Mhyprot Insider: IntroductionJun 3, 2021
Mhyprot Insider: Introduction
Today, I’ve decided to start a new series, the Mhyprot Insider.
China company MihoYo, who releases Genshin Impact and it’s Anti-Cheat measure, mhyprot.
In this series, I’ll keep update about explain how mhyprot work and how sloppy implementation is.
Mhyprot is a original kernel-mode anti-cheat implementation of MihoYo.
Which I discovered and reported, in Disclosure of its vulnerability
After several months from my report, they were completely ignored me, but they certainly noticed there were critical vulnerabilities. stealthily.
Then, December 2020, They signed and released new version of the driver.
Ok, the article I wrote about Genshin Impact's mhyprot (mhyprot2) vulnerability I am seeing that the new version of the mhyprot signed Dec 2020 has been patched or changed encryption method.https://t.co/gtwi6QwwRw pic.twitter.com/C1jmIJJFXL— 沖 絢斗 Kento Oki (@kento932376) June 2, 2021
The driver IOCTL was using an original payload encryption measure.
It looks like they shutted down their IOCTL command that allows user process to copy arbitrary kernel virtual memory.
That IOCTL command was used to snatch a seed that used to encrypt their encrypted-dedicated special IOCTL commands.
But since both encryption and decryption are completed at the client, there’s no heistate to say that we are still able to defeat their encryption measures.
That’s one of the reasons why cheats haven’t been effectively suppressed even modern anti-cheats. there’s always possibility to bypass ANYTHING. No exception.