devtrackers.gg RiotArkem
RiotArkem

RiotArkem



12 Apr

Anticheat starts upon computer boot

Comment

Originally posted by Gettrolledsteve

Thank you for the hard work on the anti cheat! Game feels great! I had a question regarding this driver. Did you guys think about randomizing the name and location of the driver on boot up? Every vanguard update you could change the list of names to make it harder. I'm not sure if this is possible but I think it would annoy cheat makers as normally they have to inject into the driver to bypass it.

It's a good idea but there's a limitation that prevents us from doing this.

In modern versions of Windows all drivers need to be approved by Microsoft through a code signing process or they won't be loaded. This means that even if the name of the driver is changed there will still be some identifying features that would make it clear that the driver is Vanguard (since the authenticode signature would say "Riot Games").

Anticheat starts upon computer boot

Comment

Originally posted by SirrLarrson

Ever since downloading the game my computer has had serious issues starting up (like 2 fps serious) I'm all for invasive anti-cheat but not at the cost of my system, i've also observed lag on other games like csgo that I've definitely not encountered before. These issues could definitely be something other then the anti-cheat but I've been doing a lot of troubleshooting nothing has worked. I might just permanently uninstall the game if it continues

Specs 2070 MSI gaming z i7 7700k 16gb trident Z 3200ghz ASRock fatal1ty 4 270 Kingston 500gb nvme sad Windows 10 pro

There could be a compatibility bug (maybe Vanguard isn't compatible with something running on your computer?). I recommend putting in a support ticket so they can help you collect diagnostic information and troubleshoot.

You can also try uninstalling the anti-cheat (Add/Remove Programs and selecting "Riot Vanguard), if that fixes your problem then it's very likely that there's some kind of incompatibility and we'd definitely be interested in your help figuring it out.

Anticheat starts upon computer boot

Comment

Originally posted by smokeey

If it can just be uninstalled what's the point? Does the game still operate without that component of the cheat system gone?

The game won't operate if you've uninstalled Riot Vanguard

Anticheat starts upon computer boot

Comment

Originally posted by Ketonax

Well, I assume your driver runs in kernel mode, because it start with the system. You straight away render most user mode cheats useless, the basic ones at least, where they are flagged instantly. At the same time 'someone more skilled' can find a vulnerability in your code and run their code in kernel mode. There is no way you can guarantee this won't happen, even when You state that several security teams had a look at your code.
There were multiple examples over the years with kernel drivers being exploited in the wild, Razer Synapse, Capcom and I believe there are several ways to break FaceIt anticheat.
You also stated it's very simple part that runs in kernel mode, which worries me that it will be simple to disable / override and render useless. Secondly, do you inform us anywhere during installation about this technique? I have beta access, but of course I skip all the reading and honestly don't remember.

While I can't guarantee that we're perfect we have put a lot of effort into the security of the kernel driver. We've had multiple groups review it for security flaws (both external security consultancies and our own security teams).

We definitely don't want to put yet another vulnerable driver out into the world!

Anticheat starts upon computer boot

Comment

Originally posted by lennihein

Is there any updates on the blogpost about the technicalities?

I have a long article (it might be the longest article I've written since school!) about Fog of War coming out this week (Tuesday I think?). I'm also planning on writing shorter pieces about other anti-cheat topics but I haven't started them yet.

Anticheat starts upon computer boot

Comment

Originally posted by KindOldRaven

Hey there Arkem! I read your clarification. First of all: thanks for that, that was an immensely quick yet pretty detailed response to this topic! Secondly: I'm a bit of a control-freak when it comes to my PC. I'll monitor anything that activates on startup and usually turn most of it off, including non-essential Windows apps and files. I'll monitor Riot's Vanguard as I will any other 'new' component, but I will admit that if your take on anti-cheat proves effective and indeed causes no further issues (or proves to be a vulnerability of some sort)... well... I'll take anything over script kiddies who ruin (competitive) games for others.

tl;dr: thanks for explaining, that eased my mind quite a bit :)

You're welcome! We're trying to be as open as we can because we want people to feel confident in what we're doing. If you ever have any questions I'm happy to answer them.

Anticheat starts upon computer boot

Comment

Originally posted by InvalidZod

My opinion is still going to be a hard line in the sand of unacceptable. I closed LoL on the 7th and over the next 48 hours it dumped over 100GB of crash logs onto my C drive(where LoL was not installed). Thankfully I have the ability to pull my drive and delete the file from another device because my computer would not boot(Windows 10 needs more than 22MB to boot).

Sorry about that!

That was a pretty nasty bug, the patcher team rushed out a hotfix during the week. The log files would have been deleted in a few days (only the last few log files are kept around) but obviously it's unacceptable to pollute your hard drive like that!

Anticheat starts upon computer boot

Comment

Originally posted by xTuna74x

Lol I figured someone had to make the joke. You guys made/are making a hell of a game!

Thanks <3

Anticheat starts upon computer boot

Comment

Originally posted by slammy02

Where would I submit vulnerabilities for compensation? I like money more than cheating

We run a bug bounty program on hackerone. I think it might be invite only but you can also email bug bounty reports to [email protected]

Anticheat starts upon computer boot

Comment

Originally posted by ReverseDead

If I could pick your brain for a moment. After I downloaded and played Valorant. Hence forth every time I boot up my computer for the first time that day. It will cause me to restart my pc as the anti-cheat system has not finished applying. When I go to restart my pc it takes about 7-10 min for it to actually boot up. But once I Shut my pc down it requires me to reinstall the anti cheat over and over again. I’ve tried deleting and reinstalling both Valorant and riot vanguard to no success. My pc on average took 10-15 sec to boot before I download Valorant this Tuesday.

I don't have any ideas off the top of my head sorry!

I recommend submitting a support ticket, they'll be able to run you through some troubleshooting steps and if they discover that it's a bug in Vanguard (or even just a previously unknown incompatibility) they'll make sure we get the diagnostic information we need from you.

Anticheat starts upon computer boot

Comment

Originally posted by xTuna74x

Just dont turn it into a bitcoin miner like another company with this kind of anticheat.

I will do everything in my power to prevent this from happening.

Valorant will temporarily ban cheaters computers from running the game

Comment

Originally posted by whitesundreams

As more and more videos will surface of cheats in Valorant https://www.youtube.com/watch?v=ATkpqYmWt8k please reconsider what I said about shadowbanning. Bans of accounts and hardware will never work. If you keep cheaters in a cheater pool and allow them to play against each other they will stay on those accounts as they can play instead of being forced to a new account.

Off topic but I've been sent this video so many times that I now recognize its URL without clicking!

I'm going to discuss shadow banning with the team again but I don't think it'll end up high on our list of things to build.

Anticheat starts upon computer boot

Comment

Originally posted by ImSkripted

id assume VGK loads at system start to prevent people using vulnerable drivers to either run their own code and or load unsigned drivers and will prevent the vulnerable driver from loading or prevent valorant from running after.

if this is the case i do see one hole in this form of security, you only know about publicly known vulnerable drivers. there are many other drivers that could be used other than what ill call "Driver C" because of, well the first letter. I know of one that is not only a very common driver but is also their latest version of that driver so I don't see how you could differentiate between someone using it to load cheats or is just wanting to use it for its intended purpose. not to mention the person who discovered it submitted a report in 2019 to the company and Microsoft, who both are still yet to acknowledge it, I've even gone as far as to contact my university to help him get the driver a CVE & fix but due to corna it seems that has been put on the...

Read more

You're not wrong, there are some difficulties with things like "Driver C"

When making calls like this one of the things we look at is the cost of cheat development. Even if a mitigation is imperfect we consider whether or not it increase the time/effort to develop cheats to be worth doing. There's also the cliche of "Defense in Depth" where several imperfect mitigations could work together to create a much stronger overall protection.

The theory goes that fewer people will make cheats if it's difficult and time consuming which will make it easier for us to detect them (or otherwise get them to desist).

So even when a mitigation is imperfect the additional burden on cheat developers can be worthwhile either to increase the cost of cheat development or just as one more part of an overall strategy.

First Cheater in Valorant

Comment

Originally posted by sky361

Wtf? People do laugh about your anti-cheat in certain forums. Ive met so many aimbotting and wallhacking cheater after my 4th day, its not funny.

I'm sorry that you've had a bad experience. If you report the people you're playing against and send in clips it'll help me get them out the game faster.

Our anti-cheat is only going to get better, we're banning cheaters right now but the more data we get the faster our systems can act.

Anticheat starts upon computer boot

Comment

Originally posted by Vinzala

God, that sounds really great. A group of great minds trying to find a solution to a problem that is as old as gaming :D What did you study/learn to come into such a team? I have always been interested in the topic hacking/protection, but wasnt able to find a job in this field because i didnt know what qualification i need.

In some ways I was lucky because I got into the industry before there were a lot of formal qualifications necessary. I studied computer science and took all the networking courses I could on top of the required compsci stuff. After graduating I got a government job where I learned a lot of the more specific security related stuff.

If you want to get into it I recommend looking into security Capture the Flag puzzles, they're a great gamified way of learning some of the tech behind security. Here's a blog post about them: https://dev.to/atan/what-is-ctf-and-how-to-get-started-3f04 (I personally like the jeopardy style CTFs)

Anticheat starts upon computer boot

Comment

Originally posted by airjairj

Oh and... sorry dumb question, can't you let me in?? All my friends are playing while i'm still watching streams on streams.

But, as i said, very dumb question

I understand that you want to shoot your shot :)

I can't give anyone beta access though!

Anticheat starts upon computer boot

Comment

Originally posted by Vinzala

This is amazing! Such a clever way of preventing a system corruption! Im just curious, how do you come up with your ideas?

I don't have any unique idea generating skills, if anything it comes down to trying a lot of different things and working with a lot of smart people.

There's a team of us working on anti-cheat and we have experience from a lot of fields including information security, operating systems internals, anti-cheat development, game programming, data analysis and game hacking. We draw on our experiences in these fields as well as keep abreast of the latest research from the security and anti-cheat communities to come up with potential security techniques.

One of the best ways of coming up with new ideas is to closely monitor what hacking communities are doing to try and bypass other anti-cheat systems (including League of Legend's anti-cheat). We also welcome ideas for new security measures and reports of security weaknesses in our systems (even paying rewards in some cases) to help us improve them.

Anticheat starts upon computer boot

Comment

Originally posted by Ketonax

So our PCs might be eventually exploited via your driver only when the game is running? Do we get that information upon installation or have I missed it?

I'm not sure what you mean by exploited here.

The driver runs at system startup but the rest of Vanguard (the more active components) only run while the game is running.

Anticheat starts upon computer boot

Comment

Originally posted by airjairj

So much transparency... love you Riot, you're the best

<3

Anticheat starts upon computer boot

Comment

Originally posted by wrapitupdomie

So why was this player able to see everyone through 20 walls?

The cheats so far have been drawing players at obsolete/incorrect positions because they haven't been able to tell whether or not the information on the client is up to date.

In some of the videos floating around you can see that the wallhack box takes a big jump just before the enemy comes around the corner, that's when the server sends a real update to the player and only then are their cheats showing the correct location.

I have an article that goes into more details on how Fog of War works, it should be coming out early next week. I even made a wallhack to demo things for everyone :)