Ricardo Carvalho

If you're interested about anti-cheat reverse engineering then please checkout my very detailed and rich article about EMACLAB Anti-cheat. This anti-cheat software is used in Counter-Strike 2 league called GamersClub, pretty popular in South America. github.com/crvvdev/emacla…

@coffnix Não é tão grave assim se você tiver SecureBoot, HVCI, kCFG, etc. todas opções listadas ja vem habilitadas por padrão no Win11.

bizarro o quanto o kernel do windows é permissivo, nesse nível de acesso, de um software que rode na userland

CSGO players begged for Source 2 since 2015 and when they finally got it they started flaming the game devs saying Source was better lmao

@ghastyyxd @20kgcarbon @Absurdsling @BodySwap @arendmencoach @Vandiril @MrZodra I never heard about the debug symbols, even I got interested now lmao. Yea, very plausible since there has been private servers before and they most likely used those files in favor

@crvvdev @20kgcarbon @Absurdsling @BodySwap @arendmencoach @Vandiril @MrZodra there are debug symbols and client files for 2 season 1 builds and a closed beta floating around on the internet and the clients likely have the champion scripts bundled with them, so ig not that unlikely? though i wouldn't know as i don't code

Question⁉️ I found my old laptop with LoL installed in 2012. I think there are 3 versions on the laptop 1) backup from 26/05/2012 2) backup from 26/08/2012 3) last played version which will be somewhere end 2013 / start 2014 Are these files useful to anyone? @Vandiril @MrZodra

@20kgcarbon @Absurdsling @BodySwap @arendmencoach @Vandiril @MrZodra Not impossible but very unlikely, usually people benefit from debug symbols or straight (leaked) source code somehow, I am talking from my own personal experience with private servers tru all these years

@Absurdsling @BodySwap @arendmencoach @Vandiril @MrZodra fwiw you'd reverse engineer packets sent by the client to create a private server, you don't need server source code to create a server. but it might be insanely hard to do

@weezerOSINT This very same driver somehow was already blocked by Vanguard anticheat, even tho it wasn't public disclosed about its vulnerabilities. Interesting.

github.com/magicsword-io/… found a 21KB kernel driver from 2004 built for windows xp that still loads on windows 11 ASTRA64.sys by EnTech Taiwan. signed in 2006, cert expired in 2007, but its timestamped so windows still says "signature verified" 19 years later. the company doesnt exist anymore. 31 IOCTLs with zero validation on anything. arbitrary physmem R/W, port I/O, PCI config R/W, MSR read, interrupt hooking, keyboard injection. no auth gate, no hardware gate, loads on any system with sc.exe not on loldrivers. not on hvci blocklist. no CVE. vendor is dead so you cant even do responsible disclosure. theres nobody to email filed an issue @M_haggis

@lemire True, but there are many subtle bugs, for example the application might start breaking if you change from MSVC to clang and when that happens you wish the compiler stops you before it turns into a bug. This is one of the reasons some people chooses Rust now

@crvvdev But it is not the compiler, right? If you violate the rule in your code, there are all sorts of nice ways to find out. The problem happens later, after the code has been compiled.

Yesterday, I helped someone with mysterious crashes. Their software worked fine under some conditions, but simply changing the compiler caused critical crashes. The code looked fine: decent C++, no memory leaks, no unsafe behavior. It passed sanitizers flawlessly. In the debugger, everything traced correctly until it suddenly crashed for no apparent reason. What could it be if the code itself was not at fault? When your code crashes without reason after exhausting obvious causes, you may have two conflicting instances of the same software built in. For example, part of the code compiled in debug mode and another in release mode, or two different versions of the same library linked together. We call this an ODR violation (One Definition Rule violation). Different compiler settings or library versions create multiple definitions of the same entity (class, inline function, template, etc.), leading to undefined behavior and mysterious crashes. It is possible to cause this within your own small project, but it is uncommon. In my experience, it most often occurs when bundling many parts together in a larger and more complex projet. People chasing such issues often become irritable. You can usually spot an One Definition Rule violation because nothing makes sense when they describe it. A good way to diagnose these problems is to reproduce the issue with a fresh, simplified build system, though it can be time-consuming. If you can only reproduce it when building the code in a specific manner, then it is likely an One Definition Rule violation. People’s instinct is to blame the code, which is understandable—we fix code bugs daily. Build or linker issues are rare. So the One Definition Rule violation issue does not come naturally to our mind. I maintain popular software libraries and often ask reporters to reproduce issues with our build system or a minimal one. They rarely like this suggestion. Even after we identify an One Definition Rule violation, some get angry. It is understandable: they may have spent days on it in vain, only to learn a one-line build change could have fixed it. There is also the misplaced assumption that the code should prevent this. People struggle to believe the code is not at fault. It is a great feature of C and C++ that you can compile units separately and link them—but only if the One Definition Rule is respected: part A cannot see a type one way while part B sees it differently. Sometimes you do not even notice: you add a dependency, compile another part differently, link them, and it seems to work most of the time—until it crashes on some systems. If you take one thing from this post: next time you have mysterious crashes, investigate the One Definition Rule.

@mindofjota Já eu tenho a teoria de que essa linguagem já existe e se chama Rust. Acredito que as LLMs sejam muito mais capazes de escrever codigo em Rust do que um programador com certa experiência, alem do fato da linguagem ser "segura" por design acaba facilitando ainda mais vibe coding.

A minha visão é: Se tivéssemos LLMs nos anos 2000, não teríamos mais linguagens de programação “human readable”. Já teríamos evoluído para abstrações mais eficientes, muito além do que conseguiríamos entender ou acompanhar.

@arleymenezes Isso é verdade, mas não existe motivo algum pra colocarem malware no hypervisor, é totalmente inviável. Isso é tão baixo nivel que só faria sentido em um contexto de hack governamental ou algo parecido, não pra quem quer jogar jogo crackeado cara..

O perigo de usar Hypervisor customizado pra jogo pirata é que ele roda em Ring -1 (abaixo do Kernel). Ele age como um Rootkit: desativa Secure Boot e VBS pra injetar o crack. Se vier com malware, nem formatar o Windows resolve, porque ele sobe antes do SO. O PC não é mais seu.

@_trish_xD I think a worst example is ExAllocatePool from Windows kernel API because the documentation tells nothing about passing 0 as size but you still get a pointer

malloc(0) is legal C. let that sink in for a second. some compilers return NULL. some return a valid pointer you can't dereference but CAN free(). both behaviors are correct according to the C standard. you can allocate zero bytes of memory, get a pointer to nothing, and then dutifully free that nothing. and the language just shrugs and says "yeah that's fine." this is why C developers have trust issues.

@_trish_xD I think this is the intended behavior since malloc has to write down the header information, so in theory the user has to call free so it doesn't leak that memory...

@possiblyazure Anticheats are like the doors of your house, for your safety. You lock the front door and all the other ones but in the end of the day someone will break into your house, if he's dedicated enough. That's why they need you to enable the security features, its like the front lock

if an anticheat ever asks me to reboot and change settings in my BIOS i am uninstalling it on the spot. who the fuck do you think you are

@Sosowski Would never be approved on most tech companies reviews but it works

On a scale of 1 to 0x10 how cursed is this?

@Dreamboum This game is truly a hidden gem, it deserved more recognition at the time

I played Marc Ecko's Getting Up on PS2 a few years ago and it was a really cool game centered around graffiti culture. You rise to the fame against an authoritarian city and rival gangs by painting graffiti across the most dangerous locations. It also has sick licensed tunes!

@barraes Estava na cara isso, o modus operandi das IAs é obter o máximo de dados possíveis alimentados pelos usuários e depois obrigar os próprios usuarios a pagarem por algo "premium"

Nooooossaaaaaaaaaaaaaaaaaa! Falei que a época "di gratis" pra tudo que vem de AI iria acabar. Veja que TODOS irão se mover mais ou menos ao mesmo tempo, que nem hoje o Elon: fechou o ask Grok para usuário free do X. Agora o zuckerberg. Acabou a moleza...

@3131hue Ser brasileiro é saber que seus dados ja foram vazados e estão circulando livremente na internet a muitos anos, triste realidade

Any mastermind can explain to me why KTHREAD->PreviousMode doesn't reset to UserMode on user syscall invoke?

@tulachsam First they let everyone use it without any limits at all and once they gather and feed the models all the juice users data it is time to add those sketchy filters...

@crvvdev You don’t have to even directly ask about something. OpenAI models have so aggressive filtering you can have IDA MCP running, it will find cheat related strings and it will refuse to continue because “reversing a cheat might help you recreate it” 🤦‍♂️

I find it very annoying that LLMs other than Claude simply refuse to help when you ask about malware/anti-cheat related stuff because it is "unethical"!? Very sensitive topic I know, but that is my full time job brother...