With the increasing popularity of games having a competitive element, cheats have become a common method for hackers to gain an advantage. These cheats could range from a sniper bullet that felt just a little too accurate to a player teleporting across the map, and chances are that you must have been outsmarted by some sort of cheat code. Some of the most common methods include Aimbot, Wallhack, SpeedHack, DropHack, etc. Game developers like Fortnite, Valorant, and Apex Legends constantly face the pressure to prevent hackers from cheating. The result? Probably spending millions of dollars on Security and Anti-cheats, but still outsmarted by hackers. Due to the limited supply of skilled hackers and a huge demand, Game Cheat development has grown to be now a multi-million-dollar industry. It's very challenging for hackers to keep coming up with new bypasses as Anti-Cheats are improving daily and are extremely invasive, making it harder for cheats to stay undetected. In this talk, we will share the current state of Cheats and Anti Cheat mechanisms. This talk is an outcome of our research that lasted several months, analyzing various anti-cheat leaders in the markets and us discovering multiple bypassing techniques. The talk will also dive deep into the history of anti-cheats, how they actually work, and several techniques hackers are using to bypass them. During our research, we also developed a kernel-mode and External Hardware cheat for some top twitch streaming games and will be showcasing it. The session will end with the release of a basic kernel-mode driver and an External Hardware cheat that can be used as a learning resource for bypassing different anti-cheats in the market. The adage, 'cheaters never win' may be moralistic but cheaters very often win in the competitive games, join us to see how hackers have been hacking against anti-cheat mechanisms.
Presented at Security Fest 2023.Speaker: Rohan Aggarwal
Rohan Aggarwal is a Founder at DefCore Security. He is also a part-time Bug Bounty hunter (Synack). He has found security vulnerabilities in big companies like Apple, Yahoo, Twitter, Goldman Sachs, Matomo, BrickFTP, and Pixiv. He has attended various live hacking events such as Intigriti 1337UP1121(2021), HackerOne h1-2004(2020) and BountyBash(2019). From past few years, he also has been reversing reputed Competetive Gaming AntiCheats like EasyAntiCheat, BattleEye & Vangaurd and was able to bypass them while staying undetected. Rohan previously worked as an Offensive Security Analyst at TCS where he did Web/Mobile Pentesting, IOT and Automotive Security. He presented at SecTor 2020 (Recon - The Road Less Traveled), SecTor 2019 (Car Hacking on Simulation) and at Microsoft's Azure Bootcamp and has delivered training on IOT, Web Application and Cloud Hacking.