What's new

Welcome to HvH Forum!

SignUp Now! Download Free HvH CS:GO Cheats, CFG, LUA/JS Scripts, And More!


SignUp Now!
Enginity.dev
h4xr0x
User ID
18290
Messages
33
Reactions
28
Level
25
How to dumb modules:

You can use a VM or hypervisor to dump the Battleye module and reverse engineer it. Just remeber that BE does have some emulation detection.

Battleye's Components:

BEService - Windows service that communicates with BEServer, which provides BEDaisy and BEClient communication capabilities
BEDaisy - The driver that battleye utilizes
BEClient - usermode DLL that is responsible for most of the detection vectors, it is mapped into the game process after initialization
BEServer - backend-server that is responsible for collecting information and taking concrete actions against cheaters

Features it has:

Debugger detection
Signature based detection of known cheats
Open game process handles
Detection of manually mapped modules, i.e. executable pages not backed by a image on disk
Process handle creation is blocked
Overlays detection
Steam Overlay hooks and hacks embedded in steam process's
lsass.exe modifications
Game files integrity checks
TCP connections to cheat sites
Module name and timestamp blacklist
Certificate blacklist
Driver blacklist
Sack walking
SIngle stepping to detect code outside of usermode memory range
Hypervisor detection

Things that it scans while operating:

All running processes
All device drivers
All window names

How to map drivers to battleye:

For this part you need an intel processor, as KDMapper as it's paste friendly.

To avoid your manually mapped driver getting detected you need to clear PiDDBCacheTable & MmUnloadedDrivers, and stop the enumeration of your own system pools & threads.
  • PiDDBCacheTable & MmUnloadedDrivers
  • system pool detection
  • system thread detection
This is not a full tutorial, and is less extensive than my EAC tutorial, I will never release a full tutorial remember that.
Here is a driver that used to be undetected along time ago, but is now surely detected. If you want to use it, you would need to rework the whole thing. You can use it as a learning source, and possibly try to make your own based rom it. If you do want to do that you need "Windowns Driver Kit" to be installed. You can get it from here:

These kernel anti-cheats are praised far too much, and I'm hoping that it's going to end. Kernel anti-cheats can easily be bypassed if you know what you're doing. This anti-cheat can be exploited so you would be able to bypass other kernel anti-cheats with it, for example EAC and vanguard. This proves my point on them being highly vunerable. If you enjoyed this tutorial, or found it helpful, pleaseconsider liking this post.
 

Attachments

  • cheat-driver-master.zip
    10.2 KB · Views: 77
I'm not Plisskien
Administrator
User ID
1
Messages
617
Reactions
3,334
Level
96
How to dumb modules:

You can use a VM or hypervisor to dump the Battleye module and reverse engineer it. Just remeber that BE does have some emulation detection.

Battleye's Components:

BEService - Windows service that communicates with BEServer, which provides BEDaisy and BEClient communication capabilities
BEDaisy - The driver that battleye utilizes
BEClient - usermode DLL that is responsible for most of the detection vectors, it is mapped into the game process after initialization
BEServer - backend-server that is responsible for collecting information and taking concrete actions against cheaters

Features it has:

Debugger detection
Signature based detection of known cheats
Open game process handles
Detection of manually mapped modules, i.e. executable pages not backed by a image on disk
Process handle creation is blocked
Overlays detection
Steam Overlay hooks and hacks embedded in steam process's
lsass.exe modifications
Game files integrity checks
TCP connections to cheat sites
Module name and timestamp blacklist
Certificate blacklist
Driver blacklist
Sack walking
SIngle stepping to detect code outside of usermode memory range
Hypervisor detection

Things that it scans while operating:

All running processes
All device drivers
All window names

How to map drivers to battleye:

For this part you need an intel processor, as KDMapper as it's paste friendly.

To avoid your manually mapped driver getting detected you need to clear PiDDBCacheTable & MmUnloadedDrivers, and stop the enumeration of your own system pools & threads.
  • PiDDBCacheTable & MmUnloadedDrivers
  • system pool detection
  • system thread detection
This is not a full tutorial, and is less extensive than my EAC tutorial, I will never release a full tutorial remember that.
Here is a driver that used to be undetected along time ago, but is now surely detected. If you want to use it, you would need to rework the whole thing. You can use it as a learning source, and possibly try to make your own based rom it. If you do want to do that you need "Windowns Driver Kit" to be installed. You can get it from here:

These kernel anti-cheats are praised far too much, and I'm hoping that it's going to end. Kernel anti-cheats can easily be bypassed if you know what you're doing. This anti-cheat can be exploited so you would be able to bypass other kernel anti-cheats with it, for example EAC and vanguard. This proves my point on them being highly vunerable. If you enjoyed this tutorial, or found it helpful, pleaseconsider liking this post.
Next great tutorial, ty <3
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

  • Tags
    anti-cheat battleye bypass eac
  • Top