Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
views
remy🐀 Profile picture
@_mattata
Mar 21 13 tweets 3 min read Read on X
RE: APEX / ALGS / EAC Remote Code Execution

👋 I wrote undectable cheats for online games for challenge and sport for many, many years. I know enough to know that no one has the answers, but I'd like to call out some things you may have glazed over, and put them in context. 🧵 Image
About a month ago, the suspected individual talked on stream about cheating and attempted to defer the accusation by saying "you can't cheat on console"

I am very familiar with this claim, and why it's important in context!
Online games that are cross-platform will often have heavy anti-cheat (in this case, EAC) on the desktop computer client, but little to none on consoles/mobile.

The absence of anti-cheat logs on a desktop may be a strong signal of a cheater, but not other platforms.
When implementing a cross-platform game, the client may change, but the network protocol will often remain the same.

A modified desktop client presenting as another platform, a console, allows you to operate outside of the purview of anti-cheat without being anomalous.
This isn't to say they aren't using a modified console, but rather make clear that they don't need to. In fact, you don't even need to use a modified client at all!

Let's talk about protocol hacking!
Game clients and servers get regular updates and this often breaks cheats. Client modifications are easier, but toilsome to maintain. If you like challenges, you operate your cheat in the most stable and invisible way possible: on the network itself!
There's a long and very interesting history of protocol hacks on online games, I'll leave this here as a great example:

If you understand the game protocol, you can run the official game client with no modifications, and get updates, and pass anti-cheat.web.archive.org/web/2018021616…
On-system anti-cheat can and will watch everything on the system. Between your game client and the game servers, there's many network devices, including your home router.

Anti-cheat cannot monitor your home router. That's *your* territory.
Modifying packets on-the-fly is fairly trivial if you know what you're doing, and you can largely operate with impunity unless other users report you. Neat!

The hard part is reverse engineering the protocol, but again, you've got the game client that speaks the protocol.
Lots of cool things may be built in to game protocols, including but not limited to: acting as the server, pushing configurations to other users, and leveraging features that are useful for game QA (infinite health, etc...)
In the case of @Genburten we see a "cheat" dialog pop up, but take note of the font. Looks nearly identical to the font as used in the game itself, yeah?

Well, looking at the rest of the game screen, we can clearly see the game supports populating overlays via the game protocol. Image
@Genburten I'll wrap this up here. I see no indication of on-system RCE. I see no indication of EAC even being involved.

I do see something I've done many, many times: Speaking the game protocol to leverage builtin game configurations and tooling in such a way that is otherwise invisible.
Anyways, blog post plug: remyhax.xyz/posts/golang-p…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with remy🐀

remy🐀 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @_mattata

remy🐀 Profile picture
Jan 10
“The research institute says the sender's device name, email address, and mobile phone number are hashed in the iOS device logs.”

Yeah, those hashes are in the wireless handshake too, and you don’t need physical access to the device. This has been known for a loooooooong time
The Chinese researchers used a rainbow table.
I… downloaded the US Facebook DB dump, and then generated the hash table assuming that phones near me had the local area code.

Took like 4 hours. Could tell the email and phone number of everyone in wireless proximity instantly.
I’m gonna delete this thread in like 15min probably but yeah anyways
Read 4 tweets
remy🐀 Profile picture
Feb 19, 2023
Lotta hot takes today about about SMS 2FA, so I’ll add mine. Remember all those “text NNNN for a ringtone, only $0.99!” commercials?
Yeah… those telco premium rate sms services are still around, and SMS 2FA is ripe for abuse by registering premium rate numbers.
Anyways, SMS fraud is a fun world to know about.
“Why didn’t they just rate limit the SMS 2FA to only distribute one code per hour, limiting volume fraud that could occur?”
Scammers just make more accounts, and despite public statements, Twitter actually cannot identify bots.
When you’re talking about $60M in scammed $, it’s understandable that the service would be cut altogether.

I don’t _agree_ with it, but at least I understand it. And hopefully you do now too.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(