Question about BattleEye Anti-Cheat and Fortnite game.

[jonzinho]

Hi @zhaodice! Hope you are doing well. I have a question. With the update and fix you posted in this anti-detection for Proxmox VE 8.0, should BattleEye anti-cheat work? I did not see anything talking about BattleEye in the README section. Fortnite eventually switches besides anti-cheats, going through Easy Anti Cheat (EAC) and BattleEye. The problem is that eventually BattleEye detects the virtual machine and doesn't let me play the game while using a Proxmox virtual machine.

Also, do you have any other contact source, like Discord or something like this? If yes, please add me, my username is: soujon I'm from America, so I don't have WeChat and other social sources like this.

[zhaodice]

Honestly, I didn't test if it work on BE , according your issue, this patch maybe not resolve its detection. There are some clue:

1. QEMU doesn't realize the sensors, example: temp / fan / voltage sensors, you can see follows:

   use those commands could DETECT THIS VM (Shows "No instance available") , and NO SOLUTION CURRENTLY(I Don't know how to simulate those information ..).
   
   ---------------------------
   
   wmic path Win32_Fan get *
   
   wmic path Win32_CacheMemory get *
   
   wmic path Win32_VoltageProbe get *
   
   wmic path Win32_PerfFormattedData_Counters_ThermalZoneInformation get *
   
   wmic path CIM_Memory get *
   
   wmic path CIM_Sensor get *
   
   wmic path CIM_NumericSensor get *
   
   wmic path CIM_TemperatureSensor get *
   
   wmic path CIM_VoltageSensor get *

   Unfortunately, I have no ability to write the hardware simulation code within qemu sources..

   2. https://github.com/zhaodice/qemu-anti-detection/issues/29 this todo issue maybe a clue, but I have no time to do it (I am a postgraduate at first year)
   3. RDTSC detction also a problem, https://github.com/lexi-src/kernel-rdtsc-patch , but I am not recommend it , because it is simply downsize the RDTSC Speed, cause cpu frequency slow(only effect task manager show, it also can be detected.)
   4. I usually don't play the game you mentioned, lack the test environment ( and also more time required ) if you want to talk more , my discord: @zhaozhao5825

[jonzinho]

Oh, I understand. I'm still grateful for the nice workaround for bypassing the other anti-cheats, that helps a lot!

Take your time to do it, and also, if you want to sell a solution for me, I would be excited to pay for it, because I know it demands time, and it's also very hard to maintain a free solution like this, mainly bypassing big anti-cheat clients.

Added you in Discord, so we can discuss more if you want, and if you are interested, we can talk more about a paid solution for me. Thank you so much for the response, and have a nice day!

[jonzinho]

Hi! I figured out that Genshin Impact for some reason is also not working for me, it's opening the not allowed in virtual machine dialog in Windows. Although, Easy Anti Cheat games is still working fine.

Do you know why?

My VM config is:

args: -cpu host,rdtscp=off,hv_time,+kvm_pv_unhalt,+kvm_pv_eoi,hv_spinlocks=0x1fff,-hypervisor,hv_vapic,hv_time,hv_reset,hv_vpindex,hv_runtime,hv_stimer,hv-synic,hv_relaxed,+invtsc,kvm=off,hv_vendor_id=intel,vmware-cpuid-freq=false,enforce=false,host-phys-bits=true -smbios type=0,version=UX305UA.201 -smbios type=2,manufacturer=Intel,version=2021.5,product='MiHoYoSuperX' -smbios type=3,manufacturer=MiHoYo -smbios type=17,manufacturer=MiHoYo,loc_pfx=DDR5,speed=4800,serial=114514,part=1145 -smbios type=4,manufacturer=Intel,max-speed=4800,current-speed=4800
bios: ovmf
boot: order=sata0;net0
cores: 16
cpu: host,hidden=1,flags=+pcid
efidisk0: NAS:base-104-disk-2/vm-1011-disk-0,efitype=4m,pre-enrolled-keys=1,size=1M
hostpci0: 0000:03:00,pcie=1
machine: pc-q35-7.2
memory: 14336
meta: creation-qemu=7.2.0,ctime=1689462259
name: Copy-of-VM-BCG
net0: rtl8139=26:9D:0F:5C:D0:84,bridge=vmbr1,firewall=1
numa: 0
ostype: win10
sata0: NAS:base-104-disk-3/vm-1011-disk-1,backup=0,cache=unsafe,size=350G,ssd=1
smbios1: uuid=c71a4bdd-4fa1-4f35-9329-704842139ca2
sockets: 1
vga: none
vmgenid: eeeee7d5-ad53-4650-962c-837c5b7102bb

[zhaodice]

there is config for genshin impact:

args: -cpu 'host,-hypervisor,+kvm_pv_unhalt,+kvm_pv_eoi,hv_spinlocks=0x1fff,hv_vapic,hv_time,hv_reset,hv_vpindex,hv_runtime,hv_relaxed,kvm=off,hv_vendor_id=intel'

reference: https://zhuanlan.zhihu.com/p/571224296?utm_id=0 have a good day!

[jonzinho]

Oh, sadly my virtual machine gets me io-error when rdtscp is off in machine conf file, what can I do to solve it?

[jonzinho]

Do you know what can I do to fix this problem? :/

Thank you since now for your attention and patience :) Have a nice day!

[zhaodice]

Oh, sadly my virtual machine gets me io-error when rdtscp is off in machine conf file, what can I do to solve it?

any error log?

[jonzinho]

any error log?

yes!

these are the logs when I receive the error:

Nov 13 10:39:27 BCG6 QEMU[1205159]: KVM internal error. Suberror: 4
Nov 13 10:39:27 BCG6 QEMU[1205159]: extra data[0]: 0x0000000000000033
Nov 13 10:39:27 BCG6 QEMU[1205159]: extra data[1]: 0x0000000000000004
Nov 13 10:39:27 BCG6 QEMU[1205159]: RAX=fffff8006b762ef0 RBX=fffff7dc80001000 RCX=fffff7dc80001158 RDX=0000000001000007
Nov 13 10:39:27 BCG6 QEMU[1205159]: RSI=fffff8006b408250 RDI=0000000000000000 RBP=0000000000000003 RSP=fffff8006f890e28
Nov 13 10:39:27 BCG6 QEMU[1205159]: R8 =00000000ffffffff R9 =fffff8006f890e01 R10=fffff8006b762ef0 R11=0000000000000000
Nov 13 10:39:27 BCG6 QEMU[1205159]: R12=fffff8006b408130 R13=0000000000000001 R14=fffff800677baff0 R15=0000000000000000
Nov 13 10:39:27 BCG6 QEMU[1205159]: RIP=fffff8006b762ef0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
Nov 13 10:39:27 BCG6 QEMU[1205159]: ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
Nov 13 10:39:27 BCG6 QEMU[1205159]: CS =0010 0000000000000000 00000000 00209b00 DPL=0 CS64 [-RA]
Nov 13 10:39:27 BCG6 QEMU[1205159]: SS =0000 0000000000000000 ffffffff 00c00000
Nov 13 10:39:27 BCG6 QEMU[1205159]: DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
Nov 13 10:39:27 BCG6 QEMU[1205159]: FS =0053 0000000000000000 00003c00 0040f300 DPL=3 DS   [-WA]
Nov 13 10:39:27 BCG6 QEMU[1205159]: GS =002b fffff80067b6e000 ffffffff 00c0f300 DPL=3 DS   [-WA]
Nov 13 10:39:27 BCG6 QEMU[1205159]: LDT=0000 0000000000000000 ffffffff 00c00000
Nov 13 10:39:27 BCG6 QEMU[1205159]: TR =0040 fffff8006f885000 00000067 00008b00 DPL=0 TSS64-busy
Nov 13 10:39:27 BCG6 QEMU[1205159]: GDT=     fffff8006f886fb0 00000057
Nov 13 10:39:27 BCG6 QEMU[1205159]: IDT=     fffff8006f884000 00000fff
Nov 13 10:39:27 BCG6 QEMU[1205159]: CR0=80050033 CR2=0000000000000000 CR3=00000000001ad000 CR4=000006e8
Nov 13 10:39:27 BCG6 QEMU[1205159]: DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
Nov 13 10:39:27 BCG6 QEMU[1205159]: DR6=00000000ffff0ff0 DR7=0000000000000400
Nov 13 10:39:27 BCG6 QEMU[1205159]: EFER=0000000000000d01
Nov 13 10:39:27 BCG6 QEMU[1205159]: Code=cc cc cc cc 88 11 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc <0f> 01 f9 48 c1 e2 20 48 0b c2 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
Nov 13 10:39:27 BCG6 kernel: kvm [1205159]: vcpu0, guest rIP: 0xfffff8006b762ef0 vmx: unexpected exit reason 0x33
Nov 13 10:39:27 BCG6 kernel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.

[zhaodice]

could you please let me know how you set rdtscp=off? because unexpected exit reason 0x33

This is my internet search result

 [ 95.418192] kvm [1867]: vcpu0, guest rIP: 0xfffff80522760f20 vmx: unexpected exit reason 0x33

[ 95.418193] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 

Managed to boot by disabling rdtscp on xml. However, al khaser tests are even worse than before, with avg diff between 2 rdtsc = 6500, whereas it was 3000 before kernel patch 

[zhaodice]

did you see the log "handling fake rdtsc" in your dmesg ? did you patched rdtsc within your kernel ?

[zhaodice]

https://www.reddit.com/r/VFIO/comments/i071qx/spoof_and_make_your_vm_undetectable_no_more/

[jonzinho]

could you please let me know how you set rdtscp=off? because unexpected exit reason 0x33

everytime i remove rdtscp parameter from the conf file the vm doesn't start anymore, i think it's solved when i reinstall proxmox to it's default kernel

my vm args are:

args: -cpu host,rdtscp=off,hv_time,+kvm_pv_unhalt,+kvm_pv_eoi,hv_spinlocks=0x1fff,-hypervisor,hv_vapic,hv_time,hv_reset,hv_vpindex,hv_runtime,hv_stimer,hv-synic,hv_relaxed,+invtsc,kvm=off,hv_vendor_id=intel,vmware-cpuid-freq=false,enforce=false,host-phys-bits=true -smbios type=0,version=UX305UA.201 -smbios type=2,manufacturer=Intel,version=2021.5,product='MiHoYoSuperX' -smbios type=3,manufacturer=MiHoYo -smbios type=17,manufacturer=MiHoYo,loc_pfx=DDR5,speed=4800,serial=114514,part=1145 -smbios type=4,manufacturer=Intel,max-speed=4800,current-speed=4800

[jonzinho]

did you see the log "handling fake rdtsc" in your dmesg ? did you patched rdtsc within your kernel ?

if you are referring to https://github.com/WCharacter/RDTSC-KVM-Handler repo, sorry, i didn't, do i need to?

[zhaodice]

did you see the log "handling fake rdtsc" in your dmesg ? did you patched rdtsc within your kernel ?

if you are referring to https://github.com/WCharacter/RDTSC-KVM-Handler repo, sorry, i didn't, do i need to?

you must patch rdtsc from your host linux kernel , so that you can use rdtscp=off

[zhaodice]

there is no way to patch qemu only

[jonzinho]

you must patch rdtsc from your host linux kernel , so that you can use rdtscp=off

understood, is there any chance of battleeye working after I patch rdtscp from my host linux kernel? also do you have any tutorial on how can I achieve this? I have no idea how i'll make that, sorry.

[zhaodice]

sorry , I don't play battleeye game so I cannot give any suggestion, you can do a experiment to verify.

[jonzinho]

hi! found out that reverting to proxmox's official kernel and updating our pve, the performance is better and now with only the args you shared in the repo, we are able to run EAC games and Genshin Impact together! ty!

[zhaodice]

did you patch your qemu program?

[jonzinho]

i only added the args you posted in this repo and we were ready to go with EAC games and such other games

[Jangiang]

why am i using promox 8.0.3 when i haven't used the new patch just edited the conf file it worked antidetec?