Video game giant Activision announced in October that it had fixed a bug in its anti-cheat system that affected a “small number of legitimate player accounts” that were banned due to the bug.
In fact, the hackers who discovered and exploited the bug say they were able to ban “thousands” of Call of Duty players, essentially branding them as cheaters. The hacker, who goes by Vizor, spoke to TechCrunch about the exploit and told their side of the story.
“I could have done this for years, and it would have been done without notice unless you were targeting random players and not targeting celebrities,” Vizor said, adding, “I could have done this without any notice. It would be strange to misuse it,” he added.
TechCrunch was introduced to Vizor by a cheat developer named Zebleer who is familiar with the Call of Duty hacking scene. Zebleer said he was knowledgeable about the exploit because he had been in contact with Vizor for several months and had witnessed Vizor use it.
For years, hackers have targeted online video games, trying to find flaws that allow them to install and use cheats that give players an unfair advantage. Some cheat developers, such as Zebleer, sell their programs as a service, sometimes making millions of dollars. In response, video game companies are hiring cybersecurity experts to develop and fine-tune anti-cheating systems to catch and ban cheaters in their games. In 2021, Activision released the Ricochet anti-cheat system that runs at the kernel level to make it even harder for cheat developers to circumvent.
Vizor said he found a unique way to exploit Ricochet and was able to use it against the players he was supposed to protect. Hackers noticed that Ricochet uses a hard-coded list of specific text strings as “signatures” to detect hackers. For example, Vizor said, one of the strings is the word “trigger bot,” which refers to a type of cheating that automatically triggers a cheater's weapon when the crosshair is over a target.
Vizor simply sends a private message (known in-game as a “whisper”) containing one of the hard-coded strings, such as “Trigger Bot,” to remove the player who was sending the message from the game. He said he could be expelled.
“We've noticed that Ricochet anti-cheats are likely scanning players' devices for strings to determine who is or isn't a cheater. Although this is quite normal “If you scan that much memory space for just ASCII strings and then ban them, it's very easy to get false positives,” Vizor said. You mentioned whether you were scanning for keywords.
“The same day I found this out, I got myself banned for sending a whispered message to myself in Call of Duty using one of the strings in the message content,” Vizor said .
Contact Us Do you develop or sell cheats? Or are you working on an anti-cheat system at a video game company? From any non-work device, contact us on Signal (+1 917 257 1382), or on Telegram and Keybase @lorenzofb, or electronically. You can contact Lorenzo Franceschi-Bicchierai securely by email. You can also contact TechCrunch via SecureDrop.
Vizor said that at some point, a script will automatically run and ban random players (in Vizor's words, “join a game, post a message, quit a game, join a new game, etc.” It is said that the company has developed a new technology that allows the user to repeat the process over and over again. They need to ban players even going on vacation. Vizor said that after several months of doing this, Activision added new signatures to its anti-cheat system that it would soon find and use to ban players.
“I was most active in trolling. [the] Ricochet Anti-Cheat Team Adds New String Signatures. So when I check, [memory] “If I search a region and find a new string, I'll get into it to make them think they're detecting a genuine fraudster,” Vizor said.
Activision did not respond to a request for comment.
A person who previously worked at Activision and has knowledge of the work the company's security and anti-cheat teams are doing told TechCrunch that Ricochet scans for certain signatures and that “that's what anti-cheat teams do. “It could have been weaponized against cheats.” ” Essentially, this is the technique that Vizor was exploiting.
“If anti-cheats know what signatures they're looking for, they'll find a mechanism to get those bytes within the game process, and you'll get banned,” said the person, who requested anonymity. the person spoke. “can't believe it [Activision] We are banning people who are doing memory scans for “trigger bots”. ” That is incredibly stupid. And they should have protected the signature. It's amateur time. ”
Vizor said that apart from random players, they also targeted some well-known players. Vizor posted on X that some video game streamers were banned during the time they were using this exploit, but the bans were lifted once Activision fixed the bug.
The company learned of the bug when Zebleer published details of the exploit on X.
“It was nice to see the problem fixed and the ban lifted,” Vizor said. “It was fun.”