As someone who's messed around with the League of Legends Client and Riot Games' APIs before, I can tell you that Riot also uses RTMP and XMPP requests, not just HTTP requests, so you're not guaranteed to catch quite literally everything they might be sending with a simple HTTP debugger. As for the API that's running on localhost, that's basically just a wrapper for the actual League of Legends/Riot Games APIs
@ea02ca6f2 ай бұрын
you mean XMPP
@hhhhhhhhhhhhhhhhhhhhhh2 ай бұрын
@@ea02ca6f Yes, you're correct that was a typo for which I apologize
@Alright_OK2 ай бұрын
Just a heads up you can edit comments so noone else gets confused in the future ^^ @@hhhhhhhhhhhhhhhhhhhhhh
@xClairy2 ай бұрын
@@Alright_OKBut then he looses heart
@seansingh44212 ай бұрын
So basically a Wireshark PCAP capture instead ?
@etchickadee2 ай бұрын
it being spyware was less the concern than the inherent security/operation risk of giving it kernel access
@protera45652 ай бұрын
Yea at anytime China can tell them to put malware in it 🙃
@ThePyramidBox2 ай бұрын
True, like with Crowdstrike - we've seen how just one corrupted file can lead to full system collapse - and this is - from people who specialize in Kernel-level software! And what will happen with a GAMING company which literally had so little money - that they should've been sold to Tencent and lay off 40% of their stuff
@DankRedditMemes2 ай бұрын
On the other hand, the cheats use ring 0 as well, and to catch ring 0 cheat, you need... shocker, a ring 0 anti-cheat.
@Greenleaf_2 ай бұрын
No one had a problem with easy anti cheat before being ring-0. The only difference with vanguard was they told you it was running instead of hiding it in the services menu.
@Bacca8392 ай бұрын
@@ThePyramidBox How can they have no money when they make > $1 Billion net profit every year?
@ForgottenModders2 ай бұрын
I know Vanguard actively pokes at your files. Had my AV ping that Vanguard was messing with some files, as it had trigged a PUP / Malware notification.
@EricParker2 ай бұрын
My understanding is the method is usually hashing the file and comparing it against known hashes (AVs also do this).
@fekbutchers2 ай бұрын
@@EricParker Vanguard is no antivirus.
@colemank1232 ай бұрын
@@fekbutchers yes it literally is, except its for viruses against the riot games (cheats) not viruses within the OS. it only cares about the integrity of its games services but it does many of the things an AV does. Just like an AV checks hashes of files against known viruses vanguard does it to check for known cheats.
@JJ_cooks2 ай бұрын
@fekbutchers it sorta is 😂
@ForgottenModders2 ай бұрын
@@EricParker Ah, that would make sense actually. Still, an invasive measure for an anti-cheat imo. I never ran into this with BattlEye or EAC. It's a shame they pushed Vanguard onto the League/TFT players. With them making that move, Riot killed off their entire League playerbase on Unix based systems, considering Vanguard doesn't play nice WINE / Lutris / etc.
@cool-username-u9r2 ай бұрын
remember the cat ears
@EricParker2 ай бұрын
note the League username.
@cool-username-u9r2 ай бұрын
@@EricParker deal
@hiddenguy672 ай бұрын
ok@@EricParker
@icantdraw48052 ай бұрын
on which video he said that he gonna wear cat ears ?
@yorik10062 ай бұрын
Hello, just to clarify something, Riot can, at anytime, request data on your computer using Vanguard, including when you're not playing, they need to do that manually
@NoName-re9zz2 ай бұрын
No they cannot.. They dont request data outside of their logs. Their logs are directly with their game, and apps detected. So, why spread false info?
@ExternetEx2 ай бұрын
Source where other than "trust me bro"?
@Mad_Catter_2 ай бұрын
@@NoName-re9zz except one bad agent pushes a single update and they *can* do as stated. But meh, not like anyone wants my specific flavor of Hentai.
@RealDubozze2 ай бұрын
@@ExternetEx Literally.
@RealDubozze2 ай бұрын
@@Mad_Catter_it’s much more managed than this, although I don’t agree with kernel level, it’s still not spyware, just a secure root kit that can eventually get broken into.
@CocolinoFan2 ай бұрын
A root-kit is still a root-kit.
@weegeenumberone22 ай бұрын
@@ChristopherGray00literally all he said was "a root-kit is still a root-kit" what the fuck are you on rn.
@swegga45302 ай бұрын
@@ChristopherGray00 but thats what it is
@swegga45302 ай бұрын
@@ChristopherGray00typically malware* it doesn't have to specify malware and anyone in cybersec would agree it might as well be a root it because it runs on ring 0 Any and all software can and probably will be exploited and once vanguard is compromised... We are fucked (i still play valorant so I'm not a riot hater I just understand the risk I'm putting myself in)
@Parritz2 ай бұрын
@@ChristopherGray00 It isn't far off at all. You're trusting a piece of software made to be against the user which has ring0 access to your machine and controls everything. Can't wait until crowdstrike v2 happens to one of these anti-cheats.
@emanu16742 ай бұрын
@@ChristopherGray00thats literally what it is
@hauntedxd2 ай бұрын
i've been wondering: since the crowdstrike fiasco happened, whats stopping a similar situation from happening, but with vanguard instead?
@Karnickel932 ай бұрын
Nothing. Congratulations, you've woken up to the danger of kernel level tempering by external applications/providers. This is why I'll never play games with kernel level anti cheat. Before I get the question: running Linux with steam in flatpak with flatseal on a special, non-privileged user. I like to see a game dev installing crap in my kernel like this.
@opposite3422 ай бұрын
Nothing really. We have to trust riot to be a good dev. Though I don't think they put Vanguard as a "boot start" drive like crowdstrike since you can close it anytime
@EricParker2 ай бұрын
If you're on X / twitter gamerdoc & Phil (Mirageofpenguins) are quite active so you could ask them directly.
@yorik10062 ай бұрын
@@EricParker GamerDoc has 0 knowledge in how computers work, he's just repeating what he has been told, his only job is to send cheat files to Riot
@VaracolacidVesci2 ай бұрын
Thats why i dont use my main pc to game. Or at least non the same hdd system
@eagle567862 ай бұрын
The games that use Vanguard can’t be thaaat good to warrant the use of software like this tbh. I don’t think there’s any video game worth compromising security of your system for
@Greenleaf_2 ай бұрын
Do you play any online fps games and which ones?
@albert2006xp2 ай бұрын
@@Greenleaf_ Contrary to every 17 year old's belief, one can get by not playing online shooters.
@TheOzumat2 ай бұрын
@@albert2006xp the same can't be said for mobas tho
@shouygui49552 ай бұрын
Just because it's not currently a problem doesn't mean it won't be in the future. For example, when ESEA was used to mine bitcoin, basically creating that meme. Would be cool if you had the old ESEA client that did that.
@EricParker2 ай бұрын
The difference here is kernel mode doesn't help that agenda. ESEA was a 3rd party anticheat, Vanguard isn't getting installed on anything other than Riot Games, if riot wants to mine Bitcoin, they can do so with usermode.
@DerIKatze2 ай бұрын
With League's source code already having been stolen once and Riot being owned by Tencet, I'll still feel a little iffy about having Vanguard on my PC at all times, no matter what the truth of the matter may be.
@DerIKatze2 ай бұрын
@@kadupse Just because I didn't mention them, doesn't mean I agree with what they're doing either. This is a video about Vanguard, hence why I commented about Vanguard.
@ForgottenModders2 ай бұрын
@@kadupse The worry imo would fall more in the area of something like; a skilled bad actor could utilize the source code to find vulnerabilities to exploit. This could result in a plethora of problems, considering numerous people have Vanguard actively running on their computer at almost all times, given it's start-up nature. The classic 'oh its just telemetry' isn't really the concern here.
@Bozebo2 ай бұрын
@@kadupse Google's not root on your machine (aside from standard Android). And neither have any incentive to mess with you, unless you're a serious organised criminal of some kind.
@TheOzumat2 ай бұрын
@@kadupse chinese company spying good?
@JobimaExtra2 ай бұрын
@@kadupse We all know they are all bad but Do you know that if you OK with any Chinese related software/hardware then that will be most funny thing because in Chinese law all Chinese entities are obligated to spy and share data with the CCP, so any Chinese related software/hardware is worst than any others even the Russian related software/hardware
@Maramowicz2 ай бұрын
If you are suspicious, they are spying on you If you're not, you need to know that they can, and the worst part is that you don't even know if you're being spied on or not. Also about people creating cheats: if Riot can do anything they want remotely, just by sending any instructions to anticheat, then they would just be being stupid to insert anything bad into anticheat, it's much better to just pick anyone and then send any control command they want.
@mu11668B2 ай бұрын
Dispite most of the evidence says that Vanguard is safe as of now, I still wouldn't trust it anyway. 1. The screenshot thing shouldn't even be there in the first place. The server can do whatever they want without making changes to client installations. A bad command can go wild and it's going to be hardly detectable since nothing has changed on the client side. 2. Kernel access can bypass almost all permission checks. Drivers can read/write physical memory and get data there. Though it is going to be extremely difficult to implement. Nevertheless, state sponsored attackers from certain countries have built quite a sized digital arsenal full of complex tools, and god knows what else is in the bucket. Also, it's VMP packed, which makes hiding control flow easier than ever. 3. Kernel level malware is usually for persistence and evasion. Yes, your stealers can work on pure userland and there are just too many ways to evade AVs if you know what you are doing (wink wink). However, making an obfuscated kernel driver makes analysis much harder and it's much easier to mess with AVs with ring 0 access. 4. On the bright side, drivers nowadays must be signed by Microsoft. But malware do slip through the filter from time to time. Recently ESET found an adware sample with a Microsoft signed rootkit. It's not going to stop dedicated bad actors from doing awful things. 5. What is the data being sent to the servers? 4MB of data is quite large imo. If it was just signed with complicated custom algo, I would give it a pass. There is no need to make outbound data obsure to users given that it is sent via HTTPS. If it takes this many security and privacy compromises to play a game, no thanks. I'm good.
@jhax2 ай бұрын
Not sure I understand your point 5 correctly, but if the data was not obscured/encrypted, that would make it very easy for cheaters to know what the anti-cheat is doing. Would no longer need to reverse the driver because it's what gets sent to the server that matters. Suddenly you can read that they submit a HWID hash, so you intercept the request, change it, and no longer HWID banned.
@mu11668B2 ай бұрын
@@jhax "You intercept the request, change it, and no longer HWID banned." That's why I mentioned "signing" outbound data. Cryptographically secure digital signature should have the same strength against tampering.
@JJFX-2 ай бұрын
As for drivers being signed by MS, I'll just add that this doesn't necessarily mean it doesn't run code that was part of the initial certificate validation. The driver can simply be used to run modules obtained from their server in an update without recompiling the core driver (which would require going through the validation process again). This is how the recent Crowdstrike fiasco happened. Their update effectively tried to run garbage code through the driver.
@sky_rig2 ай бұрын
the problem is that vanguard has to be turned on and running the entire time when you have your pc on before you can play
@schwingedeshaehers2 ай бұрын
or you restart the pc to play valo
@Greenleaf_2 ай бұрын
All kernal anti cheats do and did already, they are just in the services menu instead of the task menu. I hope you don't play any games with easy anti cheat.
@PinkSkinSisko2 ай бұрын
@@Greenleaf_yeah, I looked under services and had 3 different EAC running at once. EA, Ubisoft, and Epic (I haven't played an epic title in quite awhile) when I removed them, my PC "coincidentally" ran just fine.
@Greenleaf_2 ай бұрын
@@PinkSkinSisko Yeah vanguard made the mistake of making it obvious it's running and easily allowing you to exit it. But it doesn't do anything unless a vanguard game is running like in this video.
@Parritz2 ай бұрын
@@Greenleaf_ The difference is that these services are usually in the "Stopped" state. Vanguard is not.
@Aka_daka2 ай бұрын
I uninstalled LoL the minute Vanguard crashed my PC when it first came out. I do not trust Riot one bit, I have seen how they run the game over many many years, I have played since beta 2009. But Vanguard was the final straw at that stage was only a casual player anyway and I would play on & off, but I used to play more serious, I don't feel like the system for me is worth the hassle, I completely against an anti-cheat system that goes kernel level access. I don't think game developers should be allowed to do this & should be banned.
@volcanic_sloth2 ай бұрын
came out of my way to remind you all that eric will put on cat ears for 100k subscribers
@frozencatcake2 ай бұрын
Programmer socks for 200k lol
@lollermann2 ай бұрын
If I had a dime each time a hacker or programmer did that degen stuff I'd be a millionaire by now
@crabtech12 ай бұрын
femboy panties at 300k
@legitplayin69772 ай бұрын
There’s going to be a lot more coming out then
@singeslayer83672 ай бұрын
I uninstalled Vanguard because it kept causing BSODs when I was playing games with Easy Anti Cheat. Well, luckily I'm not missing out on anything
@sdfxcvblank57562 ай бұрын
Cloud strike said get the hell outta the kernel
@kugelblitz15572 ай бұрын
Crowd strike. Cloud flare.
@Petexy2 ай бұрын
The main problem with Vanguard is not that it's a spyware - the problem is that it's written just like every other code from Riot Games. It caused a bluescreens for me SINCE THE RELEASE and yet Riot Games is still saying it's not Vanguard's fault and it's not possible. Welp, just like Crowdstrike showed - it is possible, because it's a big unknown what is applied to the windows kernel and what makes it so unstable for some configurations.
@NinthSettler2 ай бұрын
if it takes screenshots of my computer and sends them who knows where it's absolutely spyware. I don't know how else to describe such a program other than spyware.
@jhax2 ай бұрын
@@NinthSettler Dark and darker, battlefield (anything with fair fight), pubg, fortnite (tournaments), call of duty (at least the old ones but not anymore), take screenshots. Might want to add them to the spyware list too.
@NinthSettler2 ай бұрын
@@jhax and that's why I don't play any of those.
@jhax2 ай бұрын
@@NinthSettler Is it common knowledge that they take screenshots? Didn't think a lot of people knew.
@NinthSettler2 ай бұрын
@@jhax I tend to stay away from anything that uses an anticheat
@raindown68852 ай бұрын
thanks for using darkmode, makes it easier to watch for me in the mornings
@CuteSkyler2 ай бұрын
Wow, so Vanguard only takes screenshots of your game or entire screen, such a relief!
@jhax2 ай бұрын
Fairly common practice. TavernWorker (Dark&Darker), any game running FairFight (Battlefield series), Pubg user mode anti-cheat part, Fortnite Tournaments, Call of duty, and others
@CuteSkyler2 ай бұрын
@@jhax Wow so glad those masterpieces of the interactive medium have stellar anticheat.
@jhax2 ай бұрын
@@CuteSkyler Yep, hate the feeling of knowing someone could be looking at my desktop while I play.
@cameronbosch12132 ай бұрын
Very sus. Tencent is the imposter!
@weshuiz13252 ай бұрын
The fact the anti cheat doesn't close when the game closes, and made in china worry a lot of people
@takkeshi_dev2 ай бұрын
Would love to see more videos regarding kernel anti cheats / drivers, maybe more insight on what could be done with kernel and malware, anyways love your vids, keep it up 🔥
@light-gray2 ай бұрын
Short answer: Yes Long answer: Yeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees
@marshmallow87092 ай бұрын
when did he come to this conclusion in the video?
@sulfurnitride2 ай бұрын
14:32 is the highlight of what you guys wanted as an answer.
@frtls2 ай бұрын
I feel like for all your projects having mitmproxy running on it's own box in its own vlan where all http/https traffic is redirected from say a pfsense box would be easier and allow capture of this sort of traffic.
@EricParker2 ай бұрын
No idea why YT flagged this comment (I manually approved). I am considering at some point using a physical sandbox for some of these tests, but it wouldn't give any advantage in terms of net capture. MITMProxy only works (in a useful manner) with the certificate installed, that can be defeated via SSL pinning (& other techniques), HTTP Debugger bypasses that. In theory I could write a kernel driver (I am considering buying an EV certificate for a variety of reasons) to beat all of these tools, but then as Vanguard does they can just encrypt the traffic some other way. Only way to decrypt is reversing VGC.exe.
@hellomine28492 ай бұрын
More startup programs increase vulnerability exposure, especially kernel based ones
@Tetracera.2 ай бұрын
i remember when maplestory added a different anticheat/hack detection program, i don't remember the name of it now since that was like 8 years ago, but anyways i stopped playing because it creeped me out, i noticed my hdd activity was way higher then it should've been so i used process hacker to watch the disk activity and noticed it was scanning every single file on the hdd, and making a log, and then afterwards made a connection and sent roughly the same amount of data that was in that log. so i just assumed they were for some reason spying on the entire directory structure of my hdd instead of merely just acting as an anti cheat and never played a nexon game again.
@pidojaspdpaidipashdisao5722 ай бұрын
"Everything that has the ability to be spyware, can and will be used as spyware". A game is not worth your data, remember that.
@TheWizardboy52 ай бұрын
better stop playing any online game ever released then bucko
@pidojaspdpaidipashdisao5722 ай бұрын
@@TheWizardboy5 Yes that is exactly what I do.
@BR-hi6yt2 ай бұрын
I use a gaming laptop only for games. I'm not ordering on Amazon or using any data or keystrokes that I'm afraid to lose on my game PC. Safer as I play Valorant.
@nrzt2 ай бұрын
Eric, know that you can't escape from that reply. We'll never forget about it.
@frozencatcake2 ай бұрын
What reply
@TuriGamer2 ай бұрын
What if they just save it all and send it at boot when you cant monitor the network lol
@TheWehzy2 ай бұрын
I'll never install anything epic games or riot related on my PC.
@AnadolununAslan2 ай бұрын
My biggest issue with it is how it enforces TPM 2.0 on windows 11, but runs fine without it on windows 10? I have an i7-3770k with a GTX 980ti that runs the game at over 200FPS, but as we're approaching Win10 end of life in 12 months, i won't be able to play. I have both Win10 and 11 dual booted, but obviously no TPM 2.0 module as my mobo doesn't support 2.0. it's just ridiculous to say "buy a new computer" when my current computer runs the game beyond fine!
@shelly85632 ай бұрын
I don’t live in America so I’m confident that a major breach will be a guaranteed class action lawsuit.
@Bozebo2 ай бұрын
Lawsuit to a CCP infested company, good luck I guess. Just don't use their shit ever.
@XyreinCS2 ай бұрын
start the vgc service, then run all the vanguard exe’s thats how i get around vanguard being turned off during runtime
@awptical75092 ай бұрын
great video! thanks for the in depth and transparent video about vanguard. i personally was skeptical of the usage considering tencents background, glad you took a look for us.
@zaiyaiyai2 ай бұрын
Awesome video as always! I'm curious though, I want to use HTTP Debugger for something else but virustotal has 13/63 detections on the installer. Is it safe to use?
@EricParker2 ай бұрын
Yes
@Catinkss2 ай бұрын
Its all relative to the end-user, if you don't trust it, don't use it. I don't trust it myself, so I don't use it. While its surprising to see that there hasn't been anything of real concern found, its also obvious that something could easily be added without anyone noticing (for a short time at least) for example: the screenshot system in Valorant being exploited to screenshot anything outside of the game at anytime - game open or not. Either way - its your choice to be a user of the software :)
@IkarusKommt2 ай бұрын
Who cares about the anticheat, when the League of Legends requires you to open ports on your computer and accept inbound connections?
@BR-hi6yt2 ай бұрын
Riot is owned by Tencent now - Yikes.
@RJCMaxification2 ай бұрын
welcome to 2011
@cameronbosch12132 ай бұрын
@@RJCMaxification 2009.
@Miiiasm2 ай бұрын
Why do they make the game crash if you try to attach x64dbg? The memory is protected by the kernel driver, you can’t attach, it’s so useless.
@Lol994102 ай бұрын
I’ve already watched two of your videos within the last hour. I plan on watching more. You’ve got yourself a new subscriber. This is the content I crave for. Highly interesting videos. 😁
@chaosmachines9342 ай бұрын
also, i didn't play any of the riot games for mouths now i know how anti depression pills feel like + crack addictions quaking their additions
@AndreasElfАй бұрын
I'm still not installing a game that requires kernel access.
@cabir.bin.hayyan.8002 ай бұрын
Hello Eric! Thanks for the video. I still don't trust riot. I think they haven't done a bad actor thing with vanguard. Knowing about the player profiling done before anti-cheats(not spesific to riot). Only danger it has is(my opinion) bsods and possible hdd or ssd failures. Which happened to my hdds before. Not because vanguard but because bsods. Vanguard -> bsod -> ssd/hdd failure.
@Dr-Zed2 ай бұрын
I highly recommend using the CyberChef when messing around with unknown data, it's a great tool for that.
@SonyVegas13.02 ай бұрын
nope. its spyware, they can update/change it at anytime adding more spyware methods. without us knowing
@sortaspicey92782 ай бұрын
I don't think people take into account the amount of computing power it would take to record and analyze every single person playing the game's computer and screen in real time. If they see blatant signs of cheating, of course they're going to investigate further. And if there's no reason to then save the time and money and don't investigate further
@echotrapta2 ай бұрын
i wouldn't know anything about taking apart the vanguard software itself, BUT i (and many others) had a nightmare experience trying to get valorant and vanguard off my computer. seriously, task manager doesn't end vanguard, you have to take such a roundabout method to get it off. i'm not saying that's inherently suspicious, but it does attest to the stubborn and relatively invasive design of vanguard.
@Greenleaf_2 ай бұрын
You right click the icon in the lower right and click exit? or uninstall it? What's so hard about it?
@echotrapta2 ай бұрын
@@Greenleaf_ it was definitely harder to uninstall than it should've been, in my opinion! like you said, you have to go to the bottom right of your screen and find the tiny vanguard icon and hit exit, THEN attempt to uninstall it. otherwise it'll just say "it's running in background!" even if the actual app isn't open or if you attempt to manually end any vanguard processes via task manager. if anything i just interpret it as riot *begging* you to play their games, haha.
@iamasimplmao92602 ай бұрын
@@echotraptait really sounds like you should stick to a console if that is more difficult than you think it should be 😭 that’s very standard for almost every application
@Votexforxme2 ай бұрын
Is is spyware? no its far worse than that.
@lastnamefirstname23902 ай бұрын
Vanguard is what made me switch to Linux.
@szhadjii83632 ай бұрын
But if you don't install it on Windows it doesn't effect you, no?
@nou7122 ай бұрын
@@szhadjii8363 The vanguard anticheat driver is signed and verified, it can be used to deploy malware if malware has the vanguard driver included and hooks into it.
@lordmike93312 ай бұрын
@@szhadjii8363 Why is this reply older than the original comment
@szhadjii83632 ай бұрын
@@lordmike9331 yo wtf
@lordmike93312 ай бұрын
@@szhadjii8363 You saw it too? your stuff was 50 minutes ago while op was 30
@LoperoperMandalei2 ай бұрын
aint gonna install a info stealer to play a game
@Bozebo2 ай бұрын
CCP so automatically yes.
@Mitke420Ай бұрын
It probably cannot even spy properly, worst anti cheat in history of anti cheats
@nerd6652 ай бұрын
Long answer is yes, short answer is yes.
@reepusvanguard2 ай бұрын
No?
@GgGg-gz9jh2 ай бұрын
Short answer: yes it is
@nick119272 ай бұрын
Is Eric Parker spyware? jk
@methaneconan2 ай бұрын
Is spyware Eric Parker?
@volcanic_sloth2 ай бұрын
yes
@frozencatcake2 ай бұрын
He lives inside my walls
@iamwitchergeraltofrivia96702 ай бұрын
Buying antispyware hahhahaahaha is trash on windows
@rmHawk7652 ай бұрын
A video about BattleEye and Easy Anti-Cheat would be nice as they also ask for administrative permissions and I am under the suspicion that they do similar stuff to this.
@stephenkamenar2 ай бұрын
if you have root level access. can you send packets without the OS noticing them?
@cameronbosch12132 ай бұрын
Probably.
@rechington2 ай бұрын
genuine question, why are people more freaked out about kernel anti cheat being spyware than literally any other anti cheat or program? you don't need kernel level access to do spying
@cameronbosch12132 ай бұрын
Crowdstrike. I've been saying this long before that though.
@rechington2 ай бұрын
@@cameronbosch1213 that's not spyware
@lussor12 ай бұрын
Finally a good analysis, not like other self proclamed security researcher
@jhax2 ай бұрын
Except it streams modules while you play for extended periods and get reports, and briefly executes code at startup/boot. We do not know what encrypted data is being sent. I wouldn't say this yielded complete results. I still doubt that Riot is spying though.
@reepusvanguard2 ай бұрын
Do Easy Anti Cheat and Denuvo anti tamper. A lot of people on Steam complain about these two.
@EricParker2 ай бұрын
Closest thing to a Denuvo analysis is here momo5502.com/posts/2024-03-31-bypassing-denuvo-in-hogwarts-legacy/. Personally I don't want to go near DRM analysis as it's a legal minefield, I generally like Denuvo, not because I dislike piracy but because it has succeeded at convincing devs to port console exclusives to PC, and ultimately eventually they get crakced anyway (but preserving day 1 sales for publishers, or at least publishers think it does that).
@cameronbosch12132 ай бұрын
Short answer: Yes! Long answer: Yes! It's also made by Chinese company Tencent (they have owned Riot since 2009) and goodness knows what it actually does with all of the BSODs computers have gotten from it!
@ReverseShell13372 ай бұрын
How much did they pay you?
@Kaldog2 ай бұрын
$5 and a stick of gum
@honestlocksmith54282 ай бұрын
I would love to send you software and hardware from my industry. It's packed full of spyware and these older guys don't know a lot about computers.
@truestbluu2 ай бұрын
if it was they would've been sued by now... right?
@Zero-zv3iv2 ай бұрын
Only someone with access to the source code could have solid proofs enough to sue them. Even if someone somehow breaks their encryption and see what they really send and gather, I doubt it would be enough for a sue.
@shelly85632 ай бұрын
@@Zero-zv3ivCourts in certain countries with better consumer protection, Europe, Australia, maybe some parts of Asia may be able to order the source code to be provided to the court/government if the issue was damaging enough. Like If Vanguard had a massive breach and affected many people of a certain country etc.
@MichaelHenderson-h4w2 ай бұрын
How exactly is this anticheat so effectively able to detect virtualization? Couldn't someone instead create a custom BIOS with an SMM payload to analyze it, or can it detect that too?
@33KK2 ай бұрын
You only looked at user-space requests, not kernel space obviously there's nothing when the client isn't running, because well, THE CLIENT ISN'T RUNNING, NOTHING IS SENDING USER-SPACE REQUESTS. Afaik vanguard dynamically loads modules from internet on every launch, which literally makes it a glorified modular RAT. It doesn't have to be just a sussy screenshot module, could be a proper malicious payload. Nobody would ever realistically find out even if you only targeted particular users or just avoided users with RE software installed and even then it's so hard to analyze this thing. You finding out absolutely nothing with this method is the only expected outcome, and doesn't provide literally any insight as to if its spyware or not. I'd rather say that a kernel anti-cheat from a funny Tencent owned company which streams modules from internet is not trustworthy by any means.
@EricParker2 ай бұрын
What exactly do you mean by kernel space requests. The driver (VGK.sys) does not communicate, vgc.exe does. It is possible via a kernel rootkit to hide usermode communications (as I said this could be overcome with HW), MS & the hordes of cheaters who reverse it would probably catch something of that nature.
@33KK2 ай бұрын
@@EricParker >The driver (VGK.sys) does not communicate I don't see why it couldn't though? Kernel mode SSL seems to be a feature, and you definitely can open a TCP socket from the kernel. I kinda assumed the driver does the communication, that's just what made sense to me 🤷.
@PianoElipse2 ай бұрын
how about genshin anticheat?
@jhax2 ай бұрын
A pile of crap and basically open source if you open it with IDA
@Bananenmann2 ай бұрын
Will you check other anti cheats as well? (like EAC)
@verypurply2 ай бұрын
CCP paying well?
@robnergal5752 ай бұрын
Short Answer -- Yes
@rafinhas2143143242342 ай бұрын
Spyware and rootkits are different kind of malware’s, aren’t they?
@k680B2 ай бұрын
any kernel level app that wants to act as a driver (which anticheats commonly do) needs to be analised by microsoft on sourcecode level in search of something like spyware, so since vanguard is allowed kernel access on windows then at the very least microsoft deemed it safe and wether you trust microsoft or not is up to you, lately they seem to be partial to extensive data collection themselves look, what i'm trying to say is your furry feet pics folder is probably safe and/or outside of anyone's interest
@DarkoLuketic12 күн бұрын
Look. Don't be so blue eyed. It is certainly possible to abuse it, and the amount of data that's sent back to them is large, so it's essentially a kernel level spyware that's always active.
@efesimsek5502 ай бұрын
Sorry, umm... Van- What?
@dttrsp2 ай бұрын
they shouldnt make KERNEL LEVEL anticheat and us - players, should do something about this but we cant
@gabriel55ita2 ай бұрын
Problem being user mode privileged anticheats are easy to bypass so cheaters do whatever they want, that's why they went with a lower level approach. I'm just happy to not play these games with crap running with too many privileges
@nou7122 ай бұрын
don't play their bs? i think that's a fairly easy solution lol
@sdfxcvblank57562 ай бұрын
@@gabriel55ita thanks to cloud strike everything's getting kicked out of the kernel, sounds like the developers just have to figure out how to make the game fun enough not to cheat in?
@Shardyy2 ай бұрын
Unfortunately league players are just cucks, who pay 500$ dollars for 2 pixels skin and are happy about it
@danvasicek41222 ай бұрын
It could be interesting to see if game creators would just try to make HvH lobbies and let us play without people with cheats, but again there is no honor amongst thieves so I don't know how many people cheating would respect that@@sdfxcvblank5756
@timoteedrimes64002 ай бұрын
Sorry bro but the text is too small on wireshark, we can’t read anything
@nelsonbarbosa82002 ай бұрын
In the way you mentioned screenshoting via server requests and comms being sent in and out I wonder how hard would it be to setup a MITM hack for banking to intercept and spoof a bank's MFA authentication via an always on anticheat...
@alebud14032 ай бұрын
Is KZbin listen to us? I know yes
@e60m5v_102 ай бұрын
vanguard has always been suspicious, always.. could you do VAC? it would be interesting to see what it does considering it doesnt work
@Miiiasm2 ай бұрын
vac is a simple user mode anti-cheat, it constantly checks patterns of cheats, basically strings of data related to the cheat with your game’s runtime memory, so if you have a known cheat to them injected it will trigger it
@e60m5v_102 ай бұрын
@@Miiiasm onetap, gamesense, neverlose, are very well known, what do you mean by well known? you mean easily detected due to being trash and well known by the anticheat in that sense?
@Miiiasm2 ай бұрын
@@e60m5v_10 Known to Valve, so to be in their database also bad cheat or not does not really matter, if Valve does not have patterns of said cheat VAC won’t detect it. (This applies to regular VAC only not VAC Live)
@Miiiasm2 ай бұрын
@@e60m5v_10 My replies keep getting hidden, sorry ¯\_(ツ)_/¯
@Greenleaf_2 ай бұрын
If they want a cheat that doesn't work sure. VAC does not work and cs2 is infested with cheaters.
@alleliteverizon2 ай бұрын
hi eric, i'm a huge fan of your videos and how you're telling about "Hacking". have you recently heard of a new discord hack that is ongoing..
@MimiWhiskers2 ай бұрын
You should take a look at the DRM enigma next.
@cameronbosch12132 ай бұрын
Call Alan Turing. 😂
@giovannispeedrun2 ай бұрын
i was thinking abt it for a bit and i was seeing it pop up everytime so
@BastiOn_13372 ай бұрын
I realy don't like the Valorant Anti Cheat it's absolutely atrocious what there is going on
@lipemartins27082 ай бұрын
but if it takes a full screen shot it mean it will be only the valorant no? if your playing with full screen
@lipemartins27082 ай бұрын
ive been playing valorant for like 2years and now i am kinda concernd
@BucketGeek2 ай бұрын
I heard you have something to do with cat ears, so I subscribed... I'm waiting.
@grisu19342 ай бұрын
Could you please make a video about the effectiveness of EAC in linux? I play dbd and other games on linux but afaik EAC hasnt kernel access on linux so i wonder how effective it is. Especially since the r6 dev said they wont enable battleye for proton since "linux is on open door for cheaters" (I just wanted to check if i correctly cited them and their second response about it being an open door for cheaters is gone, time to hope again)
@EricParker2 ай бұрын
www.unknowncheats.me/forum/apex-legends/605888-grinder-simple-linux-sense-aimbot-triggerbot.html Seems that in Apex (one of the EAC linux permitted games) the general consensus on cheating communities is that it is better to cheat on Linux. Nothing fundamentally stops them from doing kernel AC on linux.
@cameronbosch12132 ай бұрын
"LiNuX iS aN oPeN dOoR foR cHeAtErS". Says out of touch CEOs about to get fired.
@_____666______2 ай бұрын
can you do video using Frida for protected malware samples ?
@edumas39602 ай бұрын
hey Eric, is League playable on Qemu GPU Passthru with that Vanguard ? Asking for tutorial 🙏🏻
@karimlababidi12 ай бұрын
i wanna know how hacker keep cheating in cod warzone... is it that easy??
@Randy-nb6fw2 ай бұрын
i dont think they need that in there with tiktok and temu on everyones phones
@EarlierPlane0342 ай бұрын
Glad you did a video over it😊
@kavylavx2 ай бұрын
Wear. The. Cat. Ears. At. 100k🔥
@nekowhixp2 ай бұрын
could you cover other anti-cheats such as nprotect gameguard, xigncode3 and implementations of EAC?
@silly_industries2 ай бұрын
please enable dark mode for uc for the love of god
@takiiinotfound2 ай бұрын
idea for you next video see if blitz spy on us
@donwilze18112 ай бұрын
Please more cheat related content. Good videos, keep it up!
@nghtmregaming38442 ай бұрын
Make a video on VAC
@EricParker2 ай бұрын
What do you want to know about VAC?
@timzy11ful2 ай бұрын
@@EricParker why doesn't it FUCKING work
@nghtmregaming38442 ай бұрын
@@EricParker cs2 cheating issue is damn bad 😓 wanna see how vac works and why it sucks soo soo much
@GatsuTheBranded2 ай бұрын
@EricParker I wanna know if it's really spying on us and giving our games poor performance they swear they don't and that it doesn't
@grisu19342 ай бұрын
@@nghtmregaming3844 because vac would rather have many cheaters and 0 false bans than low amount of cheaters and medium amount of falsebans a vac ban is supposed to be 100% proof also valve probably collecting data to improve their ac rn so they can push a godlike ac update like they did already
@JohnBlackCyberSec2 ай бұрын
Vanguard no longer uses vmprotect
@JohnBlackCyberSec2 ай бұрын
Furthermore drivers can NOT be packed due to hvci
@𪜊2 ай бұрын
not true
@EricParker2 ай бұрын
Possible it is an in house program that behaves like VMProtect. My VGC.exe says this in DIE Packer: Packer detected(Heuristic)[Imports like VMProtect (v3.2.0-3.5.0) + High entropy + Section 9 (".stub3") compressed]
@JohnBlackCyberSec2 ай бұрын
@@EricParker Ah yeah their usermode component might still use VMP. They moved their driver over to a protector that is not in house but is under heavy nda. It relies heavily on an obfuscation mechanism known as mixed boolean arithmetic.
@juandavidgiraldo5182 ай бұрын
If you don't want to get involved with the doubt about vanguard being a spyware, you just dont install LoL and that's all, just live your life happily forever XD