Hi, i would like to ask help to the community! I have done some research about, so i will post what i ve figured out first. So i ve discovered that at RU official server of Aion, they use the Frost Security Anticheat. But i ve also discovered that this is an anti cheat with a.sys, a kernel driver. I ve never deal with this sort of anti cheat so i don t know how i can begin in that.
BattlEye focuses on proactive cheat prevention while also aggressively banning any cheaters that still manage to get in, ensuring that the game experience of players is protected from disruptive actions of cheaters as effectively as possible.
I don t know where i have to begin to learn about kernel anticheat bypass. Anyway this is not this one i want to bypass but the one called Active anticheat implemented in the RU server of Aion ( private one ). So first i ve see that the anti cheat seems to be an edited version of Frost security lol. They call it Active anticheat but for me it s the same or maybe modified Frost security anticheat. It differs cause the Launcher launch the private server like: Launcher ---> ActiveLauncher(the one that call the anticheat and the.sys driver) ---> and if the files is not modified or.sys loaded etc the game is launching. Epistemology positivism vs interpretivism. I've managed to unpack the Active launcher that was protected by VMP v3 in order to understand things better.
Anyway i ve reach the point where i can t unpack more. I found oep etc but after arrive API_LOGGER. I ve find only the first API_LOGGER but seems to be more than one. I've search things anyway, so i ve found that some strings are intteresting. The driver that they launch is in the AppData and temp folder with some world perfect X9 files but idk what they are. The driver is called: active64_10.sys. Others files are: - ft_1223392.dat - sn_1223392.dat They load the driver when the game start and delete it when it is closed.
The service is named PrProt. So it s what i ve discovered by my own and searching. I would like some help in order to learn more about, if i m wrong, maybe ways to bypass kernel driver and where to find such resources. ^^ Thanks a lot in advance for reply.
Yoking is offline.