Riot Games‘ kernel-level anti-cheat, Vanguard, has received an update that is allegedly altering system firmware to remove the ability of the user to access certain hardware associated with cheating.
Riot Games quoted one post discussing the anti-cheat, replying “congrats to the owners of a brand new $6k paperweight.” But how exactly does Vanguard’s new system make “paperweights” out of hardware?
How Riot’s new Vanguard update works
The update targets DMA (Direct Memory Access) cheating hardware, which works by circumventing kernel-level anti-cheat by directly accessing the game’s memory from a device that is not a part of the user’s system.
For that to work, the system needs to disguise that it is talking to another piece of hardware by making the cheat run on the secondary hardware. Because the cheats are not running on the original system, the cheats cannot be detected by software on that system.
Therefore, instead of targeting an undetectable system, Riot’s new Vanguard update targets NVMe and SATA drive firmware, which enables the DMA cheating devices, modifying files upon cheating detection to break how the firmware works, and preventing the DMA from communicating with the original system.
The ability to detect the firmware necessary for the cheats comes after collaboration between Riot and various motherboard manufacturers such as MSI, ASRock, and ASUS.
Upon detection, users are shown a red warning screen, which has various messages poking fun at cheaters. Some messages shared on social media include:
“Expectations incorrectly configured. Cheat stated of [UNDETECTED] is incompatiable with current account state of [BANNED]. If the issues persists, consider contacting your local cheat developer for a refund.”
and
This is a manual ban receipt for the current account, which has been banned for cheating manually. While the outcome is identical to an automatic van, this was only a manual ban. Cop level has been logged for tourbleshooting.”
The user is then taken to an IOMMU (I/O Memory Management Unit) warning, at which point the DMA and the system will effectively be prevented from communicating with each other, killing the usability of the DMA for that system.
Do you think Anti-Cheat should have that level of access to your system? Let us know on Insider Gaming’s Discord
For other news, see the details of Insider Gaming’s Showcase
Darragh is an Esports Journalist for Insider Gaming specialising in Counter-Strike. He loves to explore how esports teams work, or why they very often do not.
More from Darragh Harbinson
Comments