FRESH

Hacker News

I reversed Tower of Fantasy's anti-cheat driver: a BYOVD toolkit never loaded

110 points by svespalec

by bri3d

1 subcomments

This is a great writeup.
It looks like this driver is being actively used in malware, too: https://www.fortinet.com/blog/threat-research/interlock-rans...

by galkk

0 subcomment

Some of games are releasing versions without copy protection and/or anti cheats when they are reaching end of their useful life for developers.
I don’t know about that particular game, but it could be the case that the devs intentionally ripped off the driver from it.

by not_a9

0 subcomment

Reminder the company had to spend time and money to get an EV cert and endured Microsoft’s nine circles of driver signing hell to ship this beauty.
Meanwhile they could have used EAC for free (with weaker protection than Rust/Apex/Fortnite, mind you, but still) which would both provide better game security and not be a vulnerable driver (until proven otherwise - and I’m not seeing a lot of proof despite any anticheat driver being reverse engineer targeted to hell and back)

by matheusmoreira

0 subcomment

I really don't like how the author minimizes the kernel anticheat situation. It's not "a lot of noise online".
It doesn't matter that user mode software is also vulnerable. We actually have mitigations against many of those user mode problems. Separate user accounts for example. Games can't exfiltrate your browser data if they can't read them.
Obviously kernel mode software can bypass all sorts of operating system controls. Bypassing those controls is the whole reason why they implement anticheat in kernel mode. If they can't bypass these controls, it means the operating system is more powerful than the anticheat, which means it can be defeated.
Yes, proprietary software is inherently untrustworthy and could be malware in disguise. Nobody disputes this, it's happened before and will happen again. It's a good idea to invest in a properly virtualized system where all those games are contained and kept completely separate from the real system. Yet another reason why we don't need idiotic anticheat software bitching about the fact it's been virtualized.

by flexagoon

0 subcomment

Not related to the main contents of the post, but
> For the life of me, I couldn’t find a way to do it without having the game installed. There was no web portal and no obvious support route.
They have am email in their privacy policy, which is generally where you should look if you want to delete your account

by asimovDev

0 subcomment

Love this type of post, thanks for the writeup.
So could you delete the account from inside the game at the end or it requires contacting the customer support?

by supersing

6 subcomments

Anti-cheat drivers have indeed turned out to be major security risks on Windows. But I think the blame should not be on game developers because kernel-mode anti-cheat is still one of the only methods that’s reasonably effective — and realistically, you can’t expect every game studio to have the expertise to write secure, reliable kernel drivers.
If Microsoft wants Windows to be more stable and secure, they should provide built-in anti-cheat support in the OS. That would reduce the need for third-party kernel drivers in the first place.