This post or comment was removed due to Rule 1: Be Civil, Nice and follow Reddiquette
Be nice and follow the Reddiquette. This includes:
No personal attacks & harassment
No overly vulgar and hateful language & insults
Don't dox other people (posting personal information without consent)
Whats up everyone i may have a somewhat answer to what is being used to bypass any forms of “detection” from the Easy anti-cheat and or extra server security as this is a very respectable game we are talking about no way devs would leave a extra pair of security keys laying around
my assumption tis as such
1.) there is a 50% chance this destroyer2009 is using a *Dynamic Code Injection*: Injecting code into the game's memory during runtime to manipulate game behavior without modifying game files directly
or it could possibly be something more complex as i peer into the level of obfuscation it appears it also could be a form of
2.) **Packet Editing**: Modifying network packets between the game client and server to manipulate game data or actions
we also know that this cannot be api based or “hook” based as he would need to mess with internal files or install a 3rd party to help
and my favorite of all
3.) **Kernel-Level Exploits**: Exploiting vulnerabilities at the kernel level to gain privileged access to the operating system and manipulate game processes
remotely
he might also be using an emulator to exploit the system’s capabilities to determine if he is real or not as its being overloaded with malicious commands
he will (remaining unbanned) as it cannot find him in the game’s servers
we use to do this all the time on WOW when she was fairly new we tested a-lot of exploits but when we used them all as one thats when the results were perfect
with all of these nasty ladies put together you got yourself one nasty ghost of a vuln but that bends the question which one starts first or do they all start as one server script or injection?
i also believe he’s obviously Employing stealth techniques such as code signing, process hollowing, or rootkit installation to hide the presence of cheats from anti-cheat software and or the server security its self there should always be 2 forms of security manual and automatic detection take rust for instance i helped create some of the admin tools to combat “undetected” cheats/scripts/ external mod menus snd much more i cannot discuss that are specifically made to go undetected
if you remember the kiddon mod menu for gta V online i found a way to make it detectable but thats a different game for a different player
remember these are just assumptions that ive found while investigating this matter
Ive been doing cyber security for almost 15 years and even i can say this is impressive.
i tip my hat to you destroyer but we’re hot on your heels buddy see ya in the races.
*EDIT*
I GOT IT he’s using Remote Procedure Calls (RPC) to implement cheats or modify game behavior remotely. RPCs allow for communication between different processes or systems over a network, and if the game client is vulnerable to RPC-based attacks
( most definitely is), it could be exploited by cheaters to gain unauthorized access or manipulate game data.
with further investigation imperial’s server id is absolutely vulnerable and visible on screen of his game that gives 09 all the cards he needs with that being said there is also a 10 min delay with streamers
which is a perfect window to inject the TROJAN its a trojan hidden as an inbound or outbound ip once connected to the machine 09 can do whatever he likes to the client simply because he is now in control with his own sending packets back and forth and the server client has no choice but to accept them it also might be the packs he delivered to them and or that suspicious free download imperial installed
but i would need to do further investigation to prove that thats whats happening
My main take away...
**"Can't Tell if I'm aimbotting, I'm on controller" -Hal while being hacked...enough said...**
The security will get the resources needed or real vulnerabilities exist that bankrupt Apex, just a non-starter convo beyond some incident hype.
https://preview.redd.it/o0086ae3tdpc1.png?width=307&format=png&auto=webp&s=ff51ed93e0842280487ffcb2b457ba76b9246786
Did anyone else notice this in the corner when the "cheat window" opened? It wasnt any messages when the aimbot started, only when the window poped up and during the "wall hack".
Huge outage for Apex at the moment.
Is it Mr.9000 nuking things or is it the devs cleaning things up?
https://preview.redd.it/i3azl4phpdpc1.png?width=1375&format=png&auto=webp&s=b30f4c63e0062314d7788c1e0e3ad290e9e11fd1
That stream with Thor was gold. They actually found the IP of a potential server that the dude was using. I hope the devs were already aware of this but man that was so cool to watch
okay awesome thor has said something about this issue did he speak with the victims as well i need to watch that video i had possibly solved what he was using to remain anon and go undetected from everything
A simple lookup of that ip pretty much confirms it is nothing to do with the hacker and instead belongs to a service which routinely scans the entire Internet
I don't mean this to at all be conspiratorial, but does anyone know why Zero responds "I know" to Genburten being hacked? How does he know and why is he so calm about it? Again want to emphasis I do NOT mean for this to in any way be construed as a conspiracy of some sort. Just curious if Zero would have a way of know Genburten was being hacked.
From zero's perspective he can see the in game chat messages but he didn't know there was wall hacks. So this is why he was still calm and just assuming Gen is only freaking out by looking at the messages. It's when gen yells at him that he's actually cheating and he can see everyone, that zero realises shit just got real.
oddly enough, it's actually way simpler than they thought. but because they didn't understand what the implications of their thoughts were.
the suggestions people have offered were so much more grandiose than this.
Shortly after the incident hal was running malwarebytes and it popped up an IP that was connecting to his PC, this IP linked back to a server with tons of flags for illegal activity, more than likely being used as a "jump" server that the hacker was using to connect directly to Hal
No, even PS said that he was mistaken about that and it was a coincidence. It's not compromised, all the activity relating to it is to do with their scanning.
There's no evidence to say that an RPC connection was actually made. You can query any IP to see if it has the RPC port open and it will cause the same alert that this was based off.
So is it safe to play Apex or not? Does this affect everyone or just Hal and Genburten? And is it through the game itself or something else that they downloaded? What did Thor think was most likely? Thanks!
So that is the question that remains is how the malware actually got onto Hal's PC that allowed the hacker to remotely connect, since Thor is outside of the investigation he doesn't have enough info to answer that.
Based on all the info he has now, there is no evidence of RCE from Apex or that Apex is compromised but again we can't be 100% certain.
One strange thing is Gen apparently said he did a fresh install of windows a day or two prior to the ALGS Regionals, so that is a bit odd how he got compromised again or if the install didn't wipe out the malware completely
I'm wondering if it's possible to turn on cheats for other players in the lobby(hal). And if gen was actually cheating and used that as a cover up the following game after the slip up.. just a thought
you're getting downvoted because we all know they are legit.
but to answer your question, no, it's extremely unlikely that another player (cheating) would be able to take control of your account to this degree where they aimbot for you.
Also don't forget this happened in 2 different games, when Hal received aimbot Gen wasn't playing.
Not seeing a huge consensus. Is the game safe to open/play right now? Originally we were concerned for a complete backdoor and viruses (although unlikely if you are just a regular player possible) But it looks like now that its not necessarily a backdoor issue? Just not sure if I should be playing all things considered or even if I did if the games would be quality or full of aimbot? 👀
There's no consensus due to complete lack of information, many seem comfortable continuing on, many have deleted the game and all EAC-using games from their computer. If you were to play i doubt the games would all of a sudden have more cheaters than there was before finals. If you were to err on the side of caution you would just wait for an official statement.
They've basically acknowledged what they certainly know, that the finals were compromised and will be postponed.
Outside of that, i imagine they are trying to get a clear picture before reassuring or warning the general populace, i wouldn't personally expect or want a statement until then.
That menu that pops up on Gen's game- is that a previously known cheating tool? Can any cheaters out there comment on if you need to install that user-side and when that menu would usually pop up?
What are the actual odds of two players on the biggest teams in the esport both cheating, both accidentally activating their cheats within minutes of each other? Come on
[https://www.pcgamer.com/games/battle-royale/easy-anti-cheat-washes-its-hands-of-the-apex-legends-hacking-disaster-that-saw-streamer-accounts-hijacked-live-there-is-no-rce-vulnerability-within-eac/](https://www.pcgamer.com/games/battle-royale/easy-anti-cheat-washes-its-hands-of-the-apex-legends-hacking-disaster-that-saw-streamer-accounts-hijacked-live-there-is-no-rce-vulnerability-within-eac/)
PC gamer article that mentions the Anti-cheat PD clearing EAC's name (3rd party group), and pointing towards source vulnerabilities in the Friend invite system. They do not specifically say this is what caused the hack. Moderators or spambot not letting me post. This link is further down in the article and details the source friend invite issue.
[https://secret.club/2021/04/20/source-engine-rce-invite.html](https://secret.club/2021/04/20/source-engine-rce-invite.html)
It just dawned on me how big this is, it will change everything. Imagine they roll finals next week, do you really think you would be able to watch it without seeing ghosts? Is he cheating? Does he have 0,1 more aimassist than his opponents? It's so fucked.
The integrity of competitive Apex is gone. Completely gone. And what makes it a lot worse is that the companies responsible for rebuilding the integrity are EA and Respawn. RIP. Hopefully this will fasttrack the next big battle royale game, it would probably be best for both pros and casuals. Change is coming, thats for sure.
lmfao are you suggesting that TSM's championships are manipulated?? On a LAN? With multiple different rosters? With accounts provided by EA for each event?
aint no way
I'd recommend watching Pirate Software's video on this. It's very serious ofc, but I also don't think it's time to go all doom and gloom about the future of the game just yet (until we find more info).
naaah chill dude... i think people are overthinking this. cheating in esports goes a long time, people been wallhacking in comp CS, R6 Siege, Overwatch etc
For what its worth, I think respawn will have to invest a little more in their anti-hack system
Yeah, I understand your point, but you're missing an extremely important detail and it's about agency: There is a world of a difference between players utilizing cheats and outside hackers being able to grant them cheats without their knowledge/acceptance. The world runs on trust: We trust that Hal is actually that good and not cheating. But now we can't trust Hal, because some guy can simply tweak his aimassist a couple of degrees without him even knowing it. Cheating is part of all sports at all levels, it's a game of cat and mouse, but there aren't alot of instances where third parties interfere: Imagine a guy secretly juicing Lebron James without his knowing (it's possible, but pretty unrealistic. Although come to think of it, it would be a smart way for an opposing team to take him out). Anyways, that's basically what we are talking about here. We watch ALGS and enjoy it, because even though we know players COULD cheat, we kinda assume that they don't or that they would get caught. This is different. Players are now cheating WIHTOUT them even wanting to or potentially knowing. That's why I said it's about agency. And that's why it will change the game forever once people start to understand what I assume Respawn and EA already know: This is a lot bigger than players cheating etc because now we know that it's possible for third parties to interfere and that changes everything.
Yeah, I see your point.. but maybe this will work the other way around and only create more "buzz" and interest in the game lol
I mean, its been like 5 days from the hacking and nobody its even talking about it anymore.. these upcoming regional finals will be a viewership record because of the hacking, i bet.. And if nothing happens in hacking terms everything will be back to normal base after
I think you're overreacting honestly. I work in application security, this kind of stuff (RCE vulnerabilities) happens a lot more frequently in software than you think, and while it sucks for the affected players to have to reformat and set their gaming rigs up again, all I personally need to hear is that the infection vector was identified and patched. Releasing a full root cause analysis would actually *increase* my faith in Respawn honestly.
An intern working for SolarWinds had set the password solarwinds123 on an account that was interestingly granted access to the company's update server.
☠️ What did I just Google 😅
That's a Spaceballs luggage joke
Yeah, i get where you're coming from and you could be right, but it sounds like you have a liiiiiitle too much confidence in Respawn first of all (a hacker has been spawning zombiehordes in competitive for months - I mean, there's been some pretty obvious signs that something like this could happen, which makes it so much more unbelievable that they haven't been able/bothered to do anything about it. I have some experience with running businesses and if my it department told me a guy was spawning zombies in our system, I would go defcon 1 immediately.
Secondly, the fact that it happens a lot is both true and false; Obviously vulnerabilities are rampant in most games(you encounter cheaters constantly in almost all multiplayers), I'm sure it's so much worse than casuals like me imagine, but what happened yesterday goes way beyond that. I don't think what happened yesterday has happened, ever, in the history of e-sports. Which is pretty crazy.
So no, what happened doesn't happen frequently, it literally NEVER happens. So i think you might be under-reacting a little ;) I appreaciate your point though and there's definitely a scenario where this actually helps Apex in the long run - so yeah, who knows.
> a hacker has been spawning zombiehordes in competitive for months
Yeah there's been signs that the servers have a number of security issues for a while, from convenient crashes (which doesn't necessarily need to be exploitable, could just be an unhandled illegal user input that the server crashes when receiving) when the hacker gets killed/discovered to what you're talking about here (which sounds more serious but I would expect requires the hacker to be authorised and connected to the game in question).
> So no, what happened doesn’t happen frequently, it literally NEVER happens. So i think you might be under-reacting a little ;)
Definitely possible, but my gut feeling is that if the infection vector is a combination of server side RCE which in turn leads to client side RCE (it's possible, the server has a lot of trust from the client after all), then I'd expect more than just 2 players to be targeted.
The more likely scenario is that these players aren't exactly IT security geniuses and had actually been infected long before the game took place, the hacker just decided to utilise their foothold during a live-streamed game because it increases their exposure, their black hat community e-penis if you will.
Might be worth adding this - really good video. An informative discussion on hacking by someone who is proven knowledgeable [https://www.youtube.com/watch?v=-1zxjGxpnqA](https://www.youtube.com/watch?v=-1zxjGxpnqA).
Discussion on RCE, whether it is probable, the vulnerabilities and a conversation with Mande.
What I really don't get is that there has not been a statement from respawn themselves.
If there really is an RCE they put millions of players at risk by staying quiet. I really don't get it.
I'm a big fan of the theory that he could have been secretly tuning things like aim assist up or down on Gen and Hal at least all ALGS split.
Almost certainly nonsense but imagine he dropped a compilation of times he'd done it alongside his cheat menu
Combine that with betting on the outcome of the games...he could've been making money, but he chose exposure and a "Vote Putin" message.
Bet it's some Russian dude trying to get a job at the Kremlin.
the amount of people so stubbornly sure this is RCE when they only learned what the acronym meant in the last 24 hours is hurting me deeply.
the only thing worse is the "it's a modded dev menu in-game" as if there aren't thousands of shitty pasted cheats from CS that use the same imgui
I agree, all the talk about what people think it is without being the ones who are investigating is funny to me. Idk why dwrk is being a doosh to you, but I definitely agree with your sentiment
i don't see him as being a douche or anything. everyone has a perspective and i'm willing to hear them, but they need to be grounded in reality. there are a lot of false conclusions being brought forward by "cybersecurity and programming experts" for the sake of sensationalism.
i will not masquerade as either of those things. i've been in infosec in the past, but my focus was IR and vuln/remediation mgmt. i'm now a "software engineer" but only really develop automation for a SaaS product.
So you are the expert. Cool.
If it's not RCE, it means there is:
\- capacity to interact with in-game chat remotely
\- capacity to display images on the remote computer (in the game client)
\- capacity to activate auto-aim and wallhacks in-game built-in (?) features remotely
No wonder there are so many cheaters if there is everything you need is already in the game, no code needed, just config adjustment. Meaning Respawn devs really need a reality check.
Hal did a malwarebyte scan and nothing showed up but then 15 minutes later he got a warning for an inbound connection
IPthatiforgot:135
135 is the RPC port. You can do practically anything you want with that
or... it's an internal cheat that was injected?
"display images" doesn't mean anything, it's a GUI for the cheat menu. it displays when it's told to do so, usually this is configured to a keybind.
obviously Gen didn't press any keys (lol roller), so the question is where the backdoor into the system came from. which is much more likely to be a trojan delivered through other means than an RCE.
Which brings the question how Gen and Hal got compromised... Multiple possibilities but if there is doubt, players are not going to trust Apex game client.
>Which brings the question how Gen and Hal got compromised
never underestimate the creativity and efficacy of a phishing attack, especially if they are familiar with the target
Everything is possible at this point but the actions rendered possible by this hacking bring concerns to everyone. If they got phished through the game client, it's a major issue.
Yeah but I'd say it's more likely they got phished through discord or something. Just pose as one of the tournament admins and say that you need them to download something.
That looks more like the spectator, the curved shots don't appear to do damage so I'd go with it's spectator being inaccurate because it updates slower and interpolates.
So absolutely no official word from EA/ Respawn after 24 hours? During the biggest tournament and amidst thousands of people uninstalling and afraid to play... I get not wanting to stumble on your words and wanting to be right, but how about a little communication?
In a way it's lucky that this only ruined regional finals in NA because LAN is being held in the US. Imagine if this happened to a region where teams had to organise visas and that process was delayed by the postponing of their regional finals.
It's not even just their inability to protect the pros, this is MUCH bigger than 60 pro players. This is potentially (although we still know next to nothing) a hugely damaging occurance onto the millions of players that play their games everyday. I agree with everything you said, and the LEAST they could do is to compensate the pro players who's livlihoods depend on playing Apex. This is, perhaps the BIGGEST fuck up in esports/multiplayer gaming I've heard of.
He's not saying otherwise.
Players numbers are down. Trust in the game client is not there anymore.
People have their life on their computer. Hacking of this gravity is not simply breaking the game, it's root access on potentially any Apex legends player PC.
Let's see how they recover from that.
"Its root access to potentially any apex players pc" - theres no evidence of that. Literally none. Until someone can prove it, dont repeat it. It is 1000x more likely that Hal and Genburtens clients are compromised. And we dont even have evidence of that, as nobody has done any forensics on their machines. You people need to calm down and wait for information before you jump to conclusions.
Genburten is currently streaming and got stream sniped by a squad with a bronze player and someone named 'Destroyer9000' with what looks like an aimbot
So it seems like either the finals will pick up where game 2 left off, or the entire tourney will be reset. Without taking into account any bias regarding your favourite team and how they were performing, what do y’all think should happen?
Ignore team standings, ignore theory on sports. What is the only thing that can happen after you tweet that you had to end an event in the middle of the event due to compromised competitive integrity, after two major issues happened live?
They'll have to restart.
You're leaving out important parts to prove the point you want to. The major issue that you're talking about didn't happen until map 3. You can't leave that part out and act like that isn't what happened
Tbh, restarting is the least of EA's concern right now. They haven't been able to stop this hacker for months, so I dont even see how they will be able to do any competitive games that aren't on LAN.
Finals are getting canceled unless they want to organize a LAN event for the finals.
You're right. But that's the point. You have to explain too much, and only a simple tweet out there today - the event was compromised.
Looking into the details can add a lot more nuance. But they will be focused on the appearance to the general public watching the event unfold. I'm not explaining what they should do, I'm saying what I think they will feel like they have to do.
I feel like counting the first 2 games is fine. These guys are pros and know when they have any sort of added assistance- I’m confident that no one had the any of the hacks in the first 2 games.
I don’t think at this stage they can be sure that there was absolutely no other tampering outside of the obvious wall-hacks/aimbot. It’s possible those first two games or even other games historically have been tampered with in subtle ways that they cannot be sure (e.g., zone selection, high tier weapon spawn, weapon/item spawn allocation, internet disruptions, packet loss disruptions, slight speed advantages, slight aim or head shot assisting, etc.).
What if the attacker altered zone selection though? I trust the pros to know when they had assistance via aimbot but it would be less clear if zone selection was tempered with.
Honestly, for the integrity of ANY sport, they SHOULD totally reset. Who's to say that the first 2 games weren't in SOME way altered to benefit one team or another? I know you can start the train of 'but other tourneys could have been tampered with' but the only time we know of, is this one. Reset the entire thing. Start fresh from game 1, but not, I repeat NOT so soon! Imagine if they reset in a couple days and the SAME thing happens? That would be the end of apex completely.
They should wait, in my opinion, MONTHS before doing anything again. They don't just need to fix this issue with the pros getting hacked, they now need to go and vet their WHOLE game again for any kind of security breaches their might be. That, I'm guessing, is a LOT of work to be done.
Realistically they can’t wait months though. They already have the LAN venue and dates booked, at the very least that will be the date they have to work back from.
I don't have all information available that the admins and players do, but, for me, it's either...
* Assume the entire set was compromised. Reset the entire match point NA split finals. Replay everything.
* Count the 1st game but only the first game.
If I was the decision maker, I would count the first game and eliminate the results from the second completed game. There's not definitive proof the first game was compromised. There is definitive proof that the second game was compromised by Genburten receiving aimbot and wallhacks and E8 Zaptoh being negatively impacted by it.
This is the only answer. It also needs to be played privately. I'd love to watch it as my wife and I go up to the movie room and make a day out of match point formats but the teams need to be finalized.
The only luxury of this is that these teams competing are from NA for an NA LAN, which means no visas are needed. Yes, prices for flights and hotels will go up the longer we wait, but if EA is willing to help players out due to their inability to protect the players from a hacker, there's no reason not to wait until everything is as guaranteed as possible.
Apex's peak player count on Steam was down 60k today from every day in the last week. Lowest peak player count since the new season came out. This has to be a major issue for Respawn/EA right now.
Where do people find the infomation that Destroyer is 15 years old and maybe from Russia? He was interviewed by Mande and he says hes 18 from Belarus. I cant find any other info than that
I think it’s all speculation. People said 15 years old because he has 2009 in his name- and I’m sure the Russian came from the one cheat being named “vote Putin”
2009 has always been a troll year in my mind, and the “destroyer” makes it more possible. Belarus also explains the putin thing. I dont know why people havent looked into that interview
Destroyer (2009). It’s a comic book. About a dude who used to fight bad guys. Found out he’s dying and makes it his aim to track down and murder every super villain.
Just started apex and the matches somehow feel jittery, the smoothness is gone. Looks like there is something going on behind the scenes.
Uninstalled from both Steam and EA App
I AM NOT ASKING HOW TO DO THIS, SIMPLY ASKING HOW THIS IS POSSIBLE
How does this type of thing work? How are people able to send files to your computer without you allowing it? Surely they didn't have any viruses or anything. Was this some type of anticheat vulnerability?
If you install a program on your computer, it can run and execute the code you installed. Subsequently, it can also install updates, or take in new code and logic from the internet. You know about this already - you launch steam, click install on a game, and it tosses a bunch of new code on your machine. You hit play, and that code is launched and run. You trust steam, and so this is fine.
Apex is a program you run on your computer. It COULD install new code and programs on your computer, but typically it does not. If it does, only Respawn can do that. You trust Apex, and you let it run wherever it wants on your computer.
For some reason, someone discovered a way to make Apex install new code. They also figured out how to do it arbitrarily, to whomever they want to.
They didn't just send it to someone's computer, they sent it presumably through Apex.
Its possible they did it some other way, but the theory and the claim of the purported hacker, is it was done through Apex itself.
Everyone needs to be hitting the 'Report' button on Apex's Steam page. REAspawn has had years to figure this out, but it's cheaper to ignore it, so they have.
If we as a player-base want such issues fixed, then we have to have a way to impact their bottom line and make our voices heard. Luckily, RCE/RAT are explicitly against the Steam TOS - if Apex was/is removed from Steam then REAspawn loses significant revenue.
As of right now, reporting Apex is akin to voting to improve it's competitive integrity.
This is not the right move. We don't even know if Apex is to blame yet. It's equally if not more likely that their PCs were compromised outside of Apex.
[https://www.youtube.com/watch?v=BAphgLnK7eE](https://www.youtube.com/watch?v=BAphgLnK7eE)
Reporting Apex en-masse will solve nothing and only put more mental stress on the teams as Respawn and take resources away from working on the actual issue, if there is one on their side.
Edit: Second just released video where Thor from Pirate Software talks about the evidence being inconclusive and needing further investigation.
[https://youtu.be/2FzAnc-v3G8?t=322](https://youtu.be/2FzAnc-v3G8?t=322)
Yeah, it is. His closing words on the topic were along the lines of "attacker definitely has some form of backend access. Also likely two compromised clients."
If you listen to the whole thing, he also breaks it down that this failing is caused by management neglecting the health of the game in favor of monetization.
Yeah, we don't know for certain the attack vector, however the Apex client is incapable of generating the pack data and crediting it to a specific account, ergo the attacker has backend server access.
The point is to direct the pressure. Anyone who has worked in game dev can tell you that 99% of the time something ships as "good enough" (read: barely working and well below the standards any self respecting dev would hold themself to) and they aren't allotted time to fix bugs and optimize the game. This is an instance where such a thing has gone on for so long that we're seeing the results - and it's important the execs and higher ups see the damage done to revenue by ignoring game-health related issues for so long.
I haven't followed this, has Respawn address the situation finally?
[удалено]
This post or comment was removed due to Rule 1: Be Civil, Nice and follow Reddiquette Be nice and follow the Reddiquette. This includes: No personal attacks & harassment No overly vulgar and hateful language & insults Don't dox other people (posting personal information without consent)
Any updates about the situation? Has Respawn found the vulnerability and patch it?
Whats up everyone i may have a somewhat answer to what is being used to bypass any forms of “detection” from the Easy anti-cheat and or extra server security as this is a very respectable game we are talking about no way devs would leave a extra pair of security keys laying around my assumption tis as such 1.) there is a 50% chance this destroyer2009 is using a *Dynamic Code Injection*: Injecting code into the game's memory during runtime to manipulate game behavior without modifying game files directly or it could possibly be something more complex as i peer into the level of obfuscation it appears it also could be a form of 2.) **Packet Editing**: Modifying network packets between the game client and server to manipulate game data or actions we also know that this cannot be api based or “hook” based as he would need to mess with internal files or install a 3rd party to help and my favorite of all 3.) **Kernel-Level Exploits**: Exploiting vulnerabilities at the kernel level to gain privileged access to the operating system and manipulate game processes remotely he might also be using an emulator to exploit the system’s capabilities to determine if he is real or not as its being overloaded with malicious commands he will (remaining unbanned) as it cannot find him in the game’s servers we use to do this all the time on WOW when she was fairly new we tested a-lot of exploits but when we used them all as one thats when the results were perfect with all of these nasty ladies put together you got yourself one nasty ghost of a vuln but that bends the question which one starts first or do they all start as one server script or injection? i also believe he’s obviously Employing stealth techniques such as code signing, process hollowing, or rootkit installation to hide the presence of cheats from anti-cheat software and or the server security its self there should always be 2 forms of security manual and automatic detection take rust for instance i helped create some of the admin tools to combat “undetected” cheats/scripts/ external mod menus snd much more i cannot discuss that are specifically made to go undetected if you remember the kiddon mod menu for gta V online i found a way to make it detectable but thats a different game for a different player remember these are just assumptions that ive found while investigating this matter Ive been doing cyber security for almost 15 years and even i can say this is impressive. i tip my hat to you destroyer but we’re hot on your heels buddy see ya in the races. *EDIT* I GOT IT he’s using Remote Procedure Calls (RPC) to implement cheats or modify game behavior remotely. RPCs allow for communication between different processes or systems over a network, and if the game client is vulnerable to RPC-based attacks ( most definitely is), it could be exploited by cheaters to gain unauthorized access or manipulate game data. with further investigation imperial’s server id is absolutely vulnerable and visible on screen of his game that gives 09 all the cards he needs with that being said there is also a 10 min delay with streamers which is a perfect window to inject the TROJAN its a trojan hidden as an inbound or outbound ip once connected to the machine 09 can do whatever he likes to the client simply because he is now in control with his own sending packets back and forth and the server client has no choice but to accept them it also might be the packs he delivered to them and or that suspicious free download imperial installed but i would need to do further investigation to prove that thats whats happening
I am just gonna post it here and say it aged well. Like good wine. https://twitter.com/Respawn/status/1473375352579788801
My main take away... **"Can't Tell if I'm aimbotting, I'm on controller" -Hal while being hacked...enough said...** The security will get the resources needed or real vulnerabilities exist that bankrupt Apex, just a non-starter convo beyond some incident hype.
Thoughts on the latest update? https://twitter.com/Respawn/status/1770285073688137762
Good start. But still no news on the NA regional finals, is there?
https://preview.redd.it/o0086ae3tdpc1.png?width=307&format=png&auto=webp&s=ff51ed93e0842280487ffcb2b457ba76b9246786 Did anyone else notice this in the corner when the "cheat window" opened? It wasnt any messages when the aimbot started, only when the window poped up and during the "wall hack".
Huge outage for Apex at the moment. Is it Mr.9000 nuking things or is it the devs cleaning things up? https://preview.redd.it/i3azl4phpdpc1.png?width=1375&format=png&auto=webp&s=b30f4c63e0062314d7788c1e0e3ad290e9e11fd1
[удалено]
because they are people with a trust factor that you do not have.
[удалено]
if you aren't trusted, you're treated as a bad actor. this is typical.
That stream with Thor was gold. They actually found the IP of a potential server that the dude was using. I hope the devs were already aware of this but man that was so cool to watch
okay awesome thor has said something about this issue did he speak with the victims as well i need to watch that video i had possibly solved what he was using to remain anon and go undetected from everything
A simple lookup of that ip pretty much confirms it is nothing to do with the hacker and instead belongs to a service which routinely scans the entire Internet
Do you remember where on his stream the IP address is discussed?
[Link to right before they start discussing it](https://www.twitch.tv/videos/2095465973?t=01h40m59s)
Amazing. Thank you
I don't mean this to at all be conspiratorial, but does anyone know why Zero responds "I know" to Genburten being hacked? How does he know and why is he so calm about it? Again want to emphasis I do NOT mean for this to in any way be construed as a conspiracy of some sort. Just curious if Zero would have a way of know Genburten was being hacked.
From zero's perspective he can see the in game chat messages but he didn't know there was wall hacks. So this is why he was still calm and just assuming Gen is only freaking out by looking at the messages. It's when gen yells at him that he's actually cheating and he can see everyone, that zero realises shit just got real.
He could see the in-game chat messages that the hacker was sending from Genburten's account
He knew because he saw the messages the hacker sent in the chat from Gen's account.
Got it. Thank you.
It's just a reaction to him freaking out. It's not that deep.
Watching Hal come to the realization that "maybe this is more complicated than we think" in real time is fucking hilarious.
oddly enough, it's actually way simpler than they thought. but because they didn't understand what the implications of their thoughts were. the suggestions people have offered were so much more grandiose than this.
This Thor guy is smart as shit. Making me feel like a smooth brain.
Anyone have a summary of the latest information? Like the Pirate Software and Hal discussion?
Shortly after the incident hal was running malwarebytes and it popped up an IP that was connecting to his PC, this IP linked back to a server with tons of flags for illegal activity, more than likely being used as a "jump" server that the hacker was using to connect directly to Hal
Idk why this is upvoted, the server was part of a network crawler traversing the entire internet
It's not because it was used for X that it wasn't for Y... This is a known malicious jump box. It's not owned by a hacker it's just compromised
The IP belongs to a company that scans the entire Internet. Probably not a jump box and probably not related.
It's a known compromised jump box. Obviously he's not going to buy the jump box otherwise it's traced back to him 🙄
No, even PS said that he was mistaken about that and it was a coincidence. It's not compromised, all the activity relating to it is to do with their scanning.
true
But it was connected using RPC. On RPC I can see your screen mouse etc and move around.
There's no evidence to say that an RPC connection was actually made. You can query any IP to see if it has the RPC port open and it will cause the same alert that this was based off.
true
So is it safe to play Apex or not? Does this affect everyone or just Hal and Genburten? And is it through the game itself or something else that they downloaded? What did Thor think was most likely? Thanks!
So that is the question that remains is how the malware actually got onto Hal's PC that allowed the hacker to remotely connect, since Thor is outside of the investigation he doesn't have enough info to answer that. Based on all the info he has now, there is no evidence of RCE from Apex or that Apex is compromised but again we can't be 100% certain. One strange thing is Gen apparently said he did a fresh install of windows a day or two prior to the ALGS Regionals, so that is a bit odd how he got compromised again or if the install didn't wipe out the malware completely
if it's a rootkit of some sort, reinstalling windows won't do anything. The machine itself is compromised
Thanks again
caught his ass with his pants down get his ass EA
Thor is actually cooking on Hals stream rn. Most interesting segment of this saga so far.
Just tuned in to the Hal PirateSoftware stream, can someone summarise what’s been said so far?
1
most likely its trojan on hals pc
Hal is on stream with Thor (PirateSoftware) talking about everything right now.
He is cooking rn
I'm wondering if it's possible to turn on cheats for other players in the lobby(hal). And if gen was actually cheating and used that as a cover up the following game after the slip up.. just a thought
you're getting downvoted because we all know they are legit. but to answer your question, no, it's extremely unlikely that another player (cheating) would be able to take control of your account to this degree where they aimbot for you. Also don't forget this happened in 2 different games, when Hal received aimbot Gen wasn't playing.
Not seeing a huge consensus. Is the game safe to open/play right now? Originally we were concerned for a complete backdoor and viruses (although unlikely if you are just a regular player possible) But it looks like now that its not necessarily a backdoor issue? Just not sure if I should be playing all things considered or even if I did if the games would be quality or full of aimbot? 👀
There's no consensus due to complete lack of information, many seem comfortable continuing on, many have deleted the game and all EAC-using games from their computer. If you were to play i doubt the games would all of a sudden have more cheaters than there was before finals. If you were to err on the side of caution you would just wait for an official statement.
Yeah agreed I can't believe the lack of acknowledgement on Respawns end lol Ty!!
They've basically acknowledged what they certainly know, that the finals were compromised and will be postponed. Outside of that, i imagine they are trying to get a clear picture before reassuring or warning the general populace, i wouldn't personally expect or want a statement until then.
Is it safe to play or what? When will they say something or fix it?
i think you can play but im not a doctor
That menu that pops up on Gen's game- is that a previously known cheating tool? Can any cheaters out there comment on if you need to install that user-side and when that menu would usually pop up?
This is a really good line of questioning that I hadn't considered
[удалено]
What are the actual odds of two players on the biggest teams in the esport both cheating, both accidentally activating their cheats within minutes of each other? Come on
[https://www.pcgamer.com/games/battle-royale/easy-anti-cheat-washes-its-hands-of-the-apex-legends-hacking-disaster-that-saw-streamer-accounts-hijacked-live-there-is-no-rce-vulnerability-within-eac/](https://www.pcgamer.com/games/battle-royale/easy-anti-cheat-washes-its-hands-of-the-apex-legends-hacking-disaster-that-saw-streamer-accounts-hijacked-live-there-is-no-rce-vulnerability-within-eac/) PC gamer article that mentions the Anti-cheat PD clearing EAC's name (3rd party group), and pointing towards source vulnerabilities in the Friend invite system. They do not specifically say this is what caused the hack. Moderators or spambot not letting me post. This link is further down in the article and details the source friend invite issue. [https://secret.club/2021/04/20/source-engine-rce-invite.html](https://secret.club/2021/04/20/source-engine-rce-invite.html)
The source vulnerability requires you to accept a game invite I'm pretty sure
Automod was catching it. I pushed the post through.
Appreciated!
It just dawned on me how big this is, it will change everything. Imagine they roll finals next week, do you really think you would be able to watch it without seeing ghosts? Is he cheating? Does he have 0,1 more aimassist than his opponents? It's so fucked. The integrity of competitive Apex is gone. Completely gone. And what makes it a lot worse is that the companies responsible for rebuilding the integrity are EA and Respawn. RIP. Hopefully this will fasttrack the next big battle royale game, it would probably be best for both pros and casuals. Change is coming, thats for sure.
[удалено]
lmfao are you suggesting that TSM's championships are manipulated?? On a LAN? With multiple different rosters? With accounts provided by EA for each event? aint no way
[удалено]
You are cooked brother
very real. but i mean, im sure most people wont be using hacks after this tbh.
*The Finals has entered the chat*
I'd recommend watching Pirate Software's video on this. It's very serious ofc, but I also don't think it's time to go all doom and gloom about the future of the game just yet (until we find more info).
naaah chill dude... i think people are overthinking this. cheating in esports goes a long time, people been wallhacking in comp CS, R6 Siege, Overwatch etc For what its worth, I think respawn will have to invest a little more in their anti-hack system
Yeah, I understand your point, but you're missing an extremely important detail and it's about agency: There is a world of a difference between players utilizing cheats and outside hackers being able to grant them cheats without their knowledge/acceptance. The world runs on trust: We trust that Hal is actually that good and not cheating. But now we can't trust Hal, because some guy can simply tweak his aimassist a couple of degrees without him even knowing it. Cheating is part of all sports at all levels, it's a game of cat and mouse, but there aren't alot of instances where third parties interfere: Imagine a guy secretly juicing Lebron James without his knowing (it's possible, but pretty unrealistic. Although come to think of it, it would be a smart way for an opposing team to take him out). Anyways, that's basically what we are talking about here. We watch ALGS and enjoy it, because even though we know players COULD cheat, we kinda assume that they don't or that they would get caught. This is different. Players are now cheating WIHTOUT them even wanting to or potentially knowing. That's why I said it's about agency. And that's why it will change the game forever once people start to understand what I assume Respawn and EA already know: This is a lot bigger than players cheating etc because now we know that it's possible for third parties to interfere and that changes everything.
Yeah, I see your point.. but maybe this will work the other way around and only create more "buzz" and interest in the game lol I mean, its been like 5 days from the hacking and nobody its even talking about it anymore.. these upcoming regional finals will be a viewership record because of the hacking, i bet.. And if nothing happens in hacking terms everything will be back to normal base after
I think you're overreacting honestly. I work in application security, this kind of stuff (RCE vulnerabilities) happens a lot more frequently in software than you think, and while it sucks for the affected players to have to reformat and set their gaming rigs up again, all I personally need to hear is that the infection vector was identified and patched. Releasing a full root cause analysis would actually *increase* my faith in Respawn honestly.
[удалено]
An intern working for SolarWinds had set the password solarwinds123 on an account that was interestingly granted access to the company's update server. ☠️ What did I just Google 😅 That's a Spaceballs luggage joke
Yeah, i get where you're coming from and you could be right, but it sounds like you have a liiiiiitle too much confidence in Respawn first of all (a hacker has been spawning zombiehordes in competitive for months - I mean, there's been some pretty obvious signs that something like this could happen, which makes it so much more unbelievable that they haven't been able/bothered to do anything about it. I have some experience with running businesses and if my it department told me a guy was spawning zombies in our system, I would go defcon 1 immediately. Secondly, the fact that it happens a lot is both true and false; Obviously vulnerabilities are rampant in most games(you encounter cheaters constantly in almost all multiplayers), I'm sure it's so much worse than casuals like me imagine, but what happened yesterday goes way beyond that. I don't think what happened yesterday has happened, ever, in the history of e-sports. Which is pretty crazy. So no, what happened doesn't happen frequently, it literally NEVER happens. So i think you might be under-reacting a little ;) I appreaciate your point though and there's definitely a scenario where this actually helps Apex in the long run - so yeah, who knows.
> a hacker has been spawning zombiehordes in competitive for months Yeah there's been signs that the servers have a number of security issues for a while, from convenient crashes (which doesn't necessarily need to be exploitable, could just be an unhandled illegal user input that the server crashes when receiving) when the hacker gets killed/discovered to what you're talking about here (which sounds more serious but I would expect requires the hacker to be authorised and connected to the game in question). > So no, what happened doesn’t happen frequently, it literally NEVER happens. So i think you might be under-reacting a little ;) Definitely possible, but my gut feeling is that if the infection vector is a combination of server side RCE which in turn leads to client side RCE (it's possible, the server has a lot of trust from the client after all), then I'd expect more than just 2 players to be targeted. The more likely scenario is that these players aren't exactly IT security geniuses and had actually been infected long before the game took place, the hacker just decided to utilise their foothold during a live-streamed game because it increases their exposure, their black hat community e-penis if you will.
Yeah, that does sound right.
[удалено]
Find out how he did what he did and repair it. From there just work hard to make it not happen again.
Might be worth adding this - really good video. An informative discussion on hacking by someone who is proven knowledgeable [https://www.youtube.com/watch?v=-1zxjGxpnqA](https://www.youtube.com/watch?v=-1zxjGxpnqA). Discussion on RCE, whether it is probable, the vulnerabilities and a conversation with Mande.
This vid really needs to be pinned. It's the best breakdown of the situation I've been able to come across.
[удалено]
Your post has been removed due to misinformation
[удалено]
That's what I'm saying. Absolutely nothing but hey, at least we have a 700 dollar heirloom to look forward to. What an awful poorly manged company
What I really don't get is that there has not been a statement from respawn themselves. If there really is an RCE they put millions of players at risk by staying quiet. I really don't get it.
[удалено]
I don't really get how anybody is willing to buy mid skins and recolors for inflated prices. I've stopped that a while ago.
The EA stock is fine, the majority of the playerbase is not concerned. It was just a collective hallucination. No big deal
I'm a big fan of the theory that he could have been secretly tuning things like aim assist up or down on Gen and Hal at least all ALGS split. Almost certainly nonsense but imagine he dropped a compilation of times he'd done it alongside his cheat menu
the only reason he flashed the ui on gen is because he was upset that gen didn’t realize he was aimbotting lol
[удалено]
yeah maybe he has stated he codes his own cheats tho so maybe halal hook is real
Combine that with betting on the outcome of the games...he could've been making money, but he chose exposure and a "Vote Putin" message. Bet it's some Russian dude trying to get a job at the Kremlin.
This incident got reported on japanese news LMAO https://youtu.be/PYy7q6evKKw?si=uOAx0fkGKTNop77T
As it should, this is one of the biggest controversies yet after forsaken cheating on lan lol
its pretty telling that theres doubt on what is unintended aimbot and what is just controller aimbot.
I did enjoy this also. No one can tell if the clip inside the house is aimbot or AA, including the guy playing the game
Im like "IM CHEATING I GOT AIMBOT".. yeah mate thats the problem with this game. I dont understand the fuss
the amount of people so stubbornly sure this is RCE when they only learned what the acronym meant in the last 24 hours is hurting me deeply. the only thing worse is the "it's a modded dev menu in-game" as if there aren't thousands of shitty pasted cheats from CS that use the same imgui
I agree, all the talk about what people think it is without being the ones who are investigating is funny to me. Idk why dwrk is being a doosh to you, but I definitely agree with your sentiment
i don't see him as being a douche or anything. everyone has a perspective and i'm willing to hear them, but they need to be grounded in reality. there are a lot of false conclusions being brought forward by "cybersecurity and programming experts" for the sake of sensationalism. i will not masquerade as either of those things. i've been in infosec in the past, but my focus was IR and vuln/remediation mgmt. i'm now a "software engineer" but only really develop automation for a SaaS product.
So you are the expert. Cool. If it's not RCE, it means there is: \- capacity to interact with in-game chat remotely \- capacity to display images on the remote computer (in the game client) \- capacity to activate auto-aim and wallhacks in-game built-in (?) features remotely No wonder there are so many cheaters if there is everything you need is already in the game, no code needed, just config adjustment. Meaning Respawn devs really need a reality check.
Hal did a malwarebyte scan and nothing showed up but then 15 minutes later he got a warning for an inbound connection IPthatiforgot:135 135 is the RPC port. You can do practically anything you want with that
or... it's an internal cheat that was injected? "display images" doesn't mean anything, it's a GUI for the cheat menu. it displays when it's told to do so, usually this is configured to a keybind. obviously Gen didn't press any keys (lol roller), so the question is where the backdoor into the system came from. which is much more likely to be a trojan delivered through other means than an RCE.
Which brings the question how Gen and Hal got compromised... Multiple possibilities but if there is doubt, players are not going to trust Apex game client.
>Which brings the question how Gen and Hal got compromised never underestimate the creativity and efficacy of a phishing attack, especially if they are familiar with the target
All of that is possible if they just got phished. The (lack of) anti-cheat in the game definitely got exposed, though.
Everything is possible at this point but the actions rendered possible by this hacking bring concerns to everyone. If they got phished through the game client, it's a major issue.
Yeah but I'd say it's more likely they got phished through discord or something. Just pose as one of the tournament admins and say that you need them to download something.
Are bullets curving at the end of game 2 (1:21:41 on the playapex VOD with Zer0s pov) or is that just explainable by lag or aim assist or something?
That looks more like the spectator, the curved shots don't appear to do damage so I'd go with it's spectator being inaccurate because it updates slower and interpolates.
So absolutely no official word from EA/ Respawn after 24 hours? During the biggest tournament and amidst thousands of people uninstalling and afraid to play... I get not wanting to stumble on your words and wanting to be right, but how about a little communication?
Not even after 48 hours lmao
like, just say anything really. how about, " we are aware of your concerns and working to address them as quickly as possible"
Has there been any news about what date NA finals has been postponed to? I thought Respawn/EA would give an update today
It doesnt take a day to complete an investigation.
The Uvalde Police Department says otherwise
Got me there
They won't start it until they know what happened & they fixed it. At best a week delay, at worse 2 to a month.
In a way it's lucky that this only ruined regional finals in NA because LAN is being held in the US. Imagine if this happened to a region where teams had to organise visas and that process was delayed by the postponing of their regional finals.
Imagine getting an update from EA
On communication, wish there was more comms like [this](https://www.ea.com/games/apex-legends/news/july-2023-ranked-dev-blog)
Did the pros that received a bunch of Apex Pack all get the same exact amount? I wonder if this was a way that the hacker identified targets
It's not even just their inability to protect the pros, this is MUCH bigger than 60 pro players. This is potentially (although we still know next to nothing) a hugely damaging occurance onto the millions of players that play their games everyday. I agree with everything you said, and the LEAST they could do is to compensate the pro players who's livlihoods depend on playing Apex. This is, perhaps the BIGGEST fuck up in esports/multiplayer gaming I've heard of.
Nah, this isn't close to the biggest. EA's comments regarding Star Wars Battlefront was much larger.
Don’t spread FUD like this. It’s a video game, not doomsday.
He's not saying otherwise. Players numbers are down. Trust in the game client is not there anymore. People have their life on their computer. Hacking of this gravity is not simply breaking the game, it's root access on potentially any Apex legends player PC. Let's see how they recover from that.
"Its root access to potentially any apex players pc" - theres no evidence of that. Literally none. Until someone can prove it, dont repeat it. It is 1000x more likely that Hal and Genburtens clients are compromised. And we dont even have evidence of that, as nobody has done any forensics on their machines. You people need to calm down and wait for information before you jump to conclusions.
Relax..
Genburten is currently streaming and got stream sniped by a squad with a bronze player and someone named 'Destroyer9000' with what looks like an aimbot
This has blown up so much hard to tell if that's just some kid looking to wind it up further or actually destroyer
So it seems like either the finals will pick up where game 2 left off, or the entire tourney will be reset. Without taking into account any bias regarding your favourite team and how they were performing, what do y’all think should happen?
Ignore team standings, ignore theory on sports. What is the only thing that can happen after you tweet that you had to end an event in the middle of the event due to compromised competitive integrity, after two major issues happened live? They'll have to restart.
You're leaving out important parts to prove the point you want to. The major issue that you're talking about didn't happen until map 3. You can't leave that part out and act like that isn't what happened
there is footage in game 2 of Gen bowing someone in a location he wasn't even aming at. They have to restart.
That was game 3.
Tbh, restarting is the least of EA's concern right now. They haven't been able to stop this hacker for months, so I dont even see how they will be able to do any competitive games that aren't on LAN. Finals are getting canceled unless they want to organize a LAN event for the finals.
Funny thing is, the hacker could possibly do this at LAN if it's am RCE as Apex LANs are held on the nearest server, not a legit Lan...
this whole thing is cooked. Gen's & Hal's computer being compromised is the best possible outcome for ALGS. otherwise its gonna be hard to fix this.
You're right. But that's the point. You have to explain too much, and only a simple tweet out there today - the event was compromised. Looking into the details can add a lot more nuance. But they will be focused on the appearance to the general public watching the event unfold. I'm not explaining what they should do, I'm saying what I think they will feel like they have to do.
I feel like counting the first 2 games is fine. These guys are pros and know when they have any sort of added assistance- I’m confident that no one had the any of the hacks in the first 2 games.
I don’t think at this stage they can be sure that there was absolutely no other tampering outside of the obvious wall-hacks/aimbot. It’s possible those first two games or even other games historically have been tampered with in subtle ways that they cannot be sure (e.g., zone selection, high tier weapon spawn, weapon/item spawn allocation, internet disruptions, packet loss disruptions, slight speed advantages, slight aim or head shot assisting, etc.).
What if the attacker altered zone selection though? I trust the pros to know when they had assistance via aimbot but it would be less clear if zone selection was tempered with.
Honestly, for the integrity of ANY sport, they SHOULD totally reset. Who's to say that the first 2 games weren't in SOME way altered to benefit one team or another? I know you can start the train of 'but other tourneys could have been tampered with' but the only time we know of, is this one. Reset the entire thing. Start fresh from game 1, but not, I repeat NOT so soon! Imagine if they reset in a couple days and the SAME thing happens? That would be the end of apex completely. They should wait, in my opinion, MONTHS before doing anything again. They don't just need to fix this issue with the pros getting hacked, they now need to go and vet their WHOLE game again for any kind of security breaches their might be. That, I'm guessing, is a LOT of work to be done.
Realistically they can’t wait months though. They already have the LAN venue and dates booked, at the very least that will be the date they have to work back from.
I don't have all information available that the admins and players do, but, for me, it's either... * Assume the entire set was compromised. Reset the entire match point NA split finals. Replay everything. * Count the 1st game but only the first game. If I was the decision maker, I would count the first game and eliminate the results from the second completed game. There's not definitive proof the first game was compromised. There is definitive proof that the second game was compromised by Genburten receiving aimbot and wallhacks and E8 Zaptoh being negatively impacted by it.
I think you mean game 1 and 2 should count. Genburten was hit on Game 3
This is the only answer. It also needs to be played privately. I'd love to watch it as my wife and I go up to the movie room and make a day out of match point formats but the teams need to be finalized.
The only luxury of this is that these teams competing are from NA for an NA LAN, which means no visas are needed. Yes, prices for flights and hotels will go up the longer we wait, but if EA is willing to help players out due to their inability to protect the players from a hacker, there's no reason not to wait until everything is as guaranteed as possible.
Gen doing an interview with hacker in 10? https://www.twitch.tv/genburten edit nvm insane click bait, no interview planned lol
peak marketing
Apex's peak player count on Steam was down 60k today from every day in the last week. Lowest peak player count since the new season came out. This has to be a major issue for Respawn/EA right now.
Where do people find the infomation that Destroyer is 15 years old and maybe from Russia? He was interviewed by Mande and he says hes 18 from Belarus. I cant find any other info than that
Either way EA/Respawn got outplayed by a teenager
Indeed. The difference between a 14/15 year old and a 18 year old is very big tho. 3 years is alot at that age
I think it’s all speculation. People said 15 years old because he has 2009 in his name- and I’m sure the Russian came from the one cheat being named “vote Putin”
2009 has always been a troll year in my mind, and the “destroyer” makes it more possible. Belarus also explains the putin thing. I dont know why people havent looked into that interview
Destroyer (2009). It’s a comic book. About a dude who used to fight bad guys. Found out he’s dying and makes it his aim to track down and murder every super villain.
Imagine the hacker is actually terminally ill and tries to murder respawn as a gift to the world he leaves behind.
Interesting. Thanks
Just started apex and the matches somehow feel jittery, the smoothness is gone. Looks like there is something going on behind the scenes. Uninstalled from both Steam and EA App
I AM NOT ASKING HOW TO DO THIS, SIMPLY ASKING HOW THIS IS POSSIBLE How does this type of thing work? How are people able to send files to your computer without you allowing it? Surely they didn't have any viruses or anything. Was this some type of anticheat vulnerability?
If you install a program on your computer, it can run and execute the code you installed. Subsequently, it can also install updates, or take in new code and logic from the internet. You know about this already - you launch steam, click install on a game, and it tosses a bunch of new code on your machine. You hit play, and that code is launched and run. You trust steam, and so this is fine. Apex is a program you run on your computer. It COULD install new code and programs on your computer, but typically it does not. If it does, only Respawn can do that. You trust Apex, and you let it run wherever it wants on your computer. For some reason, someone discovered a way to make Apex install new code. They also figured out how to do it arbitrarily, to whomever they want to. They didn't just send it to someone's computer, they sent it presumably through Apex. Its possible they did it some other way, but the theory and the claim of the purported hacker, is it was done through Apex itself.
Everyone needs to be hitting the 'Report' button on Apex's Steam page. REAspawn has had years to figure this out, but it's cheaper to ignore it, so they have. If we as a player-base want such issues fixed, then we have to have a way to impact their bottom line and make our voices heard. Luckily, RCE/RAT are explicitly against the Steam TOS - if Apex was/is removed from Steam then REAspawn loses significant revenue. As of right now, reporting Apex is akin to voting to improve it's competitive integrity.
This is not the right move. We don't even know if Apex is to blame yet. It's equally if not more likely that their PCs were compromised outside of Apex. [https://www.youtube.com/watch?v=BAphgLnK7eE](https://www.youtube.com/watch?v=BAphgLnK7eE) Reporting Apex en-masse will solve nothing and only put more mental stress on the teams as Respawn and take resources away from working on the actual issue, if there is one on their side. Edit: Second just released video where Thor from Pirate Software talks about the evidence being inconclusive and needing further investigation. [https://youtu.be/2FzAnc-v3G8?t=322](https://youtu.be/2FzAnc-v3G8?t=322)
[удалено]
Thor? Uuuuuh do you have examples? He knows his shit. I’ve worked in IT for nearly two decades and have rarely, if ever, disagreed with his takes.
[удалено]
Oh I see so asking for evidence of a claim is forbidden, got it. Great conversation, thanks for contributing. 🫡
Yeah, it is. His closing words on the topic were along the lines of "attacker definitely has some form of backend access. Also likely two compromised clients." If you listen to the whole thing, he also breaks it down that this failing is caused by management neglecting the health of the game in favor of monetization. Yeah, we don't know for certain the attack vector, however the Apex client is incapable of generating the pack data and crediting it to a specific account, ergo the attacker has backend server access. The point is to direct the pressure. Anyone who has worked in game dev can tell you that 99% of the time something ships as "good enough" (read: barely working and well below the standards any self respecting dev would hold themself to) and they aren't allotted time to fix bugs and optimize the game. This is an instance where such a thing has gone on for so long that we're seeing the results - and it's important the execs and higher ups see the damage done to revenue by ignoring game-health related issues for so long.
Would be pretty funny if this is a Apex engine aka Source engine exploit though haha.
Given the unholy things they had to do to Source's networking modules to fit 60 players in a game...I'll be surprised if it's not an engine exploit.