How Hackers Bypass Kernel Anti Cheat

You should talk about DMA's next

Erm, don't wanna

Stop with the sponsorblock bypasses!

Kernel AC is a complete waste of time (almost)PCs can never be fixed or patched(HW/FW Ppl wake the fuck up), if ur not playing on Xbox with crossplay off every SINGLE game you play will be 30-80% cheaters, it's just facts, has been this way for a long time and the whole NVIDIA #PCMASTERACE has sold everyone a lie and ruined the actual fun of gaming. Now there will be no safe-space, if you want an awesome video idea (no one is talking about.. idk why) but Microsoft/Activision are forcing people to play crossplay-on because they make more money from the higher account/microtransaction turn-over from the very occasional ban waves... The Xbox console is a work of art and purpose built around this exact problem: Locked Bootloader/Signed Code with actual real Kernel and Memory isolation.. For the first time in 12 or so years a kernel sploit was 'found' exactly the same time I started making a lot of noise about this (this exploit can never lead to cheating online, as the xbox engineers are the best in the world and everything has overlapping security) Playstation isn't too bad either, but they tend to do their patching by HW/SKU, one of the reasons they employ planned obsolescence...

Loved this

the genral consensus is that people have your data anyways + your data is not important and not worth the risk for them

@@maciejmalewicz9123 it's not the data though, it's an anticheat that runs 24/7 through which anyone malicious can get literally everything. One vulnerability and it's over

Idk about others, but I did stop playing. People really undervalue how much data they generate, and how much can be gained from it. A better solution for Riot would have been to only require the anti-cheat in platnum+ lobbies. Cuz realistically, ppl below this LP score aren't gonna be able to get far with cheating anyway. Even if they climb to plat and above, the cheat gets detected, and that's that.
By forcing all LoL players to intall kernel level chinese spyware, it's really hard to earn the trust of the playerbase.

it stopped me. I will not install Chinese Kernel Level spyware.
And tbh League is not worth it.
the fun thing is on mac you don't have to deal with that Vanguard BS.

and regarding Code Quality of Rito Code i will just say: ૮ - ﻌ • ა

He has alot of them, why wouldn’t it be?

@@shedblood1645 Huh, good point. I hadn't realized but I haven't watched/been recommended a Ryscu video in over 6 months when he did shorter videos.
Glad to know I have several more high-quality videos like this to go back to :)

birb

TBH the fact that all of TH-cam isn't quality Edutainment like this disappoints me. I really like learning things, and doing so in 20 minute intervals is quite convenient. Fortunately, TH-cam algorithm (for all its flaws, including some that make it feel a bit like a miniature Vanguard due to loss of privacy) makes it pretty easy to find more of what I'm genuinely interested in. It's hard to hate the algorithm if it works, even if I hate how it works.

This is not a "whole documentary", it is a video essay. A "whole documentary" would be about the whole 1½ hours....
It is frankly in-depth enough to be called a documentary though, but doesn't have the length... otherwise you could call any few minutes long video talking about a subject a "documentary".

This right there. Literally me

kernel-level ac is everywhere now- you're going to have a hard time playing anything.

so true lmao vanguard coming to league finally pushed me to quit

@@asdfbeau While partially true, it actually has been relatively easy for me to completely avoid it with the type of games I specifically enjoy.
Also it's a minor difference but I do dislike Vanguard a lot more for requiring boot on startup and not just game launch. That small annoyance will likely keep me away from League specifically even if I do end up installing a game with say current EasyAntiCheat.

​@@PopeMicalit has to be run at start up to load before user level stuff. You can't have a kernel level anticheat that starts when you open the game.

It's like the same hell-worthy development sin as every single phone application which magically decides to not work if you don't allow it to access microphone and GPS at all times for no reason.

Actually, it's pretty trivial to mess with kernel memory in linux. There are ways to be 100% invisible, too.

I mean League really barely has any scripters left and Valorant also has barely any cheaters
Vanguard classifies 'Linux players' as cheaters because they are actively bypassing the anti-cheat requirements to play the game, they don't allow for League or Valorant to be played on Linux because they can't attest to the sanity of the OS it's on
This video is full of misinformation but at *least* the part where he explains how Vanguard needs to be an UEFI RT Driver to sanitize the entire OS and it's APIs is correct

@@BlancheOmori You're probably one of the few people who actually knows what they're talking about int his entire comments section lol. Do you think the vanguard outrage over overdrawn?

@@SteveSunny Eh I think a tiny portion of the outrage is warranted, Riot isn't known to ship the best software out there and I completely understand the stability concerns
Privacy wise though, they have to abide by US/EU laws, while it doesn't completely prevent them from breaking them there's a risk/benefit ratio here so bad for them that's it's not even close to being worth it
Also all the 'omg but it's a security risk!!!' stuff is blatantly wrong, if anything vgk.sys is the most heavily protected driver on your machine, and you probably have anywhere between 80 to like 300 WDF/KMDF running on your system at all time so like...
On the other hand, people have been complaining so much about scripts/botted accounts, and realistically going kernel is the only long-term solution to these problems

is only made for giving them full access over your PC as you play ( you know the thing that every game ask for admin rights like is takes a driver to install is the problem where did it get the driver from than because is never installed locally
Kernel Anti Cheat ( Admin rights ) - this made fun for people who are easy to trick into thinking they playing the game and return Malware that coverup as a anti-cheat
Not like everyone got administrator rights when to play their game that needs it

thats pretty funny not gonna lie

only way is hardware lockdown. Standardised hardware like consoles. But then consoles will be a target. beacuse with freedom of PC comes freedom of executing whatever code we want. if they start detecting DMA there will be DMA boards mascarding as GPUs or other normal PCI-E devices. nothing you can do about short of total hardware lockdown (with 100% patched devices so if something is exploited then EVERYONE needs to update). But ppl will start soldering wires and running linux on it as soon as they can like ppl do with everything.
Only thing that can prevent that would be Streaming like Stadia.

@@TKDMwastaken like i said, there can never be an unbeatable anticheat that is unintrusive. People will always inevitably find a weakness or exploit, unless you can somehow stop them from even starting up a cheat or having basic freedoms on their system and its hardware

@@rekscoper honestly anti cheats aren’t meant to be uninvasive not like they could. Cybersecurity is an eternal cat and mouse game where one side always try’s to outsmart the other if that makes sense. In my opinion (while I hate kernel level anti cheats) vanguard is essentially the perfect anticheat, it has made cheating such a massive pain the ass that 99.99% wouldn’t bother. Yes there are 100% ways to get around it but I think cheats that use pci-e cards were like the last frontier where it wasn’t insanely difficult to setup. While I never messed around with vanguard so I’m not super sure what exactly it does I would assume now that they can detect hardware level cheats you probably need highly specialized hardware to get around it. While spoofing something like a pci-e card is definitely possible to hide what it’s truly doing or what it really is to do it on the hardware level is no easy task. Anyway I rambled on for too long I just wanna say that while it’s not uninvasive the cheats that could bypass it would either require you to have a deep understanding of how computers function to do it yourself or require you to pay a whole lotta money to somebody who does because I doubt it can be as easily mass spread as normal pci-e hacks.

There’s an easy solution: Confidential computing.
Using stuff like SGX from Intel CPUs to make data impossible to read from unauthorized applications.

@@TKDMwastaken "only way is hardware lockdown. "
This already exists, it's called "Mac".
Hardware cheating is also a thing where a camera or HDMI-grabber gets the visual information and moves the mouse (or controller) mechanically. While it's not as effective as software cheats and limited to specific game genres where reflexes matter, it's basically undetectable and completely independent from the gaming hardware and software. PC, Mac, console - nothing matters. Even game-streaming can't prevent that since all this cheat system needs is the visual information, which is what you also need as a legitimate player.
If a cheater has enough money to buy stuff like that, he will always get the upper hand.
No matter how much spyware the game devs force onto their clients.

And this is why the argument of "Devs neeeeeed anticheat!!!" is dumb. Server-side verification and such will catch a lot of things. They just want to save on server costs though, since it owuld be expensive to avoid wallhacks (i.e. you'd have to only send player positions the player can see, so you'd have to check for that on the server)

@@MaakaSakuranbo anticheat is still necessary for a lot of reasons, but I'm just pointing out some misrepresentation.

@@MaakaSakuranbo the more shit you put server side the harder the game to preserve (or modify for the community)

​@@thechugg4372 Okay?
Strange line of argument really, since it's not like it's "easy" exactly even with games that don't do that.
If you don't have the server software anyway (for preservation), then you need to write some. So if you don't want client anticheat that doesnt' get updated anymore and is basically useless anyway, you'd need serverside checks or your own anticheat to begin with.
If you have the software, I don't see the issue.
And removing anticheat from the client in case you want to go that route instead also has its challenges depending on how the game implements it

@@MaakaSakuranbo and aimbot?

Yeah as long as you do the spoofing right there's no way they can ban you. And there are still so many ways to spoof stuff.
Also I can't believe they can't just not send all the info that DMA exploits use in the first place, you'd remove so much cheating with that. Why send the enemy position data in the first place?
Also, I'm surprised there aren't some fun tricks where you MITM your own connection to get the packets on another computer and analyse that.

​@@meneldal They already do not send the data they don't need.
League only sends the data about champions that are close to the edge fog of war. They can't do the same with Valorant, as there is no fog of war in that game. And if they tried to calculate what does a player see for 10 players per match, the servers would explode.

​@@morosov4595Why not just use a system similar to Source's rooms? Draw a line between two players, and if they're not in view just don't send the data. It can't be that expensive in terms of performance.

what if somone used that network card legitamtley as a network card

​@@meneldalHonestly if you can MITM yourself with a second computer in order to cheat, you really should get yourself some six figure job working network security at that point. Your skills will be put to better use.

So no more bullet penetration ? No more UAV?

I see this comment about server side AC all the time and it's always the same problems.
For example, Valorant does have a system to send a 0,0,0 position of opponents not on the player's screen called Fog of War, but it can't just do a simple visibility check because if a player swings a corner, the enemy will just materialize on screen out of nowhere because of latency, therefore you need to be somewhat generous with when a player's position is sent.
Then there are cheats which are purely "read-only" like Wall Hacks. Server-side AC cannot detect these because they need to look for known cheat binaries or do heuristic analysis which require a program on the player's computer -- unless you can develop a server-side neural network which can detect the very subtle behavior changes of a player who has these advantages.

@@DiscordCriminal Hit detection is done on the server too, client doesn't need positional data for bullet penetration to work. UAV is radar if I remember correctly, so only X and Y coordinates are needed not Z, and those can just be sent when UAV is active not at all times.

@@samleevideos Those same problems exist for client-side anticheat since it is easily bypassed, and only getting easier as time goes on with AI advancements. Server side AI detection using subtle behavior like you said but that's never gonna be 100% effective either without creating a lot of false positives. A 100% effective solution is never gonna exist, the best thing to do is keep as much server side as possible and have non-intrusive anticheat client sided to stop casual cheaters. Intrusive anticheat doesn't do much to lower the cheating numbers, only perceived cheating numbers, it's a placebo at best. You could be playing against a really good player in CS2 and a lot of people will be quick to assume he's cheating, and those same people could be playing against a subtle cheater in valorant and will assume he must just be a good player. This is the main benefit developers get from intrusive anticheat, it's perceived to be more effective than it is. Meanwhile if you actually look into cheating communities the user counts between those two games is relatively similar.
Personally I think anticheat is a red herring any way, I think the real reason cheating has become so prevalent is because games have a much weaker community nowadays due to matchmaking, there's too much anonymity, you might as well be playing against bots. There's no more community servers where you play with the same couple dozen people every day and have a reputation to keep up. You can cheat and ruin someones day and it will have zero impact on you because you will never run into that person again. As OP said Minecraft is a good example, but not because cheating is hard in it; there are completely undetectable AI cheats that will gather any resources for you, but it's not a big issue because most people just play with friends or on community servers with moderation that takes care of those. Of course that isn't viable for every game and matchmaking is very convenient for FPS games like Valorant and CS, and community servers have their own issues like power hungry admins, but I feel like there should be some middle ground solution that's still convenient but brings back some sense of community to these games.

that's why I don't really bother with competitive online games

Learn from bro

your videos are high quality aswell

You two aren’t fooling anyone we know you’re the same person

you 2 are different people?

glazing someone for divulging basic ass information with 1337 super hacker videoclips in the background is crazy

-25, you will be missed

that wasnt very 冰淇淋 of you

tencent is sad rn bye

@@yourunclejoe9500 bing chilling

-600.000 social credit 🇨🇳

I'm in the same boat. I ended up installing and Android App player for Windows so I could play TFT with friends again, but I'm gonna be miffed if Vanguard is required for 2XKO as well.

dota 2 is good if u want a replacement
and ur data is safe w/ volvo

@@JordaanM Oh its almost a guarantee that it will use it, its safe to assume that any of their online games going forward will probably use it

same here, maybe i'll come back to league once i got enough money to buy a pc merely for that and other games. they'll get their own special house.

@@tommyfanzfloppydisk I've considered doing that as well, just having my 8 year old PC as a dedicated Rito box.
Good thing league runs on a toaster.

the irony is that if CS goes bankrupt i can assure you massive attack waves will start happening. It is the only EDR solution that can fight my malware and (most of the time i'd say) win. Now imagine the world using something even a little bit worse. CS dun goofd but their solution is #1 on the market :-) can't wait for these bigger paychecks if cs sunks down

Daaaaamn it has been 2 months

I personally don’t care at all about privacy on my computer as long as the reason I risk it is working but as of right now vanguard cannot efficiently detected dma cards that are sighted I think the only way to lose cheater completely is using a ai anticheat that can scan for unnatural movement and keep a data base of you play style as an alternative to hwid band.

they are not ignoring that, because we have rights that they cant ignore, and they still always fixing problems with vanguard

​@@jost_ae it literally does detect dma cards... It's even in this video

@@ДюсековИльяс it detects normals dma card I’m a bit more deep in cheating what cheaters nowadays do is sign custom firmware to there dma cards so vanguard thinks it’s a real device and there is nothing really vanguard can do about this accept making a list of the firmwares but that’s hard bc cheaters are just buying 1/1 firmwares and staying fully undetected

@@ДюсековИльяс Doesn't a DMA card have to enumerate itself into the system to even work?

The problem being, the best cheat is essentially indistinguishable from a good player. And the error margin is much wider than the cheat accuracy.
This nicely flows into philosophy. Being optimized is the direct opposite of being random. It is being predictable. It means the lack of character. And we already saw that. We saw a chess GM pre-moving the entire game and auto-mating another GM.
There are few perfectly good plays. There are few perfectly bad plays. And there are much more random plays that average somewhere in-between. A player that trained a near-perfect aim is not much different from a neural network sitting on a PC doing the same. And a trained neural network is no different to a written algorithm. Being good means to sacrifice personality and the lack of personality makes to entities indistinguishable.

​@@qlx-i If a neural network always does the best move in each scenarios (or what it thinks is the best move) then it may be possible to detect. For example, it might rush A first all the time on Ascent or buy the same guns. With enough of these events tracked by Riot they could use probability to detect people using neural networks. Of course you could add some variability into the input to make the output more variable, but this would also decrease the strength because it will no longer be doing the "best" move. Maybe a manual algorithm to move from the start and then a neural network takes over in order to mitigate these predictable events?

being able to almost always choose the best move is basically a definition of skill. And AIs are random, they are not like chess bots that have deterministic algorithm to follow, their approximation of "good"ness of a move is dependant on random factor, thus they will be making mistakes to some extent, like humans. Maybe not mistakes, but at least not taking the best move is very possible

I heard there's already server-side AI-based anti-cheat in development (no idea is it actively used anywhere) based solely on behavior detection. So, yes, it literally detects sus players. We are at this stage already or will be quite soon. Furthermore, it learns from your previous inputs, so it should be able to detect when you start using a cheat since behavior will change noticeably enough.
So, next phase are cheats that learn from your inputs and start gradually add on top of them over time, I guess. So, they won't even do anything for a while... and the cheater may legitimately learn to play the game in the process. XD

"having thousands of human moderators review replays and ban people for looking sus" valve overwatch in a nutshell lol

Yeah it just deters the "casual" cheaters. Professionals still have their ways

​@@crashniels thats why a good game would have anti cheat and moderators i think. Not everything can be automated.

Its frightening how naive you non IT people are.
You‘re literally downloading a rootkit that can spy on you without you ever having the slightest knowledge. Just wait till a RCE is found, gl.

And in the end, nothing happens to the cheater, they just move a level and the regular consumer suffers the consequences. I'd make this shit illegal.

@@GdBearman my man... Less cheaters is good last time I checked...

Timestamp? :D

@@PiFsc2 17:20

bro sounded like shaco

@@PiFsc2 17:10

lmao it's just one person who recorded it. The fact is that majority of the population hates privacy violation and probably quit. Those who stayed are helpless addicts who can't get off the game. also, the cheat developers probably adapted quickly, probably figured out vanguard's code from valorant, which makes the release on LOL even more unjustified.

Most dont know/understand, and the rest are more apathetic than brave

Vanguard has been on Valorant for years. How many systems has it fucked up there?

@@venkaramon quite a few some stopped working and others had massive preformance issues after installing it

​@@FunctionallyLiteratePerson you're right. I've met a lot of league players and they're either insane (like constantly on caffeine) or apathetic.

Brother, people have been playing games with kernel level software for over two decades. No one bitched about VAC or EAC. Most people don't complain about nGuard or any of the other plethora of kernel level anti-cheats from various Chinese companies. It's cringe AF that people suddenly care about kernel anti-cheats more than 20 years later.

Server side anticheat has been something that was implemented a lot in the past (Hell VAC has been around since 2002, it's nothing new). The only one that still stands today to my knowledge is Steam's VAC and if you ask anyone about cheaters in valve games you'll see that everyone complains about it, since serverside needs time to compile a databank on a specific player and then analyze it afterwards it has to be sure false positives don't happen (It's also why they implemented the overwatch system on the games, because it couldn't reach high levels on confidence on specific cases, so those cases that were suspicious but not enough to be bopped by VAC got delegated to trusted players with high overwatch scores)
Given this model takes weeks to months in order to get enough data to guarantee that the ban is not a false positive, cheaters go on to ruin a considerable amount of games before they actually get banned from the system.
It has very open and specific weaknesses, most people who cheat in CS2 already knows they'll get bopped in two weeks or a month or so, they really don't care about that it's that free time they get that gets them going, they don't want to win and they don't care about losing money on new accounts they just want to ruin games because it's how they get their kicks.

trust me dude this not going to make it impossible, bypasses will happen and it will be exploited its only matter of time until new cheat arrive ( i am not cheater btw but ik what i am saying)

@@0x204Can't create a bypass for an anticheat that you can't disassemble. You can infer the anticheat's behavior and create software that goes undetected, but that's not a bypass, that's flying under the radar and necessitates that cheat makers and sellers be more selective over who has access to their cheats, as the game devs can get access to the cheats, but the cheat makers can't gain access to the anticheat, so creating detection methods is a lot easier. It's also why games do bans in waves, they can't know if they're detected or not until a banwave hits. Serverside anticheat is significantly harder to exploit and you should know this if you're actually aware of what you're talking about. Throw in a game that's significantly more server authoritative, and now a lot of hacks become impossible without figuring out a way to purposefully send specifically crafted packets, and that can be caught by heuristics looking for packets indicative of incorrect program behavior by the game client.
The TL;DR is that while it's not impossible, it becomes much, MUCH harder to develop cheats when there is no clientside anticheat to reverse engineer. And the few cheats that get through? Those can be caught if the game is configured with in depth player input telemetry and analytics in mind, especially for server authoritative games.

@@OCovilDoMarcos Actually, VAC can detect cheats rather quickly, they just don't autoban zealously because that can provide info to cheat developers on what methods are already known by the anticheat, allowing them to rapidly iterate on their cheat software. banwaves exist for that reason, primarily.

@@G0LD3NR0D yeah, but that what they're doing with Vanguard and Raven too. In fact, that's just industry standard.

that would be a trigger for false positive.
With virtualization and increasingly powerful system, i have an idea...
game creates virtual machine for the session (like a virtual PC where the only app is the game and the supporting components), what happen in the game stay in the game, no cheating
this will have another side effect of the game being playable on Linux (theoretically).

@@meyers0781 Yes, but much like kernel-level anticheats, there will always be a vulnerability waiting to be exploited, even when in a VM.
It also reduces game performance, which isn't a big deal until you consider that many esports games are mostly run on lower-end hardware, which contributes to its mass-market appeal and popularity, and making the game run worse or even barring older PCs from playing because of virtualisation requirements may decrease the overall market share of the game. Just look at the number of Windows 11 users compared to Windows 10 due to TPM 2.0 requirements.

​@@meyers0781if the player can do it legit, they can do it with cheats

How do they stop the Virtual Machines program memory from being manipulated? Hackers are very crafty and could easily manipulate the VM imo

The Next Level then gonna be additional mandatory Livecams in your Room that livestream (The Gamer, Screen, Keyboard, Mouse, back+front+sides and the inside of your PC and the rest of your room) while you play online. And during competitive sessions, there must always be two notarized observers to the left and right of the player. Anyone who has nothing to hide will certainly allow this, right? And anyone who doesn't allow it is automatically suspicious and probably a cheater.

And yet, i feel like he sided WAAY too much with Vanguard at the end. As if it banned 100 % of the cheaters?!?! Big lol...
Surely, it will get rid of a good percentage with every banwave. VAC does the same. And then the cheaters creep back. Like they always do. There's nothing you can do about that.
But at some point you'll have a retina scanner up against one of your eyes during the game, and an anal bead in your ass in order to measure its contractions during the game. How does that improve the community that consists of at least 10-20 % toxic players that ruin probably 90 % of solo q games?
League has MUCH more issues than those few bots, that i personally have never noticed.
But sure, Riot China was able to counteract cheaters way more effective, which is why they don't need Vanguard!
Let's say it like that: i don't trust their nonintrusive anticheat measures until i've seen the asshole of every chinese player during gameplay.

Yes, that is true, and there is no reason to add any kernel level anti cheat, just monitor what players do in game, and use some ml algorithm to predict.
But in modern days your main source of profit is usually data gathering.

@@Mano-us7ct if a game has demos, then almost everything but ESP can be detected very quickly with ml - if they're making insane, frame perfect flicks every shot, then that's silentaim. if their aim is completely locked onto someone's center of mass, then that's aimbot.

@@cewla3348 dropped packets: "lol get banned scrub"

@@cewla3348 What makes you think ML can’t be used to mimic human inputs to an undetectable, or at least plausible, degree?

@@Mano-us7ct ...you could gather all inputs, screen content, browser data, personal files, audio (in/out) with just the game or a user level anticheat service. you do not need Ring 0 for a lot of data grabbing on Windows.

remember he has to be nice to riot otherwise he'll lose his ad money and sponsorships.

As he said, he doesn't want to inspire anyone to cheat.

@@Bleiser3 He doesn't want to lose sponsorships, not that he cares about cheaters.

@@battokizu dma isn't detected either. all you need to do is just make your own driver, which skids have already learned how to do. Only issue with dma is the entry cost of buying an actual hardware device.

​@@octav7438 DMA cheats don't use "drivers"...? guessing you're talking about firmware. valorant & faceit have already detected plenty of DMA firmware providers, only chance of staying undetected now is using a proper emulated firmware which is not easy to make, especially for "skids"

they’re one of the only games that hwid bans on first offense what more do you legits want?

@@deagle2yadome696 their hwid bans are shit any spoofer avoids them

@@deagle2yadome696 HWID bans are garbage; It's extremely easy to spoof.

@@deagle2yadome696 easily bypassable

Letting cheaters play for a while after they've been detected is good. It's why you do banwaves instead of banning immediately, so whenever developers try to figure out why they were caught, they get as few clues as possible.

Nothing wrong with being informed about the subject

"Sureeeeee" Clueless

@@kosmonauta577 not "sureeeeee!", "suuuuuure..."

yeah trust me Xi Jinping won't know it xdd

They don't trust their players you know why would they ban players than just block them accessing the game join buttons
because think if they pay lot of money for a hack in their background being used remotely

This is why I don't blame any or much F2P games.

If valve copies this shit I officially quit cs2... The future of this stuff is probably AI. Anyone else remember that one server side ai anticheat demo that was like it's ai can detect any aimbot? What happened with that

You already do. It’s called your computer.

@@w1z4rd9 Debloated windows

So 90% of any new game along with your pc and phonei hope you follow what you say and throw your phone pc delete all your accounts and live in a mountain

Thank you Master

windows 11 right?

Vanguard is likely causing your pc to crash. It's running at kernel-level priority, meaning this program *must* run and if it doesn't, windows shuts down immediately to prevent issues and starts over, aka a bluescreen.
By installing vanguard you're effectively relying on it to not crash because if it does, so does your pc.
If any of this sounds absurd it's because it really is. Kernel-level priority is meant exclusively for running critical tasks such as, you know, windows. Running anything else on this level is risky and should only be done if absolutely necessary. Running anti-cheat software for a video game at this level is both unstable and insecure.

@@johanestebanramirezbarrios1411 The same issue happens to a lot of Win 10 and win 11 PCs with Helldivers 2 and their anticheat, NProtect. The issue isn't the OS, it's legit a fault in the anticheat that detects windows drivers as cheat software. NProtect killed some VERY important sys32 programs for some people, or bricked their SSDs because it stopped the read/write software on the SSD itself. Shit is terrible, and Vanguard, while not as bad, likely STILL screws this up sometimes.

@@ViciousVinnyD Remember that we are only here, because the cheaters did this with software made by hackers just to win at some game.

Yeah it did that to my friend's pc looked at the crash logs it was vanguard, it was also stopping him from installing pirated games lol so he gave up on valorant and deleted it and no blue screens since.

At worst, a cheater could literally just write their own game client without the anti-cheat. Or patch the game client to not check for the precense of anti-cheat and thus be able to disable it altogether.

It's not about being 100% impossible to break, it's about being hard enough that most people won't.
It's how denuvo won, denuvo might not be 100% secure which was proven that empress was still cracking some denuvo games even after everyone dropped, but it was so unbearable that only she was doing it and after she disappeared we can safely conclude that denuvo won the war against piracy. (obviously most publishers will drop denuvo after a year or two, all that matters is that the initial sales don't get disturbed)

Not only that, you can literally have dual firmware on one of those DMA devices and "act" as a real PCIe device during bootup for all Vanguard knows it's just a network card :D

They can still detect other factors such as this "custom driver", the way you map your driver, injected keyboard/mouse input, even the way the cheating software itself works e.g. attempting to override rotation. For DMA, you will need to emulate legitimate PCIe devices 1:1 as well as have valid drivers for them, otherwise the device will be blocked and no long able to send TLP packets for reading/writing. It's a constant cat & mouse game, and if you get banned, RIP your HWID. Time to fork out more money for a new motherboard, or TPM chip, finding a spoofer that actually works. But then maybe that spoofer eventually gets detected too.

@@jhax there is no unspoofable HWID, and "emulating" is relative, what I meant by emulating is you can literally just run the NIC firmware and they can't discern it from a normal NIC

@@dahahaka 99% of temp spoofers on the market are not working rn for Valorant. Only a couple of perma spoof methods that work reliably. Most people have to buy a new mobo or TPM chip, this is being realistic not pretending like everyone is some 999 IQ user who can bypass VGKs AC on their own. I currently have a ZDMA with firmware emulating as an Intel network card and with valid drivers, doing so is only enough for EAC/BE. It is still blocked on VGK. It requires more work than just copying the config space of another device.

The security risk of allowing kernel access isn't worth it for a game. There are very few ways to fix a malware attack from the kernel level short of formatting your drive and restoring it from a backup. You can write a program to be injected and be stored on a separate partition that boots first in the bios and essentially sits between the hardware and OS while hiding its partition from the system after the next reboot. That can log any input or output that goes to the OS that it wants, and send it to whoever you want. Without kernel level access, managing drive partitions without permission is hard. The only way you'd ever notice that is if you opened bios and checked your boot order. No antivirus is going to detect that your whole OS is running in a virtual environment with hardware inputs just being duplicated from the bare metal.

Any software which doesn’t need to run in kernel space absolutely shouldn’t run in kernel space. It’s an agregious disregard of the users cyber security. Anticheat can absolutely run in user space.

It was only detected due to most of DMA cheaters using the same (really) unpopular driver. Those who didn't are still free

Which is what makes me terrified. This arms race could leave most multiplayer games as an unplayable mess, because there is always a workaround, that can eventually be detected by punishing everyone with heavier security.

If Secure Boot and TPM worked as advertised, then perhaps they could be leveraged for a standardized anti-cheat implementation.
Unfortunately, these UEFI-level security systems-the latter being a Windows 11 requirement-are flawed, exploitable, and can be bypassed.

It's insane how many people are just fine with willingly downloading and installing literal rootkits on their PC because "it's from a big company, they surely won't let anything bad happen, right?" If they knew what can and will eventually happen when an exploit is found, they would remove it from their PC instantly. The second it happens you already know people are gonna be crying and shitting their pants as if they weren't told a million times that this IS going to happen eventually, it's not an if, it's a when.
What's even worse is that Vanguard is now required to play LoL, one of the most played games in the world. It is going to be the biggest shit show ever when Riot fucks something up with Vanguard and someone finds a way to exploit it.

I especially hate the people who say “it’s no big deal, I don’t care snout my privacy/they have my information/I’m probably infected my something anyways”
It’s like saying that your leg is already broken, so there’s no point in not jumping out the window to get to the ground floor.
People need to realize that they should learn how devices and the internet work, and not just how to use them. I’m not paranoid just because I don’t want a company to be able to watch everything I do on my computer, and possibly open it for anybody to watch me.

​@@randomnessnecesity9627
it's not big deal, I don't care snout my privacy.

Imagine how bad your logic is that you cheer for malware and hate rootkit.

oh wait he made a video about basically exactly that.

You're implying that there is a single company NOT doing that. 😂

@@Coconut-219 companies are using kernel lv anticheat for data collection?

@@ovencake523 nah, that you can't tell if someone is collecting data either way unless you constantly check for it - as you don't exactly need kernel level or admin rights for that to begin with.
friendly reminder to the first rule of cyber security: trust no one - and yes, that pretty much means never having anything important on a PC/VM where you use programs that aren't absolutely necessary for the required tasks with those infos.
it's why gaming on a seperate PC is pretty much recommended - and no, just having a user without admin rights isn't a guarantee of nothing happening, as a privilege escalation is always possible.
Essentially: If you set up your gaming environment correctly and fully seperate it from important info it doesn't matter either way.

What about linux kernel modules?

@@brinza888 The simple answer for that is to require a distribution that has approved secure boot implementation, where it is a pain in the ass to get working signed KO modules that most do not bother to boot with secure boot, as historically it is microsoft who controls those keys.
Linux offers a way for anti-cheat to exist, and honestly, has better ways of implementing anti-cheat without kernel level access but would require further development. This means more money towards the platform, which is unlikely to ever happen...

lol

Just stop playing these games. Riot Games fucking sucks. Fuck this company. See VideogameDunkey about his ban few years ago for example.

You got to kernel access them so you can play in their PC, simple as that.

He's lucky he only got flagged and banned, and that flag didn't _BRICK_ his machine! ☠️

@@CookyMonzta That would be an instant lawsuit lol. No bans will ever brick pcs.

ITs because of faulty RAM you had, atleast for me, I had upgraded my RAM from 8 to 16 and at first only the valorant seems to get crashed all the time [Getting blue screen even before main menu comes up]. After wondering through internet I went to the workshop and swap the faulty ram and ever since its working like a charm (It was frustrating when I had to restart every 10 min or so and also got a 1 week of ban for being AFK)

@@sfnsansub in my case all I did is downclock my ram to the recommanded value supported by cpu , all other apps didn't complain and system was stable but not valorant

@@sfnsansub it can also be because of cpu, gpu, drivers, etc.. Just because you had that problem doesn't mean everyone does

Its mostly cheaters saying this shit everywhere, trying to use fear to also get noncheaters against the level of anticheat needed to be effective these days.
Gg cheater. Throwaway name using asshole

basicly they willing to report the program that infecting their PC to play with people not bots

League of legends refuses to ban scripters as soon as they are detected, so it always has a delay ban for detection (unless its a wave) so you will always have scripters in this game as we can buy 1000 cracked accounts for 1 dollar total and script 10-20 games even on a detected platform

@@atlas_carry No game developer bans scripters as soon as they are detected. We love to call game devs dumb, but they aren't THAT dumb.

@@atlas_carry just think if they used the same name as your lol account they may ban the wrong users

@@Stormlywing ?

It is safe. But sadly its also completely safe to cheaters which completely nulifies whole idea of using it.

@@ericgranderil7045 It has only bricked a couple pcs, I'm sure its worth the risk to play league lmao.

@@ericgranderil7045 safe until some cheater uses all of his braincells and finds a way to bypass it and has access to all of our information and whatever

@@ericgranderil7045 Maybe this will finally be wake up call for those people, who keep preaching that kernel anti-cheats are good, because I'm really tired of naivity of these people.
Kernel anti-cheats do more harm to user than to cheater.

It's safe.. till it's not.

Same boat here, installed League two weeks after Vanguard was announced and haven't been back since. I've also seen the accusations of being a cheater, but I wouldn't have been stuck in the Iron 1-Bronze 3 range for 3 seasons if I was. Like ok sure I can be a cheater if you say so- but I'm also a Nigerian Prince who will transfer you a bunch of money, like billions, and all I need you to do is pay me the $1000 transaction fee first of all

47?…..
*Agent 47-*

Here's a great tip many of the people who are so willing and eager to accuse you of being a cheater are also extremely bigoted, I learned this when having a similar discussion and these types of people popped up, ended up looking through their Post history and wow many of them do indeed say a lot of slurs. So for the people like that the best way to combat that is saying "yeah the opinion of somebody who is a rampant homophobe/transphobe/antisemite is absolutely valid in determining whether I'm a good person or not" whichever name you use is dependent on the kind of slurs they use.