Hey there. https://valhax.com/ provides a fantastic HWID Spoofer for VALORANT.
Recently, I was analyzing packets sent back and forth from the client in wireshark (they use sockets in order to communicate with their server) and was able to retrieve two sets of download payloads. These differ based on the PC they're initially run on and are generated by their server. I managed to copy these packets and emulate them with my own socket server and can successfully trick the client into thinking it received valid authentication (redirect login.valhax.com authentication server ip to your local one or your own server). However, the issue is, installing and using someone else's download will result in a blue screen of death. If anyone wants to look into this with me, I have two payloads (in hex) from different machines that downloaded the spoofer w/ the loader. Both work on their respective machines but nowhere else. Also, attacking the actual loader will be damn near impossible as the real authentication servers don't generate any downloads without the go-ahead on it's side. Furthermore, the loader is protected with VMProtect. One more thing, the driver that is loaded on boot-up unloads itself by the time Windows starts. I don't have much experience with kernel mode drivers, so I don't even know where to look to find the file(s) on my PC - however, they have to be here somewhere if I repeatedly see a screen on boot letting me know the driver loaded.
If you have experience in this sector, please add me on Discord: Pause#9708
Thanks.
Recently, I was analyzing packets sent back and forth from the client in wireshark (they use sockets in order to communicate with their server) and was able to retrieve two sets of download payloads. These differ based on the PC they're initially run on and are generated by their server. I managed to copy these packets and emulate them with my own socket server and can successfully trick the client into thinking it received valid authentication (redirect login.valhax.com authentication server ip to your local one or your own server). However, the issue is, installing and using someone else's download will result in a blue screen of death. If anyone wants to look into this with me, I have two payloads (in hex) from different machines that downloaded the spoofer w/ the loader. Both work on their respective machines but nowhere else. Also, attacking the actual loader will be damn near impossible as the real authentication servers don't generate any downloads without the go-ahead on it's side. Furthermore, the loader is protected with VMProtect. One more thing, the driver that is loaded on boot-up unloads itself by the time Windows starts. I don't have much experience with kernel mode drivers, so I don't even know where to look to find the file(s) on my PC - however, they have to be here somewhere if I repeatedly see a screen on boot letting me know the driver loaded.
If you have experience in this sector, please add me on Discord: Pause#9708
Thanks.