Valorant

Valorant Dev Tracker




10 Apr

Comment

Originally posted by REDDITWASRIGHT

We reward bug bounties for information on weaknesses in our anti-cheat technology

Interesting, never heard of a bounty for bypassing anti-cheat before. How does that work? It's a cat and mouse game you can never win. So, uh, do I get infinite free money for bypassing your anti-cheat? If I tell you how to bypass every anti-cheat in a way that's not fixable because anti-cheat is just kinda broken by design (as I'm sure you know [but others here might not] it only stops people who can't make their own, and if your AC can't trust the HW it's running on anymore, it's game over), do I get paid?

It's similar to web security bounties, reports are eligible for a reward if they lead to a change in the software to address the reported flaw.

So for example if a researcher reports a way to defeat the mechanism that ensures that the game client executable hasn't been modified and in response we make a change to fix the attack (by improving the mechanism) they'd be eligible for a reward.

On the other hand if a researcher created a general purpose AI that could play the game impossibly well by using a keyboard and mouse that report is unlikely to be eligible for a reward since there's no improvements we can make.

Though this would be the least of their (and our) worries as the tac shooter robot uprising would soon begin likely destroying human civilization.

Comment

Originally posted by toocanzs

Not sure how sound works in your game, but is it possible that hackers could display the locations sound comes from for footsteps to circumvent FoW?

Yeah, the need to play sounds for enemies even if you can't see them does weaken the Fog of War system, especially if a sound visualizing hack is used.

Comment

Originally posted by MusicMedic88

Is there anyway you guys can make exceptions to people who are on Cloud based gaming VM's like shadow-pc? I am unable to play since Vangaurd wont install on VMs. I really really want to play but this restriction is alienating a bunch of gamers like myself!

Sorry for the inconvenience! If we find a way to support cloud gaming services without weakening our anti-cheat protections we're definitely open to supporting them. We don't have any plans for this right now though.

Comment

Originally posted by Settleforthep0p

If you want her abilities to be a threat rather than a kill, why are her grenades able to one shot people?

Because pushing you out of a safe position in to something like a Vandal trained on you is a deadly threat. It takes threat of death to force repositioning - you can soak a Diva arrow, but Raze is about small area, high threat position clearing

Comment

Originally posted by NewBelieve

I don't know if this is related to the anti-cheat or not, but is the amount of information the game uploads going to be lowered?
I have 1 megabit upload where I live, I know people in similar positions, and they are unable to play the game with high FPS because for some reason the data the game uploads correlates with FPS. I've been having to sit at 90 otherwise I'm stuck with 300 ping spikes every 20 seconds.

We're working on it! It's not anti-cheat related though, it's because of how our netcode works.

What's happening is that the game is sending a packet every frame (sometimes more) to try and maximize game responsiveness. However, if your frame rate gets high enough the amount of packets can overwhelm your router (or your upstream bandwidth).

The workaround for now is just what you suggest (turning the FPS limiter on) but in an upcoming patch we'll have a fix that reduces the number of packets sent so that we don't accidentally crush routers.

Comment

Originally posted by artifact_eddy

the cheater who get caught now are most likely coders of the cheat or people who try to mess with the code. its all fine as long as you cant buy them and casuals start cheating.

Well said!

I wouldn't say that it's fine exactly but I don't think the measure of success is whether or not there can be cheats, instead it's what impact cheats are having on the game as a whole.

Comment

Originally posted by AetherPrismriv

Quick question: Are these bans planned to be instant as soon as Vanguard detects something? Like as soon as the system detects, it stops the game immediately and it ends in a draw?

A big issue that most FPS have is that most bans are delayed. The system detects the cheat, but only bans in ban-waves in order to "grab" more cheaters. This "delayed ban" logic is flawed, because there are games that will be influenced by that cheater.

Just stop the game in its tracks and instantly ban the cheater, or else its the old story of "1 cheater every game, because the output of hacks is higher than the output of ban-waves"

I'm hoping to get the bans as close to the detection as possible, even terminating a match if a player in it is detected. Sometimes there will be a delay because the cheater will be detected by some offline processing but I believe that where possible cheaters should be removed quickly.

It's a balancing act though because each ban gives cheat developers more information about what is detected and what is not, that's one reason that banwaves are a thing. Sometimes a banwave makes sense to try for maximum disruption of a cheat developer's operation.

We'll probably use both strategies but I'm going to advocate for immediate bans as much as possible because I want to remove cheaters from the environment before they damage any more matches.

Comment

Originally posted by vvv561

Are you using heuristic-based anti-cheat instead of relying only on anti-RE/injection methods?

Yeah, having anti-tamper technology is important but it's definitely not all we're doing!

Comment

Originally posted by -Champloo-

While you're replying- where is the best place to report bugs?

Eg: I've had a few games on 1 map where there is no A or B indicator on the map. I know which sides are which from the games it worked, but still a bug lol

Support tickets are great for bugs because the support agents know how to route the reports to the right developers. Other than that I know that devs are reading the bug megathread so that's another decent spot!

Edit: I'm pretty sure we've received other reports of this map bug, I heard someone mention it today so if I'm not confused we're working on a fix at the moment.

Comment

Originally posted by Extra-Spicy-Ramen

It may not be huge but if you change the enemy outline to black instead of red, pixel based aim bots will be effectively impossible to make. As it is currently, the red outline can be easily detected by aim bots since it’s so different from all the surroundings.

This is a tough one because one of the functions of the enemy outlines is to make the enemies easier to distinguish against the environment.

I'm talking to game designers and our art team about possibilities here, maybe we can figure out something that's good for humans and bad for pixel bots.

Comment

Originally posted by vDUKEvv

Have you guys considered an extra program for AC that runs in the background like services like ESEA or FaceIt? I don’t believe I’ve ever run into a cheater in ESEA over thousands of hours with the service.

I understand this is not exactly an end all solution and I don’t develop anti-cheat, but from my own experience no other way have I seen an fps game be void of cheaters.

Yes, definitely! Riot Vanguard is very similar to ESEA's anti-cheat in some ways, one of the anti-cheat devs from ESEA works at Riot on Vanguard now.

Comment

Originally posted by NontranslationalGod

Have you guys considered doing a big bounty program? I think you could get some really great feedback from security professionals and hobbyists. Bounty program doesn’t even have to be monetary...maybe a credits wall in the training area with their game tag? Dunno, just a thought to help stay ahead of the people developing the hacks.

Yes! We've got a bug bounty program on hackerone, it's entering its 7th year I think, for a little while at the beginning I was one of its admins. We accept reports on anti-cheat topics as well as more traditional application security reports.

Comment

Originally posted by MicroeconomicBunsen

Is the anti-cheat within scope of Riot's bugbounty program?

Yes! We reward bug bounties for information on weaknesses in our anti-cheat technology as well as game bugs that can lead to exploits.

Comment

Originally posted by FinnishScrub

/u/RiotArkem, I understand it hurts to see something you have spent many years perfecting getting "blown to bits" in seconds, and I mean this with 0 malicious intent, but there will ALWAYS be smarter people, even smarter than the ones behind Vanguard.

You guys are doing very valuable work, but the harsh reality is that there will always be that one person who figures out how to fool the system.

Your Fog of War system is very interesting though, I really like the idea behind it.

No need to feel bad, just do your best, that's enough for us :) Definitely excited for the future of Valorant, it seems very promising so far!

Oh sure, while I'm a little disappointed, I've never really expected the security work to be foolproof. The work over the last few years has really just set the stage for all the hard work that's to come. I hope that all this preparation will situate us well to respond to cheats going forwards.

I'm not really the brains of the outfit, I'm just the member of the team that's happy to talk to everyone. While I built some cool things (it's why I keep going on about Fog of War) the rest of the team are the real brains trust.

There're plenty of people both inside Riot and in the hacker community that are smarter than me but that's ok, working with (and against) really smart people is how I push my limits, learn things and just generally grow :)

Thanks for the kind words, I'll keep at it!


09 Apr

Comment

Originally posted by muscletrain

https://www.youtube.com/watch?v=ATkpqYmWt8k

That ESP data looks pretty damn on point to me if you want to comment....Fog of war looks like it has not effect here.

It looks like in this video the cheat is drawing the last known player locations on the screen, but you can see that they're wrong/obsolete until just before they come around the corner.

One way to tell is in a lot of the clips the enemy wallhack symbols teleport just before the engagement. This is because that's when the server had decided that the player needs that location information.

The fog of war system is dramatically reducing the effectiveness of the ESP here but as you can see there are still possible improvements we could make.

I've got a big article about how this system is built that I hope to release next week that goes into some more details.

Comment

Originally posted by [deleted]

[deleted]

thanks for the report, we're investigating

Comment

Originally posted by Rakinare

How do we report cheaters? The ingame report is not working. It always gives an error.

This will be fixed later today I hope!

Comment

Originally posted by 1asers

Will it be easier to detected said cheat if you guys got your hands on them?

Will you be having people buying cheat so you guys can study how they work?

There is already some cheat providers selling working cheats, are you guys going to try to get your hands on them?

Edit: I can msg you the link to a cheat provider, so you guys can take it down.

It is easier to take down cheats that we're familiar with. I'm happy for you to DM me with any cheats you think I should see.

Comment

Originally posted by Nate4020

Will Valorant be added to the scope of the H1 program?

It's already in scope! I'm looking at some reports right now. If the documentation hasn't been updated we'll update it soon.

Comment

Originally posted by Cerus_Freedom

Did y'all consider ghost locations at all? As in, send the client false locations so that wall hacks would show players in random places around the map? At the very least, I like the idea of it being obnoxious to work around lol.

Definitely considered it and I bet it'll be annoying for cheaters (I love the invisible mining node story from WoW) but it's a lot of work so we haven't implemented anything like this yet.