The Truth About VAC Detection

**Jvk** · 02-13-2015

Good info.

**Merccy2** · 02-15-2015

Bumpity. //2short

**Spifficus** · 02-17-2015

Do you know if VAC is able to detect segments of code that may remains consistent between versions of hacks or even different hacks by the same hack developer? Suppose you use the exact same method/function in every hack you make to configure and register a transparent window overlay and initialize a Direc3D device. Can VAC see common code segments in the running executables and flag users for bans?

Would doing any of the below obfuscate the detection process?
a) Changing the order of structures/data methods in source files.
b) Adding random garbage elements data/structures methods/calls to source files while retaining overall program logic.
c) Doing ASM dumps of code and inserting random garbage noops or equivalent (mov edi,edi; add eax,0; etc.) throughout the code.

Or am I over thinking the potential efficacy of VAC?

**Merccy2** · 02-18-2015

Originally Posted by Spifficus

Do you know if VAC is able to detect segments of code that may remains consistent between versions of hacks or even different hacks by the same hack developer? Suppose you use the exact same method/function in every hack you make to configure and register a transparent window overlay and initialize a Direc3D device. Can VAC see common code segments in the running executables and flag users for bans?

Would doing any of the below obfuscate the detection process?
a) Changing the order of structures/data methods in source files.
b) Adding random garbage elements data/structures methods/calls to source files while retaining overall program logic.
c) Doing ASM dumps of code and inserting random garbage noops or equivalent (mov edi,edi; add eax,0; etc.) throughout the code.

Or am I over thinking the potential efficacy of VAC?

Nope that is exactly what VAC does but the code segments are not common, for instance creating a transparent window is quite common so they wont sig that (or they would get a lot of false positives).

a) Works
b) Works
c) Works

It all changes the signature.

**okbye** · 02-18-2015

Originally Posted by Merccy2

Nope that is exactly what VAC does but the code segments are not common, for instance creating a transparent window is quite common so they wont sig that (or they would get a lot of false positives).

a) Works
b) Works
c) Works

It all changes the signature.

what do i do if this occurs`? your radar doesnt work even tho i changed offsets

puu.sh/g2dnX/1d64d3bb9a.png

^check link, im not allowd to post pictures for some reason

**hitlerwasaclosetjew** · 03-22-2015

So how does VAC detect hacks that are used under VMProtect?

**Melyyyy** · 03-23-2015

Thanks for this post!

**WTSDNEUGOLD** · 03-23-2015

so is it possible to bypass the security ?

**Yemiez** · 03-23-2015

Originally Posted by WTSDNEUGOLD

so is it possible to bypass the security ?

Its ezpz. //10chars

**crunchpower95** · 03-24-2015

Alot of good information! Thanks

**Predator's Panda** · 05-19-2015

Should be stickied lol, so much shit about how hash changing is the ultimate anti-vac pill.

**betocheagha** · 05-20-2015

Wow man! great infos. Your the man.

Although, to clarify VAC basically scans those blocks, and if it sees a red block which means a program is used, it bans the account. right? im kinda unclear about the signature and red blocks.

**Predator's Panda** · 05-20-2015

This needs to be stickied so much, please, any minion

- - - Updated - - -

Originally Posted by betocheagha

Wow man! great infos. Your the man.

Although, to clarify VAC basically scans those blocks, and if it sees a red block which means a program is used, it bans the account. right? im kinda unclear about the signature and red blocks.

Red blocks show parts of the memory "signature" that are recognized by vac as being hacks, if they see this you are banned

**emberofafire** · 05-21-2015

So much information *.* Just a few questions though, Merccy.
Using VMProtect on a hack will change it's signature such that only VMProtect can read it right?
So, assuming a hack has been detected by VAC.. VAC uses the signature scanning to check on hacks, so if I were to use VMProtect on a detected hack, will that prevent VAC from detecting it?
Thanks!

**Predator's Panda** · 05-21-2015

Originally Posted by emberofafire

So much information *.* Just a few questions though, Merccy.
Using VMProtect on a hack will change it's signature such that only VMProtect can read it right?
So, assuming a hack has been detected by VAC.. VAC uses the signature scanning to check on hacks, so if I were to use VMProtect on a detected hack, will that prevent VAC from detecting it?
Thanks!

No, when a hack is detected, even vmprotect won't save you.

Thread: The Truth About VAC Detection

Thread Tools

Display

Similar Threads

[Info] The Truth about OW/Vac/Untrusted.

The Truth About VAC-Bans

Tom tells the truth about his creation of Myspace

[info] The Truth About Retail Codes

the truth about hardware bans