Why VALORANT Can't Come to Mac — And Why It Doesn't Have to Stay That Way
Source: Dev.to
VALORANT isn’t on macOS. Not because Riot doesn’t want it there, not because So I spent the last few months building a proof-of-concept to answer one does it actually need one? Kernel-level anti-cheat (vgc.sys, EAC, BattlEye) exists because Windows is Apple Silicon is a different environment. Most of those attack surfaces don’t
Windows threat Why it needs ring 0 macOS — no ring 0 needed
Memory read/write cheats
OpenProcess requires handle strip Task-port model + ES events gate access
DLL injection
AppInit_DLLs, remote thread
DYLD_INSERT_LIBRARIES caught at exec by ES
Unsigned kernel code BYOVD is a live threat No kexts without Apple notarization + reboot
DMA hardware cards Requires VT-d/AMD-Vi verification DART IOMMU + no user PCIe on most Macs
Boot-state integrity Relies on TPM (bolt-on) Secure Boot rooted in SEP (native)
Apple didn’t just close these vectors — they built the replacements into the Vanguard-for-macOS is a two-component PoC that delivers anti-cheat Phase 1 — Endpoint Security Monitor (C)
An entitled user-space agent that subscribes to Apple’s ES kernel event stream. Expected output when a cheat attempts memory access against a protected process: [2026] ALERT GET_TASK requester=loader target=MyGame [2026] ALERT EXEC+INJECT path=MyGame via=DYLD_INSERT_LIBRARIES=/path/to/hook.dylib
Phase 2 — Hardware Attestation (Swift + Node.js)
The Secure Enclave generates a non-exportable P-256 key. Apple’s App Attest Running today on real Apple Silicon hardware: [attest-client] SEP P-256 key generated. [attest-client] private key export refused by SEP (expected) ✓ [attest-client] enclave-signed message verifies: ✓
verifyAssertion — happy-path: ✓ valid assertion accepted ✓ replayed counter rejected ✓ tampered clientData rejected ✓ wrong rpIdHash rejected ✓ foreign-key signature rejected 5 passed, 0 failed
The core idea is a trust inversion: the client doesn’t need to be unforgeable. Tamper with the agent, its code I’d rather say this up front than have you find it yourself: The ES entitlement (com.apple.developer.endpoint-security.client) requires Apple’s review to run on stock macOS. It’s pending. Without it, Phase 1 requires SIP disabled to demonstrate — which matters. Phase 4 (System Extension packaging) isn’t done yet. That’s the step that turns this from a research build into something a studio could actually ship. Server-side heuristics, continuous runtime attestation, and hardware input emulators are out of scope — those are backend problems no client agent fully closes anyway. Every Mac player excluded from VALORANT is excluded by an implementation detail, better than a Windows kernel driver for this use case — it’s native This isn’t a complete product. It’s a proof that the path exists. GitHub: github.com/JusticeRox98577/Vanguard-for-Macos If you work in macOS security or anti-cheat and want to poke holes in it, I’d Independent research. Not affiliated with, authorized by, or endorsed by Riot