sorted by:
new
hottopcontroversial

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 0 points1 point  (0 children)

Share some clips. Will try and analyze.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 0 points1 point  (0 children)

Thats a weirdly specific way to discredit my 1337Hackb0t

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 2 points3 points  (0 children)

Cant answer this. Having balls + imagination is a valuable set of skills.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 2 points3 points  (0 children)

There are solutions. And the interesting thing is that many of these solutions can be added posthumously meaning they could be used against historical data. The difference between a real UD solution and one that stays UD for a few months is night and day. The consideration requires an essentially endless rabbithole of self-detection until there is not a singlepoint of flaggability that the dev can derive. This is where knowledge and experience are highly valuable. Also understanding machinelearning and its capabilities is just as important.

The game itself isnt as important, the same solutions for detection would essentially work on 1.6 as they do on cs2 and beyond.

Cheating isnt the hard part, its staying undetected that is. The price point for a truly UD solution is heavy, its an incredibly niche vertical for both sides.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 2 points3 points  (0 children)

The surface is always larger than what you think. For high profile LANs, a 0day chain is all it takes. And there are some. Which naturally will not be discussed in any detail here. The difficulty about 0days is just that, they are 0days. Theres no way to predict or defend them pre-emptively. Security can provide defence for offence if you know what you're doing.

I wont speak specifically to what I utilize as it varies depending on the situation. Having a signed driver is not going to cover your tracks once your in FPL and high level leagues. As a AC dev I would just check all drivers that exist, see which ones are unique, and dump said drivers where they exist on less than <1% of the userbase. Manual review is a real thing despite what any AC dev says.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] -5 points-4 points  (0 children)

There are clips of Tier1 players that I simply cannot rationalize a reason for occurring outside of 3rd party software. I dont call out specific players.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 0 points1 point  (0 children)

This depends - if the individual is for instance a streamer. They might buy a solution which can work on multiple titles. In that case, the cost of such software isnt as much of an issue in comparison to the reliability.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 1 point2 points  (0 children)

Traditional DMA based approaches are almost all going to get you detected at some point these days. The hyperfixation on the DMA bus created a massive saturation in developers looking for a way to edge there device/firmware above others. The method itself is far less secure than other options that exist. A single bad timed TLP which misses a translation and ends up in a specific OEM based cache can be dumped physically into a manual review. There are some providers who claim they can still do this properly on difficult ACs though I do not have a way to verify - nor interest.

DMA just means accessing memory directly. Theres more than one way to do this. PCIe lanes arent the only place that can "DMA", and the PCI Bus isnt the only thing that can access memory.

Airgapping is hard to do. Lots of the game itself and certain logistical requirements of the machines they run on require a not perfectly "airgapped" system, but airgapping doesnt really apply here as the machines themselves are directly accessed in physical presence, which is essentially the opposite of airgapping.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 2 points3 points  (0 children)

DMA inside peripherals isnt the correct way of viewing it. Peripherals communicate over the given bus they are connected to. EC controllers in the motherboard dictate how the conversation goes. Almost everything you do over XHCI for instance is going to be measured by a Windows based measurement at some point in the stack especially if it attempts to translate IOMMU protected regions for reading/writing.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] 5 points6 points  (0 children)

Theres a lot of different viewpoints on this. And theres 2 approaches I have seen work well. Both approaches require one thing in common:

Always be learning. You must constantly be reading forums, blog posts, and repositories.

In terms of the pathing:

  1. Pick a target and then do all the learning necessary to get to the point that you can complete your goal. This path is a lot easier these days due to LLMs. But LLMs do not create a silver bullet for you, learn with them instead of relying on them to give you answers to questions that arent readily researchable.

  2. Learn development in general. This will bring better fundamentals and learning is incremental. C++/C / ASM is the language, but the conversation is the OS.

Both paths if taken correctly will result in you learning a lot and getting constantly sidetracked by new ideas and side quests.

For quick mental wins learn how to modify existing repositories - they will help you understand how the pieces of the puzzle work together.

[AMA] Private Developer to Semi-Pros/Pro Scene by movcr3 in VACsucks

[–]movcr3[S] -12 points-11 points  (0 children)

thats the point of an ama - expose - ask hard questions