Skip to main content

Specification


RSACR5AC is the name of an in-house cheat detection software. It seems to be made by a team at respawn entertainment, although there is no public information about it anywhere on the internet.

Where is it?

It is located in the main game executable, r5apex_dx12.exe. Sometimes you will encounter entire functions that will be related to it, other times it'll be some inlined code in some important game/engine functions. It uses a basic xor transform on it's c-strings, which makes it so that it will only be decrypted on the stack. However, it's quite easy to statically analyze a runtime dump of Apex Legends, and figure out a way to:

  1. Find all instances of encrypted RSAC C-String's, preferably automated.

  2. Figure out the following parameters for this transformation:

    • Location of the encrypted data.

    • Location of the encryption key.

    • Length of the encrypted data.

  3. In case of this cheat detection software, the length of an encrypted C-String's encoded data equals it's encryption key's size. This might be done to prevent repeating keys during the XOR transform, which can weaken the overall effectiveness of encryption.



Back to top