Heino DMA / PCIe MitM Bypass – Disclosure and Vindication
A recent disclosure revealed that commercial products implementing a PCIe Man-in-the-Middle hardware attack have emerged, despite prior warnings to anticheat vendors. The author submitted a critical architectural bypass to Riot Games and others in January 2026, but received no engagement or follow-up. Three months later, similar hardware is now available on the market, demonstrating the lack of response from the vendors.
- ▪The author disclosed a PCIe Man-in-the-Middle hardware attack to anticheat vendors in January 2026.
- ▪Riot Games and other vendors rejected the submission without any technical discussion or follow-up questions.
- ▪Commercial products based on the disclosed architecture have been released within three months.
Opening excerpt (first ~120 words) tap to expand
Heino DMA / PCIe MITM Bypass — Disclosure & Vindication April 11, 2026 — Commercial products are now selling that implement the exact architecture I disclosed to Riot Games and other anticheat vendors in January 2026. They declined to engage. Three months later the hardware is on the market. This repo documents what I reported, when I reported it, and what happened after. What I Disclosed in January 2026 I submitted a coordinated disclosure to major anticheat vendors describing a PCIe Man-in-the-Middle hardware attack. The core of it: A device sits in a PCIe slot and mirrors the identity of a real, legitimate piece of hardware — an NVMe drive, a network card, whatever. The system sees only the legitimate device.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.