starred/nbfc-hirschmann
1
0
Fork 0
mirror of https://github.com/hirschmann/nbfc.git synced 2026-04-26 00:56:01 +03:00
Code Issues 90 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #885] Apparently a vulnerability. #771

New issue
Closed
opened 2026-02-26 00:33:32 +03:00 by kerem · 3 comments
kerem commented 2026-02-26 00:33:32 +03:00
Owner
Copy link

Originally created by @thederp on GitHub (May 6, 2020).
Original GitHub issue: https://github.com/hirschmann/nbfc/issues/885

Valorant's Riot Vanguard is apparently blocking this application probably because of this vulnerability.
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=WinRing0&search_type=all

This is a message from Valorant's reddit moderators:
"Vanguard will automatically disable certain software that has known exploits used by hackers to cheat. Quite a few popular software packages used for overclocking, fan control, RGB lighting, and more are vulnerable to these exploits. Usually, either uninstalling or updating these software packages is enough."

Originally created by @thederp on GitHub (May 6, 2020). Original GitHub issue: https://github.com/hirschmann/nbfc/issues/885 Valorant's Riot Vanguard is apparently blocking this application probably because of this vulnerability. https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=WinRing0&search_type=all This is a message from Valorant's reddit moderators: "Vanguard will automatically disable certain software that has known exploits used by hackers to cheat. Quite a few popular software packages used for overclocking, fan control, RGB lighting, and more are vulnerable to these exploits. Usually, either uninstalling or updating these software packages is enough."
kerem closed this issue 2026-02-26 00:33:32 +03:00
kerem commented 2026-02-26 00:33:33 +03:00
Author
Owner
Copy link

@hirschmann commented on GitHub (May 6, 2020):

While the WinRing0 driver allows unrestricted access to the CPU's model specific registers (MSR), the OpenHardwareMonitorLib plugin which NBFC uses to access the hardware on Windows machines restricts access to the driver to builtin administrators and the SYSTEM user (see KernelDriver.cs)
This means the exploits you've posted require at least the privileges of the builtin admin account if the driver was installed by NBFC/OpenHardwareMonitorLib which makes them effectively useless.

I understand that this doesn't prevent someone from manipulating their system, but I also think it's not possible to lock out users from their own systems anyway (if they have administrative permissions). Cheaters will always find a way to cheat.

That being said, it will probably not be possible to fix issues in the WinRing0 driver, because nowadays a kernel mode driver has to be signed with an Extended Validation Code Signing Certificate which afaik are only sold to companies, not to individual users.
(see Signing a Driver for Public Release)

Unfortunately I have no solution or workaround for this problem.
I know it sucks, but unless Riot changes their anti cheat system NBFC will not run on systems where Vanguard is active :(

<!-- gh-comment-id:624872936 --> @hirschmann commented on GitHub (May 6, 2020): While the WinRing0 driver allows unrestricted access to the CPU's model specific registers (MSR), the OpenHardwareMonitorLib plugin which NBFC uses to access the hardware on Windows machines restricts access to the driver to builtin administrators and the SYSTEM user (see [KernelDriver.cs](https://github.com/hirschmann/nbfc/blob/master/Core/Plugins/OpenHardwareMonitor/Hardware/KernelDriver.cs#L72)) This means the exploits you've posted require at least the privileges of the builtin admin account if the driver was installed by NBFC/OpenHardwareMonitorLib which makes them effectively useless. I understand that this doesn't prevent someone from manipulating their system, but I also think it's not possible to lock out users from their own systems anyway (if they have administrative permissions). Cheaters will always find a way to cheat. That being said, it will probably not be possible to fix issues in the WinRing0 driver, because nowadays a kernel mode driver has to be signed with an Extended Validation Code Signing Certificate which afaik are only sold to companies, not to individual users. (see [Signing a Driver for Public Release](https://docs.microsoft.com/en-us/windows-hardware/drivers/develop/signing-a-driver-for-public-release)) Unfortunately I have no solution or workaround for this problem. I know it sucks, but unless Riot changes their anti cheat system NBFC will not run on systems where Vanguard is active :(
kerem commented 2026-02-26 00:33:33 +03:00
Author
Owner
Copy link

@thederp commented on GitHub (May 9, 2020):

I just got an update from Riot's support and this was there message:

Hello Agent,

We wanted to follow-up on the issue you're experiencing with Vanguard when trying to play VALORANT. Our devs pushed out a new update today; with the newest patch of Vanguard, we have improved compatibility on many cheat-vulnerable drivers. Most previously blocked drivers should now have full functionality. Some specific drivers, used almost exclusively for tampering with the game, will cause the game not to start as explained here:

https://twitter.com/PlayVALORANT/status/1258493180510519296
To get the new version, you'll need to launch VALORANT and the patcher will update you. After that, a reboot (restarting your device, not shutting down and powering back on) will be required to get the full effect.

So, NBFC works fine now after restart, it will not block it at startup or login anymore. And it also continues to work without issue while Valorant is running. At least for now. So, thanks for taking the time to look into it and responding. Seems it's resolved now, so, I'll close this issue.
You may want to close this issue as well #884

<!-- gh-comment-id:626208192 --> @thederp commented on GitHub (May 9, 2020): I just got an update from Riot's support and this was there message: > Hello Agent, > > We wanted to follow-up on the issue you're experiencing with Vanguard when trying to play VALORANT. Our devs pushed out a new update today; with the newest patch of Vanguard, we have improved compatibility on many cheat-vulnerable drivers. Most previously blocked drivers should now have full functionality. Some specific drivers, used almost exclusively for tampering with the game, will cause the game not to start as explained here: > > https://twitter.com/PlayVALORANT/status/1258493180510519296 > To get the new version, you'll need to launch VALORANT and the patcher will update you. After that, a reboot (restarting your device, not shutting down and powering back on) will be required to get the full effect. So, NBFC works fine now after restart, it will not block it at startup or login anymore. And it also continues to work without issue while Valorant is running. At least for now. So, thanks for taking the time to look into it and responding. Seems it's resolved now, so, I'll close this issue. You may want to close this issue as well #884
kerem commented 2026-02-26 00:33:33 +03:00
Author
Owner
Copy link

@hirschmann commented on GitHub (May 10, 2020):

Wow, I didn't expect that. I'm glad it works again now. Thanks for letting me know :)

<!-- gh-comment-id:626315321 --> @hirschmann commented on GitHub (May 10, 2020): Wow, I didn't expect that. I'm glad it works again now. Thanks for letting me know :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
stable
beta
1.6.3
1.6-beta2
1.6-beta1
1.5.3-beta
1.5.0
1.4.5-beta
1.4.4-beta
1.4.2
1.3.4
1.1.1.19
1.1.0.17
1.0.0.0
Labels
Clear labels   
Stale

   
bug

   
config

   
discussion

   
duplicate

   
enhancement

   
experimental

   
feature

   
help-wanted

   
info

   
invalid

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
up-for-grabs

   
wontfix
No labels
Stale
bug
config
discussion
duplicate
enhancement
experimental
feature
help-wanted
info
invalid
invalid
pull-request
question
up-for-grabs
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nbfc-hirschmann#771
No description provided.