BattlEye detects virtual environment

[Samuil1337]

Dear @zhaodice,

I hope this message finds you well. I unfortunately have to inform you that BattlEye has had an update that improved their VM detection mechanisms to the point where they are able to unmask our patched QEMU.

After the new Fortnite season update there is an error message telling me to stop the process "Virtual Machine", indicating that the virtual machine is in fact at fault. This happens when I try to join a match, which means that EAC (which checks for VMs on game startup) is working, but BattlEye (which runs during matches) is not. It is also reasonable to assume that the new attack is timing based, because these type of methods need to be run a lot of times to accurately determine if the CPU is fake and I am stuck for minutes in the loading screen until the kick (that could be Fortnite being slow though). It is also possible that they added "ASUS HARDDISK" etc. and the default serial numbers of this patch to their black list. Last but not least I want to redirect to #77. There I described the imperfections of this patch and my exact setup.

I assume that the people at BattlEye just googled "hide qemu", which also resurfaces the moral question of maintaining a public Github repo that is 100% used by some if not most people to cheat (although I am not one of them). If you - Dice - or anybody else is willing to do dynamic analysis on BattlEye/Fornite, I would greatly appreciate it, because that would enable us to fix the root cause more precisely.

Yours sincerely, Samuil1337