Hacking into Kernel Anti-Cheats: How cheaters bypass Faceit, ESEA and Vanguard anti-cheats

mr_MADAFAKA@lemmy.ml to Linux Gaming@lemmy.ml – 310 points –
Hacking into Kernel Anti-Cheats: How cheaters bypass Faceit, ESEA and Vanguard anti-cheats
youtube.com
85

You are viewing a single comment

Do you have any sources on this happening? Or is it a personal anecdote hehe

There was a security vulnerabilitiy in the genshin impact anti cheat awhile ago.

That's exactly the sort of source I was asking for

Edit: the driver file was used after gaining access to the pc. So quite an involved attack but still really bad.

Edit 2: so actually it's nothing to do with having it installed. As the attacker installed it.

Yes it requires access to the pc but it's still a huge vulnerability. Many things can gain access to your pc but lack the permissions to do any damage. In this case simply having genshin impact installed put you at significantly more risk.

To your 2nd edit yes it is to do with it being installed. The user or the attack installing the anticheat is still the anticheat being used to exploit.

1 more...
1 more...
1 more...

It was already done through genshin impact anti cheat. It will be done in Vangard.

With that the attacker installed that driver after gaining access. So having the driver installed wasn't the issue.

As mentioned, cheaters can already bypass it, so what's the point? As for security, by definition it infects your whole system and has access to everything. That's what kernel-level is.

By definition a driver is not an infection.

Actually, a driver can be an infection, just like any other program can be malicious. But I do agree that from a system access standpoint, running the Vanguard kernel driver is not much different than using kernel-level EAC/BattleEye. Except the annoying starting at boot part.

A program without elevated privileges already has access to almost all important things on your computer anyway. Luckily flatpak supports sandboxing which protects from exploits in online games.

7 more...
8 more...