search

CplNathan / Nathans-Tarkov-Radar-Public

A collection of applications that make up my tarkov radar.
110 stars 56 forks source link

Revival #13

Open The30Note opened 1 year ago

The30Note commented 1 year ago

Hey Nathan, this is quite a long shot in the dark, but I was wondering if you were still at all interested in kvm dma through memflow. I had been thinking about trying to take this project and adapt it to the new memflow library, but I am just unfamiliar with the world of cheating. If there is some other way I can contact you please let me know. My discord is The30Note#1353 Thanks!

CplNathan commented 1 year ago

Hey,

I don't actively engage in this kind of stuff anymore (mostly a time and experience constraint). This project was mostly something to keep me busy during studying/lockdown time and quite frankly I am not that experienced with reverse engineering and game hacking/anti-cheat circumvention and don't have much interest anymore.

There is so much that goes into this kind-of stuff, I would probably consider a different technology stack entirely if I were to re-do this and have a complete rewrite (using the same premise as I think its quite cool, just different tech).

This is definitely something I was interested in, while I grasp the how's and why's of external game hacking I never quite got into how to reverse-engineer and find the relevant offsets and stuff. Most of this can probably be found online but for me I just don't have the time or willpower to invest into this.

The way I ended up writing this was, trial and error, mostly error until things eventually worked. This was much easier back when I first released this as I had never seen a POC like this before, so I imagine now anti-cheats have methods in place to detect virtualized environments making revision on this a constant battle. Also the performance of this code is well... probably awful. There are so many memory reads and stuff which could probably be cached and optimized in various ways, this project is very much a 'hack' and was written when my actual engineering knowledge was much less than it is today. I never really got into investing and refining this project as it was 'good enough' for me.

I think the best way if you were to approach this today is to use kernel based cheats, either through vulnerable drivers or your own, or maybe even DMA PCI devices? I always liked the idea of DMA devices (although have no idea technically the complicated implementation, luckily all the actual complicated stuff is abstracted away, although this leaves you at the liberty of the people who manufacturer these devices, and being susceptible to detection through enumerating PCI devices, firmware, patterns and stuff idk) but you own the hardware anyway, so may as well chuck a little hat on your RAM and go straight to the source, go ham right? I guess it all about finding what's the best and most suitable way of accessing the data which is already there.