Everything you need to know about RICOCHET ANTI-CHEAT™
October 14, 2021
Credit: Call of Duty Blog
Pulling out all the stops
Activision has pulled back the curtains on their proprietary anti-cheat (AC) dubbed “RICOCHET”. According to the blog post, “RICOCHET Anti-Cheat initiative is a multi-faceted approach to combat cheating” coupled with “a team of dedicated professionals focused on fighting unfair play.”
RICOCHET, from it’s description, seems similar to other leading, industry standard anti-cheats like Easy Anti-Cheat, Battleye and Riot’s Vanguard. So let’s break it down.
Kernel Level with a dash of Machine Learning
Although RICOCHET runs at kernel level like Riot’s Vanguard, unlike Vanguard, it doesn’t run when your PC starts up. According to the post, RICOCHET only runs when you start Warzone or Call of Duty: Vanguard.
RICOCHET’s approach to fighting cheaters seems to be an offensive on two fronts. First, the anti-cheat has brought improvements to internal statistical tracking in-order-to fight cheaters using data science and analytics. The idea being that if a cheater gets past the kernel level AC, they’ll be caught using statistics. This is actually fairly common among popular ACs like Riot’s Vanguard and EAC.
The blog also mentions the use of machine learning (ML), however details are sparse at this time. It may be something akin to VACNet, which is Valve’s foray into using ML and AI to detect cheaters via a replay system.
Or it may instead be similar to the tools other ACs use to catch cheaters. This involves building a model based on convicted cheaters to determine if a suspected cheater meets the criteria to be deemed a cheater.
Of course this is all speculation, as the implementation of ML in RICOCHET will most likely be kept private by Activision. Of course, as with everything, we’ll have a better idea once RICOCHET releases.
As for the kernel-level driver, here’s the information shared by Activision.
- RICOCHET Anti-Cheat’s kernel-level driver operates ONLY while playing Call of Duty: Warzone on PC.
- RICOCHET Anti-Cheat’s driver is not always-on.
- RICOCHET Anti-Cheat’s driver monitors the software and applications that interact with Call of Duty: Warzone.
- When you shut down Call of Duty: Warzone, the driver turns off.
For the layman, a kernel-level driver has the highest level of access to your PC. Most programs on your PC operate at user-level. Kernel-level operates at a level ABOVE that. It’s the level at which most cheat software operates.
After the controversy last year that Riot’s Vanguard spurred over it’s always-on anti-cheat, it makes sense that Activision would make “privacy concerns” a major talking point. From the information given, it seems that this kernel level driver is no different from AC implementations by EAC (Easy Anti-Cheat) and BattleEye.
What about Cronus?!
While nothing is confirmed by Activison, scripting devices like Cronus, Titan Two and StrikePack work similarly to the way macros do on PC. These scripts don’t have the same degree of randomness expected from human input. It’s possible that the lack of randomness in these scripts becomes a detection vector for RICOCHET to catch cheaters.
There’s also the fact that Sony and Microsoft do have the ability to detect these devices, it just falls on developers asking Sony and Microsoft to do so. There’s also the small edge case that by disabling 3rd party controller devices, this may also shut out those who use special controllers due to disabilities. It’ll be interesting to see how Activision proceeds.
Is cheating solved?! Is this the magic bullet? (Pardon the pun)
While this makes cheating MORE DIFFICULT, competent cheat providers will find a way to bypass RICOCHET’s kernel-level driver. Even Activision understands this truth, as this answer can be found in their FAQ section for RICOCHET.
Most cheat providers that bypass anti-cheats like Riot’s Vanguard and EAC have trouble staying undetected for long. Especially as those AC teams go hard after well known public providers. Let’s hope the RICOCHET team can find the same level of success.
For those cheat providers that manage to evade that fate, they’re typically lesser known. They won’t show up on the first page of Google and their user base has steep restrictions on it. For the most secure, undetected cheats, they require ID verification, steep monthly prices, unique builds and are limited to 500 or less users. This restriction is commonly known as a slotted cheat.
If a cheat is very public to the point where they caught detections BEFORE RICOCHET, they won’t have an easy time after. These cheat providers sell resold, mass produced cheats. They’re constantly detected and make their money selling to those new to the cheating scene. IMO if there’s a Warzone cheat provider that EVERYONE knows the name of? GGs for them.
When does RICOCHET release?!?
According to the blog post, RICOCHET’s kernel-level driver is set to release with the Pacific integration of Call of Duty: Warzone and Call of Duty: Vanguard. However, many of the server-sided tools implemented into RICOCHET will go live with the release of Call of Duty: Vanguard.
RICOCHET Release Calendar:
Server-sided tools: Vanguard’s release (November 5th)
Kernel-level: Pacific Integration
The dates for the Pacific Integration of Call of Duty: Warzone have not yet been officially released. Current rumors point towards November 23rd.
Keep it locked to ModernWarzone.com for all your Call of Duty news.