Trust Kernel Level

Post your topics and discussions here that you can't find a good section for.
Post Reply
LiamLi
Expert Cheater
Expert Cheater
Posts: 56
Joined: Tue Aug 27, 2019 2:54 pm
Reputation: 7

Trust Kernel Level

Post by LiamLi »

Hi,

important note at first : no i don't want to cheat in any multiplayer game!

I need to confess that im really really confused about that following topic, so im hoping that someone of the skilled ppl here maybe can help me to clear that up :?

We all know that some games are installing Drivers to protect the game (EAC,BattlEye and so on) and that we basically don't really know what the drivers are doing, unless someone knows how to reverse/analyze drivers.

A friend of mine asked me to play Valorant, and Valorant would install the "Vanguard" anti-cheat Driver ...

my first thought was "i don't trust riot (china) to install a driver on my machine" then i started to google around and even found some infos from someone who is creating valorant cheats, and he wrote that Vanguard is basically a spy rootkit for china...

and if thats true i have so many questions ... how can that be legal? why no one else discovered that already to create a shitstorm?

currently i still have not installed the game and im really confused, i dont know if im right to not trust Riots Driver or im just overreacting?

if some admin / mod thinks this topic is stupid -> then im very sorry and pls feel free to delete it, but i really could need some opinions to that topic.

thanks to everyone who can helpe me!

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1671
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 881

Re: Trust Kernel Level

Post by TheyCallMeTim13 »

Well I don't know anything about Vanguard. But I can tell you that most large governments have their own spyware/RATs/rootkits, they really don't need to risk leaving evidence that can prove what is created/controlled by them. And there is a company that creates and sells spyware/RAT programs that they sell to who ever has enough money, in the US even local police forces have bought their products. But there have been examples of anti-cheat software that scans whole drives and sends data related to the scans to a server, so we know some companies will do pretty shady stuff on their own. So in the end it's really a personal choice and there is no simple answer to the question in general. Best thing I think is to show companies that kernel level DRMs and anti-cheats aren't accepted and won't sell as well.

But here's a fun thing to think about. Most, if not all, of the hardware you use likely comes from China, or has components that do. And detecting some kind of spyware/RAT at the hardware level could be much harder, and if it's setup to hide what it does that only makes it harder to figure out. And this has been a concern with many security experts for years now. And this is a great way to do all sorts of nefarius things, if one is so inclined.

User avatar
MBRKiNG
Table Makers
Table Makers
Posts: 247
Joined: Fri Feb 23, 2018 5:13 pm
Reputation: 333

Re: Trust Kernel Level

Post by MBRKiNG »

A good example is Valkyrie Connect installing a sys file into your system32 folder

That file is pretty much unremovable when the game was started once... can't be deleted, can't be forcefully deleted even with CMD, this service is running in backgraound even if u have uninstalled that game. safe mode was the solution for me to remove this shit.

bypass this anticheat was not hard But there are so many people who know nothing about kernel drivers and what security risks are these files

batch file installing this crap into your system32 folder

Code: Select all

@echo off

copy /y "%~dp0\ateam64.sys" "%windir%\Sysnative\"

sc create ateam64 binPath= SYSTEM32\ateam64.sys type= kernel start= auto DisplayName= ateam64

sc start ateam64

if %errorlevel% equ 5 exit /b 1

exit /b 0


ODimm
Expert Cheater
Expert Cheater
Posts: 66
Joined: Fri Jan 31, 2020 12:31 am
Reputation: 27

Re: Trust Kernel Level

Post by ODimm »

MBRKiNG wrote:
Wed Jun 23, 2021 5:58 pm
A good example is Valkyrie Connect installing a sys file into your system32 folder

~~~~
oof... thats horrible :c

thanks for all the answers , really thanks!

you helped me to understand that im not overreacting, thanks again!

User avatar
SunBeam
Administration
Administration
Posts: 3633
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 2848

Re: Trust Kernel Level

Post by SunBeam »

Honestly.. I've had no issues with drivers so far, because I am not playing MP games. And for SP, I choose not to let it run or bypass it in such a way that a game just starts-up (without it passing through the anti-cheat first).

A few posts above, the user saying he couldn't delete the driver.. that's a load of bull-crap. If you understand how things work, if you do your due diligence and research on it, you will know: a) if the driver is loaded by the OS at start-up, you need a kernel driver unloader (a tool that can show you the loaded kernel drivers); then unload it; b) once unloaded, you can delete the service and physical .sys file. So 'I had problems' bla bla goes as far as your knowledge goes.

But as an overall impression on the topic: I've never seen posts like these from people who aren't paranoid. If I may extend the interpretation, the OP is surely using browsers in incognito mode (or none from Google at all, cuz they are "spying on uss!!!"), pays only in cash (no credit cards, no online payments) and doesn't use social media. How far off am I?.. :D /sarcasm

LiamLi
Expert Cheater
Expert Cheater
Posts: 56
Joined: Tue Aug 27, 2019 2:54 pm
Reputation: 7

Re: Trust Kernel Level

Post by LiamLi »

SunBeam wrote:
Wed Jul 07, 2021 1:58 pm

But as an overall impression on the topic: I've never seen posts like these from people who aren't paranoid. If I may extend the interpretation, the OP is surely using browsers in incognito mode (or none from Google at all, cuz they are "spying on uss!!!"), pays only in cash (no credit cards, no online payments) and doesn't use social media. How far off am I?.. :D /sarcasm

Hi,

at first : thank you for all the infos ( e.g kernel driver unloader and deleting the .sys file )

"How far off am I?." hmmm you are 100% right with the social media and maybe the cash ( im using paypal to buy games on steam or epic and so on ) but in retail stores im always paying with cash.

Well, i know that its kinda impossible to use any device without getting "spied" on it, my question was really only for drivers.
Correct me if im wrong, but your text implies that you are also don't like to install Drivers to play a game ... especially for SP games :mellow:

thank you again, you all helped me at my decicsion to not trust Anti-Cheat drivers!

i just would wish that my friends would believe my if i say to them "don't trust valorant" :(

Post Reply

Who is online

Users browsing this forum: No registered users