Seraph is a Assistance Software for the battle royale game Apex Legends. It is splitten between 3 parts.
- A Usermode application, which does the logic and connects to the Teensy to perform mouse movements.
- A Kernel Driver to read memory from the game
- The Teensy, which acts as a additional mouse, sending mouse movement when requested by the usermode application.
-
Seraph requires you to have the latest Windows10 Version
-
Visual Studio including everything for C++ and WDK (Windows Driver Development Kit) to compile the Projects.
Which is the main cheat itself, containing all the logic and reverse engineering work including offsets. It also communicates with the Teensy through serial-port-communication.
The kernelmode driver uses MmCopyVirtualMemory which gets a pointer to the Windows-Internal EPROCESS structure through PsLookupProcessByProcessId
Since Easy Anti-Cheat detects IOCTL communication to drivers which are manually mapped (pointing to invalid driver device in memory) , socket communication was used.
Although it is generally considered slower than IOCTL, the performance was great.
IMPORTANT In order to use the Driver, you need to load it somehow (WINDOWS TEST MODE DOES NOT WORK WITH EAC!). I would advice to map it cleanly, since that's the way I did. There are still no bans so far for about a half year now.
Including a Login System (You need to implement it your own, I've used Cryptolens) and settings for every Feature.
We use the Teensy 4.1 to move the mouse(to aim). There are still detection vectors in here since the Teensy emulates a real mouse. Although having multiple mouses attached isn't a DT vector, playing with multiple is, especially when the device is a Teensy.
I did not investigate if EAC flags for doing so, but they definetly don't, and probably never will ban for it.
This Diagram was NOT done before writing this, I quickly created it to make my explanations more clear. If you are really interested into this project, I would recommend to read everything.
The Usermode Application sends a PacketCopyMemory structure as packet to pass info to the Kernel Driver.
Once received, the kernel driver reads the information in the game process and returns that info to the usermode application, which executes the logic and communicates with the Teensy (as described below) for aiming.
The Teensy receives a array of size which holds the X and Y coordinates where the aimbot should aim at. Communication Function The serial port sends the data sequential, so we can handle the values sequential aswell since we've never received an array. Instead we receive the values in a sequential order.
The Aimbot is smooth, and has the option to be smoothed out to a point where no one will recognize it.
Glowing enemys through walls (or not), including the option to choose between multiple Glow Contexts