Jimster480

Triple OG Founder OG
Founder & Developer
Administrator
Apr 11, 2011
6,061
9
1,885
I figured it's time to shine some light on the EAC (Easy Anti-Cheat). How it works and how LeagueCheats bypasses this anti-cheat.

EAC is an acronym for Easy Anti Cheat, This AC was released in the early 2000's Originally and AC used for Counter-Strike 1.6 which was later adapted to support Counter-Strike:Source (CSS) & Counter-Strike:Global Offensive (CSGO).
EAC has come quite a long way from what it was way back as with the advancement of technology and people freely giving up their rights as a whole we have given more power to the AC companies to dig deeper into our computers.

Without going to far into detail EAC is a program that is used to block the injection and access of cheats to the games it protects. It does this by closing off access to certain things needed to inject cheats.

EAC is essentially a fully functional user installed MALWARE you place on your PC. This is Malware you install on your PC of your own free will.

When you install EAC it sources and logs your IP Address, Your HWID, Your Serial (e.g. CD Key/STEAM ID).

It runs on your PC as both a ring3 client (desktop software) and a ring0 (driver); therefore granting it permission to prevent other programs access (Handles) to games.

Listed things EAC has done or may still do today.

EAC can scan/flag and upload suspicous files.
EAC can capture screenshots.
EAC can log all types of information on your host/isp and hardware.
EAC can blacklist both your HOST/ISP & Hardware.
EAC can close other programs, kill other drivers, example it can kill the driver your Anti-Virus uses if they want.
EAC can capture mouse and keyboard events (Keylogging)

Each of the above features can be defined by the league/game which uses them.

Currently EAC is used for many big titles and sparse among others, It appears the two most common Anti-Cheats used today are Battle-Eye (BE) and Easy Anti Cheat (EAC). EAC seems to be pulling ahead because Battle-Eye currently has issues with game developers causing them to fall behind in development of their AC.

Here are some of the Titles EAC supports. (7 Days to Die) (Apex Legends) (Battalion 1944) (Combat Arms) (Dark Royal) (Dead by Daylight) (Dirty Bomb) (Dying Light) (FarCry) (For Honor) (Fortnite) (Friday the 13th) (Infestation Series) (Insurgency) (Ironsight) (Magicka) (Next Day) (Paladins) (Realm Royale) (Rend) (Rising Storm) (Rust) (SCUM) (Squad) (Sword Art Online) (The Culling) (Tom Clancy Ghost Recon) (Total War: Arena) (Warfrace) (Warhammer).

This list I've given makes up about 40% of the main titles they support there are so many more to be found regarding this topic of what titles they do support but I decided to list only the ones we hear about on a daily basis, and games we all seem to have some love or hate for for a full list visit https://www.easy.ac/en-us/partners/.

There are quite a few public methods to bypass EAC as some may know. Typically EAC coders wait a bit of time to patch them so they are able to catch as many cheaters as possible when they drop the hammer. Be warned though that ANYTHING posted PUBLICLY WILL be DETECTED.

Example: Cheat providers will create DLL wrappers to get around the injection / handle control mechanisms of EAC. However this isn't very viable on newer versions of windows (8/10) or newer games due to signature enforcement. Drivers used to be built to restore the handle access to cheats, although with patchguard you can not just patch kernel functions to prevent EAC from stripping access rights.

Additionally many people are using exploitable drivers to load in manually mapped drivers to access the games EAC is protecting. As a countermeasure EAC is now looking for manually mapped drivers in the kernel space.... Making this method not very viable without other workarounds such as VM's.

You can pay upwards of $250 to get a company to digital sign your driver program allowing it to run on Windows 8/10 however once flagged by AC companies it flags every client with it and a mass banning occurs and each new driver is more money spent.

You can build a ring0 driver and build a PATCHED version of Windows 10 for your customers but the biggest issue here is anytime a OS update comes, Kernel hardening or anything for protection the system needs a NEW PATCH which can take weeks to months, most providers will force their clientele to use out dated Windows so they don't have to do that, and AC companies have gotten wise and will force people to update their windows to play their favorite games.

Jimster480 has always found the methods listed above of a wrapper or a driver to be severly ineffective and known to put his customers safety/security at risk, again I've said it before and I will say it again. LeagueCheats will never ask you to sacrifice your privacy/safety/security to use our cheats.

This is why for the many reasons listed above Jimster480 of LeagueCheats does it at ring3 (Software) level, hide in plain sight, bypass and allow EAC to close what it already closes creating no flag or anomolies.

Here's why, When a program is told HARDEN this process (CLOSE ACCESS) and it scans again and it's suddenly open or they can't close it. It creates a flag, so why would you bring that kind of attention to yourself? Jimster480 figured out EAC can only block programs from injecting once active but if you get a full injection before the program takes hold it can hold it's place even after EAC hardens the processes.

Now we've explained in depth what EAC is, How it works, What it can do and what makes each bypass different and how they react to it so now lets step into the leagues that currently use EAC.

Challenge Me
99 Damage
GoLeague
PVPro

All of these are currently bypassed by LeagueCheats for a small monthly fee.

With LeagueCheats Pro Leagues all features can be used.

Aimbot: We suggest that you use a high Smooth (8-15) and a High SuperSmooth (7-8) to maintain maximum realisitc aim look. make sure you don't get to many headshots by ensuring your aimspots are decently seperated.
Triggerbot: Will bypass regardless of which version you use we currently have two options of triggerbot you can select, there is no way for a league to detect this triggerbot because of how we have it activate, however holding a corner holding the triggerbot key is a sure fire way to get caught even without the use of EAC so keep this in mind.
RCS: Our RCS system is built in such a unique way that no matter what it can never be detected by an ANTI-Cheat including EAC and will always look human.
Removals: Our removals of Flash/Smoke etc. can always be used however it should be mentioned that you are more likely to get caught on review if you take a flash to the face and mow down your enemy or spray perfectly through a smoke because for you it's not there.
Bunnyhop: We always suggest that you set a DELAY on the bunnyhop because a 0 delay bunnyhop is super easy to detect/flag and ban someone for, we allow you to adjust your delays and we suggest you tinker with the delay to find something that works well for you.
Dynamic Lighting: This feature is unique to LC and you can use our uniquie glow system to give yourself a crazy EDGE. (Much like a flashlight, this feature lights up a players model in the darkest locations, making them easier to see. Jimster480's signature dynamic lighting has special options such as the ability to dynamically adjust the intensity of the lighting depending on the models surroundings.)
ESP: We don't support ESP for EAC if the game/league it's being used on has the screenshot feature on, it Absolutely can be used either way, however it is very heavily suggested that you use it on a toggle key regardless (e.g. Hold key to enable esp to show their current location and on release esp turns back off) we do not suggest leaving it on long or always because if you just press it quickly and let go it is unlikely to get caught in a screenshot.

We have so much more in our cheats that you can use and every feature will working 100% in which ever of the leagues you decide to play in, however a little common sense goes along way, creating a new account and then stomping semi-pro/pro's as a no name is a sure way to get yourself manual banned even if you look legit.

Only one provider meets all your Features & Security needs for all the leagues that currently use EAC.

We soon will be supporting more then just the Counter-Strike Series with our EAC bypass some of the titles listed above may soon be bypassed as well.
 
Very good read.

Couple comments:
1) This isn't a novel approach, but it's quite rare, especially for paycheats. It's been done before with many anticheats, old and new. I believe EAC has made it much more difficult to do since some public releases popped up exploiting this. Running a thread in Critical Priority to inject before BE and EAC has been used in the past with some success. It's relying on a race condition, essentially, which makes it unreliable and have shellcode which can easily be detected. This is why this method is widely overlooked for anything more than personal cheats. I'm sure you've thought of all this first! Keep up the good work, Jim!
2) Thank you for respecting our privacy and being transparent about how your methods. A lot better than some shady sites out there.
 
We are trying to not expose too much of our own method of bypass. But we do not use an elevated thread to inject before the anti-cheat as you are correct in it is easy to detect the shellcode.

I did explore such a method in development but I never sold it to anyone because I did not determine that it was Secure for any sort of long-term use.

Sent from my HTC 10 On Sprint using Tapatalk