The game developers once again talked about how the new anti-cheat system called Mail.Ru AntiCheat works. According to Crytek employees, the game initially developed its own level of protection against cheaters with each update, but practice has shown that it was not as effective as desired.
Earlier, from publications on the game's website, it became known that Mail.Ru has developed its own system that performs all the errors on the server side and thus can quickly track any hacking attempts. After the introduction of the new anti-cheat system, the number of complaints to technical support about violations decreased and about a million accounts of violators were blocked. MRAC is currently being improved and supplemented with new information about all kinds of cheats and vulnerabilities.
According to experts from the MRAC system, the "lifetime" of cheating accounts today is only about five minutes. It is also known that the library of cheats inside the system itself is constantly being updated and new search algorithms are being improved. As a result, any violator is automatically banned a few seconds after appearing in the game. The ideal situation is considered "immunity" - when a sign of some malicious program is loaded into the defense, at first thousands of accounts are banned for it, and then the number of bans is reduced to almost zero.
Today, a new video has appeared on the game's website, in which MRAC itself is described in detail. In the video, both Crytek employees and Mail.ru developers focus on the system's features.
The built-in system for tracking the process and its environment, in order to counteract various unauthorized modifications of the code, is no longer surprising: almost any more or less popular multiplayer game project has something similar. In this article, we will analyze the client protection used by the Blizzard developers, and also implement one of the most effective ways to circumvent it.
WARNING
Warden (translated from English as a caretaker, overseer) - this is how the developers of the most popular games in their genres from Blizzard decided to call the defense system. The system, being actually part of Battle.net, is used in projects such as World of Warcraft, StarCraft II and Diablo 3. Only according to official data, tens of thousands of Battle.net accounts have been banned for all the time, and a large part of this is the merit of Warden ...
For a start, it might be worth finding out what the Warden is. The system consists of two parts: server and client, and, of course, we will only deal with the client. As stated earlier, the Warden is not an integral part of the game code. The client-side code is loaded dynamically from Battle.net in the form of images that vaguely resemble Portable Executable in their structure, which are then displayed at random addresses in the address space of the gameplay. It's also worth noting that most of the Warden client-side code is obfuscated and can change from one game session to the next.
The Warden is a passive defense mechanism, and all the Warden client does is collect information that is then sent to the server. In general, an approximate algorithm for the Warden client side is as follows:
- Getting a list of relative addresses for scanning.
- Reading the required number of bytes for each of the addresses.
- Hashes calculation.
- Build a package with hashes and send it to the server.
The procedure is repeated at regular intervals, several times a minute. If the back-end detects a mismatch between the hashes and the reference values, it is considered that prohibited code modifications are used. In this case, no immediate action is taken - the account is simply marked as violating the rules, and it will be possible to find out that you have been "caught" only after a while, when the account is already blocked. The entire Battle.net account (which may contain many attached licenses) is not blocked, only the game account.
Against the system
It will not be possible to neutralize Warden by simply disabling it or blocking its operation: the system is designed in such a way that the server part should in any case receive response packets from the client, which, in turn, should contain information about the scan. Therefore, there is only one way out - not to get caught. This can be achieved in at least three ways:
- Bypass knowingly dangerous addresses when making modifications to the code.
- Use indirect injection by intercepting one of the DirectX methods - Device.EndScene ().
- Hide all committed modifications on the fly (when scanning).
The first option will work for the time being and by and large is not a bypass as such. The second option (intercepting EndScene ()) really works well, the function is called after the completion of building each frame displayed on the screen and is intercepted, for example, by completely legal video capture programs, which does not give Warden the ability to unambiguously interpret changes in the function code as prohibited modifications. Nevertheless, this option is more suitable for bots and has been successfully used by them for several years already. The third option is ideal for static modifications (like, for example, enabling the rendering of the entire map in Star Craft - maphack), in addition, its implementation is more interesting and technologically advanced in itself. It is the last option that we will consider in detail below.
INFO
Contrary to the common misconception, no personal information leaks (in the version at the time of this writing) occur: only some parts of the gameplay address space are scanned.
Obviously, in order to hide the modifications made, it is necessary to inject into the Warden's scanning code. As you know, this code is not present in the process from the start; moreover, it receives a random address when loaded. For the first time, it can be detected using a debugger, simply by setting a breakpoint to read any of the scanned addresses (from some old, long-detected hack). For example, for the last (at the time of this writing) World of Warcraft build, by setting a breakpoint at the relative base of the main image at 0x0045A6F0, we get into the following code section:
The heart of the Warden scanner masm push esi push edi cld mov edx, dword ptr ss: mov esi, dword ptr ss: mov eax, dword ptr ss: mov ecx, edx mov edi, eax shr ecx, 2 je short; Here the data goes into a temporary buffer from which the hash will be calculated. ; It is enough to substitute original rep movs dword ptr es :, dword ptr ds: mov cl, 3 and ecx, edx je short rep movs byte ptr es :, byte ptr ds: pop edi pop esi ret It was experimentally found that the discovered code does not undergo polymorphic changes, unlike the rest of the module, moreover, it has changed only once in recent years, which makes it an ideal target for implementation. But since this code is part of a dynamically loaded module, it will also be necessary to intercept the moment it appears in the process in order to make changes before the first execution. In the case of WoW, the loader is part of the game code and is located directly in Wow.exe (for the 32-bit version), it can be found by browsing through kilometers of listings in the disassembler, or by using a more cunning path. Memory for loaded images of Warden modules is allocated by the VirtualAlloc () function, the call log, indicating the place where the call was made, will contain the address belonging to the loader.
C ++ void VA_hook_ (DWORD dwCallAddr, DWORD dwMemBlock, DWORD dwSize) (if (dwMemBlock && dwSize> 0x2000) (Logger :: OutLog ("Allocated block:%. 8x -% .8x, called from:%. 8x \ r \ n ", dwMemBlock, dwMemBlock + dwSize, dwCallAddr);))
At the same time, there is no need to iterate over all the records: after logging in and entering the game realm, the required Warden module will already be loaded, you can simply search the entire address space of the binary pattern process corresponding to the previously found data scanning procedure:
C ++ Scanner :: TPattern WardenPattern ("\ x56 \ x57 \ xFC \ x8B \ x54 \ x24 \ x14 \ x8B \ x74 \ x24 \ x10 \ x8B \ x44 \ x24 \ x0C \ x8B \ xCA \ x8B \ xF8 \ xC1 \ xE9 \ x02 \ x74 \ x02 \ xF3 \ xA5 "," x26 "); DWORD WardenProc = (DWORD) Scanner :: ScanMem (& WardenPattern); if (WardenProc) (Logger :: OutLog ("Warden :: Scan proc: 0x% .8X \ r \ n", WardenProc);) else Logger :: OutLog ("Warden :: Scan proc not found \ r \ n" ); 
Thus, we will determine the exact current location of the Warden code we need, and the log of VirtualAlloc () calls will allow us to determine where exactly the memory for this code was requested from, thereby pointing to the Warden module loader. By analyzing the loader code in the disassembler, you can find a suitable place for interception. To do this, you need to find a suitable moment when all sections of the image obtained from the Web will be successfully displayed in the AP of the process, after which it will be possible to implement an interception that modifies the Warden code. A suitable section might be a call to VirtualProtect (), which sets the final access rights to the sections:
Masm lea ecx, push ecx; lpflOldProtect push dword ptr; flNewProtect push eax; dwSize push ebx; lpAddress call ds: VirtualProtect test byte ptr, 0F0h jz short loc_A5BE9C push; dwSize push ebx; lpBaseAddress call ds: GetCurrentProcess push eax; hProcess call ds: FlushInstructionCache 
The code of the springboard function, the transition to which is set instead of call ds: VirtualProtect, may look like this:
C ++ // Called for each section __declspec (naked) void WardenLoader_hook (LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect) (__asm (push ebp mov ebp, esp pushad) if (flNewProtect == section Warden_EXECUTE) (lpAddress, dwSize); // Patching the Warden __asm code (popad pop ebp jmp dword ptr))
Search for data by binary pattern
To make code-modifying patches independent of the game version and not to interrupt the offsets over and over again, you will need the ability to search for a binary pattern (pattern). In this case, based on the code that needs to be changed, a pattern is created that contains enough information so that, if they match, we can confidently say that exactly what was required was found. There are many different ways to implement pattern matching. In my proposed solution, the search is performed using a pattern of the form: xA? B (where A and B are natural numbers, x is an exact match of bytes, the number of which is indicated by the following characters,? Are bytes to be skipped).
C ++ // Initialize the pattern // The first parameter is the data for comparison, the second is the comparison pattern Scanner :: TPattern SamplePattern ("\ x56 \ x57 \ xFC \ x00 \ x00 \ x90", "x3? 2x1"); / * This pattern corresponds to data in which the first three bytes match 0x56, 0x57, 0xFC, then two arbitrary bytes follow, and the last one matches 0x90 * / // Search for a given pattern in a limited area, with the beginning pMemBase and the size dwSize DWORD dwProc = (DWORD) Scanner :: FindPattern (pMemBase, dwSize, & SamplePattern);
Full sources can be viewed in the attached project.
Patcher
In order to be able to hide your actions from the eyes of the Warden, you must remember absolutely all changes made in the memory of the process and have access to the original data that existed before the changes were made. Any changes (interceptions, substitutions, etc.) must be made by the same means, which must guarantee the fulfillment of the stated requirements:
C ++ / * pAddr - pointer to the place of modification pData - data to replace dwDataSize - data size * / BOOL Patcher :: MakePatch (PBYTE pAddr, PBYTE pData, DWORD dwDataSize) (BOOL fRes = false; DWORD dwOldp; if (VirtualProtect (pAddr , dwDataSize, PAGE_EXECUTE_READWRITE, & dwOldp)) (// Remember the original bytes pPatchStruc = // Last item pPatchStruc-> addr = dwAddr; pPatchStruc-> len = dwSize; dwAdwize (pPatchStruc-> PVR), ( / Write new memcpy (pAddr, pData, dwDataSize); dwPatches ++ fRes = true;) return fRes;)
A list of structures containing information on all changes made in the process can belong to an object with a global scope. Modification of the code can now be done something like this:
C ++ bool PatchVirutalProtect () (bool bRetval = false; PBYTE bCode = (PBYTE) "\ xE8 \ x90 \ x90 \ x90 \ x90 \ x90"; // call rel32 DWORD pProc = (DWORD) GetProcAddress (GetModuleHandleA ("KernelBase.DLL ")," VirtualProtect "); * ((PDWORD) (bCode + 1)) = (DWORD) & VP_hook - ((DWORD) pProc + 5); if (Patcher :: Instance () -> MakePatch ((PBYTE) pProc , bCode, 5)) (Logger :: OutLog ("VirtualProtect patched at:% x \ r \ n", pProc); bRetval = true;) else Logger :: OutLog ("VirtualProtect patch failed \ r \ n"); return bRetval;)
Using a centralized patcher does not cause additional hassle, while in addition to simply accessing the original data, we get the opportunity to roll back any change, returning everything to its original state, which is sometimes very useful.
INFO
If you are interested in the topics presented in the article and you want to dig even deeper, then I can recommend, perhaps, the best specialized forum.
Warden's unseeing eye
Now that we have all the necessary information and tools, it remains to replace the Warden scanning procedure with our own, which will substitute the original data instead of the modified data. In this case, the hashes will be identical to those stored on the server, and the code changes will remain unnoticed.
To prevent a single changed byte from entering the Warden's field of view, each scan call must look for the intersection of the set of scanned addresses with the addresses of the patched data. Since the patches, most likely, will not go one after the other (this does not make sense) - there will be a maximum of one intersection for one scan and the data can be taken from the structure associated with one specific patch. All possible intersections are reduced to one double condition: either the address of the beginning of the set of scanned bytes is included in the set of patch addresses, or vice versa. Thus, we have to iterate over all patches, checking the given condition:
C ++ // Are the scanned URLs covered by any patch? for (unsigned int i = 0; i< dwPatches; i++) // перебираем все патчи if ((PatchList[i].addr - dwAddr < dwSize) || (dwAddr - PatchList[i].addr < PatchList[i].len)) // Находим пересечение { pCurrentPatch = &(PatchList[i]); break; }
Having received the structure with information about the patch associated with the current scan, it will not be difficult to replace the data:
C ++ if (! PCurrentPatch) (// Unpatched area is scanned - copy directly memcpy (pOutBuff, (PVOID) dwAddr, dwSize);) else (// Byte processing for (unsigned int i = 0; i< dwSize; i++) { unsigned int delta = dwAddr+i - pCurrentPatch->addr; byte * pCurrent; // Was the byte at this address patched? if (delta< pCurrentPatch->len) pCurrent = pCurrentPatch-> org + delta; else pCurrent = (PBYTE) (dwAddr + i); pOutBuff [i] = * pCurrent; ))
By using the above code instead of the original scan, we can monitor Warden's activity, preventing it from detecting any changes made to the code, even if the Warden tries to check itself for integrity.
SOURCE
The article contains a lightweight and incomplete source code, the author has created a full-fledged working draft attached to the article. Do not be lazy and look at the source, it is quite possible that you will find something useful there for yourself.
Proof of concept
As a demonstration of the workability of the bypass with the extraction of some practical benefit, it was decided to modify the World of Warcraft code at the relative offset 0x008C9A3E, which is checked by the Warden scanner. The routine corresponding to this offset is responsible for verifying the rights to execute the Lua script (many of the WoW API functions are locked to the user and can only be used by the native user interface). The section of code in the area of this offset looks like this:
Masm mov ebp, esp mov edx, dword ptr ss: mov eax, dword ptr ds: xor ecx, ecx push esi cmp dword ptr ds:, ecx je short 01309A84 cmp edx, 22
The offset itself corresponds to a conditional branch after comparing the global variable containing the access level identifier for the current context with zero (zero is the highest privilege). Replacing the conditional jump with an unconditional one, we get the opportunity to use any WoW API functions, creating complex and "smart" scripts that automate many game actions (the most primitive example of use: bind the entire spell rotation with one button, checking cooldowns, and so on, which is initially impossible to do ). The simplified code for installing the patch looks like this:
C ++ PBYTE bCode = (PBYTE) "\ xEB"; // JMP SHORT Scanner :: TPattern Pattern ("\ x33 \ xC9 \ x56 \ x39 \ x0D \ xFF \ xFF \ xFF \ xFF \ x74 \ x44 \ x83 \ xFA \ x22", "x5? 4x5"); DWORD dwProc = (DWORD) Scanner :: ScanMem (& Pattern); if (dwProc) (DWORD dwProcChangeOffset = dwProc + 9; if (Patcher :: Instance () -> MakePatch ((PBYTE) dwProcChangeOffset, bCode, 1);)
After installing the patch, the "protected" functions of the WoW API become available directly from the macros, and in the Warden activity log, we can observe the prevented attempts to scan the patched area. You can verify this by compiling and testing the source codes attached to the article.
How about the rest of Blizzard's projects?
The article considered the option of intercepting the loader code for WoW, for other projects this code is located in the obfuscated battle.net.dll library, according to which, in principle, it is impossible to create a pattern independent of the library version to search for the loader code. In this case, as one of the options, you can intercept all VirtualProtect () calls made from battle.net.dll, processing them like this:
C ++ void VP_hook_internal (DWORD dwCallAddr, DWORD dwMemBlock, DWORD dwSize, DWORD flNewProtect) (// The call was made from battle.net.dll if (dwCallAddr - WardenLoaderHack :: dwBNetBase< WardenLoaderHack::dwBNetImageSize) { // Секция кода if (dwMemBlock && flNewProtect==PAGE_EXECUTE_READ) { MEMORY_BASIC_INFORMATION Mem; // Ищем начало блока памяти if (VirtualQuery((PVOID) dwMemBlock, &Mem, sizeof (MEMORY_BASIC_INFORMATION))) { // Первые четыре байта - сигнатура модуля Warden if (*(PDWORD)Mem.AllocationBase == "2LLB") { Logger::OutLog("Warden image found at:%.8X, code section:%.8X\r\n", Mem.AllocationBase, dwMemBlock); // Патчим код Warden WardenModulePatch(dwMemBlock, dwSize); } } } } }
Complete freedom of action
The ability to make any changes to the game client with impunity opens up the broadest prospects for further research. In fact, in Blizzard games, you can create absolutely anything you can imagine or want. A separate article could be written about the capabilities of unlocked Lua scripts in WoW alone. After all, even simple scripts can save the player from routine actions or reduce dependence on reaction and attentiveness, allowing him to devote a little more time to other things. At the same time, the possibilities of free modifications of the client are not limited to simple unlocking of certain possibilities. In general, go for it!
I want to draw your attention to anti-cheat, actually ask about the possibility of replacing Myac with EAC.
Here's a little about him:
In this thread, we will take a look at the EAC (Easy Anti Cheat). There is really no Russian FAQ, then we will try to put together all the information we know. First, let's talk about the program - this anti-cheat is perhaps one of the best and constantly updated anti-cheats, which is used on many popular servers, including the cyber arena. Easy Anti Cheat is a client-server program, so using it on your server is possible only with the purchase of a license, which will cost those who wish:
50 game servers - 75 euros / month.
100 game servers - 125 euros / month.
150 game servers - 175 EUR / month.
EAC currently supports the following games:
Counter-Strike 1.6
Counter-Strike: Source
Counter-Strike: ProMod
Team Fortress 2
Possibilities:
Memory scan, checksum check, anti aimbot, kernel access blocking and much more
- Improved system for taking game screenshots
- Protection against reverse engineering
- Online player statistics
- Prevent sprites and sounds from being replaced
- Forced installation of 32bit textures for all players (Counter-Strike 1.6)
Configuring and running EAC
To begin with, let us remind you that EAC only works with servers where the license for the program is installed. You will not be able to use this anti-cheat, for example, while playing on your server. After downloading EAC, you will see one exe file, you need to run it. Since EAC is a portable program, no installation is required.
The correct sequence of actions for the successful integration of the EAC:
Steam launch
Launching EAC
CS / CS / CS / TF2 launch
After starting EAC, you should see a window like this:
You will see a list of servers available for connection. To select, just click once on the corresponding icon and Easy Anti Cheat will display information about the number of people playing on the server. After that, you can start the game.
Problems and solutions
1) Problem: I have one of the following errors:
- Every time I start the client, it asks me to update and nothing happens
- Anti-cheat does not start at all!
- I have problems with initialization when starting the game
- My game freezes if I launch EasyAntiCheat!
1) Solution: Some antiviruses and / or firewalls prevent EAC from working normally.
There are antiviruses that recognize EAS as malware, and this is not strange since anti-cheat scans memory and is introduced into game processes for control. If your antivirus blocks EAC, try to disable it for a while, download EAC and start it, then restart the antivirus. The same goes for the firewall - it can block the ports that the EAC uses to connect. Try to disable it while the EAC is running. An alternative to disabling the antivirus / firewall is to add the EAC to the trusted or allowed list.
2) Problem: Already when starting the game, Easy Anti Cheat gives the following error:
"Error getting required access privileges!
Please run Steam as administrator. "
2) Solution: For Windows 7 64bit, it is sometimes necessary to run Steam with administrator rights.
To get started, close Steam, right-click on the shortcut and select "Properties"
In the properties, open the "Compatibility" tab and at the very bottom put the checkbox next to "Run this program as administrator". Click OK.
3) Problem: After I launch Steam as administrator, Ventrilo / TeamSpeak / Mumble does not work for me!
3) Solution: In order for these programs to use hotkeys, run them as administrator too.
4) Problem: I updated my antivirus and now it detects Easy Anti Cheat as a virus!
4) Solution: As we already wrote above, due to the specifics of the EAC, antiviruses give false alarms.
Either disable the activator during the launch of the EAC, or add an exception for the EAC in the antivirus settings.
5) Problem: Every time you start EasyAntiCheat, it asks to download the latest version, but I downloaded the latest one!
5) Solution: Perhaps your browser is downloading the client from a saved copy in the cache
Clear your temporary browser files.
6) Problem: Message on the server: Easy Anticheat not enable on server.
6) Solution: The EAC server does not immediately take control of the game server because the EAC is a client / server program and this process takes some time. You just need to wait a few minutes.
Everyone who knows what EAC is, please unsubscribe too
It really works, EAC is much harder and more expensive to get around, almost impossible to say!
Thank you in advance!
Most servers, not even most, but almost all servers are visited by players who use cheats. And only from three to seven percent of servers install high-quality anti-cheats for themselves. But still. No matter how an anti-cheat product is created, its own anti-cheat will be written for it, this is just a problem of time. But today, we will deal with the standard systems for fixing cheats on CS servers. So let's take a look at such a VAC system. VAC - Valve Anti-Cheat, is an anti-cheat developed by Valve, is a server protection module against cheats, it is distributed between game clients through a secure channel of the VAC server. That is, players do not need to download third-party software and install it in addition to the game. If a new VAC module appears, the cs servers automatically download the update and install it in the background. This is very convenient, since you do not need to update with a key, or keep track of the admins for the latest patches. So VAC is the main licensed version of the anti-cheat for your server. But let's take a look at how the VAC system works on your cs server, and how it keeps track of the cheats. First, the vak starts scanning the player's computer buffer memory for running cheats, it does not scan the hard drive. If nothing is found, then it passes to the server. Another main feature is the verification of the cd-key license key with the official database of all keys. The bottom line is. What if a player with a licensed counter is caught with a cheat automatically, then he gets into the ban not only of one cc server, but also on all servers connected to the VAC protection system. So we do not advise you to use cheats on such servers. If you get on this list, there will be no turning back. There is really one problem, and it lies in the same memory scan. The system may mistakenly consider a running program as a cheat and ban you. Valve strives to improve its system by monthly testing for different programs, so that when the program checks for cheats, it considers third-party software to be trusted, and cheats to prohibit. And thus bypassed good gamers.
Note also that VAC has an anti-cheat method like wallhack. The VAC has an integrated blocker for this cheat. The essence of protection lies in the fact that this blocker checks all the points of the sight, where it is directed. And it works according to the system "If I see, then ban, otherwise kick." The system works stably and allows you to track all wallhackers who decided to look through the wall. But if such a situation is that a hole was found in the work of this blocker, and in the latest versions of wallhack cheats, there is a bypass of this protection algorithm. But, as you know, VAC does not sleep, and more than once releases patches for the arisen jambs in the code.
A VAC ban is permanent, non-negotiable and cannot be removed by Steam Support.
If you are mistakenly subjected to a VAC block, it will be removed automatically. If you would like to discuss the VAC system with the Steam community, you can do so.
FAQ:
What is VAC?
VAC (Valve Anti-Cheat) is an automated system designed to detect cheats on users' computers. If a user connects to a VAC-protected server from a computer with recognizable cheats installed, they will be blocked by the VAC system and will no longer be able to play the game on VAC-protected servers.
The VAC system reliably detects cheating programs by their signatures. Any third-party changes to the game made by the user in order to gain an advantage over others are classified as cheats or hacks and will lead to a blocking by the VAC system. Replacement of executable files and dynamic link libraries falls under these changes.
Individual server administrators can block a specific player, but they cannot block a cheater using the VAC system.
The following actions not lead to blocking by the VAC system:
- Using chat programs like X-Fire or Overwolf
- Hardware configuration
- Updating system drivers such as video card drivers
How can I avoid blocking VAC?
To exclude the possibility of blocking your account, use only trusted computers to play on servers protected by the VAC system. If you cannot tell for sure if any cheats are installed on the computer you are using, refrain from playing on secure servers.
Be vigilant when installing any mods such as scripts or custom skins. Only download custom content from trusted sources. Hackers can maliciously disguise their cheats as mods so that other users get blocked.
For more information on securing your account, see our Account Security Guidelines.
More information on Valve's guidelines can be found in the Steam Subscriber Agreement.
If I am blocked by the VAC system, what does this mean for my account?
For more information on how VAC blocking affects your account, please refer to the article.
How do I tell Valve about a new cheat?
If you have information about new cheating programs, especially private ones (not available on public websites), and you can provide links to them or the executable files themselves, please send an email with all the information to the email address:
All emails will be reviewed by the staff responsible for developing the VAC.
How do I report a cheater?
If it seems to you that a cheater was present in the game with you, let us know about it, follow the instructions in the article.
Note: VAC does not block users based solely on complaints. Other factors are also taken into account when deciding whether to block a user.
What games are protected by VAC?
A list of VAC protected games can be found on the Steam store at the following link.
If I am blocked, can I play on unsecured servers?
Yes, if the game provides such an opportunity.
Some VAC protected games allow servers that are not VAC protected. Blocked users can still play on unprotected servers for the game they were banned for cheating. Please keep in mind that not all games have unsecured servers.
Will I get hurt if the person I shared my game library with cheats?
What is the difference between server blocking and VAC blocking?
VAC blocking makes it impossible to play on all secure servers on Steam, while server administrators can block someone on their servers, but this is not as serious as in the case of VAC. Valve cannot prevent blocking on custom servers. The server owner has the right to block any player for whatever reason.
If you find yourself blocked on a large group of community servers, it is very likely that you have been blocked by a third party system such as Steambans or Punkbuster. These third party systems are used by many servers and share a common database of blocked players. These systems are not affiliated with Steam in any way, and we cannot help you with problems related to them.
You will be blocked by the VAC system only if you connect to a secure VAC server from a computer with installed cheat programs.
