To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway. Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked. Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live). All I know is they use BattleEye.
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money. We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA. And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
one question about DMA do u really need a second pc to makeit work? or u can make one witha programable board? something like an arduino board for example
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
When I clicked on this video I thought I was going to get some enlightenment on how anticheat manage to bypass working because tomorrow is monday and I was open to new ideas
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
If i was looking to make a hardware script cheat, would i need a driver to cover the arduino/usb shield? Or with the right configuration it wouldn’t be detected the anti cheat runs on the kernel and its EAC
Could you just make an external cheat that detects when an enemy head is on screen and moves your mouse on to it? That way the cheat is not in the game it’s self?
Theoretically, you could use a capture card and create a wireless receiver setup so that by using machine learning on the capture card output, you can automatically snap onto heads by adding inputs on top of the player movement in order to get kills.
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
why doesnt the server just run its checks with a reference that isnt the server itself? wjy not a different server that communicates with the game aserver the wsame way the client does, onl;y this ones marked with the correct reference data?
4:36 not entirely true junk code can be not optimized if you specify in the compiler i've seen viruses that do these and had a lot of assembly crap put into them they were constantly for example calculating sin and cos
My héroes of newerth has been linked to my computer and every tine i try to play with a new account it says there is already an accounted linked and cannot play with a new one. Is there a way to bypass this?
Sir if you could answer me this question YOU WOULD HELP ME ALOT. I know 0 about programming so.. Please help me. There is a game (heroes of newerth 2024) that somehow links the first account i used in my computer TO my computer. It wont let me open other accounts. How can the do that? Is there a way to bypass that so that i can play with other accounts? When i try i get a message saying your computer is already linked to xxxx account so you cant play with another account.
Is there a way that a anti-cheat could detect you running the cheats on a different system and streaming the inputs to your other device like a wireless keyboard does?
Doesnt work for consoles because the hole memory is encrypted and also theres aslr so you cant find the process. Need to get a way around that but then it will work
Pixel, color, and AI object detection aimbots work extremely well on console. I prefer color aimbot but it depends on the game if they will work. A few examples where color works very well. Overwatch, Halo, Call of Duty, Apex Legends with digital threat scope, and more.
4:41 in practice it also works. When adding junk code people always turn optimization off, the only time I've seen someone get banned with a pasted cheat with junk code is when a feature got detected or the cheat was too retarded to set valid viewangles There are even programs that add junk code to everything with 1 click - I also think there are ways to detect DMA tho? - What about intercepting network packets for an ESP? I wonder how difficult or possible that is
i use junk code in my applications, not to prevent detection but to make it harder for hackers to crack it. Not only i haven't disabled optimization but i have set it to do maximum optimization. This combination generating a very strong obfuscation and usually gets mixed with the real code very well. A game can still create a signature and give a ban even after adding junk code because even 1 line of code can generate probably a lot of bytes that is enough to detect the cheat
@@kipchickensout manually. i wrote my own junk code too based on my strings encryption. Basically i started with just a string encyption which remaining unchanged for years as every attempt to make it more powerful failed, its just perfect. Then i used this to create a macro that takes a bool and return the same value, but compiler cannot resolve it so whatever i have under this block will not removed even if will never run. this also allowed me to insert directly invalid instructions and modify registers or stack pointer that makes things even worse if try to parse binary with IDA or orher decompiler. I use all these and more for my public cheat and noone ever successfully cracked it or "stole" any unique feature since release (around 1.5 years)
@@kipchickensout i even saw people get automatically banned because they tried to use dnspy debugger to debug my application (dnspy is decompiler for c# but my application made with c++). This makes me assume that not only they are far away from crack but they not even know what language and compiler i have used! I saw other people say in forums that i used a custom virtual machine with themida etc...
Not only hackers dislike kernel level anti-cheat, Security expert are furious about them and don't even want to touch games with it without beeing inside two burner virtual machines 😂 Imagine giving kernel level access to some random gaming company. Privacy nightmare. It is like giving your scholl principal all your keys from all doors and safes as well giving credentials from your videocameras including bedrooms and bathrooms. Sure, I will prove my kid didn't cheat math test, but at what cost😮
Hey i am going to pick a university major and i cant decide between CE / CS what did you study personaly and well not directly but in which can i learn more of this subject (ethucal hacking mostly games)
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
Windows has an OS anti-virus/malware, is such a platform level solution something that could be done for anti-cheat? It seems inefficient to have all these separate ac solutions, and a platform solution wouldn’t come with the same security compromises that installing multiple kernel drivers does
Here i was, thinking "how do anti-cheat allows you to bypass work" Me the entire video: "OK, but how do i work less on cheats by using this" Now i can't stop laughing.
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
Question, does cheat developer target the anti-cheat itself, like patching the anti-cheat so it no longer work, or make it think that everything is working as intended. Wouldn't it be easier to cheat now that there's basically no anti-cheat.
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
yo cazz, im wondering if you can showcase how to make a shooting aimbot for a basketball game, kinda like aimbot but its gonna need an arc and the target position and your character position, maybe for a game like hoopz in roblox or some other basketball game. thanks man
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
Wait, if kernel anti cheats can monitor the entrie system, to what extent is that monitoring? Could a malicious developer disguise a virus as an anticheat program in a game? I don't know much about the underlying technology, so I'm hoping someone can help clear this up
And that's why everyone more interested in this is scared about that, even programmers and people who have worked with it. You literally giving vanguard access to your full ram, they claim that game can only receive -1 if cheating occur and 1 if everything is good, but if not? We can't check. There's also huge vulnerablility issue with that your kernel anti cheat can have too advanced functions and virus that is not even kernel level can access these functions and tell anti cheat to behave in some way, defacto bypassing windows and anti viruses. They shouldn't work like that, not even every antivirus has that much privileges and that just fucking one game. Vanguard (required for league of legends and valorant) required anti cheat to be run 24/7, otherwise you need to reboot your computer to be able to play, most of people are lazy, so they won't care, so basically you've got anti cheat that can read whole ram running 24/7 and tencent (Chinese company) own this anti-cheat. That's fucking not safe
I've always wondered if it's possible to run a game in a vm and the software outside the vm, accessing the whole memory without the guest being aware of it. You could draw esp over your guest with a hdmi splitter. Its basically a DMA without a DMA card Shouldn't this work and if so why does no one do it and instead buy dma cards which are limited in their functionality because of the ram or generall speed of the dmas I don't know anymore which it was
While not trivial, there are multiple methods for a software to detect if it itself its running in a VM, the only way to bypass that is to remove that part of the code of the software, then at that point the signature isn't valid and the OS will prevent it from executing, the anticheat will prevent it from executing (and flag you)
@83112345 running any game inside a vm is no problem I can even play valorant without issues. That is not the problem, I'm just curious about editing memory from my guest trough my host or atleast being able to read it so I could for example run radar/esp on my host and so on
soo is it realistic for huge game companies to get a decent enough anticheat(no kernel ac) assuming every cheat would be a software cheat? is it then just an anticheat quality thing that keeps most hackers away and bans them quickly if they found a way to cheat? i want to find out if a non kernel ac can be effective enough against software. hardware cheats would maybe require different solutions, if they even CAN detect every possible hardware cheat, i guess
![ประสบการณ์ จ้าง Developer ที่ผมจะไม่มีวันลืม [ภาค2]](http://i.ytimg.com/vi/pZbsSDRrmXA/mqdefault.jpg)
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
2 days ago... Riightt
video would of been unlisted-private and he commented on it@@x4dam
how did you even get a sponsorship as a game hacking channel?
So if i use it will i get an anti cheat to my game??
i will love if you talked more about DMA its a kinda interesting topic
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@@anon-y8w There are developers and programmers who actively make fun of Linux... so not all of them.
@@anon-y8w I'm pretty sure this video is meant for a general audience
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@fador1337 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
This channel is very underrated, this video is edited really nicely!
Appreciate it!!
we appreciate you!@@cazz
@@cazz yo do u know how to like remove hwid lock from a exe in c++?
how do I bypass the divorce papers?
The Anti-cheat is very good, don't try to bypass it!
public static void main string args
@@JakeAnthrax420 I anti-cheated on my wife
@@mostlyrob3469 public static void main string arguments with my wife
@@mostlyrob3469 java cuck spotted
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Just force ppl to use windows 11, this breaks DMA
@@I_SEE_RED Kernel DMA protection is for preventing attacks _against_ the user, not _by_ the user.
@@I_SEE_RED source ?
Pcileech
@@I_SEE_RED and how exactly are you going to force people to use one specific operating system? lol
Compiler optimization is something you can usually turn off or restrict.
This is true, I failed to mention it in the video though. Junk code will work, with optimizations turned down.
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway.
Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
volatile gang
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked.
Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live).
All I know is they use BattleEye.
@@thedirector69 is there a framework for this?
As a Software Developer, it's nice to learn some "Ethical" hacking 😊
As a software Developer you would know the Windows Api and its functions for accessing other programs already
@@Tobias-t3k or they write in hundreds of other languages for hundreds of other environments…
@user-mj8bg3fw8w That would assume I develop for windows at a low level, it's many types of software
@@Tobias-t3k That greatly depends on if they've done any Windows application programming which many devs have not
No Not always@@Tobias-t3k
Next generation cheats: Machine learning models that automatically aim and fire using the game’s video output
Oh 100%
Yup. Versus ML anti-cheating models 🤣
Very fun to cheat in a game when literally all you have to do is looking at your screen... lmao Cheaters gonna game out themselves
there has been machine learning cheats for 4-5 years now, there were a handful of projects with yolov4
they are called pixel bots
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
Or you could take all that spare free time and get good at whatever game
@@jgvtc559 It's not about cheating necessarily, it's about solving an engineering problem. Most hacking isn't done with malicious intent either.
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money.
We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
The sad thing is that not all mouses are compatible, and you may need to buy one that is (from my experience).
incel
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA.
And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
That’s an even bigger security risk
@Butterscotch_96 True. But, that's why some ACs utilize boot-kits to load first than the operating system.
@@inqmusician2 yeah that’s still a security risk
@Butterscotch_96 Yeah, I forgot. Here's a like for you.
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
Cool 🎉🎉🎉🎉😮
i tried something similar and need some help do u have discord?
So that's why it wont let me start the game with hyperv enabled. Annoying for wsl userrs
@@testytea6138 really? thats beyond intrusive
@@testytea6138 that's odd, they let me start the game with hyper-v enabled
I wonder if a kernel driver could be used to bypass something like the respondus lockdown browser
you can disable compiler optimization so that it will keep the junk
one question about DMA
do u really need a second pc to makeit work?
or u can make one witha programable board? something like an arduino board for example
you don't need another whole pc, this shit is still DD so don't even bother
i'm really want to see a video about DMA, it looks cool !
DMA can also be detected by looking at what is pluged in the PCI slot. on the other side you can spoof the Hardware ID of the Device. its an arms race again.
I actually pretty curious about a great AC like vanguard from Valorant. Is vanguard really can't detect DMA (at least for now)?
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
Too much money to be made.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
@@thekillerbunny what competitive game can you play that isn't full of cheaters? I'll wait...
there are so many more interesting problems to solve and study.. These cheaters are the reason i can't play any competitvie game anymore
He slight question, wouldn't you be able to inject the anticheat with a dll, so that it doesn't find your program
it's possilbe , but also anticheats defend themselfs
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
in some games, e.x. bo2 you can do it this way
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
Never subscribed so fast in my life. Excellent visuals, presentation and quality! Keep it up mate!
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
You can literally just tell your compiler to not do dead code elimination. It's not a hostile entity.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
Here's a hint: Polymorphism
@@henlofren7321 how there is any application for polymorphism in this context?
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
When I clicked on this video I thought I was going to get some enlightenment on how anticheat manage to bypass working because tomorrow is monday and I was open to new ideas
The last method is really dangerous iam loving it
if you specify for your compiler to not optimize code, junk code should still work though?
Yes, junk code will work. But at what cost? A better way to get around this is to not paste. Your own code will most likely have it's own signature.
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
There are many ways to detect rogue PCI devices, such as master abort or timing attacks. You also completely left out virtualization and iommu (regarding DMA mitigation)
I am against cheats in competition games, however this topic is pretty interesting to learn about!
Thanks!
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
"Hardware cheats" are absolutely genius
how do you know if an anticheat is user mode or kernel?
Usermode anti-cheats will load DLLs (or be another process) whereas kernel anti-cheats will load a driver.
@@cazz thank you :)
If i was looking to make a hardware script cheat, would i need a driver to cover the arduino/usb shield? Or with the right configuration it wouldn’t be detected the anti cheat runs on the kernel and its EAC
grats on the 100k btw
Could you just make an external cheat that detects when an enemy head is on screen and moves your mouse on to it?
That way the cheat is not in the game it’s self?
Theoretically, you could use a capture card and create a wireless receiver setup so that by using machine learning on the capture card output, you can automatically snap onto heads by adding inputs on top of the player movement in order to get kills.
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
This one doesn’t work very well yet, so no body is using it
i dont know if you'd call it a cheat considering its worse than any human is going to be and puts you at a disadvantage
Thanks for the tutorial.
Very nice video !
And where can we get this DMA device ?
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
what is the best way to get around a HW ban?
why doesnt the server just run its checks with a reference that isnt the server itself? wjy not a different server that communicates with the game aserver the wsame way the client does, onl;y this ones marked with the correct reference data?
0:32, I got a youtube ad about this, skip, then you advertising it. They sure spent a lot of money on advertising...
Cpngrats on 100k cazz
bro, ur channel is a gem!
4:36 not entirely true junk code can be not optimized if you specify in the compiler i've seen viruses that do these and had a lot of assembly crap put into them they were constantly for example calculating sin and cos
how can you make a panel where you can generate keys for others to put in a panel?
Well this video was 100x better than I was expecting from my recommendations!
makes me wonder ..could one use a VM to emulate a second pc to communicate to a DMA device (or DMA driver) and bypass kernel AC on the same system?
yes
My héroes of newerth has been linked to my computer and every tine i try to play with a new account it says there is already an accounted linked and cannot play with a new one. Is there a way to bypass this?
Can u teach me how to make a menu just like the one on 1:13 minute
3:49 Someone forgot to remove the Airbrush on the highlighted parts ay?
Nicely put
i love how you explained just the right amount about dma without saying too much lol
Sir if you could answer me this question YOU WOULD HELP ME ALOT. I know 0 about programming so.. Please help me. There is a game (heroes of newerth 2024) that somehow links the first account i used in my computer TO my computer. It wont let me open other accounts. How can the do that? Is there a way to bypass that so that i can play with other accounts? When i try i get a message saying your computer is already linked to xxxx account so you cant play with another account.
It's extremely easy actually. All you need is some goddamn expensive ass software that nobody wants to share for free
Thanks, very useful video
So how to secure a game from hooking common winapi functions from usermode and kernel mode ??
Is there a way that a anti-cheat could detect you running the cheats on a different system and streaming the inputs to your other device like a wireless keyboard does?
with heuristics, all it has to do is track your movements ingame, but that is very dystopian and the chances of that happening is slim
Can we use DMA to hack console games? very interested 😮
Interesting
Doesnt work for consoles because the hole memory is encrypted and also theres aslr so you cant find the process. Need to get a way around that but then it will work
🤔
Pixel, color, and AI object detection aimbots work extremely well on console. I prefer color aimbot but it depends on the game if they will work. A few examples where color works very well. Overwatch, Halo, Call of Duty, Apex Legends with digital threat scope, and more.
@@thomass9457 that's interesting...
sponser ends at 1:05
4:41 in practice it also works. When adding junk code people always turn optimization off, the only time I've seen someone get banned with a pasted cheat with junk code is when a feature got detected or the cheat was too retarded to set valid viewangles
There are even programs that add junk code to everything with 1 click
- I also think there are ways to detect DMA tho?
- What about intercepting network packets for an ESP? I wonder how difficult or possible that is
i use junk code in my applications, not to prevent detection but to make it harder for hackers to crack it.
Not only i haven't disabled optimization but i have set it to do maximum optimization. This combination generating a very strong obfuscation and usually gets mixed with the real code very well.
A game can still create a signature and give a ban even after adding junk code because even 1 line of code can generate probably a lot of bytes that is enough to detect the cheat
@asdfghjkl-ug7xp encoding wise I'd expect it to be plain binary structs or something idk, but yeah encryption may be a hassle right
@@thedirector69 do you use an extension or application that is made for the sole purpose of obfuscation or do you "manually" do that?
@@kipchickensout manually. i wrote my own junk code too based on my strings encryption. Basically i started with just a string encyption which remaining unchanged for years as every attempt to make it more powerful failed, its just perfect.
Then i used this to create a macro that takes a bool and return the same value, but compiler cannot resolve it so whatever i have under this block will not removed even if will never run. this also allowed me to insert directly invalid instructions and modify registers or stack pointer that makes things even worse if try to parse binary with IDA or orher decompiler. I use all these and more for my public cheat and noone ever successfully cracked it or "stole" any unique feature since release (around 1.5 years)
@@kipchickensout i even saw people get automatically banned because they tried to use dnspy debugger to debug my application (dnspy is decompiler for c# but my application made with c++). This makes me assume that not only they are far away from crack but they not even know what language and compiler i have used!
I saw other people say in forums that i used a custom virtual machine with themida etc...
congrats on 100k :)
Not only hackers dislike kernel level anti-cheat,
Security expert are furious about them and don't even want to touch games with it without beeing inside two burner virtual machines 😂
Imagine giving kernel level access to some random gaming company.
Privacy nightmare.
It is like giving your scholl principal all your keys from all doors and safes as well giving credentials from your videocameras including bedrooms and bathrooms.
Sure, I will prove my kid didn't cheat math test, but at what cost😮
Hey I love the video and I have a question though on if this could work to bypass anti while playing on max Os? And if so how would I go about that.
Can you please make a video of basic making of ring 0 kernel driver for bypassing anti cheats
If you could elaborate more on DMA, and recommend good hardware for beginners
so if the anticheat is kernal and so is the cheat what goes down?
Very good video! Concise and easy to understand.
Is it possible by any chance that you show how to reverse engineering a save for console like ps4 or Xbox
Thank you.
Hey i am going to pick a university major and i cant decide between CE / CS what did you study personaly and well not directly but in which can i learn more of this subject (ethucal hacking mostly games)
I love how this video has two titles
Anti-cheat? You mean kernel rootkit spyware?
t. cheater
I want to learn more about kernel drivers regarding game hacking. Can anyone recommend me what to read or what to explore?
Interesting, so a DMA based anticheat is literally unfixable?
ehhhhhh somewhat. there are ways to detect it but the only real way to detect it is if the person making the cheat is completely incompetent
Understandable, ty @@Kuhav0001
Unless you are writing it yourself or 100% trust a source... ANY pre-written code with access beyond a kernel anti-cheat is a HUGE security risk and potentially a legal one if you become a node for someone else's illegal activity.
Windows has an OS anti-virus/malware, is such a platform level solution something that could be done for anti-cheat? It seems inefficient to have all these separate ac solutions, and a platform solution wouldn’t come with the same security compromises that installing multiple kernel drivers does
You can tell most compilers to do not optamilize?
Very informative!
you can get verified now (congrats on 100k). GO FOR IT!
Here i was, thinking "how do anti-cheat allows you to bypass work"
Me the entire video: "OK, but how do i work less on cheats by using this"
Now i can't stop laughing.
can you teach us how to make a hwid spoofer and bypass asus write Protication
DMA with Virtual Machines too!
The most effective anti-cheat is loving parents
No, hacks don't need to read and write memory. With DMA hacks you only read memory and send corrected inputs (mouse and/or keyboard events) through a spoofed controller that masquerades as an input device to the PC the game runs on. With external AI and pixelbot hacks you capture the video output of a game, process the data (e.g. with open AI libraries like yolov5) and send back commands through a similar spoofed controller to your PC. This bypasses reading and writing to memory completely.
Question, does cheat developer target the anti-cheat itself, like patching the anti-cheat so it no longer work, or make it think that everything is working as intended. Wouldn't it be easier to cheat now that there's basically no anti-cheat.
"that a software anticheat cannot detect" - in 2023 there were 6 dma ban waves on faceit and 3 on vanguard tho haha
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
@@thomass9457 Can you bypass top anticheats like Vanguard and EAC with DMA?
cry harder peasant@@MEMUNDOLOL
@@MEMUNDOLOL sry, too old.
@@MEMUNDOLOL lmao :D
yo cazz, im wondering if you can showcase how to make a shooting aimbot for a basketball game, kinda like aimbot but its gonna need an arc and the target position and your character position, maybe for a game like hoopz in roblox or some other basketball game. thanks man
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
"I run windows simply because I prefer the open source community run stuff as opposed to Windows"
@@soubs242 typo... Meant Linux. I wrote this comment as I rolled out of bed soooo....
No need to lie 😂👀
@@Crecross oh hey. funny seeing you here lmao
@@Crecross Ayo?
Thank you so much. You explain things so well!
You're very welcome!
Isn't IOMMU enough to protect against DMA?
Clicked on this and didnt expect to hear a saffa, lekker vid bru
Shot my bru, I appreciate it!
Since the downfall of RaptorDMA, what is another good firmware option?
i have a question: is cheat engine a good tool to start with it? and can i get banned for having it on my pc?
Wait, if kernel anti cheats can monitor the entrie system, to what extent is that monitoring? Could a malicious developer disguise a virus as an anticheat program in a game? I don't know much about the underlying technology, so I'm hoping someone can help clear this up
@@nathanaeldean6301 yes
Kernel anti cheats can in fact run above even windows
And that's why everyone more interested in this is scared about that, even programmers and people who have worked with it. You literally giving vanguard access to your full ram, they claim that game can only receive -1 if cheating occur and 1 if everything is good, but if not? We can't check. There's also huge vulnerablility issue with that your kernel anti cheat can have too advanced functions and virus that is not even kernel level can access these functions and tell anti cheat to behave in some way, defacto bypassing windows and anti viruses.
They shouldn't work like that, not even every antivirus has that much privileges and that just fucking one game. Vanguard (required for league of legends and valorant) required anti cheat to be run 24/7, otherwise you need to reboot your computer to be able to play, most of people are lazy, so they won't care, so basically you've got anti cheat that can read whole ram running 24/7 and tencent (Chinese company) own this anti-cheat. That's fucking not safe
how hard would it be to generate a faceit cheat? Is it very difficult? Just wondering.. thanks 👍🏼
i wanna see some info on reverse ingeneering
Now I actually understand. Thanks!
I've always wondered if it's possible to run a game in a vm and the software outside the vm, accessing the whole memory without the guest being aware of it.
You could draw esp over your guest with a hdmi splitter.
Its basically a DMA without a DMA card
Shouldn't this work and if so why does no one do it and instead buy dma cards which are limited in their functionality because of the ram or generall speed of the dmas I don't know anymore which it was
While not trivial, there are multiple methods for a software to detect if it itself its running in a VM, the only way to bypass that is to remove that part of the code of the software, then at that point the signature isn't valid and the OS will prevent it from executing, the anticheat will prevent it from executing (and flag you)
@83112345 running any game inside a vm is no problem I can even play valorant without issues. That is not the problem, I'm just curious about editing memory from my guest trough my host or atleast being able to read it so I could for example run radar/esp on my host and so on
soo is it realistic for huge game companies to get a decent enough anticheat(no kernel ac) assuming every cheat would be a software cheat? is it then just an anticheat quality thing that keeps most hackers away and bans them quickly if they found a way to cheat?
i want to find out if a non kernel ac can be effective enough against software. hardware cheats would maybe require different solutions, if they even CAN detect every possible hardware cheat, i guess