Why You NEED a DRIVER (for hacking games)
ฝัง
- เผยแพร่เมื่อ 20 เม.ย. 2023
- A simple overview of kernel driver development. To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
💎 Source code is available for my Patrons!
/ cazzwastaken
💎 Join our community over on Discord!
/ discord
→ GitHub: github.com/cazzwastaken
→ Instagram: / cazzwastaken
→ Twitter: / cazzwastaken
→ Email: cazzwastaken@gmail.com
→ Donate: www.paypal.com/donate/?hosted...
📝Resources 📝
→ Visual Studio: visualstudio.microsoft.com/
→ VMWare Player: www.vmware.com/products/works...
→ WDK: learn.microsoft.com/en-us/win...
→ Windows 11: www.microsoft.com/software-do...
→ KDMapper: github.com/TheCruZ/kdmapper
→ Anti-Cheat Bypass UC Section: www.unknowncheats.me/forum/an...
→ Windows Driver Samples: github.com/microsoft/Windows-...
→ Driver Communication Samples: github.com/adspro15/km-um-com...
→ GuidedHacking Driver Tutorial: • How to make a Kernel D...
→ Null's Kernel Cheat: • Making A Kernel Cheat ...
⚡See More ⚡
→ Learn Game Hacking: • How to LEARN HACKING
→ Reverse Engineering: • Learn Reverse Engineer...
→ Chams: • REAL CSGO CHAMS - DRAW...
→ CreateMove: • Hook CreateMove From S...
→ Internal Menu: • IMGUI INTERNAL DIRECTX...
→ Aimbot: • MAKE AIMBOT IN 10 MINUTES
🌌 Disclaimer 🌌
This video was sponsored by Brilliant.
![[FULL EP.13] เซียนหรั่ง พา ไททศมิตร ลงเรือฝึกสกิลหว่านแห | เฮ็ดอย่างเซียนหรั่ง | One Playground](http://i.ytimg.com/vi/EWFuf2Av0K0/mqdefault.jpg)
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription. Thanks for watching :)
Corrections:
- Socket communication isn't bad because of speed. Rather, it requires a system thread which is easily detectable.
- MmCopyVirtualMemory is detected.
- Manually mapping your driver is not a "free" or perfect solution to mapping your driver. Buying a certificate is obviously not undetectable either. Public communication methods are certainly detected as well.
Some advice from Sariaki:
"If i had to start over right now i would start by reversing the devirtualized battleye driver, thinking of a comm method myself and then going straight to the next step, thinking of a way to inject without getting detected"
ok
ok
Before we continue guess which sponsor I won’t buy from and will skip.
windows sucks because if something go wrong in the kernel the system just dies, in linux the system survives way more to even severe kernel faults.
windows is a weak system that if one thing goes wrong, all the rest break together.
It would be great if Brilliant actually adhered to GDPR instead of just invading your privacy
Would love to see how those companies would react if we were to install kernel level system loggers...
or kernel level hacks rofl
@@DiamondBroPlayz has been done and is being sold for multiple years now, still detectable and detected numerous times.
@@rengomero1576 oof
@@DiamondBroPlayz that's how all Valorant hacks are, although I'd never recommend installing an unknown kernal level hack
@@MartianV2GG "kernal"
Exactly what a cheat dev was telling me. If the cheat you are using has an undetectable driver that hasnt been picked up by anti cheat and only one person uses it. You have an undetecable cheat.
Got it, we should ban the use of "unlicensed drivers" in the game
@@Otherwise_1 that wouldnt work the amount of false bans/ issues yiu would have is crazy
@@user-sn3zj4vy8g No, it will be done differently, the game will just crash/not start if something like this is enabled
@@Otherwise_1 how do you differentiate between a cheat driver and a driver for some unknown pcie card
@@null7639 I don't know, I'll have to test it when I create the game, at least it will be possible to manually add drivers to "trusted"
at this point anti-cheats are basically becoming spyware
Windows rivals
Maybe shouldn't have cheated
@@UNTHESUNTHESUNTHES whos saying I have they are just malware at this point a full on invasion of privacy and windows was bad enough that you have to take this stuff out of it and now games need this too
Always have been, actually
thats....the entire point, to spy on your machine to try and make sure your not cheating, and there is no reason to get upset at the anti cheats, they would all vanish if cheating wasn't a problem in games, they just add extra development time and cost, but cheating is such a problem in online games nowadays that that extra cost is near mandatory for your game to be playable
never understood how anyone would happily allow Anti-Cheat or even Cheats to run at kernel level and trust them.
...that is why you disable the anticheats and create your own cheats.
I trust them to run on a separate hard drive with a separate windows install, for anything that isn't gaming i don't see a point ever using windows.
Why wouldn't you trust an anti cheat 💀
@@theFishy_ why would you?
@@theFishy_ how can you trust they dont take your data, same with cheats you dont make.
For anyone wondering : yes the QR-Code at 1:23 is a Rickroll.
did you know 1.93% of all QR-Codes are rickrolls
A true hero
You poor soul.
Thx, i couldnt be bothered grabbing my phone in the next room
When I scanned it, it only went to youtube's main page, hmm... I got lucky lol.
i've always wanted to understand how drivers work, thank you!
just asked a taxi driver he said he works all day.
@@robsonrobbi1763 💀
@@robsonrobbi1763 i can't tell if you're serious or not but you're supposed to ask a truck driver, DUH!
@@lucaslindgren3237 i am very serious person.
@@robsonrobbi1763 can he work for me?
Little correction: Ring 0/the kernel is NOT the most privileged part of your computer, Ring -2/the IME or AMD PSP is.
not if you remove it :trolley:
@@chinh4thepro Have fun booting without them 🚎
Heck, i'd like to have fun with the ime, imagine the kind of sh1t you could do.
Can you give further reading about ring -2? I have having trouble finding information about it.
@@0xfadead *Libre/Core booting
what an excellent video on fighting back against invasive software. Well done.
too bad it will make more invasive software because of you
@@handlesrtwitterdontbelivethem It's actually not invasive because it will fight the already existing invasive software.
@@reidafesta9131 and i will fight the existing soul you have
@@handlesrtwitterdontbelivethem but can they go higher than the Kernel?
@@kajojo2399 yes sir all security in computing can be defeated by a gods computer that changes 0s and 1s nobody can defeat the 0 and 1 find find
"The Windows Kernel is public and very well understood" as someone who interacts with the guys who write kernel cheats regularly, i can tell you right now that "well understood" is not a descriptor most of them would use for the windows kernel. I regularly hear stories about guys using poorly or completely undocumented functions that tbey found by scouring decompiled code and header files. Otherwise, great video 👍
I dont believe any kernel to be well known by a single person lmao. Well, any kernel that is as large as the windows/linux kernel in scope.
the windows kernel for a previous version of windows NT is completely decompiled afaik its called the windows research kernel. so if you consider decompiled as "well understood" then there's that, but for comprehension-wise, sid6645 is more correct
You’re videos are informative and concise. Many game hacking related videos are made by people that don’t know how to explain what they are doing (usually because they are copy and pasting)
Any other subjects of game hacking you're interested in?
or maybe they don't want you/us to learn easily what they learned that spend so much time and effort yk.
You...are...videos 🎉
@@tim.martin Check out mine!
Man, he really is the videos ✊✊
The biggest issue I have with Kernel level anti-cheat software is when it remains active even when I do not ACTIVELY PLAY the game.
this is to make sure you're not rigging your install to allow you to cheat before you boot up the game
@@xman10110 It also makes sure that any exploit in the anticheat software can be utilized by bad actors to do much worse things than cheating in a videogame.
cough cough *vanguard* cough cough
@@somdudewillson what would stop said bad actors from doing that while the game is running? having it run 24/7 is no more a security risk then having it run AT ALL
@@flamingscar5263 well imagine you play that game only like once a month and a zeroday in the anti-cheat is revealed while you were not playing
great video expalanation of general driver's meaning and development process
I really like this format & the breakdowns
Thank you so much for the video, you explained the process very well!
ty so much this helps clear alot of things up.
Low level security with video game examples, your channel is a gold mine!
@@georgedick1521 neka what???
1:20 This isn't entirely true graphics drivers can be recovered in windows it's called "Timeout Detection and Recovery (TDR)" and it's pretty cool IMO.
Thank you, I didn’t know about that !!
Also you can manually reload/restart a gpu's drivers with Ctrl+Win+Shift+B. You'll hear a beep, the screen will blank out/flicker, and you'll be back in business.
@@HobkinBoi where do you even learn this kind of shortcut lol
@@HobkinBoi I tried it. Worked exactly as you described.
now obviously, the future of cheating in video games is in machine learning. You don't even need access to the game AT ALL to read the image data from screen, where an advanced deeply trained AI can interpret imagery and adjust mouse inputs accordingly. Super simple but there's currently nothing that can be done on a system level to prevent these cheats (that have been out there for years, you may even have encountered them but they are usually so subtle yet effective it get's called "smurfing")
You're correct. I recently found a Poker Cheating Bot that does exactly this, using ML and mouse inputs.
Pretty sure smurfing is just when you are skilled at a game but make a new account to play with/against lower skilled players temporarily.
@@itsv1p3r he's saying they think it is smurfing but it is actually machine learning bots (which is ridiculous they have only recently had any traction)
as an occasional smurf myself in OW1 back in the day (peaked GM hitscan, if I play in anything below master it is unfair, it is not really that fun for me. But sometimes I would help friends rank up or whatever. It loses its charm fast but later on I was coaching so I would play with lower ranked players and even when not trying to specifically win just me being in the game tilts the balance significantly) I can tell you most of them were boosting or toxic, but they are real people.
When you are one you know the other ones usually. So I do not think 'smurfs' are just robots, its literally toxic high ranked people who are for whatever reason either being paid to boost accounts or just want to sh on bad players. But when I do play seriously in a very low ranked game (if i am boosting a friend I obviously want to win) it does absolutely look like I am cheating sometimes but usually you can tell the difference because the way I would play was not, like, overly risky. Cheaters who were taking it seriously would bring a duo to protect/pocket them to stop people like me from being able to counter them (playing a oneshot hero counters a cheater if you can hit shots). But if you can't even try to hit a shot then they will always win. Almost beat a cheater who got to 4900 SR or something because he was braindead and would just run into the open and aimbot everyone on soldier. But they had a dva pocket so by the end of the match I could not even try to kill him and it was a waste of time. It is really discouraging, because a smurf you can learn from, when I was getting better I did pay attention to how they played and adapted (later on it was nice finding the same people and destroying them in return :) really felt like I had made progress improving, seeing an account a year later that had ruined my day playing far worse than me).
iirc there was actually one bot in Overwatch and it was kind of funny, but it was pretty clearly not human and not very good. They also streamed it live. That was years ago so I am sure things have improved, but to make a truly human-like bot, well, the decisions AI or machine learning make is sometimes really weird in a competitive format. Something is always really off.
Apparently they are getting very good, but the hope is that anti-cheats will use the same techniques in reverse. I don't know what that will say for false positives.
AIMr does this for free
This is amazing, great work!
Would love to see a video on DMA devices, I read a post about using a virtual machine/ second s PC + a DMA device and found it very interesting as it avoids HWID bans.
Why would it avoid hwid bans💀 Maybe for the PC that the cheat is running on, but the other one where the game is running is still gonna be banned lol
@@Nioxs I’m not sure that’s why I’m asking. But if the memory is being read from a 3rd party device then it wouldn’t affect the main PC, no?
@@Karltyyy lmfao
@@Karltyyy It affects the PC where you play the game and start the AntiCheat
@@Karltyyy DMA allows you to bypass the need to read from memory locally, but you still need to write to memory for most cheat features. Most ACs will also be able to tell that you have a device installed and that might triggler flags. Also has nothing to do with avoiding HWID bans, just reduces detection vectors, if you get banned you're still HWID banned (there are other ways around this, just not DMA).
Basic question.. How do you call functions from a driver's source file?
I have a USB (VID0A46 / PID9621) Ethernet Adapter and found driver source code for it,
qop_kernel/drivers/net/usb/dm9620
I'm interested in using the device and adding/modifying that driver.
But not sure how to get started (compile, load, call functions). For example, I installed gcc and plugged it in , but how do I call load it, in order to call its functions.. like "dm_write_eeprom_word"?
I mean, the absolute ultimate cheat driver would be a separate machine that you could connect HDMI/DisplayPort to, and two usb ports to. It'd fudge a display, keyboard, and mouse, and since there's no way for any in-machine program to prove that those signals aren't legit since nothing in the machine itself is being modified.
And I wouldn't be surprised if they came out with an A.I. that could subtly adjust your actual inputs to improve your game. Since some anti-cheats rely on seeing either unrealistic inputs, or a sudden change in input styles. So, an A.I. program that could slowly adjust your inputs more and more would be indetectable to it.
Those kind of things already exist and can be readily bought.
AIMr, its free and does this
sockets are easily deteceted, for some games people use a rasperberry with port W (wifi) so it can recieve info directly from your wifi and then you configure it to seem as your mouse. But you will still need to make a bypass to make the rasperberry invisible (make it so it seems its not connected to any socket, normally it will be connected to the USB-3.0 socket)
or just patch the anticheat
@@Nickjack0310 ???? LOL
@@Nickjack0310 sure, but that is a much much harder task and would require far more moving parts in your program to circumvent the anticheat. the idea of not doing this is so that your cheat is efficient and as light weight as possible. some games ac is easier to "patch" but other more popular games require a lot of reverse engineering on the ac and i mean a *lot*
You dont need to make the rasp invisible, just connect it with usb cable and make it seem like elgato streamdeck or something else
@@ashxxiv better than ???? LOL guy
Yet again, a really well put together and informative video. Great stuff Cazz!
He's indeed a great source of information for game hacking and allaround
One of the most useful videos ive ever seen. Very helpful
The TF2 surf gameplay in the background caught me off guard. Nicely done video!
Bro your explanation on windows driver is so slick and understandable
i can listen to your explanation all day
what are the beginner level resources you would suggest to someone getting started on windows kernel programming
not in game hacking but in general
thank you for your contents :)
love to see surf in the background
your videos are always interesting and well done, thank you
I like how the surf gameplay is just spectating the 38.02 run replay bot
very well explained!
I was just about to get started with drivers and then I see that you just uploaded this video xD
the only two acceptable uses for this software:
-anti invasive drivers
-forcing eac to let me set core affinity
It's so annoying that games won't allow you to change the affinity or priority.. just LET ME DO IT I NEED IT
Very insightful, never knew the integrities of kernel drivers until now. Keep the up good work!
Thanks !
I was waiting for this ❤
Mom! New Cazz vid just dropped
Great video thanks
absolutely amazing video - thorough and well said. thanks cazz!
I'm not planning on making hacks but somehow this made me understand understand what a kernel is and how its used. I have a way clearer picture now, of what before was more like a black box. Thanks!
Thanks for the video. Could you make a video on how to manually map drivers? Thanks
This is a LEGEND channel
2:40
It should be noted, as a random piece of Windows History/Trivia. That the OS Controlling RAM Access was first done in Windows NT. And has been more or less this way since XP. 95, 98 and ME did not follow this convention. But XP and new Windows Versions do.
Best explanation on how to make hacks I ever heard.
Awesome video bro, can u do a internal/external using rustlang e show it to us?
For alot of things having a good driver is a decent idea, case and point Baby Driver
return of the king
Fire Video Mate!
useful video!
I have a question that when i using Kernel driver cheat hooking function of modules in process, read write memory of process so i have to inject dll like i do in internal cheating user-mode ?
if you still need this, no you shouldn't since it is directly operating on the kernel
Happy Chrismas everyone
This yt channel is such a blessing! Hacking in general always seemed like black magic to me and I just didn't know where to start until I stumbled upon this channel. Keep it up!
🤓
@@jordan13377 👺
Why would you even start?
Bro do more of these
i'm a latam guy, and this channel is god. Nice work, i can understand how working the anticheats.
All my life the anticheats was a unknow thing like a magic.
Now i create a bypass for pubg
could you make a video about physical hacks like gaining access to the memory by using pci device?
The best way to cheat is the 2 computer method using a hardware debugger to bridge the host and debugger, it's undetectable to the host running the game. Example of this is using a PCI card that opens up a DMA pipeline. I break anti-cheat engines for fun.
👍
"undetectable" -> This isn't true [anymore]. VGK and ESEA have proven, that you can easily detect DMA these days. Even with custom firmware.
@@ting1561 Define easily, because in the end of the day all it can do is try to parse known signatures of access, if i make a cheat and don't publish it's truly indetectable, DMA tracking is tricky as FUCK, and theoretically all you would need to do to write your own driver is to pay microshit to sign a buggy code like with VMWARE, or buy a driver exploit for a device you own, Heck, write your code to use the video card as DMA then it's a complete and absolute clusterfuck madness blackhole to try to block the cheat.
@@fss1704 Couldn't have said it better. Infact one of my favorite ways to access memory and bypass Anti-cheat doesn't even require DMA. You can use something like CosMapper to just manually map your driver before you launch the game. Works like a charm
@@adversemiller sweet, didn't knew this tool, i have a pc with a compromised intel me that was a legend reverse engineering hacks, watch god mode unlocked to have a grasp, used to cheat very well, just small fov aimhelp and triggerbot with esp invisible to the software, i exfiltrated the esp box data trough pci slot like i was using a gpio and the o.s. had absolutely no clue that there was anything connected, i used a bluepill to draw the esp boxes on top of a vga signal.
Not me getting a f stroke when you put a blue screen with the sound and I instantly thought I got a bluescreen xDD
You're the best Man ♥
What about internal hacks? How does an AC detect that if you're not using the win32 api?
Great video
short question do anyone know how to get vulkan drivers in the vmware windows virtual machine?
great video!
Great way to start the video. You've made me angry. Phenomenal start to a surf run then blue screen... it was like deja vu and made me feel that feeling all over again.
Can you make a video on how to make a spoofer for any mobo? Since people get hwid bans and we also wanna learn how to do it ourselves.
Please tell me any sources you recommend
Also you do not "create your own versions of reading and writing memory" to get around hooked syscalls or anything else the anticheat looks for.
With Great Power Comes Great Responsibility
You got me rickrolled at 1:25
Great explanation! Could you make a video which talks about how to write a window driver for game hacking?
nice video, although what was 4:23 about? =)))))
So many people in these comments just wanting to get cheats lol with no interest in learning anything.
So sad, such little effort. They would be so easy to give malware to. They will download anything you give them and run any batch file you want just because they want to feel better at the game than they are. We optimized games for competitive play in windows (not for any cheating, just tweaks to windows to make it not shit), and kids would literally do anything we gave them. My friend gave someone a bat file that was mostly gibberish obfuscated and it had a command somewhere in the middle to check all drives for fortnite and uninstall it. Most harmless thing but the kid really saw it uninstalled, reinstalled it, and did this 4 more times before asking why it wasn't working.
If you did anything worse than that it is just so easy. It is sad. But we need to be aware of the danger in these communities because people who cheat for malicious reasons are often willing to also do malicious things to people.
What are the most ussable functions which have to be in driver? Memory read, memory write, and...? If i read memory and it is function address, how to call it from kernel mode using user mode application and um km communication? Is it needed at all? Or i can just call it from user mode?
bro do yk how to bypass eac
@@meth6922 what you want to if you want bypass it?
Awesome video
Can we just connect gaming PC thru other PC, and use that other PC for scaning network trafic, to get informations that we need ?
network traffic is encrypted
Hey, just curious if you know how to make ImGui examples (Premade ImGui) Work in csgo, I’m still learning but it would help if I got a guide
github
good video, keep it up
that blue screen of death scared me i thought it actually happened
Funny how the most played time in the video is at the end of the sponsor lol
thats how to game works G
what game you recomend for playground?
to add on something, vbox lets u take snapshots without a premium sub, i find it quite useful, not sure if vmware does the same.
That's cool man
Very well made video ,I just loved it but sadly, right when I was expecting you to go into more technical stuff you were just getting to new part. Please do a more in depth video giving us some of the tricks that helped you in your "journey" because I I did knew about most of the stuff you said, but this is somewhat basic knowledge, and I want to learn more technical stuff.
Keep it up
As you say he only mentions each stage of development briefly, but for the length of video he is aiming for that's nessecary. Hopefully more to come :)
@@yoshimurahirihito For the video length it's incredible, he covered all the basics in a very easy understanding way. But I want to learn the actual technical part. Hope he will do that
Its a channel mostly targeted at complete beginners, he has to explain the basics first, lets just hope he goes more in-depth in a future video. Would be nice since you usually have to read for this kind of information but reading is for nerds
@@IstAuchEgal_ Lmao, ikr 😂😂 Same mentality her3
Exactly. More technical stuff please!
Your content is amazing, u gonna go far with this type of videos :)
This is top quality content, you deserve way more views.
having a vid on this channel of this method makes me feel better about following these instructions from some shady site that looked straight outta the 80's..
what else did i expect to be hiding behind that qr code😂😂
Is this why these games have taken so long to support linux, because of how windows specific their methods are? Are the versions of easy anti cheat now available for proton also as potentially invasive?
No, AFAIK the proton version of eac is much less potent because, linux being a bit more secure than windows, it simply won't allow it to run in kernel mode.
Problem with linux is that you can just make a patch for your own kernel or anyone can modify it. Thats why no anticheat support.
@@iwky1930 problem for enforcing anticheat on someone elses pc perhaps, great for using your own pc the way you want to though...
@@johanngambolputty5351 well yea i meant it as a problem in the case of anticheat support.
problem is that anticheat developers are control whores, linux can't run anticheat on root level only user level unlike windows.
can you use gefroce drivers to use as a "base" for your cheat?
herz 5
2:37 ad end
Waiting for the full driver )) tnx
lol public driver is gonna suck balls
Beast ty
Hello cazz!
nc video thanks thanks good!!
What if you directly burn your cheat or driver onto the motherboard.
I remember hearing about some 3rd party compagnies that sold motherboard in some asian countries burn a info stealer malware so it literally cant be detected by anti viruses which has kernel level permission.
So we can make the same situation happen but instead of a malware and anti viruses, we have a cheat and anti cheats
How does the installation process even happen on Windows?
Awesome
Awesome video bro. Installing Visual Studio immediately!!!
do you have a dx11 internal imgui tutorial?
It’s easy to make, you would need to hook present and then check out imgui’s implementation
I'm interested to see how hacking evolved over time, back then it was just basic damage hack,
now people start making ESP mod menu and stuff. last time, I saw hacker start spawning weapon in a multiplayer game/ teleporting everyone in the map. which is insane. how do you even manage to get that far with hacking.
Wdym now? Esp was literally something you could download for free in cod 2
hey, recently I met a server on discord where fortntie cheats are sold and I was interested in one thing it said "driverless anti cheat cant see you cheating" are you able to say something about it if you know anything about it
Yes, this is mostly correct.
A user-mode anti-cheat (one that does not run in the kernel) cannot physically detect a kernel-mode cheat because user-mode applications cannot monitor the kernel. With that being said, if you use a kernel driver to modify a game's memory, a user-mode anti-cheat can still detect that memory has been changed, it just can't detect how because the modification came from the kernel.
Hope this makes sense!
@@cazzyou can make this? I can pay
.data ptr can be detected if not going through proper sources