Reverse POE client anti-cheat

**thefrobel** · 01-11-2020

Anyone (know someone) actively working on reversing the POE client anti-cheat ?

Feel free to PM.

**Sychotix** · 01-12-2020

https://www.ownedcore.com/forums/mmo...ostmortem.html (Path of Exile Anti-Cheat Postmortem)

From what we know of 3.0 (or higher), it basically gets downloaded on demand by the server, does its thing, then immediatlly unloads and responds back to the server. There was someone who was looking into dumping the anti-cheat, but they got tired of waiting for the payload to be delivered to them.

**thefrobel** · 01-12-2020

Is PushedX still active?
No one else working on post-3.0 AC reversing (publicly, on OC) ?

**Sychotix** · 01-13-2020

Originally Posted by thefrobel

Is PushedX still active?
No one else working on post-3.0 AC reversing (publicly, on OC) ?

I would doubt that he is still active, but you can always try to PM him. As far as I know, nobody is publicly working on reversing the AC. We aren't even sure that the anti-cheat is in use right now. Also, because it is delivered on-the-fly, without a patch, they can modify their AC whenever they want.

As far as we know, their anti-cheat can only run within the confines of the game, and from the assumptions we've made based on the thread I linked and previous detections... we should in theory be relatively safe while running PoE with limited permissions (the limited user method).

**Mandatory** · 01-14-2020

If the anti-cheat runs within the confines of POE game. is it possible for them to detect background running .exe's or .ahk's on my machine?

**Sychotix** · 01-14-2020

Originally Posted by Mandatory

If the anti-cheat runs within the confines of POE game. is it possible for them to detect background running .exe's or .ahk's on my machine?

If you run PoE with sufficient permissions to do that, then yes. If you run it as a limited user, then probably not.

**Mandatory** · 01-14-2020

Originally Posted by Sychotix

If you run PoE with sufficient permissions to do that, then yes. If you run it as a limited user, then probably not.

sufficient permissions. is that when you run it as admin?

does it run with sufficient permissions by default?

**thefrobel** · 01-14-2020

You'd have to specifically set it to run as a limited user.
General permission as well as running as Admin allow for enough permissions for any windows process to read processes in memory / etc

https://www.ownedcore.com/forums/mmo...ited-user.html (Run PoE as a limited user)