Developers want to analyze Activision anti-cheat system after driver leak

The kernel driver for Activision’s new anti-cheat system Ricochet has appeared online and work is underway to reverse engineer the system. That claims Twitter account Anti-Cheat Police Department, which collects information in the field of online cheating.

the twitterer shared two screenshots of the leaked driver. It shows that the ‘Activision Ricochet driver’ has been shared on a forum of cheat developers. One of the files shows that the digital signature appears to be from ‘Activision Publishing Inc.’. The twitterer clarifies in the comments under the tweet that it is not about the source code of the anti-cheat system, but the driver. That gives cheat developers an early start, according to account.

He also explains that the driver obfuscation, which is intended to ensure that the driver cannot be easily parsed, is weak according to members of the forum. Instead of virtualizing the driver, it is junk coded to obscure exactly what the driver does. According to the twitterer, work is already being done on the reverse engineering of the anti-cheat system using the driver. It is not known to what extent this is actually the case.

Activision announced Thursday that it is working on a new anti-cheat system for Call of Duty on PC. The system, called Ricochet, is supposed to counter cheating using a driver that works at the kernel level of the computer. The driver monitors for interaction and tampering with third-party software that indicates cheating. The driver should be released later this year.

Screenshot of the forum post where the driver is said to have leaked.