RivalsInfo

Definitely, but I don’t think a university would even really touch on some of the basics, a lot of what I know is completely self taught. TBH the internet is a lot different now and the way that I learned was being on the other side of the fence as a former cheat developer, many years ago. Years later I started using my skills for good and started doing defensive research professionally

@RivalsInfo Is there a way to get into the anti cheat research? I have a tech degree and lowkey this sounds like something I’d put effort into

Hello Everyone, In a previous life, I used to do offensive and defensive anti-cheat research professionally, and one thing I’d like to say is that this game is doing the absolute bare minimum to secure and protect itself against cheaters. To give the team some credit, combating cheating is extremely difficult because cheat developers are constantly adapting (especially with AI) and testing new methods faster than most of these developers can realistically respond to. I’m going to outline what the anti-cheat team does right and what they do wrong, and then let you come to your own conclusions about the overall state of the game’s anti-cheat efforts. Vocabulary: - DLL: This term will be used heavily, and it refers to a piece of software that is injected into a process (for ex. Marvel Rivals) and is capable of executing arbitrary code within the game process. This allows cheaters to modify or manipulate different parts of the game in order to gain an unfair advantage (f.ex reading from or writing to the game state). - DLL Sideloading // hijacking: Replacing a legitimate DLL that the game uses with a malicious DLL that allows an actor to execute arbitrary code within the game process while masquerading as the legitimate DLL. - XIM: A cheating device primarily used on consoles to for example mask a keyboard and mouse as a controller allowing malicious actors to essentially have aim-assist, and run a ton of other scripts that give malicious actors to gain a competitive edge over players - Function Hooking: This allows a malicious user to redirect how the code normally works, giving them control over how the program behaves and letting them change the result of certain functions. What they do right: - Sending telemetry from the game process to the anti-cheat backend server, even without the kernel anti-cheat running, to determine whether a game session appears legitimate or illegitimate (cheating). What they do wrong: - The Kernel Anti-Cheat component is pretty useless. It’s really only meant to serve a few purposes (it does a bit more, but these are the main components you should actually care about), and the entire system becomes redundant when you can simply disable the kernel component. The first purpose is acting as a preventative measure against DLL injection, which it does a poor job at because you can use DLL Sideloading and the game will blindly accept illegitimate DLLs and inject them into the game process. Another purpose is sending telemetry to the anti-cheat backend, which collects data about the process and scans for cheat signatures, abnormal process conditions, and unauthorized modifications. The Kernel Anti-Cheat probably does more than that, but it becomes pretty useless when you can just disable the kernel anti-cheat component entirely. - There have been claims that if you run a certain command line argument it completely disables the anti-cheat, but this is only partially false. It disables the kernel anti-cheat component, but it does not disable the anti-cheat that lives inside the game process, “QSec.” QSec is another anti-cheat component inside the game process, and it does a bit of the heavy lifting by sending increased telemetry about your aim score, XIM score, and other unusual process events. This can also be disabled by patching the game executable on disk, preventing the system from even being initialized. (I’ve sent this directly to the developers a while ago, and they’ve done nothing with it.) One thing I will give them credit for is that they’ve at least attempted to protect this code, but they’ve done a terrible job executing it. There’s also another component they use called “AC (Anti-Cheat) SDK.” This component exists in an extremely niche location within the game process, but I won’t explain it further because it could lead to additional attack vectors, although the team already knows where it lives. From what I understand, this component also sends additional telemetry and periodically sends screenshots of your game to the anti-cheat backend (at least for high-risk players) in an attempt to detect cheats like ESP, which gives exact player locations through walls. This component can also be disabled. - The anti-cheat team also has an additional QSEC (anti-cheat) component that is completely server-side. This anti-cheat automatically scans replay files and match data to determine whether a player is cheating based on heuristics. This approach is extremely flawed because a cheater can disable the components I explained above and “humanize” their cheats to avoid detection. It can also lead to false bans if the system’s assumptions are incorrect, which appears to happen periodically. - The Anti-Cheat team actually does nothing to validate whether the kernel component is running or not, this is one thing some anti-cheats like "Easy Anti Cheat" does right, the game server will kick you out if it doesn't receive a valid token from the client generated by the anti-cheat. Sure some telemetry may give the team some insight saying "Hey so this user isn't running our anti-cheat, they're probs sus asf", but when those telemetry components are disabled and your only component is the server sided anti-cheat it makes the entire system super redundant. - The Marvel Rivals team claims that a user who gets banned will get device bans, and IP bans. From my understanding they don't IP ban, but they do attempt to device ban (HWID Ban) and they do a terrible job at it, since you can disable the kernel component of the anti-cheat the game process is left with only one way.. do call windows functionality to generate a Hardware Identifier based on the limited functionality that Microsoft gives them. This is completely redundant when you can disable all of the components I've mentioned earlier and the use Function Hooking to essentially "spoof" your hardware identifier, and once you get banned, you can clean all of the traces the game process leaves and create a brand new account as if nothing happened. There's a few more components that I haven't talked about or may not completely know about, but I hope this gives you a slight idea on how the team actually handles cheating. I've actually sent most of what is currently in this post directly to the team months ago, and they haven't done anything with it. You know where to contact me NetEase. Chào👋

‼️ FIRST LOOK: ALCHEMAX WOLVERINE GAMEPLAY TRAILER Here's your first look at the gameplay trailer for the upcoming Wolverine "X-2099" costume, arriving to the in-game store this Thursday. #MarvelRivals

@Kingsman265MR It seems the NetEase Game Security team doesn't care about game security, I've tried multiple times--sending them novel ways to patch out and bypass their anti-cheat protections (even directly to the proper people)--TLDR it's been months and they haven't even taken any steps.

How is this not instantly bannable? I’m running into/get sniped by cheaters every day and top 500 is flooded with them. Still no promised elo refund either. If people can rage hack this blatantly without getting banned, how many top 500 players are actually cheating more subtly?

STARLIT MADONNA MANTIS #MarvelRivals #MarvelRivalsfanart #Mantis

Get hyped, lock in, and watch the flames of competition ignite the stage live on Twitch! 🔥 Brand-new Ignite Twitch Drops are heading your way, featuring Chrono-Tokens, moods, nameplates, and an exclusive spray. Tune in between May 22nd at 4 PM UTC and June 19th at 4 PM UTC! With teams this stacked, the battlefield is ready for nothing short of glory.

@v_veeze Yeah I don’t 😆

Here's an early look at tonight's item-shop (5/21) that will now include: 🆕Peni Parker: The Freshman & Emoji Combo Bundle (2500 units // 2200 units w/o emojis) 🆕Peni Parker: The Freshman - Emoji Bundle (600 units) #MarvelRivals

Here's a better in-game look at both of the Chroma Variants for the Peni Parker "The Freshman" skin. #MarvelRivals

Here's a better in-game look at the Peni Parker "The Freshman" skin, emote, and ability sfx. #MarvelRivals

Here's a better in-game look at both of the Chroma Variants for the Luna Snow "Sonic Trailblazer" skin. Obtainable in the Savage Adventure Event Pass. #MarvelRivals

Here's a better in-game look at the Luna Snow "Sonic Trailblazer" skin,emote, ability sfx, and ultimate ability vfx. Obtainable in the Savage Adventure Event Pass. #MarvelRivals

Here's a better in-game look at the Hela "Savage Monarch" skin & emote. Obtainable in the Savage Adventure event pass. #MarvelRivals

Here's a better in-game look at the Ultron "Cybernetic Drip" skin. Obtainable in the Savage Adventure Event Pass for FREE. #MarvelRivals

Here's a better in-game look at the DareDevil "Shadowed Start" skin & emote. Obtainable in the Devil’s Debut event. #MarvelRivals

‼️ FIRST LOOK: SAVAGELAND EVENT PASS Here’s your first look at the new “Savage Adventure” event pass arriving this Thursday, featuring skins for Hela, Ultron, and Luna Snow. #MarvelRivals

Here’s a better look at the Peni Parker "The Freshman" skin, Arriving to the in-game store this Thursday at 10:00 PM EDT. #MarvelRivals Image via: @mmmmmmmmiller

‼️FIRST LOOK: PENI PARKER "THE FRESHMAN" GAMEPLAY TRAILER Here's your first look at the gameplay trailer for the Peni Parker "The Freshman" skin. Arriving to the in-game store this Thursday at 10:00 PM EDT. #MarvelRivals

‼️FIRST LOOK: PENI PARKER "THE FRESHMAN" CHROMAS Here's your first look at the editable chroma variants for the Peni Parker "The Freshman" skin. #MarvelRivals