VAC vs The People [How to avoid VAC]

[R0ger1]

Hell users, I would like to take a moment to share some widely available information, common knowledge and best practises and focus it into this single thread post in the hope that users will read it and continue to move forwards with the best practises in place. This post will start with the three basic questions regarding VAC, our current knowledge of VAC, then how to avoid/circument these features.

What is VAC?
An advanced system put into place, a "net" of sorts, to "catch" people cheating in VAC-Enabled games.

Why do systems use VAC?
Some game developers believe that any modification to a game which they have not sanctioned is detrimental to the reputation of their game.

Should we be worried about VAC?
Yes and no.

In 2014, Gabe Newell (founder of Valve)took to the internet and communicated directly with the gaming community. This communication came about after a rise in Anti-Cheat systems being implemented and some of their unethical practises. During this process, developers would often reverse-engineer and liase with one another in order to bring about a bigger, and better Anti-Cheat service and community. During this time, a rise was seen in Anti-Cheat systems "copying" one anothers features.

Amongst the battle of Anti-Cheat vs Cheat, some advanced weaponry was deployed. This included the implementation of pattern detections, signature scanning, machine learning and even going as far as remote file access. During the same year, the lead deverloper over at BattleEye was caught doing exactly the latter. They were actively uploading files from a users machine onto their cloud servers for permanent storage and analysis. A developer over at BattleEye was able to catch Valve doing the same thing, so in order to remain on par with their Anti-Cheat competition implemented the same features.

Following the 2014 VAC/Anti-Cheat saga, and through the years of gaming and communication with gamers and developers alike, I believe I can offer a comprehensive (not complete) way of implementing the best practises to avoid VAC detection.

ISSUES:

1. VAC logs everything
2. VAC scans all your logs
3. VAC remembers and learns
4. VAC is sneaky
5. VAC keeps an eye on which websites you visit/contact

SOLUTIONS:

Wipe your logs (save this into a text file with the extension .bat and run the file with Admin Rights)

 

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Event Logs have been cleared!
goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
echo You must run this script as an Administrator!
echo.
:theEnd

Stop or disable any kind of machine learning you already have on your system that remembers your behaviour over time.

 

net.exe stop Superfetch

Modify your hardware ID tag(s), change the MAC address of your graphics card or whatever devices you think are necessary (VAC will remember your hardware setup, it is a common method for vendors to recognize a user with multiple accounts)

Use a VPN, there a paid or free alternatives. Yes, there are unlimited data FREE VPN services that have no advertisements to cover their costs, however don't use these VPN services for anything asides gaming, and try to keep Authenticator active at all times. (VAC logs your IP Addresses)

Make sure you are using protected cheats VMProtect, Themida etc (These are tools that hide what code is running)
Use a reliable developer that updates their cheats every 48-72, even if there is no actual update and it's only to pad the file with junk code to change the signature. If all else fails, pad the exe file to change it's signature yourself (yes regardless of what people say there are ways of doing this, I have done it for years) also do the same with any dll's and even any text files. Change the filesizes and signatures of every single file included in the cheat.

Run your cheats from a removable storage drive (USB) as in the event of your system being scanned, this will be the last thing to get scanned after your primary hard drive. Better still, store it on a Floppy Drive, if you have one. As these drives make a lot of noise when being accessed, there is NO WAY to discreetly scan a file on a Floppy Drive. I feel old now.

Flush your DNS cache (VAC scans to see if your cheats require you to "login") run the following code in an elevated command prompt.

 

ipconfig /flushdns

If you're browsing cheat forums, make sure your browser is in private mode.



If a user would like to reformat this post or can somehow put the information I have into a better format, please message me.

Sources used:

Gabe Newell
Valve
BattleEye
Microsoft
Reddit
Google
Twitter
WinAero

[Not Officer]

Everything you mentioned is completely useless and wrong. The only thing that might help is junkcode.

[ItsBl4z3]

The only way to avoid VAC is to either use cheats at your own risk, or just, Don't fucking cheat.

OfficeX is right. This is useless.

[Trash]

Informative, But Sadly Old News. These Precautions Would Be Useful Where They Came From, In 2014.

[R0ger1]

Interesting replies, thanks for your input guys. I appreciate the perspective coming from you, however I think it's fair to say not everybody on this site is a coder, neither are they veteran users here.

There's new people signing up every day. A little back history regarding the VAC system, how and why things came about and ways to better reduce the amount of information that VAC has accesss to on your system is very relevant.

I've been game hacking for nearly 30 years (that's not my age, that's how long i've been game hacking). I think it would be fair to say, in those 3 decades anti cheat systems have all repeated one another in their behaviour.

A young person with some coding talents does not make them a reliable source for information or how to counter act an anti cheat system. Simply recommending "junk code" just isn't enough in the current climate of online gaming.

Let's say you keep adding and modifying the "junk code". How do you refute the fact that whenever csgo is loaded up, a dns entry is made with a login to mpgh.net? Do you honestly not clear your logs when cheating?

Perhaps we're from a different time, when covering your tracks used to be important. Now days people just think because they're not banned, that they haven't been caught. I guess Trust Factor isn't really a thing, nor are ban waves.

It's a shame people are so quick to jump at this with negativity. Okay, so it might not be relevant to "you" because you know everything and are untouchable, but some of us may find it relevant.

[Trash]

I Have Nothing Better To Do So I'll Retort On Every Bit To The Best Of My Knowledge AND Opinion.
TL;DR - VAC Is A Machine Learner, BUT Just Because You THINK You Know How VAC Works, Doesn't Mean
That Everything You Do Will Prevent You From Being Caught. Deleting A Cheat != Deleting The Data.
(Which Sounds Like I'm On Both Sides, I Know. Point Being, Unless You're An Anticheat Employee, You're In The Dark.)

Ways To Better Reduce The Amount Of Info That VAC Has Access To On Your System Is Very Relevant.

While This Is True, It Doesn't Prevent VAC From Live Scanning (Or Machine Learning) Which Is Why Extreme Injector Methods Are
Slowly Getting Detected When Injecting In ANY Drive Or Game State. For Example, Word.exe (AKA EzFrags) Which Is More Or Less An External Cheat.

Anti Cheat Systems Have All Repeated One Another In Their Behavior.

What Would This Matter When Other Anti-Cheats Are Clearly Better Than Others? I.E. BattleEye And Private CS:GO Matchmatching (ESEA, CEVO, Etc.)
Nothing Is Similar Except For The Fact That They Are Intrusive Anticheats, Some Less Aggressive Than Others.

Simply Recommending "Junk Code" Just Isn't Enough In The Current Climate Of Online Gaming.

Apparently It Is, Even When Using Your Own Injector Or An Deprecated Cheat (Looking At Indigo Pasters)
Moreover, (Lol Me Big Intellect Using Moreover) Junk Code Basically = A Time Frame For Detection In Theory.

Do You Honestly Not Clear Your Logs When Cheating?

Like You Said, Not All Of Us Are Coders Nor Veteran "Cheaters." The Last Thought That Comes To Mind Is The "Hidden" Files
Like In Event Viewer... Or Some Browser Cookie That -- For Some Reason -- You Say Steam Scans, I Can't Believe That.
Although I Agree The Information Could Be Linked, But Not Action To Take Upon When It's Nothing Steam Has Business With
Unless It's On Their Service... Which It Isn't.

Perhaps We're From A Different Time, When Covering Your Tracks Used To Be Important.

Okay Slow Down Mr. "Born In The Wrong Generation," Plenty Of Security Goes Into Each Cheat. It's A Matter Of What It Actually Is.
In Most Cases I've Seen Through My Years, It's The Users Fault For Using Detected Cheats/Method Or Playing Blatantly To Be Auto-VAC'd
(Which In CS:GO Is Called An Untrusted Ban)

It's a shame people are so quick to jump at this with negativity.

You Might Call It Ignorance, (Which I Know You Didn't) But Here At MPGH, Leechers Cry Because They Blame The Cheat When
Almost All Of The Time It's Their Fault For Trusting A Popular Public Cheat Without Precautions. By Precautions I Don't Mean Using
Shit Like CCleaner To Delete Every Bit Of Information To Save Your Ass. What I'm Getting At Is If You Don't Know What You're Doing,
Then You Have No Business Having/Using A Cheat For More Than 12 Hours. You Have To Defend Yourself, Not Believe Everything Is Set
Up For You Like It's A Private Cheat Updated Every 18 Hours Or Even Less With 100k Lines Of Crap Code.

[R0ger1]

I agree with what you've said. The point in this post isn't to claim to know all of valve's tricks, but like I mentioned in the initial post, it's just "best practises" in order to avoid detection. I thought one of the points specifically was important to highlight, as I was unsure whether cheat devs even considered vac checking dns. It was old information, and a lot of the cheat devs weren't around or keeping up with events during the time of these discussions happening. I can't say for certain, but I would wager that a lot of cheat devs are quite new to things within 4-5 years. Not all devs, but quite a lot of them.

Yeah, a lot comes down to file signatures, and obfuscation but generally, that is out of the end users hands. Whilst the developers handle that side of things, the end users can do a lot more then what they are currently doing to ensure they're not returning to the forums to moan at the developers about them being banned.

Every developer appreciates being thanked for their work, or getting donations. It's a great motivator to continue their contributions. I would of assumed that any developer would of been appreciative towards any best practises offered to end users that would reduce the amount of complaints being received about getting banned.

There's a lot of let's call it "Ancient" information that older gamers have from experiencing these Anti-Cheat systems, that younger gamers and developers just aren't interested in hearing. You mention something to somebody, and they respond with a funny meme and an insult, and 6 months later they unveil the exact same information that was provided to them earlier, however this time around they experienced it for themselves.

I remember when the original CS was rolling out, and it was at the time of another Raven Software title that was almost identical that a lot of the modding scene would share resources with both games. During that time, punkbuster AC really started to pick up, I remember when AC taking screenshots of users gameplay became normal practise. If you try to tell a user that now days, you'd be met with contempt and disbelief.

They'd probably say "yeah vac might take screenshots of my gameplay, but I doubt it".

Edit: We used to run an admin tool on punkbuster enabled servers, which would automatically scan all the screenshots (could be hundreds potentially) and try to find a cluster of pixels that were a specific color (getting the color from known hacks, eg: walls) and filtering the results down into a text file with the image name and the users player ID, IP address, and some other details. This tool ran surprisingly fast, it would scan around 100 screenshots in about 10-15 minutes (I said 5 minutes first, but to be honest it was a bit longer), which at the time was lightning fast. VAC is rumoured to have 1700+ CPU's at their disposal as well as who knows what other cloud resources. I doubt scanning 1 million screenshots would take more then a couple hours.

With regards to what you mentioned about some AC systems being better then others, I would agree and disagree. I think it depends how we measure their success. Some are more open and have a more full disclosure policy in how they police their games, whilst others are more discreet and prefer to operate with their users having minimum information on them.

[qwerty555111]

If you're browsing cheat forums, make sure your browser is in private mode.

Are you trolling or actually not using your brain?

[Not Officer]

So if vac is so sneaky and good, why am i not banned?
While playing matchmaking i have mpgh open (non private mode), my cheat running with the visual studio debugger attached (not on usb), no "logs" cleared, no ip change/vpn, same pc (no hardware changes), no dns flush.

Stop confusing other ppl with wrong arguments.

[Mafiascared]

So if vac is so sneaky and good, why am i not banned?
While playing matchmaking i have mpgh open (non private mode), my cheat running with the visual studio debugger attached (not on usb), no "logs" cleared, no ip change/vpn, same pc (no hardware changes), no dns flush.

Stop confusing other ppl with wrong arguments.

Same here. I play with MPGH open, and cheat things open also. More than 1 year, no ban.

[chrissyc]

Interesting replies, thanks for your input guys. I appreciate the perspective coming from you, however I think it's fair to say not everybody on this site is a coder, neither are they veteran users here.

There's new people signing up every day. A little back history regarding the VAC system, how and why things came about and ways to better reduce the amount of information that VAC has accesss to on your system is very relevant.

I've been game hacking for nearly 30 years (that's not my age, that's how long i've been game hacking). I think it would be fair to say, in those 3 decades anti cheat systems have all repeated one another in their behaviour.

A young person with some coding talents does not make them a reliable source for information or how to counter act an anti cheat system. Simply recommending "junk code" just isn't enough in the current climate of online gaming.

Let's say you keep adding and modifying the "junk code". How do you refute the fact that whenever csgo is loaded up, a dns entry is made with a login to mpgh.net? Do you honestly not clear your logs when cheating?

Perhaps we're from a different time, when covering your tracks used to be important. Now days people just think because they're not banned, that they haven't been caught. I guess Trust Factor isn't really a thing, nor are ban waves.

It's a shame people are so quick to jump at this with negativity. Okay, so it might not be relevant to "you" because you know everything and are untouchable, but some of us may find it relevant.

u are a...

nonce

[TCC123k]

They can do whatever you told. But I don't think it is enforced so much. Otherwise, we would see many cheat users here getting banned in spite of using newly released hacks (exclude overwatch also).

[itzzcarter]

ty for the guide

[louisgang]

none of this information is remotely correct. (except for the bit about vmprotect)

[Fregi]

Interesting replies, thanks for your input guys. I appreciate the perspective coming from you, however I think it's fair to say not everybody on this site is a coder, neither are they veteran users here.

There's new people signing up every day. A little back history regarding the VAC system, how and why things came about and ways to better reduce the amount of information that VAC has accesss to on your system is very relevant.

I've been game hacking for nearly 30 years (that's not my age, that's how long i've been game hacking). I think it would be fair to say, in those 3 decades anti cheat systems have all repeated one another in their behaviour.

A young person with some coding talents does not make them a reliable source for information or how to counter act an anti cheat system. Simply recommending "junk code" just isn't enough in the current climate of online gaming.

Let's say you keep adding and modifying the "junk code". How do you refute the fact that whenever csgo is loaded up, a dns entry is made with a login to mpgh.net? Do you honestly not clear your logs when cheating?

Perhaps we're from a different time, when covering your tracks used to be important. Now days people just think because they're not banned, that they haven't been caught. I guess Trust Factor isn't really a thing, nor are ban waves.

It's a shame people are so quick to jump at this with negativity. Okay, so it might not be relevant to "you" because you know everything and are untouchable, but some of us may find it relevant.

You seem like a cool dude, don't let the MPGH trolls get to you

- - - Updated - - -

Forgot to mention, half of these kids are clueless, P2C cheaters who associate themselves as hackers after learning how to inject a dll. It was confirmed years ago, that Valve tracks websites you use, hashes them, and sends back to their servers. However, there are software to dump vac modules, its just a regular bob can't do that most likely. If im not mistaken, VAC first detects the cheat, then hashes it, if it matches what's found in their logs, they trigger the ban after double checking that. Those are obviously not the only steps done, but one of the two.