I reversed Tower of Fantasy's anti-cheat driver: a BYOVD toolkit never loaded

Love this type of post, thanks for the writeup.

So could you delete the account from inside the game at the end or it requires contacting the customer support?

This is a great writeup.

It looks like this driver is being actively used in malware, too: https://www.fortinet.com/blog/threat-research/interlock-rans...

Not related to the main contents of the post, but

> For the life of me, I couldn’t find a way to do it without having the game installed. There was no web portal and no obvious support route.

They have am email in their privacy policy, which is generally where you should look if you want to delete your account

Some of games are releasing versions without copy protection and/or anti cheats when they are reaching end of their useful life for developers.

I don’t know about that particular game, but it could be the case that the devs intentionally ripped off the driver from it.

Anti-cheat drivers have indeed turned out to be major security risks on Windows. But I think the blame should not be on game developers because kernel-mode anti-cheat is still one of the only methods that’s reasonably effective — and realistically, you can’t expect every game studio to have the expertise to write secure, reliable kernel drivers.

If Microsoft wants Windows to be more stable and secure, they should provide built-in anti-cheat support in the OS. That would reduce the need for third-party kernel drivers in the first place.