Browse Source

Publishes a post about the new Riot Games anti-cheat policy

Samuel FORESTIER 3 months ago
5 changed files with 97 additions and 0 deletions
  1. +85
  2. BIN
  3. BIN
  4. BIN
  5. BIN

+ 85
- 0
_posts/ View File

@@ -0,0 +1,85 @@
title: "Possible hot take about the new Riot Games anti-cheat policy"
date: 2020-04-18 13:01
url: possible-hot-take-about-the-new-riot-games-anti-cheat-policy
layout: post
category: Articles
image: /img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png
description: "No, shipping and executing proprietary low-level code is a terrible idea"

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png)

### Introduction

> As an introduction to the _League of Legends / Riot Games / Tencent Holdings_ environment, I will only paste what I have written for an other unpublished post :

[League of Legends]( (below, "LoL") is a [MOBA]( still developed by its original publisher : Riot Games (USA).
Riot Games is, and has been for some years now, [owned at 100% by Chinese (Tencent Holdings)](
There are **still** [some serious working conditions issues at Riot place](

### The Subject

Some weeks ago, I've come across this click-baiting-but-technical blog post from Riot : [/dev/null: Anti-Cheat Kernel Driver](
The main goal of this _solution_ is to load their anti-cheat in a more privileged environment than the cheats' one.
I was not very keen about the idea (and I am not alone), but I naively thought that we would have some months ~~of idealogical struggling~~ ahead before really dealing with such an intrusive technology.

But more recently, it finally appeared ["Project A" has been renamed to "VALORANT"]( and is already "available" through a really odd process, including another third-party platform (one more obscure partnership ?) :

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png)

Anyway, VALORANT, running in BETA with currently only few players, is acting as a _production-grade_ testing environment for their new [Vanguard anti-cheat solution](

Now look, let's check again what an operating system kernel is _supposed_ to do (from the [Wikipedia page]( :

> The kernel performs its tasks, such as running processes, managing hardware devices such as the hard disk, and handling interrupts, in this protected kernel space.

Please help me, I can't manage to find the part specifying it gives a special access to vendors for shipping their [BLOB](, running in a privileged and dangerous environment :roll_eyes:

In computer science, if engineers happened to separate what is a matter of **applications** from what is a matter of **system**, there were (and there still are) good reasons.
Intel _thought_ it could mix those, [it ended up very badly](
And I mean, what could be _more_ "applicative" than softwares developed by a video games company ?

> And guys, I don't expect the world to get [a C.S. degree to remove an **application** from their system]( :cry:

The point is, and I'm looking at you Riot, your code **will** contain vulnerabilities. It's a fact, as [it contains code rendering a "service"](
And you can argue it might be the most legitimate BLOBs Earth would ever known, it **will** anyway.

What would happen if a [0-Day]( is (un)discovered ?
You would have (maybe) prevented a _minority_ from bothering _a part_ of the community, and greatly exposed _tens Millions_ of players.
Is it worth the risk ?
If I were a company's CSO, I would not accept it.

> Personal two cents about cheating in LoL : In 7 years and thousands of games played, I only encountered a _scripter_ **once** and, thanks to him, it wasn't even in Solo Queue :smile:
> Personal two cents direct comment : Maybe we (EUW players) are relatively _spared_ from _cheaters_ ? Do [your statistics only address NA]( ?

List of (not-so)naive advices for Riot Games in their difficult fight on this (important) matter :

* Abandon this idea (yeah, I know, sunk costs and friends) ;

* Prefer the "human" approach by enhancing the `Report` feature if it requires to ;

* [Restore the Tribunal]( if you have to (??) ;

* If you **really** want to keep your low-level stuffs being used, please [make them Open-Source and publicly audited](

I do **hope** too that you know you will ~~f\*ck~~ impair _all_ LoL GNU/Linux users once the official public client will be "patched" (and [Lutris is already discouraging new players from "picking up League"]( :ok_hand: :joy:) :

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png)

> By the way, how are you gonna handle MacOS players ? Are you on the verge of coding a BSD kernel module too ?

Anyway, I hope you also well-comprehend the problem of being **owned** by a Chinese group.
If, one day maybe, [Tencent]( decides to take over Riot's games development back to China, players would end up having a **ring-0** piece of software [(in-)directly handled by the Communist Party]( :100:

> Note to Epic Games shareholders : Don't be stupid, [keep those determinant 10% to stay you out of this contingency](

So here we are, just wanted to add my two cents on the subject from my own PoV, hoping that divergent thoughts are the way forward to a better world, and that we _cannot_ let [those news handled by business vendors]( :

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png)

> Yes, the link refers to a store page to **buy** a product.
> No, it's not a joke (click on the link above if you don't trust me).

To conclude, I'd refer to this [Reddit thread](, like often, encountered **after** the post redaction...
... and good luck to Riot that will have to deal with [all of these users (well-)thinking that their computer is spying on them](, because that's definitely what their new "driver" is doing.

img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png (Stored with Git LFS) View File

oid sha256:1d1e3e8e427917414e9a344ed21f49c22517717b7c3a6809138b6927d8843bc4
size 22855

img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png (Stored with Git LFS) View File

oid sha256:89fe16d966fec16c02b2271c29a5d85f45030591eab2461891877b13305a5543
size 347567

img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png (Stored with Git LFS) View File

oid sha256:1ceb8cfcdd82bb8c02cd130c3bf4887f4ee2db198fcd51dfe2dcd1e26f8315a4
size 34664

img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png (Stored with Git LFS) View File

oid sha256:58c532012d97295d60aeea562521472616a523c8d2b0c60cad4da7d47a6d5539
size 17549