With Vanguard about to launch in League of Legends tomorrow, I wanted to share something interesting I found a few weeks back while taking a closer look at how Vanguard works.
Quick story :
Vanguard takes screenshots. It can capture your entire screen, overlays and all, that means even your Discord chats might get caught. What’s more, it has the capability to switch to full screen mode, capturing your whole desktop, which then gets uploaded directly to their servers.
Here’s a fun fact: As an EU user like me, you might find your data ending up on a US server.
Long story:
Was reversing vanguard, and found this thingy.
This module will take a screenshot based on parameters sent by vanguard servers.
If vanguard has nothing against you it will have the parameter
window_title = "VALORANT "
Otherwise it will not have it, which means they will take a screenshot of your whole screen.
This image has been resized. Click this bar to view the full image. The original image is sized 916x689.
Then followed by the famous BitBlt!
This image has been resized. Click this bar to view the full image. The original image is sized 1372x904.
Now that the image is taken, they will directly convert it to jpg and then send this to their servers.
Note: quality, output format and what to capture (window or fullscreen) is decided by vanguard servers. They could choose to capture your full screen in case they have doubt.
Note2: This module is executed once per game.
Note3: We are currently writing an article on that module and some others which will have much more information
Note4: the game also seems to be capturing the screen using a more obscure way
Note5: If someone wants to make a video on this, give me a dm, I can totally prove that the module was indeed executed, and that the module comes from rito
Credits: @0xCODEBABE < I'm reversing vanguard with that guy. He originally found this module.
__________________
0xbaadf00dbaadf00d
Last edited by JustAReverser; 30th April 2024 at 03:17 PM.
I'd say they're more likely to use the images for an ESP recognition ia, so for those who cheat and pay for a p2C without screen protection at your peril, and it's not the first time some ac have done this, I'd even say that vanguard is combining all known and original means to fight back.
at least it sheds some light on what vanguard is up to - keep up the good work!
From what I heard the game also take screenshot in a more obscure way which involve vgk, which in fact would bypass the kaspersky syscall hooks
I have never seen any screenshots that use VGK. Is that true?
Anyway, good job for posting this, I was always curious why nobody posts screenshot things.
+
If someone wants to bypass this, you can hook BitBlt on VALORANT.exe (currently they use this process to capture screenshots because vgc is in session 0), but I dont think that this is good way
Is this even something new? AC have been using screenshots for ages
While it's not really new, it is pretty fun to see that somes AC are still not GDPR complient, also, never seen any proof until now. Nor have seen people saying that they are taking fullscreen screenshot
While it's not really new, it is pretty fun to see that somes AC are still not GDPR complient, also, never seen any proof until now. Nor have seen people saying that they are taking fullscreen screenshot
I would guess that there is something in terms of service that gives them consent. (no clue tho, maybe they do it illegally)
Either way, good job if its actually from vanguard
__________________
Faceit whoo?
Swedens biggest UC user (150 kg beast)
Last edited by Zepta; 30th April 2024 at 03:07 PM.
I would guess that there is something in terms of service that gives them consent. (no clue tho, maybe they do it illegally)
Either way, good job if its actually from vanguard
You must spread some Reputation around before giving it to Zepta again.
this specific function is not virtualized. You can find the module pretty easily if you just look at what vanguard servers send you
wow im surprised this isn't virtualised, there is no reason for it not to be.. I don't have vanguard installed at all nor do i play games they associate with and thank god i dont and thanks for this amazing post with actual evidence!
wow im surprised this isn't virtualised, there is no reason for it not to be.. I don't have vanguard installed at all nor do i play games they associate with and thank god i dont and thanks for this amazing post with actual evidence!
note that the module is mapped and so you needs to manually resolve imports etc though its still trivial to find
They only take screenshots of your valorant window/the desktop valorant is on, it's fairly normal and not illegal. If you draw anything over valorant then obviously they want to know?
Why is anyone surprised and this was never a secret, this isn't the first AC nor the last AC that takes screenshots.
Faceit does it, PUBG does it.
play full screen and don't cheat, and boom your paranoia goes away. If you alt tab, aren't focused on valorant it will still take the DC bitmap from the game.
We strive to provide all our services for free and not interrupt your visit with overly intrusive advertisements or restrictions - support us by disabling your ad blocker or whitelisting our site.
0xbaadf00dbaadf00d
Trust ONLY analyzed files on UC! Never download cheats from YouTube or other platforms that are not secure! In most cases, they are viruses.
