In October, video game giant Activision said it had fixed a bug in its anti-cheat system that affected “a small number of legitimate player accounts,” who were getting banned because of the bug.
In reality, according to the hacker who found the bug and was exploiting it, they were able to ban “thousands upon thousands” of Call of Duty players, who they essentially framed as cheaters. The hacker, who goes by Vizor, spoke to TechCrunch about the exploit, and told their side of the story.
“I could have done this for years and as long as I target random players and no one famous it would have gone without notice,” said Vizor, who added that it was “funny to abuse the exploit.”
TechCrunch was introduced to Vizor by a cheat developer called Zebleer, who is familiar with the Call of Duty hacking scene. Zebleer said he had been in touch with Vizor for months, and as such had knowledge of the exploit, which he said he saw Vizor using.
For years, hackers have targeted online video games to try to find flaws capable of installing and using cheats that give players an unfair advantage. Some cheat developers, such as Zebleer, sell their programs as a service, sometimes making millions of dollars. In response, video game companies have been hiring cybersecurity specialists to develop and fine tune their anti-cheat systems to catch and ban game cheaters. In 2021, Activision released its Ricochet anti-cheat system, which runs at the kernel level in an attempt to make it even harder for cheat developers to get around it.
Vizor said they were able to find a unique way to exploit Ricochet, and use it against the players it was supposed to protect. The hacker realized Ricochet was using a list of specific hardcoded strings of text as “signatures” to detect hackers. For example, Vizor said, one of the strings was the words “Trigger Bot,” which refers to a type of cheat that automatically triggers a cheater’s weapon when their crosshair is over a target.
Vizor said they could simply send a private message — known as a “whisper” in the game — that included one of these hardcoded strings, such as “Trigger Bot,” and get the player they were messaging banned from the game.
“I realized that Ricochet anticheat was likely scanning player’s devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives,” said Vizor, referring to how the game was effectively scanning for banned keywords, regardless of context.
“The same day I found this, I got myself banned by sending a whisper message on Call of Duty to myself with one of the strings in the message contents,” said Vizor.
Contact Us
Do you develop or sell cheats? Or do you work on anti-cheat systems at a video game company? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Vizor said that at one point they developed a script — “join a game, post a message, leave the game, join a new game, repeat repeat repeat,” as Vizor put it — that would run automatically and ban random players, which allowed them to go on vacation and still ban players. Vizor said that over the months that they were doing this, Activision would add new signatures to its anti-cheat system, which they would find soon after and use to ban players.
“I was most active with the trolling when [the] Ricochet anti-cheat team would add new string signatures. So if I check the [memory] region and see a new string, I will go crazy with it so they think they are detecting real cheaters,” said Vizor.
Activision did not respond to a request for comment.
A person who used to work at Activision, and still has knowledge of the work that the security and anti-cheat team do at the company, told TechCrunch that Ricochet was scanning for certain signatures and “that may have been weaponized against the anti cheat,” essentially the technique Vizor was exploiting.
“If you know what signature the anti-cheat is looking for, I find a mechanism to get those bytes in your game process and you get banned,” said the person, who asked to remain anonymous. “I can’t believe [Activision] are banning people on a memory scan of ‘trigger bot.’ That is so incredibly stupid. And they should have been protecting the signatures. That’s amateur hour.”
Apart from random players, Vizor said they targeted some well-known players, too. In the period of time Vizor was using the exploit, some video game streamers posted on X that they had been banned, and then unbanned, once Activision fixed the bug.
The company was alerted of the existence of the bug when Zebleer published details of the exploit on X.
“It was nice to see it get fixed and see unbans,” said Vizor. “I had my fun.”