To clarify, no - we are not a scam. Our solution is pricey because it serves its purpose. Be careful about people posting on this forum as there are AC devs, and providers of solutions that arent big fans of competition.
You must do your own research.
Heres a post done on another thread by us about this topic:
Quote:
Long term you will want to go SMM (Mobo Firmware). Short term if you don't mind getting banned every 6-12 months - a good custom DMA firmware provider. There are private DMA providers that could be UD long term but you would need to have an invite from an insider to one of those builds. Anything Hypervisor that doesn't load on boot is likely a fake (Faceit will require secureboot and hvci in many instances). Digitally signed drivers w/ EV cert are another option but difficult to find a good provider + if their company gets blacklisted the whole group gets banned so you are relying on each user of the driver to not rage. If someone offers you a solution thats incredibly priced its likely a scam. Faceit does delayed bans so new solutions can popup and have good reviews for ~6 months then everyone gets banned.
The best way to approach this is to either find a worldclass private developer or to simply pick a solution that is logically secure by the approach itself. There is also the issue that as your get higher ranking you will be under more scrutiny. So a solution that works entry level for a while will not work in higher ranks.
Another simple test would be if the solution has aimassist. You can ask basic questions about how they get around hardware mousemovement and pixel movement irregularities (a basic non-linear / bezier curve aimassist will not work on faceit long term).
Edit: Another red flag is when developers rely on a "video" of their solution. This is a useless metric since you can easily make a video that looks like its on faceit, or actually join a faceit match on a second pc, cheat, record video, and get banned months later. Videos of the solution provide little to no evidence of their long term detect-ability. Moreover, its extremely unlikely a developer who can bypass faceit would waste their time building such a preview as they would be smart enough to understand the aforementioned point.
All in all, bypassing difficult solutions is not about being able to read its memory or move your mouse, its about being able to do that in a way that stays UD permanently.
|
For 1 PC faceit, that is a difficult challenge. The provider will have to be either virtualizing the system pre-exitbootservices, abusing an existing component for DMA (very rare), abusing EFI pages (difficult due to MmMapIoSpace and similar) - modifying the kernel via DXE->EBS->WINLOAD is quite trivial to detect, leveraging an EV Cert (also risky due to a blacklist for anyone using that cert), or using a 0day on Windows itself which would be very expensive to share with others. Or finally, utilizing customized motherboard firmware / smm.
The solution will have to be able to read physical memory directly or have wordclass ASM trickery in the module itself. If it is not above the AC's privilege level, then it is a cat and mouse solution always. Happy to expand on these points.
Quote:
Works cited:
