To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription. Thanks for watching :) Corrections: - Socket communication isn't bad because of speed. Rather, it requires a system thread which is easily detectable. - MmCopyVirtualMemory is detected. - Manually mapping your driver is not a "free" or perfect solution to mapping your driver. Buying a certificate is obviously not undetectable either. Public communication methods are certainly detected as well. Some advice from Sariaki: "If i had to start over right now i would start by reversing the devirtualized battleye driver, thinking of a comm method myself and then going straight to the next step, thinking of a way to inject without getting detected"
windows sucks because if something go wrong in the kernel the system just dies, in linux the system survives way more to even severe kernel faults. windows is a weak system that if one thing goes wrong, all the rest break together.
Exactly what a cheat dev was telling me. If the cheat you are using has an undetectable driver that hasnt been picked up by anti cheat and only one person uses it. You have an undetecable cheat.
@@UNTHESUNTHESUNTHES whos saying I have they are just malware at this point a full on invasion of privacy and windows was bad enough that you have to take this stuff out of it and now games need this too
thats....the entire point, to spy on your machine to try and make sure your not cheating, and there is no reason to get upset at the anti cheats, they would all vanish if cheating wasn't a problem in games, they just add extra development time and cost, but cheating is such a problem in online games nowadays that that extra cost is near mandatory for your game to be playable
"The Windows Kernel is public and very well understood" as someone who interacts with the guys who write kernel cheats regularly, i can tell you right now that "well understood" is not a descriptor most of them would use for the windows kernel. I regularly hear stories about guys using poorly or completely undocumented functions that tbey found by scouring decompiled code and header files. Otherwise, great video 👍
the windows kernel for a previous version of windows NT is completely decompiled afaik its called the windows research kernel. so if you consider decompiled as "well understood" then there's that, but for comprehension-wise, sid6645 is more correct
You’re videos are informative and concise. Many game hacking related videos are made by people that don’t know how to explain what they are doing (usually because they are copy and pasting)
@@xman10110 It also makes sure that any exploit in the anticheat software can be utilized by bad actors to do much worse things than cheating in a videogame.
@@somdudewillson what would stop said bad actors from doing that while the game is running? having it run 24/7 is no more a security risk then having it run AT ALL
1:20 This isn't entirely true graphics drivers can be recovered in windows it's called "Timeout Detection and Recovery (TDR)" and it's pretty cool IMO.
Also you can manually reload/restart a gpu's drivers with Ctrl+Win+Shift+B. You'll hear a beep, the screen will blank out/flicker, and you'll be back in business.
I mean, the absolute ultimate cheat driver would be a separate machine that you could connect HDMI/DisplayPort to, and two usb ports to. It'd fudge a display, keyboard, and mouse, and since there's no way for any in-machine program to prove that those signals aren't legit since nothing in the machine itself is being modified. And I wouldn't be surprised if they came out with an A.I. that could subtly adjust your actual inputs to improve your game. Since some anti-cheats rely on seeing either unrealistic inputs, or a sudden change in input styles. So, an A.I. program that could slowly adjust your inputs more and more would be indetectable to it.
So many people in these comments just wanting to get cheats lol with no interest in learning anything. So sad, such little effort. They would be so easy to give malware to. They will download anything you give them and run any batch file you want just because they want to feel better at the game than they are. We optimized games for competitive play in windows (not for any cheating, just tweaks to windows to make it not shit), and kids would literally do anything we gave them. My friend gave someone a bat file that was mostly gibberish obfuscated and it had a command somewhere in the middle to check all drives for fortnite and uninstall it. Most harmless thing but the kid really saw it uninstalled, reinstalled it, and did this 4 more times before asking why it wasn't working. If you did anything worse than that it is just so easy. It is sad. But we need to be aware of the danger in these communities because people who cheat for malicious reasons are often willing to also do malicious things to people.
Would love to see a video on DMA devices, I read a post about using a virtual machine/ second s PC + a DMA device and found it very interesting as it avoids HWID bans.
@@Karltyyy DMA allows you to bypass the need to read from memory locally, but you still need to write to memory for most cheat features. Most ACs will also be able to tell that you have a device installed and that might triggler flags. Also has nothing to do with avoiding HWID bans, just reduces detection vectors, if you get banned you're still HWID banned (there are other ways around this, just not DMA).
2:40 It should be noted, as a random piece of Windows History/Trivia. That the OS Controlling RAM Access was first done in Windows NT. And has been more or less this way since XP. 95, 98 and ME did not follow this convention. But XP and new Windows Versions do.
I'm not planning on making hacks but somehow this made me understand understand what a kernel is and how its used. I have a way clearer picture now, of what before was more like a black box. Thanks!
This yt channel is such a blessing! Hacking in general always seemed like black magic to me and I just didn't know where to start until I stumbled upon this channel. Keep it up!
Basic question.. How do you call functions from a driver's source file? I have a USB (VID0A46 / PID9621) Ethernet Adapter and found driver source code for it, qop_kernel/drivers/net/usb/dm9620 I'm interested in using the device and adding/modifying that driver. But not sure how to get started (compile, load, call functions). For example, I installed gcc and plugged it in , but how do I call load it, in order to call its functions.. like "dm_write_eeprom_word"?
sockets are easily deteceted, for some games people use a rasperberry with port W (wifi) so it can recieve info directly from your wifi and then you configure it to seem as your mouse. But you will still need to make a bypass to make the rasperberry invisible (make it so it seems its not connected to any socket, normally it will be connected to the USB-3.0 socket)
@@Nickjack0310 sure, but that is a much much harder task and would require far more moving parts in your program to circumvent the anticheat. the idea of not doing this is so that your cheat is efficient and as light weight as possible. some games ac is easier to "patch" but other more popular games require a lot of reverse engineering on the ac and i mean a *lot*
Is this why these games have taken so long to support linux, because of how windows specific their methods are? Are the versions of easy anti cheat now available for proton also as potentially invasive?
No, AFAIK the proton version of eac is much less potent because, linux being a bit more secure than windows, it simply won't allow it to run in kernel mode.
now obviously, the future of cheating in video games is in machine learning. You don't even need access to the game AT ALL to read the image data from screen, where an advanced deeply trained AI can interpret imagery and adjust mouse inputs accordingly. Super simple but there's currently nothing that can be done on a system level to prevent these cheats (that have been out there for years, you may even have encountered them but they are usually so subtle yet effective it get's called "smurfing")
@@itsv1p3r he's saying they think it is smurfing but it is actually machine learning bots (which is ridiculous they have only recently had any traction) as an occasional smurf myself in OW1 back in the day (peaked GM hitscan, if I play in anything below master it is unfair, it is not really that fun for me. But sometimes I would help friends rank up or whatever. It loses its charm fast but later on I was coaching so I would play with lower ranked players and even when not trying to specifically win just me being in the game tilts the balance significantly) I can tell you most of them were boosting or toxic, but they are real people. When you are one you know the other ones usually. So I do not think 'smurfs' are just robots, its literally toxic high ranked people who are for whatever reason either being paid to boost accounts or just want to sh on bad players. But when I do play seriously in a very low ranked game (if i am boosting a friend I obviously want to win) it does absolutely look like I am cheating sometimes but usually you can tell the difference because the way I would play was not, like, overly risky. Cheaters who were taking it seriously would bring a duo to protect/pocket them to stop people like me from being able to counter them (playing a oneshot hero counters a cheater if you can hit shots). But if you can't even try to hit a shot then they will always win. Almost beat a cheater who got to 4900 SR or something because he was braindead and would just run into the open and aimbot everyone on soldier. But they had a dva pocket so by the end of the match I could not even try to kill him and it was a waste of time. It is really discouraging, because a smurf you can learn from, when I was getting better I did pay attention to how they played and adapted (later on it was nice finding the same people and destroying them in return :) really felt like I had made progress improving, seeing an account a year later that had ruined my day playing far worse than me). iirc there was actually one bot in Overwatch and it was kind of funny, but it was pretty clearly not human and not very good. They also streamed it live. That was years ago so I am sure things have improved, but to make a truly human-like bot, well, the decisions AI or machine learning make is sometimes really weird in a competitive format. Something is always really off. Apparently they are getting very good, but the hope is that anti-cheats will use the same techniques in reverse. I don't know what that will say for false positives.
Still not easy. win32 mouse event leaves a flag, which most anticheats can easily detect. So unless you use arduino or HID that can make undetectable mouse movements, you won't be safe even with those no-memory-hack cheats.
Bro your explanation on windows driver is so slick and understandable i can listen to your explanation all day what are the beginner level resources you would suggest to someone getting started on windows kernel programming not in game hacking but in general thank you for your contents :)
The best way to cheat is the 2 computer method using a hardware debugger to bridge the host and debugger, it's undetectable to the host running the game. Example of this is using a PCI card that opens up a DMA pipeline. I break anti-cheat engines for fun.
@@ting1561 Define easily, because in the end of the day all it can do is try to parse known signatures of access, if i make a cheat and don't publish it's truly indetectable, DMA tracking is tricky as FUCK, and theoretically all you would need to do to write your own driver is to pay microshit to sign a buggy code like with VMWARE, or buy a driver exploit for a device you own, Heck, write your code to use the video card as DMA then it's a complete and absolute clusterfuck madness blackhole to try to block the cheat.
@@fss1704 Couldn't have said it better. Infact one of my favorite ways to access memory and bypass Anti-cheat doesn't even require DMA. You can use something like CosMapper to just manually map your driver before you launch the game. Works like a charm
@@adversemiller sweet, didn't knew this tool, i have a pc with a compromised intel me that was a legend reverse engineering hacks, watch god mode unlocked to have a grasp, used to cheat very well, just small fov aimhelp and triggerbot with esp invisible to the software, i exfiltrated the esp box data trough pci slot like i was using a gpio and the o.s. had absolutely no clue that there was anything connected, i used a bluepill to draw the esp boxes on top of a vga signal.
Very well made video ,I just loved it but sadly, right when I was expecting you to go into more technical stuff you were just getting to new part. Please do a more in depth video giving us some of the tricks that helped you in your "journey" because I I did knew about most of the stuff you said, but this is somewhat basic knowledge, and I want to learn more technical stuff. Keep it up
As you say he only mentions each stage of development briefly, but for the length of video he is aiming for that's nessecary. Hopefully more to come :)
@@yoshimurahirihito For the video length it's incredible, he covered all the basics in a very easy understanding way. But I want to learn the actual technical part. Hope he will do that
Its a channel mostly targeted at complete beginners, he has to explain the basics first, lets just hope he goes more in-depth in a future video. Would be nice since you usually have to read for this kind of information but reading is for nerds
Great way to start the video. You've made me angry. Phenomenal start to a surf run then blue screen... it was like deja vu and made me feel that feeling all over again.
How the hell are cheaters so desperate to cheat that you all somehow find more privilege escalation zero-days and create 10x more resources about driver programming, reverse engineering, and process hijacking than actual highly funded security research teams combatting malware? That's just the people providing the info for free as well. I'm sure there's a lot more information people don't disclose since they sell paid cheats. Every time I do research about this stuff, resources with a focus on game hacking always seems to pop up and they have more resources and better explanations than the alternatives. Hate multiplayer cheaters, but gotta concede that that make useful stuff. I just hope most of y'all are learning this for fun and not to cheat in actual competitive games or make malware. Reminds me of when I learnt that of this realistic tank based game called War Thunder that is apparently responsible for countless leaks of classified military information from different countries to win arguments on the forum or get certain vehicles buffed/nerfed. When the recent Pentagon leak happened, I remember people were joking about it being related to War Thunder. Turns out it actually was. Some gamers are truly lunatics.
It was not countless leaks, iirc it was just one about the F-16. It was non-critical information and something some random enlisted probably knew and had access to on something that wasn't SIPRNET. I have a lot of documents about the planes I flew on (Far more sensitive than the F-16) that are unclassified, but the general public doesn't really have access to them easily because they are part of our training, and what the public has is just generalized information. I have talked with some cheat devs of very expensive paid hacks and they are very talented people. Much more talented than the average pixelbot writer. You can tell the difference in class, it's like a drug dealer vs. the drug lord. They are able to get around anticheats long before anyone else and able to keep it updated, somehow. Their value becomes less and less useful as the anticheat is compromised, and this was the case for Overwatch, which started out having a decent anticheat (it stopped most memory cheats, which were the most dangerous for that game, where most things were server side, so most things could not be touched), but Blizzard neglected it and since it was in-house, it was fairly obfuscated but only got easier and easier to defeat. Most of the lower tier cheaters who sell stuff include malware (hwid spoofers are almost always malware for some unsuspecting kid) and they tend to be really dumb and scammers, who steal other people's cheats and resell them with some minor modifications. Many cheaters that do not develop are also very talented because they too enjoy reversing. It was annoying I had to do all this in secret despite myself never cheating because learning about these things was very informative for what was really possible, and what was out there; and what to look out for. I also forwarded cheats to Blizzard's line quite often but I doubt it made a difference. The community is very scummy and dangerous. Cheating is addictive like a drug if you lack empathy in some regard. But for every intelligent engineer and software dev (one I knew specifically would teach me how jank some of the worst cheats were) there are like 100 kiddos and scammers or more, treating it like a business, or trying to get people to do things for them for free while they do not care to learn anything. at some point in time many people need a lockpicker... someone has to be able to do it. There are also grey hats who go for reward money in return for finding exploits. It is a very interesting dynamic and I found cheaters to be interesting people. At the end of the day, though, the majority of them are ruining these games and often for very stupid reasons (everyone else is cheating is a common one by people coping they are bad).
What if you directly burn your cheat or driver onto the motherboard. I remember hearing about some 3rd party compagnies that sold motherboard in some asian countries burn a info stealer malware so it literally cant be detected by anti viruses which has kernel level permission. So we can make the same situation happen but instead of a malware and anti viruses, we have a cheat and anti cheats
Game genie basically. Thing is, legitimate peripherals are registered and have officially assigned identifiers. Now you can forge one of those, so automatics may not pick it up, but if enough sightings of an unusual device ID get associated with reported cheating, manual review is just going to get it flagged as a malicious peripheral. There are really only two ways around kernel monitoring. Either switch your memory injector's ID frequently enough that it doesnt get intercepted, or run the entire kernel in a virtual environment, and modify memory from outside the scope of its virtual kernel. This can go as far as airgap isolation and hardware debugging feom a second compuiter. At that point becomes impossible to detect the memory modification, and anti cheat has to fall back on reviewing performance, most likely with machine learning algorithms.
Some day someone will create a RAM that has additional USB-C port where you can connect your phone to and directly manipulate memory data without operating system even knowing about it.
What are the most ussable functions which have to be in driver? Memory read, memory write, and...? If i read memory and it is function address, how to call it from kernel mode using user mode application and um km communication? Is it needed at all? Or i can just call it from user mode?
having a vid on this channel of this method makes me feel better about following these instructions from some shady site that looked straight outta the 80's..
I have a question that when i using Kernel driver cheat hooking function of modules in process, read write memory of process so i have to inject dll like i do in internal cheating user-mode ?
I had the idea to get into game hacking about 6 months ago. I'm now a certified IT Specialist and have zero interest in games anymore. The computer world is so damn big.
Hypotetically speaking - what happens if you go one step further: forget about kernel level access through drivers, what about modifying the kernel itself. Like, the kernel is a file on your disk, right? ntoskrnl or whatever it's called. If someone knows what they're doing, could they make a cheating kernel, basically a rootkit built directly on the kernel to inject cheats that are undetected even by drivers.
The Windows kernel is a collection of multiple files and dynamic libraries and it is not modifiable since it is closed-source so modifying the kernel itelf is not viable and as a addition there are many counter measures to programs trying to modify any kernel driver or the kernel itself like Windows Patchguard
Of course, it does, for the system running in user mode is more secure. On Linux, running it as root or in the kernel makes little sense. Unlike on Windows, the user has full control over the operating system. Even an anti cheat operating on a kernel level can be defeated with a patched kernel, which would not be detectable. The situation is kind of similar to hiding magisk root on android, detecting it really does not work well through traditional means.
Legit question. Why cheat in video games? This video popped up on my reccomended so I'm just curious. The obvious reason I come up with is "because I want to see if I can get away with it", so is that it?
There's two sides of it, making them and using them. Making them is largely a "To see if I can, for the challenge" kind of thing, using them is likely more for attention and power fantasy and such. Yuh.
Can you make a video on how to make a spoofer for any mobo? Since people get hwid bans and we also wanna learn how to do it ourselves. Please tell me any sources you recommend
this video was awesome and I learned a lot but I have a bunch of questions that I hope some people can answer. The first thing I was curious about is how the VM is useful considering I've seen a lot of anti cheats that block their game from being opened inside virtual machines. another thing I was curious about is some of the few last few things he said about the manual mapping with the KD map or whatever how exactly does that work I don't know much about file signing but I know that you have to pay to get files signed and that it's pretty expensive I also thought that manual mapping was something that was used for injectors what exactly is this driver mapping and how does it work and how are anti-cheats not detecting it because I plan on making a big project that needs to be able to slip past easy AC I don't need to write memory or anything I just need to be able to move the mouse without using Windows API functions because most of them are detected by EAC. also I noticed that the easy anti-cheat logo specifically shown in the thumbnail I'm asking about easy anti-cheat specifically because I want to make cheat that bypasses this as I mentioned earlier it's pretty simple but there is a Roblox cheat called celex that is a driver based cheat now although it's not reading or writing any memory from any other games for some reason if you open fortnite which uses EasyAC and then open this Roblox cheat you get banned so I was wondering does this method actually bypass easy anti cheat. PS I apologize if some of this is illegible I am using the voice typing on my phone because I'm too lazy to type all this.
Apparently, there was no hacker in Valorant, but using this method, now there is full of cheaters in Valorant, one of my friends sell cheats utilising this method, which is sad somehow we find loopholes in any anti-cheat system.
I'm interested to see how hacking evolved over time, back then it was just basic damage hack, now people start making ESP mod menu and stuff. last time, I saw hacker start spawning weapon in a multiplayer game/ teleporting everyone in the map. which is insane. how do you even manage to get that far with hacking.
It makes me mad than random game Companies have Kernel access on our Computers and still there are Cheaters ingame. Makes no sense to give up that much as a User, to get basically a delay for cheaters to come back.
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription. Thanks for watching :)
Corrections:
- Socket communication isn't bad because of speed. Rather, it requires a system thread which is easily detectable.
- MmCopyVirtualMemory is detected.
- Manually mapping your driver is not a "free" or perfect solution to mapping your driver. Buying a certificate is obviously not undetectable either. Public communication methods are certainly detected as well.
Some advice from Sariaki:
"If i had to start over right now i would start by reversing the devirtualized battleye driver, thinking of a comm method myself and then going straight to the next step, thinking of a way to inject without getting detected"
ok
ok
Before we continue guess which sponsor I won’t buy from and will skip.
windows sucks because if something go wrong in the kernel the system just dies, in linux the system survives way more to even severe kernel faults.
windows is a weak system that if one thing goes wrong, all the rest break together.
It would be great if Brilliant actually adhered to GDPR instead of just invading your privacy
Would love to see how those companies would react if we were to install kernel level system loggers...
or kernel level hacks rofl
@@DiamondBroPlayz has been done and is being sold for multiple years now, still detectable and detected numerous times.
@@rengomero1576 oof
@@DiamondBroPlayz that's how all Valorant hacks are, although I'd never recommend installing an unknown kernal level hack
@@MartianV2GG "kernal"
i've always wanted to understand how drivers work, thank you!
just asked a taxi driver he said he works all day.
@@robsonrobbi1763 💀
@@robsonrobbi1763 i can't tell if you're serious or not but you're supposed to ask a truck driver, DUH!
@@lucaslindgren3237 i am very serious person.
@@robsonrobbi1763 can he work for me?
Exactly what a cheat dev was telling me. If the cheat you are using has an undetectable driver that hasnt been picked up by anti cheat and only one person uses it. You have an undetecable cheat.
Got it, we should ban the use of "unlicensed drivers" in the game
@@Otherwise_1 that wouldnt work the amount of false bans/ issues yiu would have is crazy
@@Mohennep-c6m No, it will be done differently, the game will just crash/not start if something like this is enabled
@@Otherwise_1 how do you differentiate between a cheat driver and a driver for some unknown pcie card
@@null7639 I don't know, I'll have to test it when I create the game, at least it will be possible to manually add drivers to "trusted"
at this point anti-cheats are basically becoming spyware
Windows rivals
Maybe shouldn't have cheated
@@UNTHESUNTHESUNTHES whos saying I have they are just malware at this point a full on invasion of privacy and windows was bad enough that you have to take this stuff out of it and now games need this too
Always have been, actually
thats....the entire point, to spy on your machine to try and make sure your not cheating, and there is no reason to get upset at the anti cheats, they would all vanish if cheating wasn't a problem in games, they just add extra development time and cost, but cheating is such a problem in online games nowadays that that extra cost is near mandatory for your game to be playable
For anyone wondering : yes the QR-Code at 1:23 is a Rickroll.
did you know 1.93% of all QR-Codes are rickrolls
A true hero
You poor soul.
Thx, i couldnt be bothered grabbing my phone in the next room
When I scanned it, it only went to youtube's main page, hmm... I got lucky lol.
never understood how anyone would happily allow Anti-Cheat or even Cheats to run at kernel level and trust them.
...that is why you disable the anticheats and create your own cheats.
I trust them to run on a separate hard drive with a separate windows install, for anything that isn't gaming i don't see a point ever using windows.
Why wouldn't you trust an anti cheat 💀
@@theFishy_ why would you?
@@theFishy_ how can you trust they dont take your data, same with cheats you dont make.
Little correction: Ring 0/the kernel is NOT the most privileged part of your computer, Ring -2/the IME or AMD PSP is.
not if you remove it :trolley:
@@chinh4thepro Have fun booting without them 🚎
Heck, i'd like to have fun with the ime, imagine the kind of sh1t you could do.
Can you give further reading about ring -2? I have having trouble finding information about it.
@@0xfadead *Libre/Core booting
what an excellent video on fighting back against invasive software. Well done.
too bad it will make more invasive software because of you
@@handlesrtwitterdontbelivethem It's actually not invasive because it will fight the already existing invasive software.
@@reidafesta9131 and i will fight the existing soul you have
@@handlesrtwitterdontbelivethem but can they go higher than the Kernel?
@@kajojo2399 yes sir all security in computing can be defeated by a gods computer that changes 0s and 1s nobody can defeat the 0 and 1 find find
"The Windows Kernel is public and very well understood" as someone who interacts with the guys who write kernel cheats regularly, i can tell you right now that "well understood" is not a descriptor most of them would use for the windows kernel. I regularly hear stories about guys using poorly or completely undocumented functions that tbey found by scouring decompiled code and header files. Otherwise, great video 👍
I dont believe any kernel to be well known by a single person lmao. Well, any kernel that is as large as the windows/linux kernel in scope.
the windows kernel for a previous version of windows NT is completely decompiled afaik its called the windows research kernel. so if you consider decompiled as "well understood" then there's that, but for comprehension-wise, sid6645 is more correct
You’re videos are informative and concise. Many game hacking related videos are made by people that don’t know how to explain what they are doing (usually because they are copy and pasting)
Any other subjects of game hacking you're interested in?
or maybe they don't want you/us to learn easily what they learned that spend so much time and effort yk.
You...are...videos 🎉
@@tim.martin Check out mine!
Man, he really is the videos ✊✊
Low level security with video game examples, your channel is a gold mine!
@georgedick1521 neka what???
The biggest issue I have with Kernel level anti-cheat software is when it remains active even when I do not ACTIVELY PLAY the game.
this is to make sure you're not rigging your install to allow you to cheat before you boot up the game
@@xman10110 It also makes sure that any exploit in the anticheat software can be utilized by bad actors to do much worse things than cheating in a videogame.
cough cough *vanguard* cough cough
@@somdudewillson what would stop said bad actors from doing that while the game is running? having it run 24/7 is no more a security risk then having it run AT ALL
@@flamingscar5263 well imagine you play that game only like once a month and a zeroday in the anti-cheat is revealed while you were not playing
1:20 This isn't entirely true graphics drivers can be recovered in windows it's called "Timeout Detection and Recovery (TDR)" and it's pretty cool IMO.
Thank you, I didn’t know about that !!
Also you can manually reload/restart a gpu's drivers with Ctrl+Win+Shift+B. You'll hear a beep, the screen will blank out/flicker, and you'll be back in business.
@@HobkinBoi where do you even learn this kind of shortcut lol
@@HobkinBoi I tried it. Worked exactly as you described.
Yet again, a really well put together and informative video. Great stuff Cazz!
He's indeed a great source of information for game hacking and allaround
I mean, the absolute ultimate cheat driver would be a separate machine that you could connect HDMI/DisplayPort to, and two usb ports to. It'd fudge a display, keyboard, and mouse, and since there's no way for any in-machine program to prove that those signals aren't legit since nothing in the machine itself is being modified.
And I wouldn't be surprised if they came out with an A.I. that could subtly adjust your actual inputs to improve your game. Since some anti-cheats rely on seeing either unrealistic inputs, or a sudden change in input styles. So, an A.I. program that could slowly adjust your inputs more and more would be indetectable to it.
Those kind of things already exist and can be readily bought.
AIMr, its free and does this
Very insightful, never knew the integrities of kernel drivers until now. Keep the up good work!
So many people in these comments just wanting to get cheats lol with no interest in learning anything.
So sad, such little effort. They would be so easy to give malware to. They will download anything you give them and run any batch file you want just because they want to feel better at the game than they are. We optimized games for competitive play in windows (not for any cheating, just tweaks to windows to make it not shit), and kids would literally do anything we gave them. My friend gave someone a bat file that was mostly gibberish obfuscated and it had a command somewhere in the middle to check all drives for fortnite and uninstall it. Most harmless thing but the kid really saw it uninstalled, reinstalled it, and did this 4 more times before asking why it wasn't working.
If you did anything worse than that it is just so easy. It is sad. But we need to be aware of the danger in these communities because people who cheat for malicious reasons are often willing to also do malicious things to people.
Would love to see a video on DMA devices, I read a post about using a virtual machine/ second s PC + a DMA device and found it very interesting as it avoids HWID bans.
Why would it avoid hwid bans💀 Maybe for the PC that the cheat is running on, but the other one where the game is running is still gonna be banned lol
@@Nioxs I’m not sure that’s why I’m asking. But if the memory is being read from a 3rd party device then it wouldn’t affect the main PC, no?
@@Karltyyy lmfao
@@Karltyyy It affects the PC where you play the game and start the AntiCheat
@@Karltyyy DMA allows you to bypass the need to read from memory locally, but you still need to write to memory for most cheat features. Most ACs will also be able to tell that you have a device installed and that might triggler flags. Also has nothing to do with avoiding HWID bans, just reduces detection vectors, if you get banned you're still HWID banned (there are other ways around this, just not DMA).
2:40
It should be noted, as a random piece of Windows History/Trivia. That the OS Controlling RAM Access was first done in Windows NT. And has been more or less this way since XP. 95, 98 and ME did not follow this convention. But XP and new Windows Versions do.
the only two acceptable uses for this software:
-anti invasive drivers
-forcing eac to let me set core affinity
It's so annoying that games won't allow you to change the affinity or priority.. just LET ME DO IT I NEED IT
I'm not planning on making hacks but somehow this made me understand understand what a kernel is and how its used. I have a way clearer picture now, of what before was more like a black box. Thanks!
I like how the surf gameplay is just spectating the 38.02 run replay bot
One of the most useful videos ive ever seen. Very helpful
The TF2 surf gameplay in the background caught me off guard. Nicely done video!
Funny how the most played time in the video is at the end of the sponsor lol
thats how to game works G
I really like this format & the breakdowns
This yt channel is such a blessing! Hacking in general always seemed like black magic to me and I just didn't know where to start until I stumbled upon this channel. Keep it up!
🤓
@@jordan13377 👺
Why would you even start?
@@Mart-E12 Cuz its fun and you learn a lot about the windows api and how games work
great video expalanation of general driver's meaning and development process
Mom! New Cazz vid just dropped
Thank you so much for the video, you explained the process very well!
Basic question.. How do you call functions from a driver's source file?
I have a USB (VID0A46 / PID9621) Ethernet Adapter and found driver source code for it,
qop_kernel/drivers/net/usb/dm9620
I'm interested in using the device and adding/modifying that driver.
But not sure how to get started (compile, load, call functions). For example, I installed gcc and plugged it in , but how do I call load it, in order to call its functions.. like "dm_write_eeprom_word"?
sockets are easily deteceted, for some games people use a rasperberry with port W (wifi) so it can recieve info directly from your wifi and then you configure it to seem as your mouse. But you will still need to make a bypass to make the rasperberry invisible (make it so it seems its not connected to any socket, normally it will be connected to the USB-3.0 socket)
or just patch the anticheat
@@Nickjack0310 ???? LOL
@@Nickjack0310 sure, but that is a much much harder task and would require far more moving parts in your program to circumvent the anticheat. the idea of not doing this is so that your cheat is efficient and as light weight as possible. some games ac is easier to "patch" but other more popular games require a lot of reverse engineering on the ac and i mean a *lot*
You dont need to make the rasp invisible, just connect it with usb cable and make it seem like elgato streamdeck or something else
@@ashxxiv better than ???? LOL guy
Is this why these games have taken so long to support linux, because of how windows specific their methods are? Are the versions of easy anti cheat now available for proton also as potentially invasive?
No, AFAIK the proton version of eac is much less potent because, linux being a bit more secure than windows, it simply won't allow it to run in kernel mode.
Problem with linux is that you can just make a patch for your own kernel or anyone can modify it. Thats why no anticheat support.
@@iwky1930 problem for enforcing anticheat on someone elses pc perhaps, great for using your own pc the way you want to though...
@@johanngambolputty5351 well yea i meant it as a problem in the case of anticheat support.
problem is that anticheat developers are control whores, linux can't run anticheat on root level only user level unlike windows.
I was just about to get started with drivers and then I see that you just uploaded this video xD
2:37 ad end
love to see surf in the background
now obviously, the future of cheating in video games is in machine learning. You don't even need access to the game AT ALL to read the image data from screen, where an advanced deeply trained AI can interpret imagery and adjust mouse inputs accordingly. Super simple but there's currently nothing that can be done on a system level to prevent these cheats (that have been out there for years, you may even have encountered them but they are usually so subtle yet effective it get's called "smurfing")
You're correct. I recently found a Poker Cheating Bot that does exactly this, using ML and mouse inputs.
Pretty sure smurfing is just when you are skilled at a game but make a new account to play with/against lower skilled players temporarily.
@@itsv1p3r he's saying they think it is smurfing but it is actually machine learning bots (which is ridiculous they have only recently had any traction)
as an occasional smurf myself in OW1 back in the day (peaked GM hitscan, if I play in anything below master it is unfair, it is not really that fun for me. But sometimes I would help friends rank up or whatever. It loses its charm fast but later on I was coaching so I would play with lower ranked players and even when not trying to specifically win just me being in the game tilts the balance significantly) I can tell you most of them were boosting or toxic, but they are real people.
When you are one you know the other ones usually. So I do not think 'smurfs' are just robots, its literally toxic high ranked people who are for whatever reason either being paid to boost accounts or just want to sh on bad players. But when I do play seriously in a very low ranked game (if i am boosting a friend I obviously want to win) it does absolutely look like I am cheating sometimes but usually you can tell the difference because the way I would play was not, like, overly risky. Cheaters who were taking it seriously would bring a duo to protect/pocket them to stop people like me from being able to counter them (playing a oneshot hero counters a cheater if you can hit shots). But if you can't even try to hit a shot then they will always win. Almost beat a cheater who got to 4900 SR or something because he was braindead and would just run into the open and aimbot everyone on soldier. But they had a dva pocket so by the end of the match I could not even try to kill him and it was a waste of time. It is really discouraging, because a smurf you can learn from, when I was getting better I did pay attention to how they played and adapted (later on it was nice finding the same people and destroying them in return :) really felt like I had made progress improving, seeing an account a year later that had ruined my day playing far worse than me).
iirc there was actually one bot in Overwatch and it was kind of funny, but it was pretty clearly not human and not very good. They also streamed it live. That was years ago so I am sure things have improved, but to make a truly human-like bot, well, the decisions AI or machine learning make is sometimes really weird in a competitive format. Something is always really off.
Apparently they are getting very good, but the hope is that anti-cheats will use the same techniques in reverse. I don't know what that will say for false positives.
AIMr does this for free
Still not easy. win32 mouse event leaves a flag, which most anticheats can easily detect. So unless you use arduino or HID that can make undetectable mouse movements, you won't be safe even with those no-memory-hack cheats.
this video was helpful, thank you!
your videos are always interesting and well done, thank you
Bro your explanation on windows driver is so slick and understandable
i can listen to your explanation all day
what are the beginner level resources you would suggest to someone getting started on windows kernel programming
not in game hacking but in general
thank you for your contents :)
Best explanation on how to make hacks I ever heard.
Not me getting a f stroke when you put a blue screen with the sound and I instantly thought I got a bluescreen xDD
The best way to cheat is the 2 computer method using a hardware debugger to bridge the host and debugger, it's undetectable to the host running the game. Example of this is using a PCI card that opens up a DMA pipeline. I break anti-cheat engines for fun.
👍
"undetectable" -> This isn't true [anymore]. VGK and ESEA have proven, that you can easily detect DMA these days. Even with custom firmware.
@@ting1561 Define easily, because in the end of the day all it can do is try to parse known signatures of access, if i make a cheat and don't publish it's truly indetectable, DMA tracking is tricky as FUCK, and theoretically all you would need to do to write your own driver is to pay microshit to sign a buggy code like with VMWARE, or buy a driver exploit for a device you own, Heck, write your code to use the video card as DMA then it's a complete and absolute clusterfuck madness blackhole to try to block the cheat.
@@fss1704 Couldn't have said it better. Infact one of my favorite ways to access memory and bypass Anti-cheat doesn't even require DMA. You can use something like CosMapper to just manually map your driver before you launch the game. Works like a charm
@@adversemiller sweet, didn't knew this tool, i have a pc with a compromised intel me that was a legend reverse engineering hacks, watch god mode unlocked to have a grasp, used to cheat very well, just small fov aimhelp and triggerbot with esp invisible to the software, i exfiltrated the esp box data trough pci slot like i was using a gpio and the o.s. had absolutely no clue that there was anything connected, i used a bluepill to draw the esp boxes on top of a vga signal.
For alot of things having a good driver is a decent idea, case and point Baby Driver
that blue screen of death scared me i thought it actually happened
This is amazing, great work!
Very well made video ,I just loved it but sadly, right when I was expecting you to go into more technical stuff you were just getting to new part. Please do a more in depth video giving us some of the tricks that helped you in your "journey" because I I did knew about most of the stuff you said, but this is somewhat basic knowledge, and I want to learn more technical stuff.
Keep it up
As you say he only mentions each stage of development briefly, but for the length of video he is aiming for that's nessecary. Hopefully more to come :)
@@yoshimurahirihito For the video length it's incredible, he covered all the basics in a very easy understanding way. But I want to learn the actual technical part. Hope he will do that
Its a channel mostly targeted at complete beginners, he has to explain the basics first, lets just hope he goes more in-depth in a future video. Would be nice since you usually have to read for this kind of information but reading is for nerds
@@IstAuchEgal_ Lmao, ikr 😂😂 Same mentality her3
Exactly. More technical stuff please!
With Great Power Comes Great Responsibility
Great way to start the video. You've made me angry. Phenomenal start to a surf run then blue screen... it was like deja vu and made me feel that feeling all over again.
How the hell are cheaters so desperate to cheat that you all somehow find more privilege escalation zero-days and create 10x more resources about driver programming, reverse engineering, and process hijacking than actual highly funded security research teams combatting malware? That's just the people providing the info for free as well. I'm sure there's a lot more information people don't disclose since they sell paid cheats. Every time I do research about this stuff, resources with a focus on game hacking always seems to pop up and they have more resources and better explanations than the alternatives. Hate multiplayer cheaters, but gotta concede that that make useful stuff. I just hope most of y'all are learning this for fun and not to cheat in actual competitive games or make malware.
Reminds me of when I learnt that of this realistic tank based game called War Thunder that is apparently responsible for countless leaks of classified military information from different countries to win arguments on the forum or get certain vehicles buffed/nerfed. When the recent Pentagon leak happened, I remember people were joking about it being related to War Thunder. Turns out it actually was. Some gamers are truly lunatics.
It was not countless leaks, iirc it was just one about the F-16. It was non-critical information and something some random enlisted probably knew and had access to on something that wasn't SIPRNET. I have a lot of documents about the planes I flew on (Far more sensitive than the F-16) that are unclassified, but the general public doesn't really have access to them easily because they are part of our training, and what the public has is just generalized information.
I have talked with some cheat devs of very expensive paid hacks and they are very talented people. Much more talented than the average pixelbot writer. You can tell the difference in class, it's like a drug dealer vs. the drug lord. They are able to get around anticheats long before anyone else and able to keep it updated, somehow. Their value becomes less and less useful as the anticheat is compromised, and this was the case for Overwatch, which started out having a decent anticheat (it stopped most memory cheats, which were the most dangerous for that game, where most things were server side, so most things could not be touched), but Blizzard neglected it and since it was in-house, it was fairly obfuscated but only got easier and easier to defeat.
Most of the lower tier cheaters who sell stuff include malware (hwid spoofers are almost always malware for some unsuspecting kid) and they tend to be really dumb and scammers, who steal other people's cheats and resell them with some minor modifications. Many cheaters that do not develop are also very talented because they too enjoy reversing. It was annoying I had to do all this in secret despite myself never cheating because learning about these things was very informative for what was really possible, and what was out there; and what to look out for. I also forwarded cheats to Blizzard's line quite often but I doubt it made a difference.
The community is very scummy and dangerous. Cheating is addictive like a drug if you lack empathy in some regard. But for every intelligent engineer and software dev (one I knew specifically would teach me how jank some of the worst cheats were) there are like 100 kiddos and scammers or more, treating it like a business, or trying to get people to do things for them for free while they do not care to learn anything.
at some point in time many people need a lockpicker... someone has to be able to do it. There are also grey hats who go for reward money in return for finding exploits. It is a very interesting dynamic and I found cheaters to be interesting people. At the end of the day, though, the majority of them are ruining these games and often for very stupid reasons (everyone else is cheating is a common one by people coping they are bad).
@@felicitycno, there are at least three. One was on the specifications of some Chinese tank shell, don’t remember what the third one was.
in some cases, you love the game, and cheaters destroy that, so you must adapt and cheat
Happy Chrismas everyone
ty so much this helps clear alot of things up.
Of course i scanned the Qr Code and got Rick rolled
What if you directly burn your cheat or driver onto the motherboard.
I remember hearing about some 3rd party compagnies that sold motherboard in some asian countries burn a info stealer malware so it literally cant be detected by anti viruses which has kernel level permission.
So we can make the same situation happen but instead of a malware and anti viruses, we have a cheat and anti cheats
How does the installation process even happen on Windows?
Game genie basically.
Thing is, legitimate peripherals are registered and have officially assigned identifiers. Now you can forge one of those, so automatics may not pick it up, but if enough sightings of an unusual device ID get associated with reported cheating, manual review is just going to get it flagged as a malicious peripheral.
There are really only two ways around kernel monitoring. Either switch your memory injector's ID frequently enough that it doesnt get intercepted, or run the entire kernel in a virtual environment, and modify memory from outside the scope of its virtual kernel. This can go as far as airgap isolation and hardware debugging feom a second compuiter. At that point becomes impossible to detect the memory modification, and anti cheat has to fall back on reviewing performance, most likely with machine learning algorithms.
Some day someone will create a RAM that has additional USB-C port where you can connect your phone to and directly manipulate memory data without operating system even knowing about it.
1:32 thanks i got rickrolled
could you make a video about physical hacks like gaining access to the memory by using pci device?
What are the most ussable functions which have to be in driver? Memory read, memory write, and...? If i read memory and it is function address, how to call it from kernel mode using user mode application and um km communication? Is it needed at all? Or i can just call it from user mode?
bro do yk how to bypass eac
@@meth6922 what you want to if you want bypass it?
most replayed is the end of the sponsor 💀
i think “most replayed” = “most skipped to”, so that makes perfect sense
A minute long sponsor for 7 minutes of content?
Can we just connect gaming PC thru other PC, and use that other PC for scaning network trafic, to get informations that we need ?
network traffic is encrypted
Who remembers swapping dayz keys on steam and u we’re back in an instant
You got me rickrolled at 1:25
Awesome video bro. Installing Visual Studio immediately!!!
having a vid on this channel of this method makes me feel better about following these instructions from some shady site that looked straight outta the 80's..
I have a question that when i using Kernel driver cheat hooking function of modules in process, read write memory of process so i have to inject dll like i do in internal cheating user-mode ?
if you still need this, no you shouldn't since it is directly operating on the kernel
Not gonna lie, when that BSOD came up, I was genuinely scared.
I had the idea to get into game hacking about 6 months ago. I'm now a certified IT Specialist and have zero interest in games anymore. The computer world is so damn big.
What are you doing, though
@D: I'm currently learning C language and then transitioning to C+ for development.
@@reverenddick8562 do you mean c++
@Realm Slayer yes, or CPP, as I've also seen it.
@@reverenddick8562 okay because I was a little bit confused when you said C+
what else did i expect to be hiding behind that qr code😂😂
This is a LEGEND channel
Hypotetically speaking - what happens if you go one step further: forget about kernel level access through drivers, what about modifying the kernel itself. Like, the kernel is a file on your disk, right? ntoskrnl or whatever it's called.
If someone knows what they're doing, could they make a cheating kernel, basically a rootkit built directly on the kernel to inject cheats that are undetected even by drivers.
The Windows kernel is a collection of multiple files and dynamic libraries and it is not modifiable since it is closed-source so modifying the kernel itelf is not viable and as a addition there are many counter measures to programs trying to modify any kernel driver or the kernel itself like Windows Patchguard
Meanwhile in Steam Proton.... anti cheat runs entirely in user mode.
In Proton anticheat don't run at all.
@@mik11112 it runs when it runs, thats what. i've played brawlhala(EAC), and dying light(vac) and those run, however many others don't.
@@mik11112 Not true. Many anti cheat software versions work just fine.
Of course, it does, for the system running in user mode is more secure.
On Linux, running it as root or in the kernel makes little sense. Unlike on Windows, the user has full control over the operating system. Even an anti cheat operating on a kernel level can be defeated with a patched kernel, which would not be detectable.
The situation is kind of similar to hiding magisk root on android, detecting it really does not work well through traditional means.
@@notjustforhackers4252 kernel-level anti-cheats for Windows don't work in proton though, but many user-space anti-cheats for Windows do
love how vanguard isnt on the thumbnail
Also you do not "create your own versions of reading and writing memory" to get around hooked syscalls or anything else the anticheat looks for.
Legit question. Why cheat in video games? This video popped up on my reccomended so I'm just curious. The obvious reason I come up with is "because I want to see if I can get away with it", so is that it?
There's two sides of it, making them and using them. Making them is largely a "To see if I can, for the challenge" kind of thing, using them is likely more for attention and power fantasy and such. Yuh.
"I want the numbers that go along with being good at the game without putting in the effort to learn how to be good at the game."
sometimes games can get boring
return of the king
Can you make a video on how to make a spoofer for any mobo? Since people get hwid bans and we also wanna learn how to do it ourselves.
Please tell me any sources you recommend
this video was awesome and I learned a lot but I have a bunch of questions that I hope some people can answer. The first thing I was curious about is how the VM is useful considering I've seen a lot of anti cheats that block their game from being opened inside virtual machines. another thing I was curious about is some of the few last few things he said about the manual mapping with the KD map or whatever how exactly does that work I don't know much about file signing but I know that you have to pay to get files signed and that it's pretty expensive I also thought that manual mapping was something that was used for injectors what exactly is this driver mapping and how does it work and how are anti-cheats not detecting it because I plan on making a big project that needs to be able to slip past easy AC I don't need to write memory or anything I just need to be able to move the mouse without using Windows API functions because most of them are detected by EAC. also I noticed that the easy anti-cheat logo specifically shown in the thumbnail I'm asking about easy anti-cheat specifically because I want to make cheat that bypasses this as I mentioned earlier it's pretty simple but there is a Roblox cheat called celex that is a driver based cheat now although it's not reading or writing any memory from any other games for some reason if you open fortnite which uses EasyAC and then open this Roblox cheat you get banned so I was wondering does this method actually bypass easy anti cheat. PS I apologize if some of this is illegible I am using the voice typing on my phone because I'm too lazy to type all this.
Apparently, there was no hacker in Valorant, but using this method, now there is full of cheaters in Valorant, one of my friends sell cheats utilising this method, which is sad somehow we find loopholes in any anti-cheat system.
That blue screen gave me a minor "wtf" moment watching in full screen
This is top quality content, you deserve way more views.
I knew the qr code was a rickroll lmao
what game you recomend for playground?
Biggest reason I quit gaming. Hate cheaters, hate spyware. No point in playing anything but single player.
I sure hope kernal level drivers doesnt cause any harm, like the worlds largest computer outage
What could possibly go wrong ? 💀
I was waiting for this ❤
very well explained!
bro showing some legacy react code while talking about kernel :D
I'm interested to see how hacking evolved over time, back then it was just basic damage hack,
now people start making ESP mod menu and stuff. last time, I saw hacker start spawning weapon in a multiplayer game/ teleporting everyone in the map. which is insane. how do you even manage to get that far with hacking.
Wdym now? Esp was literally something you could download for free in cod 2
I offer my Uber drivers to help me in cheating, but they decline. I guess, I going to stay with this woman for longer than I expected
Fire Video Mate!
do you have a dx11 internal imgui tutorial?
It’s easy to make, you would need to hook present and then check out imgui’s implementation
to add on something, vbox lets u take snapshots without a premium sub, i find it quite useful, not sure if vmware does the same.
Thanks for the video. Could you make a video on how to manually map drivers? Thanks
It makes me mad than random game Companies have Kernel access on our Computers and still there are Cheaters ingame. Makes no sense to give up that much as a User, to get basically a delay for cheaters to come back.
.data ptr can be detected if not going through proper sources
I feel id rather play a game that has an actual anticheat
Great explanation! Could you make a video which talks about how to write a window driver for game hacking?
absolutely amazing video - thorough and well said. thanks cazz!