Riot Games Now Requires Kernel-Level Anti-Cheat Software for League of Legends, Following Valorant's Implementation

Lipriv30, 4 months ago

I wonder what is dead by daylight’s easy anti cheat?

Shadywack, 4 months ago

Cool, PC gaming sucks now anyway.

Smacks, 4 months ago

The only good thing to come out of RIOT are the animations. Those don’t require exposing myself to the CCP.

steelrat, 4 months ago

What could go wrong with chinese rootkits on leading global games?

Breve, 4 months ago

I find it contradictory how Riot’s own explanation contains the following two statements:

This isn’t giving us any surveillance capability we didn’t already have.

The problem here arises from the fact that code executing in kernel-mode can hook the very system calls we would rely on to retrieve our data, modifying the results to appear legitimate in a way we might have difficulty detecting.

If the first statement was true (which it’s not), then they shouldn’t need any additional capabilities offered by running at the kernel level to surveil the system to detect cheats. As they admit in the second statement though, it is exactly because cheats abuse the OS security model to gain capabilities to both monitor and interfere with the game in an invisible manner that they need to get those additional capabilities to invisibly monitor and interfere with other programs too. The best they can do is a pinky promise that they won’t abuse this power, but they don’t even give us that promise and instead insist they don’t actually have that power. That’s super suspect to me.

I hope people using cheating software understand the dire security consequences of installing and running that type of software too, especially in that it comes from very shady sources.

kttnpunk, 4 months ago

Anticheat software, sure that’s what it is. Totally not a excuse to steal total control of a player’s machine, nope not here

Breve, 4 months ago

I mean I’m not going to jump to the conclusion that they are definitely actively doing this, but more that if they openly admitted that their anti-cheat software has the ability to invisibly monitor everything on your computer from your browser to your password manager, then people would be way less accepting of it just because of the potential risk.

Buddahriffic, 4 months ago

Also, it doesn’t even remove the capability of cheating. A virtual machine can hide things from the kernel. I’m not sure if there’s an existing implementation that makes it completely transparent to the guest OS that it’s running on a VM, but it’s technically possible to do that if it’s not already being done.

A VM-based cheating system would be more complex than a kernel-mode one, but it’s just the next step in the arms race, unless there’s an even easier one I’m not aware of… I suppose hacking their anti-cheat system itself so that the games think it’s working properly might be possible depending on how it’s done, though that can be defeated by an even bigger security hole: giving it the ability to run arbitrary code from the server in kernel mode.

Another way to cheat that might not be defeatable is to run a hacked version in parallel to a completely legit one. You use the legit one for all server communications and the hacked one to render an overlay over top of the video from the legit copy.

IMO, the way anti-cheat should be going is behavior analysis of players. Do players behave as if they are aware of information they shouldn’t be, like the location of other players that shouldn’t be visible? Is the player less effective if the server feeds them fake invisible data about non-existent opponents? Is there a correlation between how difficult shots should be and how likely the player is to make them? Does the player’s performance drastically change from time to time, more so than someone getting into the zone or having a bad day? Does the player ever talk about cheating in the game’s text or voice chat?

Though that’s assuming the cheating is the reason and not an excuse for this.

Breve, 4 months ago

Yup, very true. There’s even the possibility of hardware level cheats, just like that new MSI monitor that analyzes the screen with AI. Imagine that but instead it’s a KVM switch like device that can “see” everything happening on the screen as well as the keyboard and mouse inputs. You could train it to recognize and track enemies in an FPS then add in some extra inputs to correct the aim every time you fire, or activate abilities in a MOBA automatically in response to enemy actions. I think this is what Gameshark might be trying to do. Short of requiring cryptographically secure input devices, the only way to detect this type of cheating would be behavioural.

Buddahriffic, 4 months ago

Another commenter linked a video that goes in to detail about how actual cheats are doing it (my comment was just speculation about what’s possible based on what I know about computers work), and they are doing stuff like that. They use raspberry pis and/or arduinos to analyze the screen (or a small square around the centre where the reticle is). Then they intercept clicks and when one is made, add in the corrections to centre the target and then pass on the click. In this case, the Arduino would have a the mouse and usb/network for the image stream as input and it outputs as if it’s a mouse.

And as a man in the middle, it would just make the secure connection itself and pretend it’s just a mouse (spoofing whatever IDs it needs to), so I don’t think cryptographically secure mice would make a difference unless the market is willing to accept only buying approved mice that add their public keys to some database. It would just be another front in the arms race.

Ultimately cheaters have the advantage of having physical access to their device. The scheme we’re talking about would even work on cloud gaming platforms as it’s only using the same information that is already being displayed to the player.

Buddahriffic, 4 months ago

Oh yeah, and for behaviour detection of this, it’s kinda annoying they don’t detect it because I don’t think it would be difficult to do this (either from a problem solving perspective or the amount of computational power that would be required).

Just track the x and y deltas and their derivative over time (in this case, the derivative is just the difference between the current sample and the previous one, so no calculus required, just a subtraction per sample). Then check if they are continuous. X and y deltas are velocity, which must be continuous because the mouse is a physical object and subject to inertia. Acceleration should also be continuous because of the limitations of our muscles (though if your mouse bumps your keyboard or your hand is moving and bumps your mouse, you can see natural acceleration that isn’t continuous, but these wouldn’t directly preceed a successful shot at a target).

Then just watch for spikes in either of those. A better cheat program could smooth the spikes, but it slows down the capability of the aim bot.

ChefKalash, 4 months ago (edited 4 months ago)

After studying operative systems this semester, it’s crazy that developers are really out there giving level 0 privileges to an application program.

Get that shit far, far away from my machines

dangblingus, 4 months ago

I assume that anyone that actually cares probably doesn’t play LoL to begin with.

saintshenanigans, 4 months ago

I just mentioned the other day how scary that is if a third party can crack it and just got blasted about how Microsoft wouldn’t put an OS out with vulnerabilities like that lmao

havokdj, 4 months ago

Microsoft literally took government bux to put in NSA backdoors into windows that are still there to this day.

Defaced, 4 months ago

No thanks, I’ll stick to dota 2 and cs2. Everyone else should do the same, this kernel level anti cheat doesn’t even work. Well, no anti cheat is perfect, but vanguard isn’t any better than any other anti cheat. All it’s doing is collecting data about your computer and running at an insanely invasive level.

havokdj, 4 months ago

Data collection is the least of your concern with a kernel level anti cheat

halva, 4 months ago

It does though… Vanguard is ambiguous as to how actually secure it is, but it’s damn effective.

Defaced, 4 months ago

It’s not though: youtu.be/RwzIq04vd0M?si=hLI9NQRI18clm5WG

That video explains how vanguard is bypassed using multiple methods. It really isn’t any better or worse than something like VAC or EAC.

Virulent, 4 months ago

Valorant has cheats, they’re just more expensive. With advances in AI, all anti-cheat will be circumvented via hardware soon so it wont even matter

Lipriv30, 4 months ago

What about dead by daylight’s easy anti cheat?

KuroeNekoDemon, 4 months ago

Wait so the not being able to completely get rid of the Riot client and all their games and it still popped up on my desktop wasn’t me going crazy? It might be Chinese malware in the end? This is just a whole new meaning to that now

saintshenanigans, 4 months ago

There is a chance that it has something to do with the Xbox app, maybe

Clbull, 4 months ago

The decision to push Vanguard upon League players is a baffling one, especially since hacking, scripting and botting are nowhere near as prominent in MOBA games.

I can only see one potential upside to this and that is Riot being able to more effectively hardware ban serious rule breakers.

My problem with Riot is that their Customer Support is almost Blizzard levels of shit.

derpgon, 4 months ago

I see you haven’t been in a Master queue that gets an obvious scripter every 2-3 games, even more so near the end of the season (1 per game at least).

Clbull, 4 months ago

I’m hardstuck Iron, so I just get paired with morons and professional inters.

shadow, 4 months ago

If you uninstall is there any guarantee that the kernel level anticheat gets removed, too, or are they in there forever?

Hestia, 4 months ago

Depends on what you uninstall. Your OS? Yes. The game? ¯_(ツ)_/¯

ReginaPhalange, 4 months ago

You dropped this \

nova_ad_vitum, 4 months ago

I don’t know but if you get a law degree then spend 3 months reading their extremely long and intentionally complicated user agreement I’m sure you’ll find out that they have the right to keep it installed whether they currently choose to or not.

chemical_cutthroat, 4 months ago

And today we read from the Book of Sony, Chapter 2005, verses 10-11: Sony BMG quickly released software to remove the rootkit component of XCP from affected Microsoft Windows computers, but after Russinovich analyzed the utility, he reported in his blog that it only exacerbated the security problems and raised further concerns about privacy. Russinovich noted that the removal program merely unmasked the hidden files installed by the rootkit but did not actually remove the rootkit. He also reported that it installed additional software that could not be uninstalled. In order to download the uninstaller, he found that it was necessary to provide an e-mail address (which the Sony BMG Privacy Policy implied was added to various bulk e-mail lists) and to install an ActiveX control containing backdoor methods (marked as “safe for scripting” and thus prone to exploits). Microsoft later issued a killbit for the ActiveX control.

On November 18, 2005, Sony BMG provided a “new and improved” removal tool to remove the rootkit component of XCP from affected Microsoft Windows computers.

courtesy wikipedia: en.wikipedia.org/…/Sony_BMG_copy_protection_rootk…

JATtho, 4 months ago

Windows: $ insmod < “shady-ring0-blob-from-internet.sys.cn” What could possibly go wrong?

trackcharlie, 4 months ago

Guess nows as good a time as any to uninstall this trash.

Their garbage anti cheat has done barely anything to improve valorant and now they want more control of my computer for league?

Die in a fire, trash.

Alph4d0g, 4 months ago

I guess the shame and expense Sony learned the hard way in 2005 has faded and now kernel invasion has become acceptable.

levmyskin, 4 months ago (edited 4 months ago)

I think the main issue here (I haven’t seen it mentioned in the top comments) is that LoL doesn’t even have a cheating problem honestly. I’ve been playing since 2014, off and on, and I think I might have met maybe one scripter (I’m not really sure). Lol has definitely a toxicity problem, but I honestly don’t think it has ever had a scripters/cheaters problem, so I really don’t understand this. Is it because of bot accounts? Whose games are these bots ruining (never seen them between gold-diamond)? Does it justify a kernel level anti cheat? Honestly, the real problem with this is not the kernel level anti cheat (because I guess that might be useful for games like valorant), it’s the fact that this was never really even close to be necessary

Edit: interestingly enough, riot games itself was reporting in 2020 that cheaters and scripters were ruining a very minor fraction of the games. Ref: leagueoflegends.com/…/dev-anti-cheat-in-lol-more/

Socsa, 4 months ago

I don’t even consider scripting and macros to be cheating tbh.

derpgon, 4 months ago

Auto dodging, perfect skills hots, staying at max range at all times, instant item usages to maximize potential.

Yeah, nothing illegal officer.

I so wish you had a game with enemy Zeri using scripts. You’d change your mind very quickly.

Allero, 4 months ago

Kernel level anti-cheat is never justified.

Other than that, true!

EssentialCoffee, 4 months ago

Scripters and cheating was a pretty common complaint in both r/lol and also on inven and in Chinese forums.

levmyskin, 4 months ago

Bringing some data in, riot games itself was reporting that cheating was not that much of a problem really: leagueoflegends.com/…/dev-anti-cheat-in-lol-more/

According to the plot we see there, a very very very minor percentage of games was affected by cheaters in 2020, and I honestly doubt the situation has changed. So, until we see new data from riot, I’m calling bullshit on this whole vanguard thing

CosmicCleric, 4 months ago (edited 4 months ago)

As a geopolitical side note to all this, there is a small but real chance that we may be going to war with (Edit: China) someday in the future, over Taiwan.

Do you really want an adversary that can potentionally disable a large portion of your populations computers in one fell swoop?

Edit: Because of Tencent’s ownership of Riot, which is a Chinese company.

Serinus, 4 months ago

them

Riot? I don’t see a war with Riot being likely.

CosmicCleric, 4 months ago

them

Riot? I don’t see a war with Riot being likely.

/picardfacepalm

Dominik, 4 months ago (edited 4 months ago)

deleted_by_author

CosmicCleric, 4 months ago

keep in mind Riot is an american company owned by a chinese one so idk if they would actually side with china

One can only hope. Back doors do exist, and seeing how parts of American politics these days seems to favor certain foreign countries, I’m not so sure. Greed seems to override oaths.

saintshenanigans, 4 months ago

Do you really want an adversary that can potentionally disable a large portion of your populations computers in one fell swoop?

Just saw a Netflix movie about this a month or so back. Obviously the writing was a little embellished, but it was fucking terrifying to imagine something like that happening on a real scale.

Buttons, 4 months ago

If a security researcher finds and reports a vulnerability without permission, you would hope the company with the vulnerability would get in trouble, but instead the researcher gets in trouble and is and hassled by the government and the courts. Our government has already decided to sacrifice national security for the convenience of companies when it comes to security.

le_saucisson_masquay, 4 months ago

I believe it’s much more than a small chance, war over Taiwan is going to happen. Question is when, not if. nbcnews.com/…/us-air-force-general-predicts-war-c…

But I agree, trading his computer control to China just to be able to play a game is ridiculous. Hopefully those who agree aren’t people that would matter anyway.

Buddahriffic, 4 months ago

Even if none of those machines matter, a botnet the size of all valorant + LoL players has a lot of ddos potential.

le_saucisson_masquay, 3 months ago

Yeah you’re right