ANTICHEAT ANALYSIS, GAMERSCLUB, EMACLAB

EMACLAB (Gamersclub) Anticheat Analysis: Reveiling

EMACLAB Anticheat is the solution chosen by the famous GamersClub, an Brazilian league platform for the game Counter-Strike: 2. Much people call it GamersClub Anticheat but EMACLAB is a third party company that actually develops and mantain the anticheat. This anticheat (EMACLAB Anticheat) comes back to around 15+ years ago, it was called “GHP (Game Hack Protector)”, as far as i know the owner/coder remains the same to this day, with a few more people of course, but what we’re really interested in is to know what has been improved since the early days.

It’s worth mentioning that this product has gone throught a lot of drama before, there has been (proofless) accusations of infecting cheat developers with RAT (Remote Access Tools a.k.a Trojans) as well as inumerous hackusations from the community against well known platform players, which often gets banned without solid proofs, which comes down to the question: Is the anticheat really being effective? Whilist having so much power in the first place!?

As many questions have been asked over the years and not many answers are known, I will publish here everything I know so that you can form your own opinion :)

Before we go into the main subject, i wanna tell a little bit more about how the anti-cheat is designed.

  • EMAC-Driver-x64.sys - This is the main kernel-mode component, the core functionality is making sure no unauthorized processes reads and manipulate memory of the game, as well as ensuring no unsigned code/images.
  • EMAC-CSGO-x64.dll - This is the game component, mainly does some shenanigans in the game engine to make cheating harder.
  • EMAC-Client-x86.dll - This is the .DLL that get loaded by the GamersClub launcher, it’s used to authenticate the user/machine and communicate back and forth with the other components EMAC-CSGO-x64.dll and EMAC-Driver-x64.sys.

It’s known and publicly stated in the product ToS that they collect machine metadata, take screenshots and actively scans drives/USB devices, among other things, to try detect cheaters.

EMAC-Driver-x64.sys

As of the time of writing, we will only talk about the kernel driver, honestly that’s the most interesting part of the anticheat and it’s functionality is mostly unknown, well at least until now :)