Specification

R5AC is the name of an in-house cheat detection software. It seems to be made by a team at respawn entertainment, although there is no public information about it anywhere on the internet. 

 Where is it? 

 It is located in the main game executable, r5apex_dx12.exe. Sometimes you will encounter entire functions that will be related to it, other times it'll be some inlined code in some important game/engine functions. It uses a basic xor transform on it's c-strings, which makes it so that it will only be decrypted on the stack. However, it's quite easy to statically analyze a runtime dump of Apex Legends, and figure out a way to: 

 

 

 

 

 

 

 Find all instances of encrypted R5AC C-String's, preferably automated. 

 

 

 Figure out the following parameters for this transformation: 

 

 

 Location of the encrypted data. 

 

 

 Location of the encryption key. 

 

 

 Length of the encrypted data. 

 

 

 

 

 In case of this cheat detection software, the length of an encrypted C-String's encoded data equals it's encryption key's size. This might be done to prevent repeating keys during the XOR transform, which can weaken the overall effectiveness of encryption. 

 

 

 

 

 

 

   

 What are it's capabilities? 

 Generally speaking, this specific solution seems to focus on the game process and it's local process context. It mostly features detections for internal cheats. These detections range from heurstics all the way down to very specific, concrete signals.