VAC detects running in a VM and disconnects

Hey guys,
so, recently I've been getting disconnected from my CSGO compettive matches by VAC.
I opened up a ticket with Steam Support about it.


Turns out, they decided to consider playing inside a VM a no-go.
Even though it reads as if I'm running CS:GO on a host that also runs a hypervisor, I am in fact running it inside a VM. This is probably because they use premade text blocks.
Yes, I'm doing the whole GPU passthrough shebang, even though CS:GO is available on linux. Some people play more than one game, you know?

Anyone up for a riot?

[I guess I'll have to go back to developing DMA devices for my cheating needs]

1 Like

I wanna riot with you!

Btw

Why does steam hate hyper visors?

2 Likes

I suppose they would be a good mechanism to build cheats upon. Haven't ever heard of anyone doing that though.

1 Like

Cheaters gotta ruin everything. Smh

1 Like

This is about as true as saying "we have DRM because of those damn pirates smh".

3 Likes

Knowing how bad cheating is in competitive CS:GO, this kinda makes sense. CS as a game has had some of the most notorious cheating problems in the professional scene since its inception. There have been professional players, that have competed and even won thousands of dollars, that have later been banned for cheating. So Valve is kind of super paranoid about cheaters in GO, considering how fragile the cash-cow competitive scene still is. And it is the same anticheat from valve running at the highest levels of competition and in silver 1 matchmaking, so.

1 Like

Well, as I said: If I'm willing to go through virtualization to cheat, I might as well build hardware that uses DMA to cheat or build myself a nice, unsuspiciously named kernel module. This is indeed a losing battle, closed hardware with lots of DRM and verification on all OS levels is the only 'solution' to this.
As I said, I don't think anyone has utilized virtualization for cheating yet, meanwhile I'm suffering the consequences of their preventive measures, while aimbotters still roam freely in comp.

1 Like

if might be possible to figure out how VAC is detecting a VM and change that part

mfw nvidia starts reading and writing to the cs:go process, but you're team red.

Trolling aside, what's your setup? It might be worth it to look into hiding the KVM extensions. That said, when valve does something, they don't half-ass it. they're probably doing it the same way that Windows detects it.

i have not done it yet but VAC is just a blanket blacklist with some file checksums

Yeah, I'm considering that right now. I've also heard rumor the linux version of VAC is kinda bad? Running a linux VM for gaming sounds counterproductive, but it's still easier than either dealing with prime to render on the GPU that is currently used for passthrough or running everything bare metal, since wine and stuff.
I feel like hiding the virtualisation from the CPUID and also removing all paravirtual stuff might work, but how long until the next VAC update? The worst part is: VAC seems to differentiate between casual game modes and competitive. So far, I've not been able to trigger it outside comp and am now sitting off a 7 day cooldown (i was dealing with support meanwhile, they insisted on a screenshot of a problem, so I had to trigger it. Ugh.).
I wonder how viable this stuff is to cheaters anyway, I mean noone really goes through the trouble of setting up GPU passthrough to aimbot, right?

1 Like

Generally VMWare has a few registries that lets the program know it is a VM. MapleStory has the same issue where if it detects you are in a VM than it won't run. There are ways around it so he could try that method.

checksums

so basically, write a cryptor and your 1337 [email protected] still works?

maybe.

Is used for file verification. Just makes sure you dont use custom skins where the enemy heads are giant red blocks for a aimbot to use

steam and csgo do work in linux. why you are you running in a vm unless the cheating joke wasnt a joke?

Sort of hijacking this thread. Honest question; how does a piece of software find out that it is running in a virtual machine?

1 Like

Seems to me we need a similar solution like rootcloak on android, but a mod/software that masks everything from seeing you're running through a VM, like rootcloak masks selected android apps from detecting root.

1 Like