Advanced Search
Search Results
20 total results found
R5AC: Apex Legends anti-cheat Analysis (S25)
An analysis of respawn entertainment's R5AC for Apex Legends Season 25.
Introduction
Learn about how respawn improved client-side cheat detection in Apex Legends.
Specification
R5AC is the name of an in-house cheat detection software. It seems to be made by a team at respawn entertainment, although there is no public information about it anywhere on the internet. Where is it? It is located in the main game executable, r5apex_...
Anti-Cheat Networking
Understanding how an anti-cheat communicates will help you navigate around it more efficiently.
Client>Server Communication
There is no singular function that is responsible for this task. In Apex, we rather have multiple of those working together. Let's get started with the most common function, R5AC::PushViolation: void __fastcall R5AC::PushViolation( const __m128i *p...
Basic Networking Specification
In general, R5AC seems to only make use of it's networking capabilities when it detects that something might be wrong.
Anti-Cheat Detections
Virtual Method Tables
R5AC is ensuring that VMTP's are pointing within expected bounds, and that read-only VMT related data has not been tampered with. Pointer Verification Every time the script calls sub_1DCDD1, the virtual method table pointer (VMTP) for the filesystem interf...
Control Flow Analysis
R5AC is planting control flow enumeration helpers into important game mode. Just because a module is signed, doesn't mean that R5AC will give it a pass. It follows a strict whitelist which at the time of this writing, consisted of the following ranges. ...
Obfuscation: Constant (C-String)
R5AC uses a simple XOR algorithm where the decryption key length and encrypted content length are identical. Referenced & encoded C-Strings Analysis DLL Related 0x20ea35 KERNEL32.dll0x3a3e51 ntdll.dll0x54ee61 ADVAPI32.dll0x542551 steamnetworkingsocket...
Apex Legends
Hardware ID
Does R5AC have hardware fingerprinting capabilities?
Not directly, but Apex Legends itself additionally uses Theia for a second form of machine fingerprinting. It doesn't replace EAC's mechanisms for the same thing, but rather seems to work alongside it. As an additional vector, so to speak. The game will bui...
TNV1A Endpoint (LMAOBOX: Share my Lobby)
(NOTE) This endpoint is out of service; I no longer posess a valid LMAOBOX premium license as my subscription got deleted recently. This book is intended to serve as a public documentation of TNV1A. Its an Endpoint for the public, hosted by me to interact with...
Legacy Endpoint (tnv1a/)
Intelligence Endpoint
Request information for a Steam64_UID (Steam Persona)
Method URL: HTTP/GET https://lb.drof.space/v1/query-by-steam-identity-single?steamUID_64=%YOUR_INPUT% Authentication: None Input Parameters: steamUID_64: SteamID (64-bit format) of a valid persona on the steam platform. Output: You will receive an...
Request a download of the raw user database
Method URL: HTTP/GET https://lb.drof.space/v1/frds Authentication: HTTP Parameter ('apiKey') Input Parameters: API Key: Used as an identity provider for Authenticating with our API (not LMAOBOX!) Output: You will receive an output in JSON format....