Friendly Reminder VFIO Linux Gamers. Anti-cheat programs were always the reason and we couldn't play Windows games on Linux with Wine.
Before start writing the solution of how i avoided the Virtual Machine Detection-Ban from the anti-cheat programs and i am playing my games on a VFIO Virtual Machine without fear, i feel the need to write some historical and tech facts to make my article valid from the beginning and to help the current and future anti-cheat developers to not repeat the mistakes of the past.
1. Virtual Machines (VM in short) like QEMU on KVM (that the VFIO Linux Kernel Driver uses) are not hacking programs and never were hacking programs and even Microsoft are using VM and they created their program for Virtual Machines with name Virtual-PC, Hyper-V now to use it for many serious tasks like the creation of Windows for tests and practices or the Windows OS image Backup program that is inside every Windows Control Panel!
If you still want the proof of my sayings, open the control panel of Windows and choose to create an image backup (you need to have a 2nd separated disk installed for this test). when it finishes the image backup use a Linux live CD and mount the disk where you stored the image backup of Windows or use
my gamelink program and press the browse button to see the folders and the size of them of this hidden folder that the Windows image backup program created. Inside the Backup folder there is a VHD big file that is actually a clone disk and with the same size of the total files of your C: disk. VHD means Virtual Hard Disk and it is the extension of the files that Windows OS uses when it creates Virtual Machines with hypervisor program.
Even you didn't know it until now because you couldn't read inside the folder the backup program of Windows is creating, with this example you just realized that the Virtual Machines are not Hacking programs but legit and very important type of programs for the Windows OS!
 |
This is How it Looks the Virtual Machine Detection-Ban. It removed me from a Solo Game!
|
2. Game Cheats and Cheaters exist before the creation of Virtual Machines and if cheaters are using VM today to make their deployment of their cheat programs easier, this fact doesn't make the VM Hacking Tools too!
Also, cheaters are using mostly VM because it's easier for them to create VM than dockers or any other container for their cheats and when the software containers will be more common than now the hardware detection will be total useless!
3. And in case some suspicious people say that i am a cheater and i want to use KVM VFIO VM to hack i will say to him/her that the cheaters are so advanced now and hardware independent that they don't use PC anymore and the Console cheaters are a ... fact and unfortunately a well known fact!.
As you can see on the video below the cheaters are not using Virtual Machines anymore but ... special small machines like this device that promoted some months ago on youtube with thousands of views and with links from Amazon to buy it!
Watch please to understand that the hack machine is using the hdmi cable (like the streaming hardware) and it is total independent from the hardware now!
How to Full Expose Your Real Hardware to VFIO VM to avoid the Detection-Ban from anti-cheat programs.
As the title says, the solution to avoid the detection ban from anti-cheat programs is to expose your BIOS to VFIO VM and ofc to make the hardware profile of VM looks like a real machine!
The steps you should follow are these... You have a) to fully expose to VM your real BIOS Hardware, you have b) to make the VM reports Virtualization enabled on Task Manager and maybe c) is good to avoid the usage of devices that loading QEMU drivers like the virtio balloon.
And now i will explain how i did these 3 steps and i avoided the detection-ban of my VFIO VM on RainbowSix with the Virt Manager too because i really like it as software and i am using it all the times 😀.
a) press View -> Details -> Overview and press the XML tab on Virt Manager and inside <os></os> tags add the following line to full expose your BIOS to VM.
<smbios mode="host"/>
b) enable the virtualization inside the VFIO VM. You should have at least pc-q35 BIOS because new VGA drivers are not loaded on an i440fx and add these lines inside <features></features> tag
<kvm>
<hidden state="on"/>
</kvm>
and inside <cpu></cpu> tag except that the type should be host-passthrough you should have this tag too.
<feature policy="disable" name="hypervisor"/>
If you confused and you don't know what to add or change i will post mine as reference for a 4 cores VFIO VM that Battleye doesn't detect it as VM anymore on RainbowSix as of November 1 2023 at least, i really don't know what will happen tomorrow😕.
<vcpu placement="static">4</vcpu>
<os>
<type arch="x86_64" machine="pc-q35-5.2">hvm</type>
<smbios mode="host"/>
</os>
<features>
<acpi/>
<apic/>
<hyperv mode="custom">
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
<vendor_id state="on" value="12CharssLong"/>
</hyperv>
<kvm>
<hidden state="on"/>
</kvm>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="none" migratable="on">
<topology sockets="1" dies="1" cores="4" threads="1"/>
<feature policy="disable" name="hypervisor"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
<timer name="hypervclock" present="yes"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
#more about
vendor_id The optional vendor_id attribute ( Since 0.10.0 ) can be used to set the vendor id seen by the guest. It must be exactly 12 characters long (letters and numbers). If not set the vendor id of the host is used. Typical possible values are "AuthenticAMD" and "GenuineIntel". if you count both AuthenticAMD & GenuineIntel have 12 characters.
c) maybe it is optional but i am thinking it's better to not load any driver that has the name QEMU inside your windows guest but if you are searching how to disable the virtualballoon driver (if you are using only one VM for gaming you really no need it because it helps to lower the host's ram size usage on systems with multiple VM running same time), find the <memballon> ...</memballon> and replace it with this tag.
<memballon model="none"/>
How to Check if your VFIO VM is not exposed as VM on Windows.
The most important you have to do after these changes is to investigate that your VFIO VM is not reporting that it is a VM. Do not start the game before do these 2 checks please. I am sure nobody wants to be flagged from anti-cheat programs as Virtual Machine user at least one time like i was...
As i learned hard way the anti-cheat programs are investigating if the BIOS is reporting the SeaBIOS that the QEMU is loading for theVFIO VM BIOS and if you want to easy find if your VFIO VM is still using and reporting it, press winKey + q and type msinfo32 and read what the System Summary information says.
if the System Summary inside 1st page of msinfo32 says SeaBIOS as BIOS and QEMU as the type and not your REAL BIOS the Battleye and maybe any anti-cheat program will flag your VFIO VM as VM.
Ofc, you can unload any other QEMU driver like dvdroms and memballon as i suggested on c) but i saw that the Battleye ignored them while i was trying to fix the issue. Now i have total removed any emulation H/W and QEMU driver from Windows VFIO guest.
And if you want to check that your VFIO VM is ready to play games open Task Manager and check the red line Virtualization says enabled like the image below.
 |
And this is How it Looks the Task Manager inside the Greatest Cheating Tool ever created. The Virtual Machines!!! /rant mode off
|
Conclusions and Final Thoughts.
i wrote this post to help mostly the developers of anti-cheat programs to understand that the Hardware or even the Software Detection is really obsolete (this is the reason and i embedded the above Video) and there are players that chose the Linux host + Windows guest VFIO VM (my windows VM guest is activated with a windows serial key of the chassis) for specific reasons like the implementation of
Shared Linux Folder to Windows Guests or as streaming windows PC (future post) or even as recording PC for our games & programs (like the
Gamelink Usage Help Videos) and these implementations can happen only on Linux PC that host a Windows VFIO VM.
For the last i will let here some links from the PUBG game because PUBG is using Battleye from the first moment and it suffered long time from cheaters, it was the reason that i said the
Linux gaming era is starting when it announcement its support to Linux but i stopped playing PUBG because Battleye blocked my IRL friends. Batttleye at the beginning blocked any software had macro abilities and the PUPG players that had a mouse or keyboard with installed the manufacture drivers. What Companies Affected from Battleeye macro-sw detection? Corsair, Logitech, Steelseries, A4Tech, Hama are some of them and you will find them all on the links below.
For
the History and great irony for the Windows PC gamers of PUBG, Battleye stopped/blocked the SW from mice because of the possibility of recoil cheat something that the console cheaters are actually doing now by adding a small cheat device on the hdmi as you watched on the above video and unfortunately these cheaters can do more via hdmi and console cable, way more as you can see on the video below that posted 1 month ago when he watched the ... in-game CAMERA of the cheater!
The detection of cheaters and the punishment of them really improved when PUBG implemented the Camera and Camera is a combined result of client and server code!
The Solution for Cheating in Games is not only Client side, Never Was!
And for this reason i embedded the 2nd video and if any reader of this post is thinking that i am blaming the anti-cheat companies, don't do the mistake to not understand the character of the conclusions paragraph. I am just reporting the results of their unfair H/W - S/W detection-ban because special for PUBG the Battleye cost many legit PUBG players at the beginning, the same way steam is losing players from the windows 7 debate now or like console manufactures will lose console players in the near future if they choose to not stop the real cheaters who are selling their cheating machines on amazon as you watched on video links of the 1st video.
For the same reason the manufactures of the hdmi-console cables or of the parts of the PCB of the previous video are not the cheaters like Corsair, Steelseries and Hama weren't for PUBG because their S/W had macro abilities, so a VFIO VM windows PC player is not a cheater either!
