Implementing Anti-Cheat

Haven’t seen anything on this, how would you go about doing it?

Anti-Cheat is like a Anti-Virus software it is very hard for a single person to code it and if you do manage to do it is an ongoing process of updating because of the rapid updates that cheaters are pushing out.
Most cheats involve injecting a DLL into the game processes (suspend process, alloc memory, copy LoadLibrary code, save registers and move the instruction pointer, resume process… | CreateRemoteThread()) and either modifying the function table to hook events or hooking direct 3D calls. So to make an anti-cheat you would have to detect these actions.

You could implement things on the server to detect player velocity and other unnatural values for fields, and perhaps allow users to send cheat reports, that would trigger the server to record the target player’s movement and actions. Detecting remote thread attachments and memory alters is gonna be a nightmare.

How does Valve’s cheat system work? Can you integrate that? I’ve seem some indie games use that (Rust maybe?).

Good anticheats (not from scratch and in no special order)

Gameblocks (fairfight)

No anti-cheat if fool proof just FYI.
To get back in subject you should worry about that after you reach a working copy state like Alpha release. Implement something that is already there like Vapor33 said and then you can also create your own to back it up.

No Cheat-System works unless you handle all important values and verify anything on server like a MMO.

I did learn C/C++ and Assembla through Cheating…

Hello , try to create a separate library - cheat . Which will have plenty of flow , which will be responsible for ralichnye safety aspects ; just try not to use the standard data types , for example, if possible, use a 1- 2- byte variables , if possible, instead of 4 bytes. Also, you can try to use salt in the data : for example, we have 100 edenits health, and keep in mind - a temporary variable its salt - 200. For kordinat player can use three vectors : kordinaty past , current , and the current acceleration kordinay …

P.s Sorry for my bad English .
P.P.S. Try to implement a library that each time itself will be generated - for example to create a litter to offset the memory addresses .
P.P.S. Cheat maintenance used as a client-server application on the client side, as multiplayer in STALKER.

I second this, 3 years of making game hacks as well as anti-cheats taught me that.

Yes i do agree that the Server side control eliminates any cheats, I was talking about non-server controlled files that can potentially be injected.

I can recommend Fairfight and Punkbuster. Battlefield 4 is using it and I’ve seen no cheater since release date, although you can buy professional hacks.

Should it not all be straight forward though, and automated, for example your cheat algorithms are searching for unusual behavior, DLL injection and the like, but once you have you scanner in place you then send the cheaters GUID back to the server which auto updates a db and hence bans the user then you auto update the client software, if needed, and that’s it. So all automatic.

For example in Wolf:ET, punkbuster stopped supporting it a few years ago and a group of people started TZAC(I think it was called) but they stopped working on it after a couple of years and hence most people stopped playing ET. But why shouldn’t it all be automatic, why do you need people constantly working on it?

The logic would be sound if cheating was static.

It’s not the detection part that’s the problem or coming up with code solution to solve for a particular cheat but as someone mentioned it’s an on going problem similar to dealing with virus on an ongoing bases when some hacker figures out a way around the anti-cheat measures.

So your not really dealing with a single issue of the cheat but three problems.

Detecting the cheat
Preventing the cheater from figuring out the detection.
Updating the anti-cheat once they figure out the detection that once again makes their cheat undetectable by the software solution.

And the cycle continues.

Cheating is a virus that once you discover the cure it mutates into something that the cure no longer can identify.

Overall it’s best to leave it up to a service unless you have the time and resources to handle the hackers on an on going bases (it’s the hacker that’s the problem not the cheat being used)

Don’t forget that should you ever dare to ban the cheater he will launch ddos attacks to your website.

More accurate to say is severely mitigates a large category of cheats.

If at any…any…point, you need to trust the client for ANY piece of information(and for the most part…you do), that’s an opportunity for cheating, granted, some cheating is pretty pointless(modifying names of players only on your local client, for example)…some isn’t(aimbotting, as long as you trust the client that the mouse has been moved…aimbots will exist).

The best you can do against client-side cheating where you have to trust the client for a particular piece of information, is some kind of behavioral model combined with good bounding of values(player can never move faster than X, given speed X, it’s highly unlikely they’re at position Y over time Z)

Just build it so that anyone can cheat - even teach them how - make it part of the game! As long as you mitigate the serious cheats by server validation of data this might even be kind of fun. Not as much fun for the serious cheaters, but not as much “not fun” for the other players.

Not sure if this will help any but it’s a shot.

I’m one of the Developers for a Emulation group for WoW called MaNGOS, I was hired in on my knowledge of the Warden AntiCheat System, though not much i was able to provide logical support and attempts to get it working.

Blizzard has a AntiCheat system in place called Warden.

In the WoW Client there is a DLL called Scan.DLL… this helps the client connect to warden and vice versa and smooths the scanning process.

This is the full history of the implantation of Warden on TrinityCore, they where able to get warden working. Perhaps we could go about something like this?

It’s simply checking to see if these are running on the client TrinityCore/2012_02_19_03_world_warden_checks.sql at master · TrinityCore/TrinityCore · GitHub (SHA 1 + HMAC Key)

Then takes action on what ever is set in the config TrinityCore/worldserver.conf.dist at master · TrinityCore/TrinityCore · GitHub