How Hackers Bypass Kernel Anti Cheat

Поделиться
HTML-код
  • Опубликовано: 22 дек 2024

Комментарии • 2,7 тыс.

  • @Ryscu
    @Ryscu  5 месяцев назад +219

    Check out 365Games here! ✅
    win.365games.net/Ryscu

    • @AIMLOCK-Zengy
      @AIMLOCK-Zengy 5 месяцев назад +4

      You should talk about DMA's next

    • @Maski500
      @Maski500 5 месяцев назад +16

      Erm, don't wanna

    • @teknixstuff
      @teknixstuff 5 месяцев назад +10

      Stop with the sponsorblock bypasses!

    • @MacGuffin1
      @MacGuffin1 5 месяцев назад

      Kernel AC is a complete waste of time (almost)PCs can never be fixed or patched(HW/FW Ppl wake the fuck up), if ur not playing on Xbox with crossplay off every SINGLE game you play will be 30-80% cheaters, it's just facts, has been this way for a long time and the whole NVIDIA #PCMASTERACE has sold everyone a lie and ruined the actual fun of gaming. Now there will be no safe-space, if you want an awesome video idea (no one is talking about.. idk why) but Microsoft/Activision are forcing people to play crossplay-on because they make more money from the higher account/microtransaction turn-over from the very occasional ban waves... The Xbox console is a work of art and purpose built around this exact problem: Locked Bootloader/Signed Code with actual real Kernel and Memory isolation.. For the first time in 12 or so years a kernel sploit was 'found' exactly the same time I started making a lot of noise about this (this exploit can never lead to cheating online, as the xbox engineers are the best in the world and everything has overlapping security) Playstation isn't too bad either, but they tend to do their patching by HW/SKU, one of the reasons they employ planned obsolescence...

    • @malzaharbeasttheone
      @malzaharbeasttheone 5 месяцев назад +2

      Loved this

  • @alterranlongbow5067
    @alterranlongbow5067 5 месяцев назад +5825

    "do you trust the developer of the game you're playing?"
    the entire league community: no but its not gonna stop us

    • @maciejmalewicz9123
      @maciejmalewicz9123 5 месяцев назад +175

      the genral consensus is that people have your data anyways + your data is not important and not worth the risk for them

    • @supershid464
      @supershid464 5 месяцев назад

      @@maciejmalewicz9123 it's not the data though, it's an anticheat that runs 24/7 through which anyone malicious can get literally everything. One vulnerability and it's over

    • @magicalnoodles
      @magicalnoodles 5 месяцев назад +374

      Idk about others, but I did stop playing. People really undervalue how much data they generate, and how much can be gained from it. A better solution for Riot would have been to only require the anti-cheat in platnum+ lobbies. Cuz realistically, ppl below this LP score aren't gonna be able to get far with cheating anyway. Even if they climb to plat and above, the cheat gets detected, and that's that.
      By forcing all LoL players to intall kernel level chinese spyware, it's really hard to earn the trust of the playerbase.

    • @meerpirat3418
      @meerpirat3418 5 месяцев назад +261

      it stopped me. I will not install Chinese Kernel Level spyware.
      And tbh League is not worth it.
      the fun thing is on mac you don't have to deal with that Vanguard BS.

    • @meerpirat3418
      @meerpirat3418 5 месяцев назад

      and regarding Code Quality of Rito Code i will just say: ૮ - ﻌ • ა

  • @vert2048
    @vert2048 5 месяцев назад +1742

    Dude I didn't expect a whole documentary, this is sick

    • @shedblood1645
      @shedblood1645 5 месяцев назад +3

      He has alot of them, why wouldn’t it be?

    • @vert2048
      @vert2048 5 месяцев назад +12

      @@shedblood1645 Huh, good point. I hadn't realized but I haven't watched/been recommended a Ryscu video in over 6 months when he did shorter videos.
      Glad to know I have several more high-quality videos like this to go back to :)

    • @Margen67
      @Margen67 5 месяцев назад

      birb

    • @Twisted_Code
      @Twisted_Code 5 месяцев назад +1

      TBH the fact that all of RUclips isn't quality Edutainment like this disappoints me. I really like learning things, and doing so in 20 minute intervals is quite convenient. Fortunately, RUclips algorithm (for all its flaws, including some that make it feel a bit like a miniature Vanguard due to loss of privacy) makes it pretty easy to find more of what I'm genuinely interested in. It's hard to hate the algorithm if it works, even if I hate how it works.

    • @SioxerNikita
      @SioxerNikita 5 месяцев назад +1

      This is not a "whole documentary", it is a video essay. A "whole documentary" would be about the whole 1½ hours....
      It is frankly in-depth enough to be called a documentary though, but doesn't have the length... otherwise you could call any few minutes long video talking about a subject a "documentary".

  • @PopeMical
    @PopeMical 5 месяцев назад +3661

    You know normally I hate kernal level anti-cheat, but maybe I should thank Vanguard for making me quit my 8 year league addiction...

    • @BoredCoat
      @BoredCoat 5 месяцев назад +203

      This right there. Literally me

    • @asdfbeau
      @asdfbeau 5 месяцев назад +93

      kernel-level ac is everywhere now- you're going to have a hard time playing anything.

    • @popopapi
      @popopapi 5 месяцев назад +68

      so true lmao vanguard coming to league finally pushed me to quit

    • @PopeMical
      @PopeMical 5 месяцев назад +210

      @@asdfbeau While partially true, it actually has been relatively easy for me to completely avoid it with the type of games I specifically enjoy.
      Also it's a minor difference but I do dislike Vanguard a lot more for requiring boot on startup and not just game launch. That small annoyance will likely keep me away from League specifically even if I do end up installing a game with say current EasyAntiCheat.

    • @CrunkNuts
      @CrunkNuts 5 месяцев назад

      ​@@PopeMicalit has to be run at start up to load before user level stuff. You can't have a kernel level anticheat that starts when you open the game.

  • @hiiver436
    @hiiver436 5 месяцев назад +202

    I've stopped playing league after implementing vanguard (linux user) and holy shit, my life got better from that point. I will never return to league

    • @Stormlywing
      @Stormlywing 4 месяца назад +1

      is only made for giving them full access over your PC as you play ( you know the thing that every game ask for admin rights like is takes a driver to install is the problem where did it get the driver from than because is never installed locally
      Kernel Anti Cheat ( Admin rights ) - this made fun for people who are easy to trick into thinking they playing the game and return Malware that coverup as a anti-cheat
      Not like everyone got administrator rights when to play their game that needs it

    • @anapple6912
      @anapple6912 4 месяца назад +1

      thats pretty funny not gonna lie

  • @Alcaline-hu2vu
    @Alcaline-hu2vu 5 месяцев назад +465

    Allat just for most games to still be full of hackers
    Vanguard classifies people trying to play on Linux as hackers more often than it does actual hackers, basically because Linux doesn't just let people start writing shit to the kernel because that's stupid
    Also, having Vanguard boot up on startup, you know that kinda sounds like a virus

    • @Coconut-219
      @Coconut-219 5 месяцев назад +63

      It's like the same hell-worthy development sin as every single phone application which magically decides to not work if you don't allow it to access microphone and GPS at all times for no reason.

    • @jfbeam
      @jfbeam 5 месяцев назад +12

      Actually, it's pretty trivial to mess with kernel memory in linux. There are ways to be 100% invisible, too.

    • @BlancheOmori
      @BlancheOmori 5 месяцев назад +26

      I mean League really barely has any scripters left and Valorant also has barely any cheaters
      Vanguard classifies 'Linux players' as cheaters because they are actively bypassing the anti-cheat requirements to play the game, they don't allow for League or Valorant to be played on Linux because they can't attest to the sanity of the OS it's on
      This video is full of misinformation but at *least* the part where he explains how Vanguard needs to be an UEFI RT Driver to sanitize the entire OS and it's APIs is correct

    • @SteveSunny
      @SteveSunny 5 месяцев назад +2

      @@BlancheOmori You're probably one of the few people who actually knows what they're talking about int his entire comments section lol. Do you think the vanguard outrage over overdrawn?

    • @BlancheOmori
      @BlancheOmori 5 месяцев назад +20

      @@SteveSunny Eh I think a tiny portion of the outrage is warranted, Riot isn't known to ship the best software out there and I completely understand the stability concerns
      Privacy wise though, they have to abide by US/EU laws, while it doesn't completely prevent them from breaking them there's a risk/benefit ratio here so bad for them that's it's not even close to being worth it
      Also all the 'omg but it's a security risk!!!' stuff is blatantly wrong, if anything vgk.sys is the most heavily protected driver on your machine, and you probably have anywhere between 80 to like 300 WDF/KMDF running on your system at all time so like...
      On the other hand, people have been complaining so much about scripts/botted accounts, and realistically going kernel is the only long-term solution to these problems

  • @Rivalrvn
    @Rivalrvn 5 месяцев назад +4525

    Bros videos are an artform now

    • @oussemabentaher2983
      @oussemabentaher2983 5 месяцев назад +41

      Learn from bro

    • @tudorique24
      @tudorique24 5 месяцев назад +9

      your videos are high quality aswell

    • @Yobamos
      @Yobamos 5 месяцев назад +34

      You two aren’t fooling anyone we know you’re the same person

    • @dashyz3293
      @dashyz3293 5 месяцев назад +4

      you 2 are different people?

    • @egg-mv7ef
      @egg-mv7ef 5 месяцев назад +9

      glazing someone for divulging basic ass information with 1337 super hacker videoclips in the background is crazy

  • @rekscoper
    @rekscoper 5 месяцев назад +1515

    Honestly with how many more people make cheats vs employees making anticheat, i dont think it will ever be possible to make an uninvasive anticheat that has no workaround, one of my favourite bits of real life lore was when ubisoft (i think it was them at least) put new anti piracy measures in and the guy who cracked it left a note file in his pirated version of the game saying something like "good job with all those months of development, it made my team take about 7 minutes longer to pirate"
    Cheaters will always find a way, no matter what

    • @TKDMwastaken
      @TKDMwastaken 5 месяцев назад +175

      only way is hardware lockdown. Standardised hardware like consoles. But then consoles will be a target. beacuse with freedom of PC comes freedom of executing whatever code we want. if they start detecting DMA there will be DMA boards mascarding as GPUs or other normal PCI-E devices. nothing you can do about short of total hardware lockdown (with 100% patched devices so if something is exploited then EVERYONE needs to update). But ppl will start soldering wires and running linux on it as soon as they can like ppl do with everything.
      Only thing that can prevent that would be Streaming like Stadia.

    • @rekscoper
      @rekscoper 5 месяцев назад +116

      @@TKDMwastaken like i said, there can never be an unbeatable anticheat that is unintrusive. People will always inevitably find a weakness or exploit, unless you can somehow stop them from even starting up a cheat or having basic freedoms on their system and its hardware

    • @mityab20
      @mityab20 5 месяцев назад +41

      @@rekscoper honestly anti cheats aren’t meant to be uninvasive not like they could. Cybersecurity is an eternal cat and mouse game where one side always try’s to outsmart the other if that makes sense. In my opinion (while I hate kernel level anti cheats) vanguard is essentially the perfect anticheat, it has made cheating such a massive pain the ass that 99.99% wouldn’t bother. Yes there are 100% ways to get around it but I think cheats that use pci-e cards were like the last frontier where it wasn’t insanely difficult to setup. While I never messed around with vanguard so I’m not super sure what exactly it does I would assume now that they can detect hardware level cheats you probably need highly specialized hardware to get around it. While spoofing something like a pci-e card is definitely possible to hide what it’s truly doing or what it really is to do it on the hardware level is no easy task. Anyway I rambled on for too long I just wanna say that while it’s not uninvasive the cheats that could bypass it would either require you to have a deep understanding of how computers function to do it yourself or require you to pay a whole lotta money to somebody who does because I doubt it can be as easily mass spread as normal pci-e hacks.

    • @laersonverissimo1715
      @laersonverissimo1715 5 месяцев назад +14

      There’s an easy solution: Confidential computing.
      Using stuff like SGX from Intel CPUs to make data impossible to read from unauthorized applications.

    • @LegioXXI
      @LegioXXI 5 месяцев назад +70

      @@TKDMwastaken "only way is hardware lockdown. "
      This already exists, it's called "Mac".
      Hardware cheating is also a thing where a camera or HDMI-grabber gets the visual information and moves the mouse (or controller) mechanically. While it's not as effective as software cheats and limited to specific game genres where reflexes matter, it's basically undetectable and completely independent from the gaming hardware and software. PC, Mac, console - nothing matters. Even game-streaming can't prevent that since all this cheat system needs is the visual information, which is what you also need as a legitimate player.
      If a cheater has enough money to buy stuff like that, he will always get the upper hand.
      No matter how much spyware the game devs force onto their clients.

  • @morosov4595
    @morosov4595 5 месяцев назад +1084

    DMA users have been caught only because they all used the same driver for their DMA cards. In order to hide the DMA card, it pretends to be a network card, but Vanguard just banned every user that used that one network card. Those who used different drivers (not many) for their DMA didn't get banned.
    Edit: Yes that means legit users of that network card did get banned. But when was the last time Riot cared.

    • @meneldal
      @meneldal 5 месяцев назад +120

      Yeah as long as you do the spoofing right there's no way they can ban you. And there are still so many ways to spoof stuff.
      Also I can't believe they can't just not send all the info that DMA exploits use in the first place, you'd remove so much cheating with that. Why send the enemy position data in the first place?
      Also, I'm surprised there aren't some fun tricks where you MITM your own connection to get the packets on another computer and analyse that.

    • @morosov4595
      @morosov4595 5 месяцев назад +97

      ​@@meneldal They already do not send the data they don't need.
      League only sends the data about champions that are close to the edge fog of war. They can't do the same with Valorant, as there is no fog of war in that game. And if they tried to calculate what does a player see for 10 players per match, the servers would explode.

    • @nerd_nato564
      @nerd_nato564 5 месяцев назад

      ​@@morosov4595Why not just use a system similar to Source's rooms? Draw a line between two players, and if they're not in view just don't send the data. It can't be that expensive in terms of performance.

    • @KeinNiemand
      @KeinNiemand 5 месяцев назад +32

      what if somone used that network card legitamtley as a network card

    • @Resetium
      @Resetium 5 месяцев назад +66

      ​@@meneldalHonestly if you can MITM yourself with a second computer in order to cheat, you really should get yourself some six figure job working network security at that point. Your skills will be put to better use.

  • @druffel46
    @druffel46 5 месяцев назад +113

    2 Weeks later Crowdstrike killed half the internet. The irony :D

    • @lumikarhu
      @lumikarhu 4 месяца назад

      the irony is that if CS goes bankrupt i can assure you massive attack waves will start happening. It is the only EDR solution that can fight my malware and (most of the time i'd say) win. Now imagine the world using something even a little bit worse. CS dun goofd but their solution is #1 on the market :-) can't wait for these bigger paychecks if cs sunks down

    • @zonkedmc
      @zonkedmc 27 дней назад +3

      can you ppl stop blowing this outta proportion. my internet worked fine the whole time

    • @neloangelo__13
      @neloangelo__13 14 дней назад +3

      @@zonkedmc Blowing this outta proportion? lmao. Airports down, banks down, supermarket checkouts down, so many critical infras which require 247 365 availability.... well, down. I work in IT and that was NOT a pleasant week.
      CrowdStrike CEO had to face Congress over this.
      Yeah sure your internet worked fine the whole time, but not for other 8millions+ devices around the world.

  • @MistyStarStrike
    @MistyStarStrike 5 месяцев назад +7

    Really enjoying these video essay-styled videos, man. They're always such a damn good watch

  • @Sin1234Nombre
    @Sin1234Nombre 5 месяцев назад +1009

    For the last question: no, I don't trust Riot and Tencent with my information

  • @Hylofear
    @Hylofear 5 месяцев назад +840

    Hearing the compilation of cheater screams was music to my ears

    • @PiFsc2
      @PiFsc2 5 месяцев назад +9

      Timestamp? :D

    • @dhimitrinano2276
      @dhimitrinano2276 5 месяцев назад +23

      @@PiFsc2 17:20

    • @ascend2046
      @ascend2046 5 месяцев назад +24

      bro sounded like shaco

    • @johanestebanramirezbarrios1411
      @johanestebanramirezbarrios1411 5 месяцев назад +3

      @@PiFsc2 17:10

    • @asdf0747
      @asdf0747 5 месяцев назад +33

      lmao it's just one person who recorded it. The fact is that majority of the population hates privacy violation and probably quit. Those who stayed are helpless addicts who can't get off the game. also, the cheat developers probably adapted quickly, probably figured out vanguard's code from valorant, which makes the release on LOL even more unjustified.

  • @matthewdavis3421
    @matthewdavis3421 5 месяцев назад +459

    The question of balancing user privacy with game integrity is one that developers are simply going to ignore, forever, until large enough percentages of their games' player base collectively boycott the game. As it is, this question won't even appear on their radar of concerns.

    • @jost_ae
      @jost_ae 5 месяцев назад +4

      I personally don’t care at all about privacy on my computer as long as the reason I risk it is working but as of right now vanguard cannot efficiently detected dma cards that are sighted I think the only way to lose cheater completely is using a ai anticheat that can scan for unnatural movement and keep a data base of you play style as an alternative to hwid band.

    • @johanestebanramirezbarrios1411
      @johanestebanramirezbarrios1411 5 месяцев назад +2

      they are not ignoring that, because we have rights that they cant ignore, and they still always fixing problems with vanguard

    • @ДюсековИльяс
      @ДюсековИльяс 5 месяцев назад +28

      ​@@jost_ae it literally does detect dma cards... It's even in this video

    • @jost_ae
      @jost_ae 5 месяцев назад

      @@ДюсековИльяс it detects normals dma card I’m a bit more deep in cheating what cheaters nowadays do is sign custom firmware to there dma cards so vanguard thinks it’s a real device and there is nothing really vanguard can do about this accept making a list of the firmwares but that’s hard bc cheaters are just buying 1/1 firmwares and staying fully undetected

    • @soundspark
      @soundspark 5 месяцев назад

      @@ДюсековИльяс Doesn't a DMA card have to enumerate itself into the system to even work?

  • @blueparagongamer9498
    @blueparagongamer9498 5 месяцев назад +29

    4:43 - lol that just recently happened with Crowdstrike

    • @HTRAD-sc9dm
      @HTRAD-sc9dm 3 месяца назад +1

      Daaaaamn it has been 2 months

  • @sido6587
    @sido6587 Месяц назад

    I remember watching these videos when I was just starting my career in IT. After a few years I got into the malware development world and now I have a new appreciation for the quality and information. Thank you and good speed

  • @itchylol742
    @itchylol742 5 месяцев назад +422

    the endgame for cheaters is having a robot with a camera pointed at the monitor and using mechanical hands to press buttons on the keyboard and move the mouse around, and the endgame for anti cheat is either AI that just bans people for looking sus, or having thousands of human moderators review replays and ban people for looking sus

    • @qlx-i
      @qlx-i 5 месяцев назад +101

      The problem being, the best cheat is essentially indistinguishable from a good player. And the error margin is much wider than the cheat accuracy.
      This nicely flows into philosophy. Being optimized is the direct opposite of being random. It is being predictable. It means the lack of character. And we already saw that. We saw a chess GM pre-moving the entire game and auto-mating another GM.
      There are few perfectly good plays. There are few perfectly bad plays. And there are much more random plays that average somewhere in-between. A player that trained a near-perfect aim is not much different from a neural network sitting on a PC doing the same. And a trained neural network is no different to a written algorithm. Being good means to sacrifice personality and the lack of personality makes to entities indistinguishable.

    • @user-qq4dh3rk3u
      @user-qq4dh3rk3u 5 месяцев назад +9

      ​@@qlx-i If a neural network always does the best move in each scenarios (or what it thinks is the best move) then it may be possible to detect. For example, it might rush A first all the time on Ascent or buy the same guns. With enough of these events tracked by Riot they could use probability to detect people using neural networks. Of course you could add some variability into the input to make the output more variable, but this would also decrease the strength because it will no longer be doing the "best" move. Maybe a manual algorithm to move from the start and then a neural network takes over in order to mitigate these predictable events?

    • @konstantinsotov6251
      @konstantinsotov6251 5 месяцев назад +14

      being able to almost always choose the best move is basically a definition of skill. And AIs are random, they are not like chess bots that have deterministic algorithm to follow, their approximation of "good"ness of a move is dependant on random factor, thus they will be making mistakes to some extent, like humans. Maybe not mistakes, but at least not taking the best move is very possible

    • @lainverse
      @lainverse 5 месяцев назад +6

      I heard there's already server-side AI-based anti-cheat in development (no idea is it actively used anywhere) based solely on behavior detection. So, yes, it literally detects sus players. We are at this stage already or will be quite soon. Furthermore, it learns from your previous inputs, so it should be able to detect when you start using a cheat since behavior will change noticeably enough.
      So, next phase are cheats that learn from your inputs and start gradually add on top of them over time, I guess. So, they won't even do anything for a while... and the cheater may legitimately learn to play the game in the process. XD

    • @rico4.700
      @rico4.700 5 месяцев назад +7

      "having thousands of human moderators review replays and ban people for looking sus" valve overwatch in a nutshell lol

  • @chaficchamchoum1469
    @chaficchamchoum1469 5 месяцев назад +285

    You know when a creator cares about his viewers. This is one example.
    Loved it

    • @nadvic1797
      @nadvic1797 5 месяцев назад +1

      And yet, i feel like he sided WAAY too much with Vanguard at the end. As if it banned 100 % of the cheaters?!?! Big lol...
      Surely, it will get rid of a good percentage with every banwave. VAC does the same. And then the cheaters creep back. Like they always do. There's nothing you can do about that.
      But at some point you'll have a retina scanner up against one of your eyes during the game, and an anal bead in your ass in order to measure its contractions during the game. How does that improve the community that consists of at least 10-20 % toxic players that ruin probably 90 % of solo q games?
      League has MUCH more issues than those few bots, that i personally have never noticed.
      But sure, Riot China was able to counteract cheaters way more effective, which is why they don't need Vanguard!
      Let's say it like that: i don't trust their nonintrusive anticheat measures until i've seen the asshole of every chinese player during gameplay.

  • @shanematthews1985
    @shanematthews1985 5 месяцев назад +599

    Do i trust riot games with a kernel level driver?
    Having seen the shitshow that is the league client for 13 seasons, the shitshow that is the league API and the general decline in QA quality since they laid off a bunch of staff, the answer is
    Fuck No
    This was the straw that broke the camels back and what drove me away from league, been league free since vanguard was added and i don't regret that decision for even a second

    • @JordaanM
      @JordaanM 5 месяцев назад +21

      I'm in the same boat. I ended up installing and Android App player for Windows so I could play TFT with friends again, but I'm gonna be miffed if Vanguard is required for 2XKO as well.

    • @rainchopper898
      @rainchopper898 5 месяцев назад +9

      dota 2 is good if u want a replacement
      and ur data is safe w/ volvo

    • @shanematthews1985
      @shanematthews1985 5 месяцев назад +7

      @@JordaanM Oh its almost a guarantee that it will use it, its safe to assume that any of their online games going forward will probably use it

    • @tommyfanzfloppydisk
      @tommyfanzfloppydisk 5 месяцев назад

      same here, maybe i'll come back to league once i got enough money to buy a pc merely for that and other games. they'll get their own special house.

    • @JordaanM
      @JordaanM 5 месяцев назад +1

      @@tommyfanzfloppydisk I've considered doing that as well, just having my 8 year old PC as a dedicated Rito box.
      Good thing league runs on a toaster.

  • @sherrykda3511
    @sherrykda3511 5 месяцев назад +8

    I like how he tries to give examples how you can trick Vanguard, but does so with the worst ones and the ones most easily detectable

    • @battokizu
      @battokizu 5 месяцев назад +4

      remember he has to be nice to riot otherwise he'll lose his ad money and sponsorships.

    • @Bleiser3
      @Bleiser3 5 месяцев назад

      As he said, he doesn't want to inspire anyone to cheat.

    • @battokizu
      @battokizu 5 месяцев назад +1

      @@Bleiser3 He doesn't want to lose sponsorships, not that he cares about cheaters.

    • @octav7438
      @octav7438 5 месяцев назад +5

      @@battokizu dma isn't detected either. all you need to do is just make your own driver, which skids have already learned how to do. Only issue with dma is the entry cost of buying an actual hardware device.

    • @丷
      @丷 5 месяцев назад

      ​@@octav7438 DMA cheats don't use "drivers"...? guessing you're talking about firmware. valorant & faceit have already detected plenty of DMA firmware providers, only chance of staying undetected now is using a proper emulated firmware which is not easy to make, especially for "skids"

  • @sarahstark2953
    @sarahstark2953 5 месяцев назад +1

    can i just say how well this video seems organized, and how the graphics and explanations provided make this really easy for even non-computer people to understand. great video!

  • @LMD100797
    @LMD100797 5 месяцев назад +16

    Bro, the animation, the sound effect usage, to the utilization of abrupt breaks and silence is phenomenal.
    Just want to let you know your editing earned you a sub, I will try my best to learn about video planning and editing from your videos from now on, and your content is really cool too!

  • @MrAntiKnowledge
    @MrAntiKnowledge 5 месяцев назад +343

    Honestly I repect the bravery of people who played League for more than a couple games and decided
    that's the company they trust to not (intentionally or unintentionally) fuck up their system with Kernel level software.

    • @FunctionallyLiteratePerson
      @FunctionallyLiteratePerson 5 месяцев назад +34

      Most dont know/understand, and the rest are more apathetic than brave

    • @venkaramon
      @venkaramon 5 месяцев назад +4

      Vanguard has been on Valorant for years. How many systems has it fucked up there?

    • @ivan19119
      @ivan19119 5 месяцев назад +27

      @@venkaramon quite a few some stopped working and others had massive preformance issues after installing it

    • @w花b
      @w花b 5 месяцев назад +9

      ​@@FunctionallyLiteratePerson you're right. I've met a lot of league players and they're either insane (like constantly on caffeine) or apathetic.

    • @yGKeKe
      @yGKeKe 5 месяцев назад +18

      Brother, people have been playing games with kernel level software for over two decades. No one bitched about VAC or EAC. Most people don't complain about nGuard or any of the other plethora of kernel level anti-cheats from various Chinese companies. It's cringe AF that people suddenly care about kernel anti-cheats more than 20 years later.

  • @eleven5707
    @eleven5707 5 месяцев назад +15

    DAMN, this longer video format is awesome, and the editing is amazing, keep it up!

  • @KEROVSKI_
    @KEROVSKI_ 5 месяцев назад +4

    Great video man, editing, story and the video/audio quality.

  • @hujumsec
    @hujumsec 4 месяца назад

    Information / explanation is pretty accurate and editing is beyond phenomenal.
    Well done.

  • @grcatm
    @grcatm 5 месяцев назад +17

    I was just yesterday watching many videos like this one (hacking cia, cicada 3307, etc...) which I gained some proper interest in, and I stumbled upon your Vanguard video, and wondered "Wait, what happened to the guy that was in my recommended all the time?". Glad to have this mashup! I really like this video's style, keep it up

  • @RocoPwnage
    @RocoPwnage 5 месяцев назад +635

    Anticheat was never about making cheating literally impossible, just enough of a pain in the ass that most people won't bother, and those who do can be caught manually.

    • @crashniels
      @crashniels 5 месяцев назад +120

      Yeah it just deters the "casual" cheaters. Professionals still have their ways

    • @user-tq3cn9ct2e
      @user-tq3cn9ct2e 5 месяцев назад +51

      ​@@crashniels thats why a good game would have anti cheat and moderators i think. Not everything can be automated.

    • @pineappleenjoyer9297
      @pineappleenjoyer9297 5 месяцев назад

      Its frightening how naive you non IT people are.
      You‘re literally downloading a rootkit that can spy on you without you ever having the slightest knowledge. Just wait till a RCE is found, gl.

    • @GdBearman
      @GdBearman 5 месяцев назад +40

      And in the end, nothing happens to the cheater, they just move a level and the regular consumer suffers the consequences. I'd make this shit illegal.

    • @mikeybayne7985
      @mikeybayne7985 5 месяцев назад +43

      @@GdBearman my man... Less cheaters is good last time I checked...

  • @FreedomRoseStein
    @FreedomRoseStein 5 месяцев назад +97

    You know what's crazy. I clicked the video finished the video and then went, Wait hang on, THIS IS RYSCU? THE LEAGUE GUY? 💥Blown away mate, Excellent video

  • @adiyn_
    @adiyn_ Месяц назад

    was downloading stuff needed a video in the background, loved it

  • @reidmock2165
    @reidmock2165 5 месяцев назад +1

    I don't care about League of Legends. So I really liked how your video was a generalized documentary. I'll have to keep an eye out for more of this from your channel. Well done man

  • @lainverse
    @lainverse 5 месяцев назад +19

    Another method I heard about is to run cheat completely "offline", solely based on screen data to control the inputs. No special cards attached, no memory access, nothing. Cheats like this are really limited since what it can see on screen is all it has to work with, but still provide some advantage. As I know, the only way to detect such cheats is scanning for presence of inhuman reaction and impossibly smooth motions in input. As in, behavioral detection.

    • @meyers0781
      @meyers0781 5 месяцев назад +6

      that would be a trigger for false positive.
      With virtualization and increasingly powerful system, i have an idea...
      game creates virtual machine for the session (like a virtual PC where the only app is the game and the supporting components), what happen in the game stay in the game, no cheating
      this will have another side effect of the game being playable on Linux (theoretically).

    • @fujinshu
      @fujinshu 5 месяцев назад

      @@meyers0781 Yes, but much like kernel-level anticheats, there will always be a vulnerability waiting to be exploited, even when in a VM.
      It also reduces game performance, which isn't a big deal until you consider that many esports games are mostly run on lower-end hardware, which contributes to its mass-market appeal and popularity, and making the game run worse or even barring older PCs from playing because of virtualisation requirements may decrease the overall market share of the game. Just look at the number of Windows 11 users compared to Windows 10 due to TPM 2.0 requirements.

    • @sun3k
      @sun3k 5 месяцев назад

      ​@@meyers0781if the player can do it legit, they can do it with cheats

    • @vablo-yt
      @vablo-yt 5 месяцев назад +2

      How do they stop the Virtual Machines program memory from being manipulated? Hackers are very crafty and could easily manipulate the VM imo

    • @nirantali
      @nirantali 5 месяцев назад +2

      The Next Level then gonna be additional mandatory Livecams in your Room that livestream (The Gamer, Screen, Keyboard, Mouse, back+front+sides and the inside of your PC and the rest of your room) while you play online. And during competitive sessions, there must always be two notarized observers to the left and right of the player. Anyone who has nothing to hide will certainly allow this, right? And anyone who doesn't allow it is automatically suspicious and probably a cheater.

  • @CJTallon
    @CJTallon 5 месяцев назад +18

    watching the evolution of this channel has been great. this in depth reporting + extra focus on video doc feel has just been next level...

  • @MyReXaR
    @MyReXaR 5 месяцев назад +19

    I never knew you or your Group could do such an Amazing Edit. gotta say, nice editing Touch.

  • @Rajala1404_y
    @Rajala1404_y 5 месяцев назад +24

    Client side anti cheat isn't even crucial because Server Side Anti Cheat is way better and can't be just killed or disabled. For example if you want to prevent players from looking through walls just don't send the other Players Position if there not visible or if you have a speed hack the server could just check if this is even possible and just don't let you. Minecraft is a good example because almost all Minecraft Anti Cheats are Server Side, and they work without needing any Client modifications

    • @DiscordCriminal
      @DiscordCriminal 3 месяца назад +2

      So no more bullet penetration ? No more UAV?

    • @mohniazyt
      @mohniazyt 3 месяца назад +5

      I see this comment about server side AC all the time and it's always the same problems.
      For example, Valorant does have a system to send a 0,0,0 position of opponents not on the player's screen called Fog of War, but it can't just do a simple visibility check because if a player swings a corner, the enemy will just materialize on screen out of nowhere because of latency, therefore you need to be somewhat generous with when a player's position is sent.
      Then there are cheats which are purely "read-only" like Wall Hacks. Server-side AC cannot detect these because they need to look for known cheat binaries or do heuristic analysis which require a program on the player's computer -- unless you can develop a server-side neural network which can detect the very subtle behavior changes of a player who has these advantages.

    • @dreamy97836
      @dreamy97836 2 месяца назад +1

      @@DiscordCriminal Hit detection is done on the server too, client doesn't need positional data for bullet penetration to work. UAV is radar if I remember correctly, so only X and Y coordinates are needed not Z, and those can just be sent when UAV is active not at all times.

    • @dreamy97836
      @dreamy97836 2 месяца назад +1

      @@mohniazyt Those same problems exist for client-side anticheat since it is easily bypassed, and only getting easier as time goes on with AI advancements. Server side AI detection using subtle behavior like you said but that's never gonna be 100% effective either without creating a lot of false positives. A 100% effective solution is never gonna exist, the best thing to do is keep as much server side as possible and have non-intrusive anticheat client sided to stop casual cheaters. Intrusive anticheat doesn't do much to lower the cheating numbers, only perceived cheating numbers, it's a placebo at best. You could be playing against a really good player in CS2 and a lot of people will be quick to assume he's cheating, and those same people could be playing against a subtle cheater in valorant and will assume he must just be a good player. This is the main benefit developers get from intrusive anticheat, it's perceived to be more effective than it is. Meanwhile if you actually look into cheating communities the user counts between those two games is relatively similar.
      Personally I think anticheat is a red herring any way, I think the real reason cheating has become so prevalent is because games have a much weaker community nowadays due to matchmaking, there's too much anonymity, you might as well be playing against bots. There's no more community servers where you play with the same couple dozen people every day and have a reputation to keep up. You can cheat and ruin someones day and it will have zero impact on you because you will never run into that person again. As OP said Minecraft is a good example, but not because cheating is hard in it; there are completely undetectable AI cheats that will gather any resources for you, but it's not a big issue because most people just play with friends or on community servers with moderation that takes care of those. Of course that isn't viable for every game and matchmaking is very convenient for FPS games like Valorant and CS, and community servers have their own issues like power hungry admins, but I feel like there should be some middle ground solution that's still convenient but brings back some sense of community to these games.

    • @robinpage2730
      @robinpage2730 7 дней назад

      ​@@dreamy97836imo, the middle ground is this: P2P player hosted private servers + statistical analysis running server side on the public servers. Hosting player admins police the private servers while am automated system detects abnormal stats or excessive player reports on an account, and issues a temp ban, or a permaban if that player is getting too many temp bans. And charge a fuckton of money for the game. Make getting caught cost them real money.

  • @Rokusu
    @Rokusu 5 месяцев назад +1

    your editing has become so crazy good, you deserve all the views and likes you can get

  • @RamenEnjoyer404
    @RamenEnjoyer404 5 месяцев назад +19

    clean editing, tight script, and about an issue that is incredible important. Good job!

  • @DarkinWithin
    @DarkinWithin 5 месяцев назад +6

    The editing on these is artful

  • @atlas_carry
    @atlas_carry 5 месяцев назад +86

    Side note on vanguard, riot recently added "in-game detection" where it pops up a message in game that says "CHEATER DETECTED", but they didn't actually implement any server-side detection for cheaters as they would have you think, all they've done is made it so that once your account is banned, if the account is in game at the time of banning it will terminate the match, and these bans are always delay bans from the first game injection being detected, but riot likes to let scripters play 10-20 games per account before ban to "obfuscate" the detection, but they will actively let someone script in your games and then pop up a "CHEATER DETECTED" message as if they've just discovered it to make you feel like theyve done something new

    • @deagle2yadome696
      @deagle2yadome696 5 месяцев назад +2

      they’re one of the only games that hwid bans on first offense what more do you legits want?

    • @atlas_carry
      @atlas_carry 5 месяцев назад

      @@deagle2yadome696 their hwid bans are shit any spoofer avoids them

    • @dakota9821
      @dakota9821 5 месяцев назад

      @@deagle2yadome696 HWID bans are garbage; It's extremely easy to spoof.

    • @Cheato
      @Cheato 5 месяцев назад

      @@deagle2yadome696 easily bypassable

    • @nerd_nato564
      @nerd_nato564 5 месяцев назад +41

      Letting cheaters play for a while after they've been detected is good. It's why you do banwaves instead of banning immediately, so whenever developers try to figure out why they were caught, they get as few clues as possible.

  • @Carhill
    @Carhill 5 месяцев назад +1

    Firstly, amazing video. Informative and insanely good visuals mate.
    Secondly, I had a laugh after my machine bluescreened whilst watching this at 4:10, only to reboot, continue playing and see the bluescreen at 4:47.

  • @__vha
    @__vha 5 месяцев назад

    I think everyone should watch this video, a lot of misconceptions about Kernel Anti Cheat going around and this is super informative and factual. This was a very well put together video.

  • @chohsena627
    @chohsena627 5 месяцев назад +5

    This was insanely interesting to watch and well edited as well. I enjoy these docu-series/deep dives.

  • @moderniselife
    @moderniselife 5 месяцев назад +7

    These videos are amazing but I keep finding myself answering the questions before you give us the story and it breaks my heart because you’re an amazing story teller! I need to tell my brain to shut up haha

    • @hilkmeister1382
      @hilkmeister1382 5 месяцев назад +3

      Nothing wrong with being informed about the subject

  • @_Dearex_
    @_Dearex_ 5 месяцев назад +36

    Only Addition I have to make: definetly not that good as memory access, but you can feed the Video singal to an external device and do Image recongition to implement aimbot/Auto trigger.
    At this point it is more like statistical analysis if you are cheating

    • @Mano-us7ct
      @Mano-us7ct 5 месяцев назад +14

      Yes, that is true, and there is no reason to add any kernel level anti cheat, just monitor what players do in game, and use some ml algorithm to predict.
      But in modern days your main source of profit is usually data gathering.

    • @cewla3348
      @cewla3348 5 месяцев назад +1

      @@Mano-us7ct if a game has demos, then almost everything but ESP can be detected very quickly with ml - if they're making insane, frame perfect flicks every shot, then that's silentaim. if their aim is completely locked onto someone's center of mass, then that's aimbot.

    • @LiEnby
      @LiEnby 5 месяцев назад

      @@cewla3348 dropped packets: "lol get banned scrub"

    • @ougonce
      @ougonce 5 месяцев назад +9

      @@cewla3348 What makes you think ML can’t be used to mimic human inputs to an undetectable, or at least plausible, degree?

    • @itsTyrion
      @itsTyrion 5 месяцев назад

      @@Mano-us7ct ...you could gather all inputs, screen content, browser data, personal files, audio (in/out) with just the game or a user level anticheat service. you do not need Ring 0 for a lot of data grabbing on Windows.

  • @einargs
    @einargs 5 месяцев назад +1

    Started watching this in the background, but the editing is so good I need to watch it with my full focus

  • @feranks3211
    @feranks3211 5 месяцев назад +1

    insane production value, keep up the great work!

  • @Masterpouya
    @Masterpouya 5 месяцев назад +5

    Amazing video here Ryscu ! Thanks a lot man!

  • @markandreikinkito8253
    @markandreikinkito8253 5 месяцев назад +4

    the production is godlike and educational.

  • @zwingler
    @zwingler 5 месяцев назад +164

    18:35 "do you trust the delevoper" ... Riot ??? xD Suuuuuuuuuuuuuuuuuuuure.

    • @kosmonauta577
      @kosmonauta577 5 месяцев назад

      "Sureeeeee" Clueless

    • @baribari1000
      @baribari1000 5 месяцев назад +4

      @@kosmonauta577 not "sureeeeee!", "suuuuuure..."

    • @stevejelly2782
      @stevejelly2782 5 месяцев назад +2

      yeah trust me Xi Jinping won't know it xdd

    • @Stormlywing
      @Stormlywing 5 месяцев назад

      They don't trust their players you know why would they ban players than just block them accessing the game join buttons
      because think if they pay lot of money for a hack in their background being used remotely

  • @ellehooq
    @ellehooq 2 месяца назад

    Nice production quality. Thanks for making this video

  • @ThaPugster
    @ThaPugster 5 месяцев назад

    genuinely one of the best videos ive ever watched on this platform, pure class

  • @jetzesmit2111
    @jetzesmit2111 5 месяцев назад +4

    I really love this type of content. Really well done!

  • @D0Samp
    @D0Samp 5 месяцев назад +28

    Even with (some) PCIe cards out of the picture, there's still so many possible avenues to get memory access, like DMA via Thunderbolt, stealth VMs that obscure their identity and hypothetically SMM if you are able to get in on the hardware OEM's level (which would sit even deeper than UEFI malware). Failing that, your second cheating PC still could act on the video feed to give you super-human reflexes, combined with a modded physical mouse.

    • @sunbleachedangel
      @sunbleachedangel 5 месяцев назад +3

      that's why I don't really bother with competitive online games

  • @thebyzocker
    @thebyzocker 5 месяцев назад +5

    i knew pretty much all of this already but it was still entertaining to watch :D

  • @alvemaster
    @alvemaster 5 месяцев назад

    Great video. I think its really important to show people what they are dealing with. When Vanguard was coming to league there was such a massive scare about how it would ruin everything and how it would be a massive privacy issue. This video shows how Anti cheats are much better than what people think, but at the same time they are not foolproof. They can give an attacker a ride right into your PC, but most often it will keep them out and only be positive. Really goes to show that only you as the consumer can decide what to trust or not. Great video!

  • @chrisk_04
    @chrisk_04 3 дня назад

    30 seconds in and judging from the editing this is going to be cinema

  • @slendydie1267
    @slendydie1267 5 месяцев назад +8

    Its true there are less hackers but I'd rather see them more often than have this invasive hazard on my PC

  • @ABOcolabo
    @ABOcolabo 5 месяцев назад +15

    I don’t know if anyone else has this issue but my computer is always crashing to the blue screen of death but simply restarting moments later. After testing my entire computer to find some broken or corrupted parts i found nothing. After seeing other people having different types of issues with vanguard, I Later found out that is was Riots Vanguard Anti cheat that was causing my random crashing and simply uninstall it, I no longer has any more random crashes

    • @johanestebanramirezbarrios1411
      @johanestebanramirezbarrios1411 5 месяцев назад +1

      windows 11 right?

    • @ViciousVinnyD
      @ViciousVinnyD 5 месяцев назад +7

      Vanguard is likely causing your pc to crash. It's running at kernel-level priority, meaning this program *must* run and if it doesn't, windows shuts down immediately to prevent issues and starts over, aka a bluescreen.
      By installing vanguard you're effectively relying on it to not crash because if it does, so does your pc.
      If any of this sounds absurd it's because it really is. Kernel-level priority is meant exclusively for running critical tasks such as, you know, windows. Running anything else on this level is risky and should only be done if absolutely necessary. Running anti-cheat software for a video game at this level is both unstable and insecure.

    • @Waskomsause
      @Waskomsause 5 месяцев назад

      @@johanestebanramirezbarrios1411 The same issue happens to a lot of Win 10 and win 11 PCs with Helldivers 2 and their anticheat, NProtect. The issue isn't the OS, it's legit a fault in the anticheat that detects windows drivers as cheat software. NProtect killed some VERY important sys32 programs for some people, or bricked their SSDs because it stopped the read/write software on the SSD itself. Shit is terrible, and Vanguard, while not as bad, likely STILL screws this up sometimes.

    • @lucasLSD
      @lucasLSD 5 месяцев назад

      @@ViciousVinnyD Remember that we are only here, because the cheaters did this with software made by hackers just to win at some game.

    • @cin2110
      @cin2110 5 месяцев назад

      Yeah it did that to my friend's pc looked at the crash logs it was vanguard, it was also stopping him from installing pirated games lol so he gave up on valorant and deleted it and no blue screens since.

  • @lukapogo
    @lukapogo 5 месяцев назад +4

    “Ring 0 is the most privileged level of your system”
    Chris Domas has entered the chat

  • @MianHizb
    @MianHizb 5 месяцев назад

    Bro what was this, i understood everything, in 2x, this was a crazy work of art for a vid, insane man

  • @furryfan1416
    @furryfan1416 5 месяцев назад

    editing n sound design is top tier here. bravo to the editor.

  • @aliceintera5131
    @aliceintera5131 5 месяцев назад +9

    The video was interesting and well edited but what are the sources for this? Maybe I just missed them but I don't see them anywhere. So far, for those wanting to read more, I've found
    "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus" By: Ryan Soliven, Hitomi Kimura,
    "The inside story of the biggest hack in history" By: Jose Pagliery,
    "Hunting Vulnerable Kernel Drivers" By: Takahiro Haruyama,
    and some parts _might_ be sourced from "An In-Depth Look at Windows Kernel Threats" By: Sherif Magdy, Mahmoud Zohdy.

  • @G0LD3NR0D
    @G0LD3NR0D 5 месяцев назад +30

    This is why I have been telling my friends for years that serverside anticheat is the future. Kernel level anti cheat is basically an attack vector waiting to be used, because all it takes is an exploit in one and boom, not only can a cheater break the anticheat, but cybercriminals can use it to deploy malware payloads, utilize privilege escalation exploits, etc. Serverside anticheat on the other hand, doesn't run locally and hackers can't even gain black box access to it. Plus, it can be continually refined without cheaters gaining access to it. On top of that, small, specialized AI can be built in order to create and refine heuristics that allow for catching cheaters that otherwise appear to be just skilled at the game when they're really just skilled at toggling their cheats to blend in their cheating with legitimate gameplay. It's probably the best way to win the war against cheaters. Cheaters vs developers will remain a cat and mouse game, but it will give developers a significant advantage in fighting back against cheating.

    • @OCovilDoMarcos
      @OCovilDoMarcos 5 месяцев назад +8

      Server side anticheat has been something that was implemented a lot in the past (Hell VAC has been around since 2002, it's nothing new). The only one that still stands today to my knowledge is Steam's VAC and if you ask anyone about cheaters in valve games you'll see that everyone complains about it, since serverside needs time to compile a databank on a specific player and then analyze it afterwards it has to be sure false positives don't happen (It's also why they implemented the overwatch system on the games, because it couldn't reach high levels on confidence on specific cases, so those cases that were suspicious but not enough to be bopped by VAC got delegated to trusted players with high overwatch scores)
      Given this model takes weeks to months in order to get enough data to guarantee that the ban is not a false positive, cheaters go on to ruin a considerable amount of games before they actually get banned from the system.
      It has very open and specific weaknesses, most people who cheat in CS2 already knows they'll get bopped in two weeks or a month or so, they really don't care about that it's that free time they get that gets them going, they don't want to win and they don't care about losing money on new accounts they just want to ruin games because it's how they get their kicks.

    • @0x204
      @0x204 Месяц назад

      trust me dude this not going to make it impossible, bypasses will happen and it will be exploited its only matter of time until new cheat arrive ( i am not cheater btw but ik what i am saying)

    • @G0LD3NR0D
      @G0LD3NR0D Месяц назад

      @@0x204Can't create a bypass for an anticheat that you can't disassemble. You can infer the anticheat's behavior and create software that goes undetected, but that's not a bypass, that's flying under the radar and necessitates that cheat makers and sellers be more selective over who has access to their cheats, as the game devs can get access to the cheats, but the cheat makers can't gain access to the anticheat, so creating detection methods is a lot easier. It's also why games do bans in waves, they can't know if they're detected or not until a banwave hits. Serverside anticheat is significantly harder to exploit and you should know this if you're actually aware of what you're talking about. Throw in a game that's significantly more server authoritative, and now a lot of hacks become impossible without figuring out a way to purposefully send specifically crafted packets, and that can be caught by heuristics looking for packets indicative of incorrect program behavior by the game client.
      The TL;DR is that while it's not impossible, it becomes much, MUCH harder to develop cheats when there is no clientside anticheat to reverse engineer. And the few cheats that get through? Those can be caught if the game is configured with in depth player input telemetry and analytics in mind, especially for server authoritative games.

    • @G0LD3NR0D
      @G0LD3NR0D Месяц назад

      @@OCovilDoMarcos Actually, VAC can detect cheats rather quickly, they just don't autoban zealously because that can provide info to cheat developers on what methods are already known by the anticheat, allowing them to rapidly iterate on their cheat software. banwaves exist for that reason, primarily.

    • @Max128ping
      @Max128ping Месяц назад

      @@G0LD3NR0D yeah, but that what they're doing with Vanguard and Raven too. In fact, that's just industry standard.

  • @alamputraaf
    @alamputraaf 5 месяцев назад

    I really like your video delivery with animation, very easy to understand, and I like you mentioning Mutahar, he is the person who made me play my Windows games on a VM, my reason for not exposing my data to irresponsible hackers.

  • @kurisumakise1883
    @kurisumakise1883 4 месяца назад

    A very easy to understand explanation of cheating and anti-cheating, love your video

  • @ovencake523
    @ovencake523 5 месяцев назад +6

    this is an incredible video and i have so many spinoff ideas from it
    like whats stopping a developer company for using that extreme level of invasive access for data collection?

    • @ovencake523
      @ovencake523 5 месяцев назад +2

      oh wait he made a video about basically exactly that.

    • @Coconut-219
      @Coconut-219 5 месяцев назад

      You're implying that there is a single company NOT doing that. 😂

    • @ovencake523
      @ovencake523 5 месяцев назад +1

      @@Coconut-219 companies are using kernel lv anticheat for data collection?

    • @Unknown_Genius
      @Unknown_Genius 4 месяца назад

      @@ovencake523 nah, that you can't tell if someone is collecting data either way unless you constantly check for it - as you don't exactly need kernel level or admin rights for that to begin with.
      friendly reminder to the first rule of cyber security: trust no one - and yes, that pretty much means never having anything important on a PC/VM where you use programs that aren't absolutely necessary for the required tasks with those infos.
      it's why gaming on a seperate PC is pretty much recommended - and no, just having a user without admin rights isn't a guarantee of nothing happening, as a privilege escalation is always possible.
      Essentially: If you set up your gaming environment correctly and fully seperate it from important info it doesn't matter either way.

  • @koshkamatew
    @koshkamatew 5 месяцев назад +37

    4:44 oh so that's why valorant keeps bluescreening my pc like its a daily routine

    • @sfnsansub
      @sfnsansub 5 месяцев назад +2

      ITs because of faulty RAM you had, atleast for me, I had upgraded my RAM from 8 to 16 and at first only the valorant seems to get crashed all the time [Getting blue screen even before main menu comes up]. After wondering through internet I went to the workshop and swap the faulty ram and ever since its working like a charm (It was frustrating when I had to restart every 10 min or so and also got a 1 week of ban for being AFK)

    • @h3ll924
      @h3ll924 5 месяцев назад

      @@sfnsansub in my case all I did is downclock my ram to the recommanded value supported by cpu , all other apps didn't complain and system was stable but not valorant

    • @octav7438
      @octav7438 5 месяцев назад +2

      @@sfnsansub it can also be because of cpu, gpu, drivers, etc.. Just because you had that problem doesn't mean everyone does

  • @Makanoyasha
    @Makanoyasha 5 месяцев назад +4

    Very well put together video, also accurate to the T. The video edits were very clean as well, transitions/positions/angles were very smooth. Have a great one.

  • @obsolete9734
    @obsolete9734 3 месяца назад

    Your videos have such a high production quality! They remind me of disrupt or lemmino

  • @ivangarcia3456
    @ivangarcia3456 5 месяцев назад +1

    Such an amazing video, great edition and amazing summary of all the things that are involved in an anticheat. Congratulations

  • @deidara_8598
    @deidara_8598 5 месяцев назад +4

    The very very simple fact is that what happens client-side, stays client-side, and is within full control of the user. As long as game logic is processed by the client, which it has to due to performance, there will be ways to cheat. In other words, no matter who hard developers try, a water-proof anti-cheat is literally impossible. The same with DRM.

    • @deidara_8598
      @deidara_8598 5 месяцев назад +1

      At worst, a cheater could literally just write their own game client without the anti-cheat. Or patch the game client to not check for the precense of anti-cheat and thus be able to disable it altogether.

    • @OCovilDoMarcos
      @OCovilDoMarcos 5 месяцев назад

      It's not about being 100% impossible to break, it's about being hard enough that most people won't.
      It's how denuvo won, denuvo might not be 100% secure which was proven that empress was still cracking some denuvo games even after everyone dropped, but it was so unbearable that only she was doing it and after she disappeared we can safely conclude that denuvo won the war against piracy. (obviously most publishers will drop denuvo after a year or two, all that matters is that the initial sales don't get disturbed)

  • @SuperNuketown2025
    @SuperNuketown2025 5 месяцев назад +36

    Tbh, a combo of hardware and kernel modules is probably the way to go in terms of cheating in basically 100% of games. DMA, rerouting input through a second PC instead of an arduino, and writing a custom driver to neuter anti-cheats would probably make it practically impossible for any anti-cheat to do literally anything about it. How’s riot gonna scan your PCIe port if it doesn’t know it exists because you hide it from its view during boot up?

    • @dahahaka
      @dahahaka 5 месяцев назад +9

      Not only that, you can literally have dual firmware on one of those DMA devices and "act" as a real PCIe device during bootup for all Vanguard knows it's just a network card :D

    • @jhax
      @jhax 5 месяцев назад +4

      They can still detect other factors such as this "custom driver", the way you map your driver, injected keyboard/mouse input, even the way the cheating software itself works e.g. attempting to override rotation. For DMA, you will need to emulate legitimate PCIe devices 1:1 as well as have valid drivers for them, otherwise the device will be blocked and no long able to send TLP packets for reading/writing. It's a constant cat & mouse game, and if you get banned, RIP your HWID. Time to fork out more money for a new motherboard, or TPM chip, finding a spoofer that actually works. But then maybe that spoofer eventually gets detected too.

    • @dahahaka
      @dahahaka 5 месяцев назад +1

      @@jhax there is no unspoofable HWID, and "emulating" is relative, what I meant by emulating is you can literally just run the NIC firmware and they can't discern it from a normal NIC

    • @jhax
      @jhax 5 месяцев назад

      @@dahahaka 99% of temp spoofers on the market are not working rn for Valorant. Only a couple of perma spoof methods that work reliably. Most people have to buy a new mobo or TPM chip, this is being realistic not pretending like everyone is some 999 IQ user who can bypass VGKs AC on their own. I currently have a ZDMA with firmware emulating as an Intel network card and with valid drivers, doing so is only enough for EAC/BE. It is still blocked on VGK. It requires more work than just copying the config space of another device.

    • @kugelblitz1557
      @kugelblitz1557 5 месяцев назад +4

      The security risk of allowing kernel access isn't worth it for a game. There are very few ways to fix a malware attack from the kernel level short of formatting your drive and restoring it from a backup. You can write a program to be injected and be stored on a separate partition that boots first in the bios and essentially sits between the hardware and OS while hiding its partition from the system after the next reboot. That can log any input or output that goes to the OS that it wants, and send it to whoever you want. Without kernel level access, managing drive partitions without permission is hard. The only way you'd ever notice that is if you opened bios and checked your boot order. No antivirus is going to detect that your whole OS is running in a virtual environment with hardware inputs just being duplicated from the bare metal.

  • @eberlix
    @eberlix 5 месяцев назад +5

    1:01 I'm just gonna answer that quickly for you guys: they're cheating!

  • @pedr9vskcray2102
    @pedr9vskcray2102 5 месяцев назад

    the sheer quality of this video is f*ing amazing, congrats mate!

  • @heetsoneji3694
    @heetsoneji3694 5 месяцев назад

    You deserve more viewers for this work. keep it up man.

  • @SnapWireOnlyOne
    @SnapWireOnlyOne 3 месяца назад +31

    Buddy you forgot about the CUDA driver and using it to inject into the memory :) btw DMA and arduino is not patched if you know how to code an anti debug and attach it to your driver you bypass vanguard anyway here u go for the leaks script kiddies enjoy bypassing them all :)

    • @HTRAD-sc9dm
      @HTRAD-sc9dm 3 месяца назад

      Thank you Master

    • @zonkedmc
      @zonkedmc 27 дней назад +1

      very strange behavior with your use of "buddy" and constant smileys. big bad LOL hacker who cares

    • @SnapWireOnlyOne
      @SnapWireOnlyOne 27 дней назад

      @@zonkedmc i care about facts :)

  • @4bSix86f61
    @4bSix86f61 5 месяцев назад +150

    I will not play any game with obligatory spyware.

    • @MaoRatto
      @MaoRatto 5 месяцев назад +4

      This is why I don't blame any or much F2P games.

    • @MrAdeelAH
      @MrAdeelAH 5 месяцев назад +9

      If valve copies this shit I officially quit cs2... The future of this stuff is probably AI. Anyone else remember that one server side ai anticheat demo that was like it's ai can detect any aimbot? What happened with that

    • @w1z4rd9
      @w1z4rd9 5 месяцев назад +8

      You already do. It’s called your computer.

    • @4bSix86f61
      @4bSix86f61 5 месяцев назад +1

      @@w1z4rd9 Debloated windows

    • @motiv8462
      @motiv8462 5 месяцев назад +3

      So 90% of any new game along with your pc and phonei hope you follow what you say and throw your phone pc delete all your accounts and live in a mountain

  • @wigmanmania259
    @wigmanmania259 5 месяцев назад +31

    I mean, that's cool and all, but how do I stop my mid from AFKing after feeding first blood?

    • @tyfyh622
      @tyfyh622 5 месяцев назад +2

      lol

    • @tom_from_myspace
      @tom_from_myspace 5 месяцев назад

      Just stop playing these games. Riot Games fucking sucks. Fuck this company. See VideogameDunkey about his ban few years ago for example.

    • @thecipher8495
      @thecipher8495 5 месяцев назад +2

      You got to kernel access them so you can play in their PC, simple as that.

  • @effleurager
    @effleurager 5 месяцев назад

    Thanks for putting the work in to creating high quality captions. TTML would allow captions to be rendered by RUclips's closed captioning system, making them even better for end users!

  • @Vzduch2
    @Vzduch2 5 месяцев назад +2

    As a compsci student, I still learned something new. Good to know it's possible to detect DMA. And I'm a lot more terrified now for the future of multiplayer gaming.

    • @eweer5398
      @eweer5398 5 месяцев назад +1

      It was only detected due to most of DMA cheaters using the same (really) unpopular driver. Those who didn't are still free

    • @Vzduch2
      @Vzduch2 5 месяцев назад

      Which is what makes me terrified. This arms race could leave most multiplayer games as an unplayable mess, because there is always a workaround, that can eventually be detected by punishing everyone with heavier security.

  • @HaveYouTriedGuillotines
    @HaveYouTriedGuillotines 5 месяцев назад +61

    I will always be rooting for the cheat developers, because there's no way in hell I'm ever going to root for rootkit developers.
    Kernel level anti-cheat should frankly be illegal, and should be considered a form of malware.

    • @BinToss._.
      @BinToss._. 5 месяцев назад +7

      If Secure Boot and TPM worked as advertised, then perhaps they could be leveraged for a standardized anti-cheat implementation.
      Unfortunately, these UEFI-level security systems-the latter being a Windows 11 requirement-are flawed, exploitable, and can be bypassed.

    • @superlad6684
      @superlad6684 5 месяцев назад +14

      It's insane how many people are just fine with willingly downloading and installing literal rootkits on their PC because "it's from a big company, they surely won't let anything bad happen, right?" If they knew what can and will eventually happen when an exploit is found, they would remove it from their PC instantly. The second it happens you already know people are gonna be crying and shitting their pants as if they weren't told a million times that this IS going to happen eventually, it's not an if, it's a when.
      What's even worse is that Vanguard is now required to play LoL, one of the most played games in the world. It is going to be the biggest shit show ever when Riot fucks something up with Vanguard and someone finds a way to exploit it.

    • @randomnessnecesity9627
      @randomnessnecesity9627 5 месяцев назад +8

      I especially hate the people who say “it’s no big deal, I don’t care snout my privacy/they have my information/I’m probably infected my something anyways”
      It’s like saying that your leg is already broken, so there’s no point in not jumping out the window to get to the ground floor.
      People need to realize that they should learn how devices and the internet work, and not just how to use them. I’m not paranoid just because I don’t want a company to be able to watch everything I do on my computer, and possibly open it for anybody to watch me.

    • @emperorborgpalpatine
      @emperorborgpalpatine 5 месяцев назад

      ​@@randomnessnecesity9627
      it's not big deal, I don't care snout my privacy.

    • @kyuuujinnn9425
      @kyuuujinnn9425 5 месяцев назад +4

      Imagine how bad your logic is that you cheer for malware and hate rootkit.

  • @radswfiihq
    @radswfiihq 5 месяцев назад +7

    How about VM detection?
    I run Linux as my daily driver, and am trying to make a VM that can run games like Valorant or Roblox

    • @mollthecoder
      @mollthecoder 5 месяцев назад +7

      Some common ways programs detect VMs:
      1. VMs enable some flags in the OS that say "Hey, I'm a VM".
      2. VMs usually have specific drivers or software that aren't usually on real machines.
      3. VMs can have quirks in their hardware emulation that would be extremely unlikely in real hardware.
      4. Even besides all of the above, there are other less common methods software can use.
      Let me warn you: The goal of making a VM that can run these games is unrealistic. It requires extreme expertise in computing, hacking, virtualization, hardware, and more. However, if you want to try it, your best bet would be to reverse engineer the games and see what information they're looking for and what information contributes to VM detection.

    • @ougonce
      @ougonce 5 месяцев назад +9

      @@mollthecoder It really doesn’t. It’s quite trivial to run both of these games in a VM by disabling precisely the things you talked about. The only real bottleneck will be performance, as disabling Hyper-V will tank your CPU, and you’ll need a second GPU for passthrough.

    • @itsTyrion
      @itsTyrion 5 месяцев назад

      Forget it. There has not been a publicly known way to bypass Vanguard's VM detection for quite a while.
      As for Roblox, idk about VMs but they're actively detecting and blocking Wine/Proton. waydroid works if you really want roblox for some reason

    • @itsTyrion
      @itsTyrion 5 месяцев назад +2

      @@ougonce uh-huh, trivial. I hid a VM well enough that pafish fully passed and the malware I threw at it worked, no luck with Vanguard. There hasn't been a known public way for a while now

    • @animebhopper
      @animebhopper 5 месяцев назад +1

      @@ougonceHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHA no people have been trying for years at this point

  • @mx338
    @mx338 5 месяцев назад +10

    You can avoid using third party drivers, by using linux, which has a monolithic kernel design. With very few exceptions every driver is part of the linux kernel codebase directly.

    • @brinza888
      @brinza888 5 месяцев назад

      What about linux kernel modules?

    • @splicedbread
      @splicedbread 5 месяцев назад

      @@brinza888 The simple answer for that is to require a distribution that has approved secure boot implementation, where it is a pain in the ass to get working signed KO modules that most do not bother to boot with secure boot, as historically it is microsoft who controls those keys.
      Linux offers a way for anti-cheat to exist, and honestly, has better ways of implementing anti-cheat without kernel level access but would require further development. This means more money towards the platform, which is unlikely to ever happen...

  • @jer1776
    @jer1776 5 месяцев назад

    Great content. Thanks for spreading the word about the major flaws of kernel level anti cheats.

  • @darkin1484
    @darkin1484 5 месяцев назад +1

    What an impeccably well done and educational video.

  • @FOGoticus
    @FOGoticus 5 месяцев назад +13

    That kid almost crying when he got banned live in valorant had me smiling ear to ear.

    • @CookyMonzta
      @CookyMonzta 4 месяца назад

      He's lucky he only got flagged and banned, and that flag didn't _BRICK_ his machine! ☠️

    • @FOGoticus
      @FOGoticus 4 месяца назад +3

      @@CookyMonzta That would be an instant lawsuit lol. No bans will ever brick pcs.

  • @darkjackl999
    @darkjackl999 5 месяцев назад +22

    I planned to initially uninstall when vanguard came out, but arena was so fun i decided to stick around for the update but after ~2 weeks i uninstalled because not only was i bored of the changes, but also even with me forcing it to not open on startup it was affecting my other games so i straight uninstalled it

  • @lzxty6024
    @lzxty6024 2 месяца назад +8

    17:50 Man I'd love to work at an anticheat company, send out a banwave and just have a bunch of streams playing of people cheating getting banned. Live show

  • @ragganmore6113
    @ragganmore6113 5 месяцев назад

    Great Video. And since i still hear a ton of people complain every day about how Vanguard isn't good enough because it doesn't stop all cheating (and probably never will). Look at it like a Seatbelt. It is way safer to have one, but you can still suffer injuries in an accident.

  • @buizelmeme6288
    @buizelmeme6288 5 месяцев назад +2

    0:41 bruh, is this the reason why the RUclips algorithm has chosen me??

  • @ButterFromDiscord
    @ButterFromDiscord 5 месяцев назад +12

    Imo nothing related to a video game should ever need to run on kernel level
    In fact nothing related to a video game should ever be allowed to restrict your usage of software they are not affiliated with (or even are)
    If you have to use a rootkit to protect your software, do not protect your software.

  • @SkinShowcase-zm3rs
    @SkinShowcase-zm3rs 5 месяцев назад +13

    Finally someone make video about it. I see many scripters on PBE every day.

    • @atlas_carry
      @atlas_carry 5 месяцев назад +1

      League of legends refuses to ban scripters as soon as they are detected, so it always has a delay ban for detection (unless its a wave) so you will always have scripters in this game as we can buy 1000 cracked accounts for 1 dollar total and script 10-20 games even on a detected platform

    • @eweer5398
      @eweer5398 5 месяцев назад

      @@atlas_carry No game developer bans scripters as soon as they are detected. We love to call game devs dumb, but they aren't THAT dumb.

    • @Stormlywing
      @Stormlywing 5 месяцев назад

      @@atlas_carry just think if they used the same name as your lol account they may ban the wrong users

    • @atlas_carry
      @atlas_carry 5 месяцев назад

      @@Stormlywing ?

  • @Etrical_
    @Etrical_ 5 месяцев назад +19

    Ad ends at 1:48

  • @NotAGerman
    @NotAGerman 5 месяцев назад

    okay. I didn't know hardware cheats were finally beat. Good vid!

  • @yungren.
    @yungren. 5 месяцев назад

    You made seemingly complex ideas actually digestible and easy to understand, kudos to you!

  • @reflexx5272
    @reflexx5272 5 месяцев назад +4

    Hearing cheaters yelping after getting banned is absolute ecstasy

  • @111michiel
    @111michiel 5 месяцев назад +7

    Imagine making literal malware to stop a cheater in your game and they make a malware to defeat your malware.

    • @Stormlywing
      @Stormlywing 5 месяцев назад

      basicly they willing to report the program that infecting their PC to play with people not bots

  • @reinhartdrial8060
    @reinhartdrial8060 5 месяцев назад +19

    League just isnt worth this

  • @NoxDolore
    @NoxDolore 5 месяцев назад

    Never had an interest in this. Stayed the entire time. Good video :)

  • @udbhavshrivastava
    @udbhavshrivastava 5 месяцев назад

    This was a really informative and amazing dive into game cheats and I appreciate you for it. However ngl the way this video's title and thumbnail were created were kinda misleading considering it kinda suggested there is an open vulnerability that allows people to run cheats despite Vanguard, when as per the last notes of the video it doesn't seem to be the case.