Riot Games‘ kernel-level anti-cheat, Vanguard, has received an update that is allegedly altering system firmware to remove the ability of the user to access certain hardware associated with cheating.
Riot Games quoted one post discussing the anti-cheat, replying “congrats to the owners of a brand new $6k paperweight.” But how exactly does Vanguard’s new system make “paperweights” out of hardware?
How Riot’s new Vanguard update works
The update targets DMA (Direct Memory Access) cheating hardware, which works by circumventing kernel-level anti-cheat by directly accessing the game’s memory from a device that is not a part of the user’s system.
For that to work, the system needs to disguise that it is talking to another piece of hardware by making the cheat run on the secondary hardware. Because the cheats are not running on the original system, the cheats cannot be detected by software on that system.
Therefore, instead of targeting an undetectable system, Riot’s new Vanguard update targets NVMe and SATA drive firmware, which enables the DMA cheating devices, modifying files upon cheating detection to break how the firmware works, and preventing the DMA from communicating with the original system.
The ability to detect the firmware necessary for the cheats comes after collaboration between Riot and various motherboard manufacturers such as MSI, ASRock, and ASUS.
Upon detection, users are shown a red warning screen, which has various messages poking fun at cheaters. Some messages shared on social media include:
“Expectations incorrectly configured. Cheat stated of [UNDETECTED] is incompatiable with current account state of [BANNED]. If the issues persists, consider contacting your local cheat developer for a refund.”
and
This is a manual ban receipt for the current account, which has been banned for cheating manually. While the outcome is identical to an automatic van, this was only a manual ban. Cop level has been logged for tourbleshooting.”
The user is then taken to an IOMMU (I/O Memory Management Unit) warning, at which point the DMA and the system will effectively be prevented from communicating with each other, killing the usability of the DMA for that system.
Update: Riot responds to online discussion with FAQ regarding update
Riot has shared a FAQ on social media regarding the Vanguard update, clarifying the form and function of the anti-cheat. The FAQ shared follows as such:
Does Vanguard physically damage hardware?
No.Does this impact hardware or software in any ways unrelated to Riot’s games?
No. The IOMMU security protection does not impact hardware, and would only impact the ability of players using DMA cheat devices to play our games.Are normal players affected?
Players not using DMA cheat hardware are unaffected.Why target DMA cheats?
DMA-based cheats are among the most sophisticated forms of cheating because they attempt to bypass traditional software detection by accessing memory directly through external hardware.I’m affected by this. How do I fix it?
To continue cheating in other titles with this device, you may simply disable IOMMU in BIOS in the same place that you enabled it. Of course, you still won’t be able to play our games with these cheat devices enabled.Why did Riot joke about “bricking” PCs?
We didn’t. The “paperweight” comment was about VALORANT cheat devices that no longer work in VALORANT. No hardware is being damaged and no other functionalities are impacted.
Do you think Anti-Cheat should have that level of access to your system? Let us know on Insider Gaming’s Discord
For other news, see the details of Insider Gaming’s Showcase
Darragh is an Esports Journalist for Insider Gaming specialising in Counter-Strike. He loves to explore how esports teams work, or why they very often do not.
More from Darragh Harbinson
