The art of Valorant (anti)cheating

Valorant Vanguard

Riots Valorant tried to fight the cheaters on a new level with Riots Vanguard anti cheat software. The difference between other Anti Cheats is that Vanguard has its own Kernel-Mode Driver and tries to fight cheats wich use kernel mode and hook system calls. If you want to learn more about this just google about Riot Vanguard, this was a huge topic since it caused some controversy in the gaming community. But is Vanguard successful? What is the current state of the cheating industry?

Pixelbots recently rekt

In one of the latest patches pixelbot cheats got rekt. As of now there are not many informations about how, but many cheat providers wich used simple pixelbot aimbots had to close down. There are rumours about first bypasses already, but atleast most of the script kiddies seem to be unsuccessful. Pixelbots scan a certain area of youre screen (close to crosshair most of time even adjustable and a circle called FOV) for certain color coded pixels. Players had to set a certain ingame color (In Valorant settings you can set Yellow, purple, red etc.) and the cheat scanned for those pixels and used that information combined with mouse drivers to make an aimbot or triggerbots. The following is an actual cheat configuration file of a recently closed down cheat:

{
“a_e”: true,
“a_fx”: 15,
“a_fy”: 8,
“a_k”: 1,
“a_rf”: 1.0,
“a_rl”: 3.2,
“a_rm”: 1,
“a_sens_x”: 0.44,
“a_sens_y”: 0.44,
“a_smo_x”: 0.25,
“a_smo_y”: 0.25,
“ap_e”: false,
“ap_k”: 117,
“c_m”: 1,
“s_e”: false,
“s_k”: 5,
“scr_x”: 1920,
“scr_y”: 1080,
“t_d”: 10,
“t_e”: true,
“t_k”: 6,
“t_sd”: 0
}

You can tell that the cheat had features like aimbot, triggerbot, smoothing adjustments to the aimbot and so on. Its also intersting too see that users had to enter the Screen resolution and ingame sensitivity so the cheat can use those values to calculate the offsets. There are even simple public sources which allow everyone to create his own Valorant cheat (https://corsair.wtf/topic/9350-valorant-triggerbot-c/).

It also seems like Valorant blocks certain Mouse drivers and scripts/macros recently which are nowadays already built in within Softwares of mouses. Some people have issues with using those Mouse drivers currently.

Cheat providers like Kiduahook used this method and had to temporarly close down due too Valorants new patch.

Driver cheats

Using Drivers is usually the common and bulletproof way to get read, write, allocate and protect memory access to the game process. The cheats need to bypass Vanguard which they do by abusing a vulnerability in a driver or by using something like EFIMemory (efi-memory by SamuelTulach on github). The EFI Mapper manual maps the custom made windows driver and makes it hidden by Vanguard since you start it before Vanguard/Windows. This allows it to have all the priviliges of a windows driver without vanguard realizing and it can read/write memory with the driver to make an external cheat or inject a dll to make an internal cheat. This sounds simpler than it is, this shouldnt be a tutorial nor am I an expert. But most of the current cheats require you to do the Efi mapper process. The cheat provider battlelog used the EFI Mapper method and it wroked pretty well.

The current state of Valorant cheating

Valorant has definetly less cheaters/providers than many other games, Valorant is actively fighting cheaters and also the community has brought up volunteer projects to fight cheaters. Vanguard makes it hard for script kiddis to create there own cheats especially after the latest patch wich rekt many anti recoil script and pixel bots. But dont understimate the cheaters, there are still plenty of working cheats and Riots Vanguard needs to keep up.