Recently, ppy emerged a spyware called "Osu anticheat" into osu lazer.

DO NOT RUN any executable provided by ppy/osu repository as release. These binaries contain spyware and may potentialy be malware.

PEPPY is known for screeshoting player desktop.. a similar reddit post, not a proof

If anyone has a dump of the other thread with proofs, please pull request.

Please don't cheat and don't use this code to cheat =].

A OSU-AAC is a project that aims to completely disable osu-lazer client-side anticheat and let people play osu lazer online with self-hosted binaries.

If you want to participate, please look at the token.md and symbols.md file;

Anticheat is located in Osu.Game.Auth.dll, that can be found nearby the osu! binary. It loads as a dynamic library and links a sign into ApiAccess and HubClientConnector.

Please note, that Osu.Game is also infected. Offical osu repo does not contain sign delegate, while binary release code does.

Peppy obviously has a patch that is applied manually every single release.

After doing that, a secret set of tokens are extracted/imported into both server and client anticheat. The tokens are used for signing secured methods like score submitting. Whats a shame, is that without a signature (x-token header) YOU CANNOT play multiplayer.