where can we get this DMA device ?
taking notes
Honestly i feel like no matter what people will always find a bypass especially for cod
Don't kid yourself Activision makes the cheats
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.