Protecting your Application with Easy Anti-Cheat Rather Than the Actual Game.
Introduction
In this write-up, I’ll walk you through how I discovered a critical vulnerability in Easy Anti-Cheat, allowing any application to be protected with EAC.
Discovery
It all started when I was exploring the EAC launcher to understand its security mechanisms. I wondered how difficult it would be to protect my own application. This curiosity led me to start reversing their launcher. After spending a solid day on this, I concluded that there were no proper certificate checks in place. When I noticed the absence of these certificate checks, I got curious and started to think about what might happen if we removed the certificate from the certificate folder.
Exploit
First, I removed the original game application and renamed my application to match the game's executable. In this case, I was exploiting Fortnite, I renamed my application to FortniteClient-Win64-Shipping.exe. Since the EAC launcher module doesn't check the validity of the certificate in the Easy Anti-Cheat folder. Using this knowledge, I completely removed the certificates from the folder. Next, I turned to the settings.json file, where I found the correct settings that not only validated but also bypassed the checks, thus successfully completing the exploit.
The modified settings.json file looked like this:
{
"title" :"Fortnite",
"executable" : "FortniteClient-Win64-Shipping.exe",
"productid" : "prod-fn",
"sandboxid" : "fn",
"deploymentid" : "62a9473a2dca46b29ccf17577fcf42d7",
"requested_splash" : "EasyAntiCheat/SplashScreen.png",
"wait_for_game_process_exit" : "false",
"hide_bootstrapper" : "false",
"hide_gui" : "false"
}
Now, if we launch the Easy Anti-Cheat launcher, our application will function seamlessly under EAC protection.
POC
Impact
Bypassing EAC protection enables attackers to run unauthorized applications as if they were legitimate game processes, leading to potential security impacts:
Attackers could access restricted resources within the protected application.
The vulnerability could be exploited to run malicious software disguised as a game client, risking system compromise.
Conclusion
After finding the vulnerability, I immediately reported it to Epic Games. Unfortunately, upon submission, I was informed that my report was considered a duplicate of a similar issue raised in 2023, yet it has not been fixed. Anyways Thank you for reading my write-up!
Note
This write-up is intended for educational purposes only.