Add unique signatures to avoid EAC signature detection

[MatthewARoy]

Would it be possibly to add an uglifier/minifier that shuffles the code to avoid detection?

[grrminator]

This only looks at your screen, and does not interact with the game in any way other than looking at what's on your DISPLAY for specific colors, and then pressing buttons for you.

Therefore, EAC can't do anything other than see the game is running. Otherwise, programs that offer keyboard macros, AutoHotKey, etc, would all get us banned.

If that WAS in fact the case EAC could see the code and other things besides the bot running, we would all be banned already as EAC bans are ALL automatic, and bans are instant upon the infraction.

Source: Wrote numerous AHK scripts etc for other games that had EAC and BattlEye

[MatthewARoy]

EAC can still see the programs running on the machine. https://guidedhacking.com/threads/how-to-bypass-anticheat-start-here-beginners-guide.9882/

Anticheats have the capability to detect every single thing that occurs on your computer, they are extremely invasive, all kernel anticheats are essentially rootkits. Even VAC scans every single process that's running. The question is, do they have a signature or other detection vector for your specific cheat. Signatures are built for known cheat software, so if you write your own software, they can't detect it based on signature. They can still use heuristics, but they won't autoban for heuristics unless it's very obvious it's a cheat. If you're not distributing your hack to 15+ people they are not gonna waste their time analyzing your cheat in most cases. They have limited resources like every business

Since this is a publicly available cheat that's used by tens of thousands of people it's only a matter of time before it gets hit with a ban wave. It's possible to identify that this program is running on your system, so that's enough information to ban if you're running a known cheat.

It might be possible to get around it with some form of recompiling or https://github.com/obfuscator-llvm/obfuscator/tree/llvm-4.0

But just so you know it's not "safe"

[grrminator]

@MatthewARoy Ah.

Well, LLVM looks a bit complicated.

Would running the program in sandboxie or something similar achieve the same effect?

[MatthewARoy]

That's why I'm opening this up to discussion, I'm not sure of the best approach. My recommendation is a side program that creates a custom exe from this repo that changes up the signature, but I'd love to hear more thoughts.

[ITgamers]

That's why I'm opening this up to discussion, I'm not sure of the best approach. My recommendation is a side program that creates a custom exe from this repo that changes up the signature, but I'd love to hear more thoughts.

That's a great idea.

[futureproof123]

OK but what if you run the script via the python file and not the exe, wouldn't EAC only see python running then?

[Siterizer]

@futureproof123 @ITgamers @MatthewARoy @grrminator EAC is certainly able to scan your computer for bots / cheats etc. But it just so happens that Amazon can't do that.

Do you know why?

Because it is illegal in some countries and the NW game is an "international game" and Amazon cannot afford such a scandal.

Imagine the headlines "Amazon releases a game that searches your entire computer for specific files"

But this is only my point of view, and i think i am correct. It's about a moth after game/bot releases and 0 bans

[MatthewARoy]

You realize this isn't a question, it's how the anti cheat tools actually function. Pixel bots get banned all the time using signature detection: https://dotesports.com/valorant/news/riot-bans-over-200-valorant-cheaters-in-small-ban-wave

This WILL be an issue once they get around to tackling the bot problem.

[futureproof123]

@Siterizer ok so I have another idea, what if you run the bot on a virtual desktop / remote desktop, connect to ur 'gaming pc' via teamviewer or anydesk or whatever, and let the bot operate clicking thru the teamviewer / anydesk, that way it appears as if you are just playing the game from a remote location. It would also bypass the signature bs because the bot is running on a remote pc.

would this work? anyone have any insight into this