HOW ANTI-CHEAT BYPASSES WORK
Vložit
- čas přidán 3. 06. 2024
- To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
💎 Source code is available for my Patrons!
/ cazzwastaken
💎 Join our community over on Discord!
/ discord
→ Twitter: / cazzwastaken
→ GitHub: github.com/cazzwastaken
→ Instagram: / cazzwastaken
→ Email: cazzwastaken@gmail.com
→ Donate: www.paypal.com/donate/?hosted...
📝Resources 📝
→ Why You Need a Driver: • Why You NEED a DRIVER ...
→ Learn AC Bypassing: www.unknowncheats.me/forum/an...
→ Open Source Kernel AC: github.com/mq1n/NoMercy/tree/...
→ DMA Explained: • How Software and Hardw...
→ Handle Hijack: github.com/Apxaey/Handle-Hija...
⚡See More ⚡
→ Learn Game Hacking: • How to LEARN HACKING
→ Reverse Engineering: • Learn Reverse Engineer...
→ Chams: • REAL CSGO CHAMS - DRAW...
→ CreateMove: • Hook CreateMove From S...
→ Internal Menu: • IMGUI INTERNAL DIRECTX...
→ Aimbot: • MAKE AIMBOT IN 10 MINUTES
🌌 Disclaimer 🌌
This video was sponsored by Brilliant.
Shout out to Chris for the thumbnail ⭐
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/cazz/. The first 200 of you will get 20% off Brilliant’s annual premium subscription.
2 days ago... Riightt
video would of been unlisted-private and he commented on it@@x4dam
how did you even get a sponsorship as a game hacking channel?
So if i use it will i get an anti cheat to my game??
i will love if you talked more about DMA its a kinda interesting topic
I think it could've been worth mentioning the security and privacy concerns of giving ring 0 security clearance to both cheats and anti-cheats and why some people are against it
@@purplesky135 There are developers and programmers who actively make fun of Linux... so not all of them.
@@purplesky135 I'm pretty sure this video is meant for a general audience
@reapiu8316 Sadly, I doubt they ever will. Reverse compatibility concerns have caused a lot of frankly stupid design decisions in Windows in the past and becoming a true micro-kernel would most definitely damage reverse compatibility a lot. Especially since kernel anti-cheats are so popular and gamers seem to have their eyes wooled over by game studios.
If you're on windows (like most people are) then you've already forfeited all of your privacy. And I don't see how Microsoft is more trustworthy than Valve for example. It's not really a good argument.
@@manixxzz1483 If you're willing to go that far, might as well say that anyone not running their OS on their RAM forfeited their privacy, if that, given Intel's ME and AMD's PSP both running in the background and doing all sorts of shit like recording all of your key inputs and bypassing encryption
how do I bypass the divorce papers?
The Anti-cheat is very good, don't try to bypass it!
public static void main string args
@@JakeAnthrax420 I anti-cheated on my wife
@@mostlyrob3469 public static void main string arguments with my wife
@@mostlyrob3469 java cuck spotted
This channel is very underrated, this video is edited really nicely!
Appreciate it!!
we appreciate you!@@cazz
@@cazz yo do u know how to like remove hwid lock from a exe in c++?
I really don't like cheating in multiplayer game but the video was very well done and informative it was a pleasant watch :) +1 sub
hey, I don't cheat but I feel like that more advanced "cheaters" simply do this for fun and to pass time
@@yorunokensame. I don’t like cheaters, but cheating for the sake of learning and experimenting with code and stuff is infinitely more respectable than cheating in pubs because you don’t have the conviction to get good.
Learning how this stuff works is just fun.
@@MarioLuigi0404 yes exactly!
I have only cheated once and that was in TF2 (this was like 2 years ago) I played heavy with the name 'level two sentry' I made rules for myself and the people knew I was cheating bcs it was a private game I was only allowed to move where an engie was I was only allowed to shoot if they where in a certain area around me it was funny but I will never cheat again because it's just not fun to not improve
@@notagoose9786 that’s just goofy as hell lmao
But yeah if it’s a private lobby and everyone is cool with it, I don’t see any real moral reason to be against it
Next generation cheats: Machine learning models that automatically aim and fire using the game’s video output
Oh 100%
Yup. Versus ML anti-cheating models 🤣
Very fun to cheat in a game when literally all you have to do is looking at your screen... lmao Cheaters gonna game out themselves
there has been machine learning cheats for 4-5 years now, there were a handful of projects with yolov4
they are called pixel bots
Wow. This arms race is really interesting and impressive. I had never heard of using DMA to cheat at games before. I suppose the next step and the comparably powerful sledgehammer anti-cheat techniques would be statistical detection methods running on the server, e.g. looking for mouse movement data indicative of an aimbot, and stronger isolation of game state data to the server, e.g. in the strongest case the client could send raw inputs and only receive raw video and audio data so that there isn't even game state data for hacks to look at unless they start using AI methods. But DMA-based cheats for fast-paced real-time games that are sufficiently subtle, like ESP hacks on a second computer, seem almost impossible to stop (detecting the DMA device? code and data obfuscation?) unless you implement your own "hardware anti-cheat", e.g. restricting the player's hardware, as with a console, or surveillance of the player, as at a tournament. In our coming cyberpunk dystopian future, where Valve is monitoring every gamer with in-home cameras 24/7, we'll then have to start using cyborg brain implants and gene-editing to cheat and then it'll become a philosophical issue about what even is "cheating".
Just force ppl to use windows 11, this breaks DMA
@@I_SEE_RED Kernel DMA protection is for preventing attacks _against_ the user, not _by_ the user.
@@I_SEE_RED source ?
Pcileech
@@I_SEE_RED and how exactly are you going to force people to use one specific operating system? lol
As a Software Developer, it's nice to learn some "Ethical" hacking 😊
As a software Developer you would know the Windows Api and its functions for accessing other programs already
@@user-mj8bg3fw8w or they write in hundreds of other languages for hundreds of other environments…
@user-mj8bg3fw8w That would assume I develop for windows at a low level, it's many types of software
@@user-mj8bg3fw8w That greatly depends on if they've done any Windows application programming which many devs have not
No Not always@@user-mj8bg3fw8w
Compiler optimization is something you can usually turn off or restrict.
This is true, I failed to mention it in the video though. Junk code will work, with optimizations turned down.
you can keep junk code even when compiler optimization is enabled. When compiler cannot predict if a block of code will ever run or not it will keep it anyway.
Also in c++ is possible to run code at compile time with constexpr keyword that allows you create encrypted strings and more and decrypt them at run-time
volatile gang
@@cazz depends, I forget the details but for ARMA2 they have their own scripting engine for UI and game operations. I don’t believe you can really tune it much. When one of my incredibly dumb friends shared a fun multihack I put together iwith his other friends … then they all joined servers to troll admins with god-like abilities my scripts were completely blocked.
Not 100% sure how their detection works but I never got any of those exploits safely again. (Safely as in, I won’t be randomly flagged, I had a setup to safely test for potential flags if I went live).
All I know is they use BattleEye.
@@thedirector69 is there a framework for this?
Never subscribed so fast in my life. Excellent visuals, presentation and quality! Keep it up mate!
You can use an old version of a compiler or use the -g/-O0/-Wno-unused-function/__attribute__((used)) flag on the compiler to not eliminate unused functions to change the signature.
Also for hardware cheats you can usually run it all on a pi within the computer plugged into pcie, then you can emulate anything from anywhere like a kvm if it's network attached (Just need to spoof as another device to get around hardware id detection)
Or you could take all that spare free time and get good at whatever game
@@jgvtc559 It's not about cheating necessarily, it's about solving an engineering problem. Most hacking isn't done with malicious intent either.
@@jgvtc559 you can do that, but it still won't let you see thru walls or instant aim...so cheats still provide an incentive as being good + cheats means you can fake not cheating and guarantee an impressive tournament run leading to money.
We didn't have these problems when tournaments were small time. If a cheater came along we just typed /admin and an invisible admin came along and banned them. Even on pubs.
The sad thing is that not all mouses are compatible, and you may need to buy one that is (from my experience).
incel
btw if you dont have pci, direct memory access is supported through the LPC and ESPI standards and which can be accessedf with TPM and DEBUG headers found on the majority of motherboards
Typically the motherboard LPC/TPM header doesn’t expose the DMA signals so you would need find it somewhere else and solder a wire on the motherboard. And ESPI doesn’t even support DMA.
And even if you could, LPC only really gives you access to ISA DMA which has access to the first 16MB of RAM
It's a huge shame there's such intense motivation to keep the best cheats and anti-cheats closed source. These techniques would be really interesting to study.
Too much money to be made.
you can reverse them and make a clone, also easyanticheat (eos, kinda worse than the one for example apex uses) is free. these techniques are already studied by cheaters, its a race that cheaters will always win.
@@lilililiililili6363 It's more that it would spoil and ruin the games we love to play with others. More happy players = more money, so technically you're right but think about playing any game online - it would suck if you could never really play unless you cheated too. And that ends up taking away from the game.
@@thekillerbunny what competitive game can you play that isn't full of cheaters? I'll wait...
there are so many more interesting problems to solve and study.. These cheaters are the reason i can't play any competitvie game anymore
Very good video! Concise and easy to understand.
Wow I’m learning about operating systems right now, and didn’t really think of cheating as an application of it. It’s so cool seeing how brilliantly hackers can bypass the designs around OSes and video game anti cheats!
Very informative, as always
i'm really want to see a video about DMA, it looks cool !
I think vaguard has fixed this, but previously, I experimented with running a passthrough VM on linux with windows + hyperv enabled (which made valorant start), where i then could attach a pci device from the vm manager which I then could use for DMA on linux. This effectively makes a hardware cheat without any extra hardware :)
Cool 🎉🎉🎉🎉😮
i tried something similar and need some help do u have discord?
So that's why it wont let me start the game with hyperv enabled. Annoying for wsl userrs
@@testytea6138 really? thats beyond intrusive
@@testytea6138 that's odd, they let me start the game with hyper-v enabled
Thank you so much. You explain things so well!
You're very welcome!
bro, ur channel is a gem!
Thanks for the tutorial.
Nicely put
Well this video was 100x better than I was expecting from my recommendations!
Very informative!
Now I actually understand. Thanks!
you can disable compiler optimization so that it will keep the junk
I am against cheats in competition games, however this topic is pretty interesting to learn about!
Thanks!
My cheat runs in System Management Mode (also called Ring -2) with a simple protocol for peeking/poking memory,
using a slightly modified BIOS, so to say a BIOS rootkit with a C2.
I only patched the original SMM routine to check a memory region for commands and added said region to the ACPI description,
to ensure safe access. That way I can have full read/write access on the complete physical memory address range.
(This is a joke, but it should work. However your PC could catch fire, if stuff misbehaves in SMM)
Another interesting way to get cheats running is by running Windows as a virtual machine using something like Linux. The Linux instance can then modify memory without the Windows VM knowing.
grats on the 100k btw
the way you simplify everything is very impressive. I was into making cheats years ago and your series has totally refreshed my memory after not doing it for years. keep it up!
I wonder if a kernel driver could be used to bypass something like the respondus lockdown browser
i love how you explained just the right amount about dma without saying too much lol
Great video 👍
great video as always! really like your content :D
Cpngrats on 100k cazz
Very nice video !
And where can we get this DMA device ?
If you could elaborate more on DMA, and recommend good hardware for beginners
The last method is really dangerous iam loving it
I believe there are ways to work around compiler optimizations, even if you can change the signature a little bit you will be able to trick the anti-cheat. At least for a portion of time, then you will be banned eventually.
You can literally just tell your compiler to not do dead code elimination. It's not a hostile entity.
@@wfjhDUI I couldn't do it with gcc back in the time, but there was another compiler (I forgot which one) which made it possible. It's been at least 5-6 years so I don't know the current possibilities with compiler optimization.
Here's a hint: Polymorphism
@@henlofren7321 how there is any application for polymorphism in this context?
@@berkormanli It should always have been possible -- it's a feature that needs to be turned on after all -- although I'm sure it's trickier than I'm imagining since it's very readily turned on by default even at low optimization levels and it looks like gcc has a lot of different varieties of dead code elimination to toggle on/off. It's been a while since I've wanted to turn a specific optimization _off_ but I seem to recall that it was a bit frustrating. The linker also removes dead code so that could have been the issue too.
congrats on 100k :)
DMA with Virtual Machines too!
Hey I love the video and I have a question though on if this could work to bypass anti while playing on max Os? And if so how would I go about that.
7:33 most DMA attack hardware actually uses PCIe :D
one question about DMA
do u really need a second pc to makeit work?
or u can make one witha programable board? something like an arduino board for example
you don't need another whole pc, this shit is still DD so don't even bother
what font do you use?
Very interesting!
Does this mean that an anti-cheat can't detected altered memory from the software/hardware if the initial methods got by passed? In theory the AC doesn't check for memory changed values or any kind of sutff, only trys to prevent what gives you acess to change them?
If i was looking to make a hardware script cheat, would i need a driver to cover the arduino/usb shield? Or with the right configuration it wouldn’t be detected the anti cheat runs on the kernel and its EAC
0:32, I got a youtube ad about this, skip, then you advertising it. They sure spent a lot of money on advertising...
Another video about DMA would be really interesting.
Very interesting! I always thought of anti-cheat to be sort of like an arms race, there's really no way for an AC to work 100% of the time as long users have physical access to their machine. Maybe we'll see things like cloud gaming take over highly competitive games for this reason, assuming cloud game becomes viable to play with low latency, etc.
I don't think cloud gaming would solve the issue, as you're still sending the inputs from your own computer to the server the game is running on. This does prevent you from getting the data you're not supposed to get from the server (eg. can't see players trough walls) but you can still tamper with your inputs (eg. aimbot)
Really the only way to have 100% anti-cheat protection is to run in-person events on hardware provided by the event organizers. Ever wonder why the fgc has very few cheaters? That's why.
Not viable as long as speed of light and distances exist..
"that a software anticheat cannot detect" - in 2023 there were 6 dma ban waves on faceit and 3 on vanguard tho haha
That is due to terrible firmware. Most people even selling firmware have no idea what they are doing. I never got detected and my firmware totally bypass the IOMMU.
@@thomass9457 Can you bypass top anticheats like Vanguard and EAC with DMA?
@@thomass9457 i hope u'll get drafted
cry harder peasant@@MEMUNDOLOL
@@MEMUNDOLOL sry, too old.
So as Vanguard it has kernel anticheat. Powerfull as said in video.
how can you make a panel where you can generate keys for others to put in a panel?
A simpler version of hardware cheat is virtual machine cheats. The game runs in a virtual machine guest and the host OS would be able to read/write to any memory of the guest OS, without the guest ever knowing. This does not require two computers and special hardwares like hardware hack does, but some game does detect if it's running within a virtual machine so the challenge becomes how to hide that.
Future..
3:49 Someone forgot to remove the Airbrush on the highlighted parts ay?
you can get verified now (congrats on 100k). GO FOR IT!
There is currently a cheat going around where people have camera set up to their screen and has an AI recognized and shoot people for them by controlling there mouse
This one doesn’t work very well yet, so no body is using it
i dont know if you'd call it a cheat considering its worse than any human is going to be and puts you at a disadvantage
I honestly have never head of actual hardware based cheats when it comes to a PC and I'm extremely curious to know more about that subject if you or anyone else could point me in the right direction.
i wanna see some info on reverse ingeneering
Can you please make a video of basic making of ring 0 kernel driver for bypassing anti cheats
I actually pretty curious about a great AC like vanguard from Valorant. Is vanguard really can't detect DMA (at least for now)?
Is there a way that a anti-cheat could detect you running the cheats on a different system and streaming the inputs to your other device like a wireless keyboard does?
"Hardware cheats" are absolutely genius
if you specify for your compiler to not optimize code, junk code should still work though?
Yes, junk code will work. But at what cost? A better way to get around this is to not paste. Your own code will most likely have it's own signature.
@@cazz Oh yes I agree, writing your own code is best. But if you're sharing or god forbid sharing it with other people and your signature ends up in a database, then putting junk code into your own code would work just to keep it running on your own machine. It was just a comment on your remark that compilers optimise the code so it doesn't matter. But my point was to disable optimisations, so it would keep working to change the signature.
Can you make a video about hwid changing
This is great information, really happy youtube recommended this video.
Here i was, thinking "how do anti-cheat allows you to bypass work"
Me the entire video: "OK, but how do i work less on cheats by using this"
Now i can't stop laughing.
So how to secure a game from hooking common winapi functions from usermode and kernel mode ??
Nice of youtube giving this for a recommendation, its nice to know how some hacks work, like those GTA mod hacks
Boot-kits are also a great idea. Boot-kits load before the operating system itself, so you can bypass the anti-cheat, because the cheat is loaded before the anti-cheat itself.
You can tell most compilers to do not optamilize?
such a good video : )
I like these video bot because I want to make game hacks but because I actually learn a lot about how things work
maybe someday you could explain some more general stuff
DBVM is great you can just cloak the page of memory that you want to make your modifications in and executing while the game still reads the original code 😅
Since the downfall of RaptorDMA, what is another good firmware option?
If you want to stop cheaters, run checks on the data that the server receives instead of messing around with the kernel that the client is running on. When a kernel anticheat is bypassed, it's fully bypassed, meaning anything goes. If you've got a server-side anticheat that checks packets, you may not be able to fully disable or bypass it as easily as you can with a kernel anticheat. An anticheat on the kernel gives the cheater a lot of control, making the discovery of bypasses quicker, and you don't even have to get any accounts banned. If you have a server anticheat, you may need access to many accounts. This is a very quick way to stop blatant cheaters in a bought game.
You see, I'm interested in this not because I want to cheat, but because I want to get bs anticheat systems off my back for something as simple as running Linux instead of Windows. I run Linux, simply because I prefer the open source community run stuff as opposed to Windows, but most anticheat solutions target compatability layers on purpose just to be dicks.
"I run windows simply because I prefer the open source community run stuff as opposed to Windows"
@@soubs242 typo... Meant Linux. I wrote this comment as I rolled out of bed soooo....
No need to lie 😂👀
@@Crecross oh hey. funny seeing you here lmao
@@Crecross Ayo?
the DMA is scary dangerous , how many bad things can be done with it i only imagine
That's one of the reason why modern CPUs, including phone processors, have IOMMU. They remap the DMA address and limit them to specific ranges. This is sometimes optional in your EFI settings though.
makes me wonder ..could one use a VM to emulate a second pc to communicate to a DMA device (or DMA driver) and bypass kernel AC on the same system?
yes
amazing vid
Isn't IOMMU enough to protect against DMA?
Clicked on this and didnt expect to hear a saffa, lekker vid bru
Shot my bru, I appreciate it!
4:12 My phone vibrated with haptic feedback here when the Notes program popped up on screen. How exactly did that happen??? I’ve never seen this happen in a video before. Edit. It happens every new chapter. Is this a bug? Or intended?
Good video.
I'd like to see your CS2 stats 🧐
I'm newbie but had an idea that why not Directly inject in the anticheat software only and get full access to the game!
I’m almost certain that some top streamers use the DMA approach
Is it possible by any chance that you show how to reverse engineering a save for console like ps4 or Xbox
Thank you.
I wouldnt trust any sort of kernek anticheat.
Game hacking is what got me into Red and Blue Team work over 10 years ago. VAC was fun to bypass. You used to be able to create a shadow bootloader with a kernel driver that fed the AC false handles to check. Everything had to load from a USB to stay undetectable. Not sure if that’s how it still works today.
He slight question, wouldn't you be able to inject the anticheat with a dll, so that it doesn't find your program
it's possilbe , but also anticheats defend themselfs
Not really, since any modification to the anticheat will put your game into offline mode. Just like how if u were to get rid of the anticheat the game will only work in single player or offline
in some games, e.x. bo2 you can do it this way
This is why anti-cheats keep demanding increasing privilege levels -- to try to protect the anti-cheat code itself. It's not possible to completely protect an anti-cheat on a hostile system so at some point you would need to require it to report something to your server in order to verify that the anti-cheat is running properly, preferably something that would be difficult to otherwise generate.
Hey i am going to pick a university major and i cant decide between CE / CS what did you study personaly and well not directly but in which can i learn more of this subject (ethucal hacking mostly games)
Interesting to see how cheats work
I would never ever use cheats in multiplayer anyways though ^^
what is the best way to get around a HW ban?
Question, does cheat developer target the anti-cheat itself, like patching the anti-cheat so it no longer work, or make it think that everything is working as intended. Wouldn't it be easier to cheat now that there's basically no anti-cheat.
Could you just make an external cheat that detects when an enemy head is on screen and moves your mouse on to it?
That way the cheat is not in the game it’s self?
yo cazz, im wondering if you can showcase how to make a shooting aimbot for a basketball game, kinda like aimbot but its gonna need an arc and the target position and your character position, maybe for a game like hoopz in roblox or some other basketball game. thanks man