Anti-Cheat for JMonkeyEngine

I’m currently working on a game similar to TF2. I’ll be hosting all servers in some datacenter (probably either OVH or Hivelocity depending on budget). It has unique features, of course, so it’s not a ripoff of TF2. Since JME3 is Java, decompiling of the client is inevitable (I don’t plan to distribute the server JAR), so I suspect hacked clients will appear if my game has any success. I’d like to know the best methods for stopping cheating. It’s a multiplayer game that will be fairly compeditive, so having any working cheats is not an option.

Cheaters gonna cheat, not much you can do 'bout it. Other than that, since you’re not distributing the server jar, I suppose you could do all of your calculations on the server.

Via this method all the client does is send which key was/is pressed to the server, the server then calculates what happened based on that key being pressed and sends the results back to the client.

The client doesn’t calculate, for instance, how high the player can jump, how fast he can run, how many bullets he has, how many hit points he takes or deals. This limits the cheaters ability to modify anything useful.

Java or C++ doesn’t matter. You will have hacked clients either way.

Make the server authoritative and only send the clients the absolute minimum of what they need to know. That’s really all you can do.

1 Like

Or you could hire a small army of moderators to monitor games being played and maintain IP bans, but given that you’re looking for a cheap solution and you’re probably not a multi-million dollar company that’s not likely a viable solution :wink:

Friend of mine used to be a WoW moderator, or whatever they call’em. Heh, never got into WoW myself, he gave me a free year subscription and I only played for about a month before getting bored. Really though, a month isn’t bad.

Do sanity checks of all kind.

Aiming perfectly at some player blocked by a wall visualy? Fishy + cheater points
Greatly better accuracy/K/D than most players + cheater points
perfect timing of bunny hops? without any timing errors + cheater point
Questionalble input, eg mouse jumping (visible via high aimdir changes)
→ Due to physical constrains if you send input often enough you can expect some kind of acceleration time, and deacceleration time for mouse / or movement time for sticks.

Then java robot to request screenshots at some random time via server command (in case of high cheater points).
→ Either they miss it and you see the hacked client
→ They don’t miss it, but now must fake screenshots, (and if done right you can compare with expected screenshot, forcing them to run more or less two clients for this purpose)

@Tryder The game is too complicated to send key press then make something happen. Also, it is fast paced, so having even a 100ms delay isn’t really acceptable (I’d predict the delay to be at least ~120ms, I have some experience writing server-side mods for Minecraft as well, so I would know).

@pspeed Even with the absolute minimum, there is nothing stopping them from sending modified packets. Also, Java certainly makes hacked clients easier.

@Tryder The total budget for this is about US$700 – at the most. That wouldn’t even hire someone at minimum wage for a month. I could, however, “reward” responsible and dedicated players by making them into moderators. Almost every Minecraft server does this, and it’s basically free moderating. Although, when the game starts out, getting moderators will definitely be difficult – and it will be even more difficult to go through thousands of applications (players want power usually, at least in Minecraft servers) if the game gets popular.

@Empire_Phoenix I could do a lot of sanity checks, but that could be a performance issue, and it sounds fairly difficult to create. This was my first idea, but I’d prefer something a bit easier to do (correctly) if such a thing exists. I know EasyAntiCheat exists, so that could potentially be added to JME if enough people want it (as I’m sure I’m not the only one who wants protected servers). Also, I’m planning on sending an update once every 10th second with smoothing or once every 100th second, or a different value for each player depending on connection strength. Lastly, should those screenshots be saved for manual review, or should the server automatically review them and kick them from the server if it looks fishy.

Thanks to everyone who replied :smile: !

Are you worried about the actual jar(s) of the client being modified? Or someone running a piggy-backing app that sends bogus updates to the server?

If you’re concerned about the actual jar files, can’t you simple do a CheckSum during load that is sent to the server? If it is not what you expect to see, terminate the client.

Probably not what you were looking for, but for what it’s worth /shrug

Either could happen. I’m worried about a player doing things in the game (ie. climbing walls, running too fast, aimbot, etc.) that they shouldn’t be allowed to do. This could be accomplished with either modifying the Jar or a piggy-backing program. Also, checking a checksum won’t work because it is easy enough to modify the jar to just send a checksum for a different jar than what is running.

A completely different approach would be to allow cheats on specific servers and just ban people who are caught cheating on non-cheat servers. That way you can become actively aware of what cheats people are using and not worry about trying to guess your way through the situation.

This is an interesting idea. Although, I do see one problem: when the game is starting out, will there be enough players on both servers to make them fun? This does allow a modding api to be acceptable which is something I’ve wanted, but I haven’t had any good ideas on how to to incorporate it to the mmoish game type.

nearly all sanity checks can be done on the other player clients, and the send their cheat point observation reults to the server. As long as less than 50% cheat this is reliable enough. If you do some statistic generations you can try simple big data algorithms on them based on already detected cheaters to see correlations wich improve the metrics.

Well manually would be the first idea, (combines great with moderator system if you allow them access to the screenshots.

automatically would be somewhat more difficult but possible.
→ make gamestate snapshot of time when screenshot is requested
→ create a dummy client with that fake snapshot as game data.
→ make a screenshot there, and do a pixel comparison, they should be fairly similar.

Oh what also helps is doing daily changes to the networkcode/messageclasses as an automatic update.
Eg change a float to a double, next update make it a byte[4] ect. These mutation can be done somewhat automatically with source code generators.
This forces the cheaters to constantly get updates for their cheats, wich creates quite some additional work for cheat programmers making cheats more expensive (eg. a autoupdater, a subsciption model + infrastructure, ect. ). (Also allow detection by observing invalid incoming network packets if someone forgot to update/patch the cheat.

Also one thing you should decide:!
a) ban instantly
pro: gameplay is restored
con: they know their cheat is busted, and it will get fixed

b) ban greatly delayed
pro: since the dont know they are busted, you will catch way more cheaters using already busted cheats (and cheat developers never can be quite sure they are not detected already, even if it works)
con: the cheaters cause longer annoyance.

c) soft ban (aka for matchmaking put all cheaters together)
pro: they are likely to not notice they are banned if done right, so they do not just create a new account
con: more difficult to implement, false positives are really negative here.

I’ll make sure to look into the big data algorithms, that sounds quite promising but also difficult to implement (since my math is terrible). If you have some links to good explanations of some such algorithms that would be greatly helpful.

I think that the screenshots will need to be manual since the server will literally have no graphics card on it most likely – it will be a headless CLI only Linux server with a beastly CPU and network connection :stuck_out_tongue:.

I don’t think that doing such code changes is really feasible because:
a) I’m planning on distributing this through Steam with a small C launcher and maybe JNI bindings for compatibility, and players would likely get annoyed with daily updates that don’t add anything
b) It probably wouldn’t be that hard to have a cheat client load the latest message classes from the latest jar files and then simply send them in different ways then the real client would

As for how they are banned, I’ll probably just end up doing ban instantly because it is easy. If I need more data, then I’ll probably change it to a delayed ban.

Hm I had this and it quite helped to see the bigger picture.
http://dws.informatik.uni-mannheim.de/en/teaching/courses-for-master-candidates/ie-500-data-mining/
The lecture slides are to download a bit down there.

As per previous advice, if the server is authoritative then the client cannot possible climb walls or run too fast because the server is controlling all of that.

Aimbots you can only account for as Empire suggests.

Modified packets won’t do anything as they are only sending key events. So either they are modified in a bad way causing the server to crash (validate better) or they aren’t doing anything more special than a key macro would.

Java makes hacked clients easier but not as easier as you think. You’ve probably just never hacked a C/C++ client before. Even just running a client in the debugger you can do all kinds of cool stuff.

Actually java can be kinda a pain in the ass, since the GC is moving all stuff contantly and you cannot just write over a few memory adresses.

@pspeed knows what he’s talking about … he wrote a client-server game (Mythruna) and didn’t even bother obfuscating the client. Within several months it was hacked and people started manipulating the game in weird ways, but he was able to fix it on the server side and its still running to this day.

I don’t want the server to function like that for two reaons: a) latency b) difficulty to code.

It is easy enough to just decompile → change code → recompile with Java.

I’ve tried Mythruna, it’s very well made :smile:. Although, if the server isn’t authoritive as @pspeed suggested, then I’m curious to know what exactly was done to stop hacked clients.

As was said a few times already, thats impossible, for any language. If the computer can run the code somebody else can hack it. So clients can ALWAYS be hacked.

It IS authoritative. I essentially followed the articles by a little company called Valve who has apparently made some popular and performant multiplayer games. :wink:

https://developer.valvesoftware.com/wiki/Source_Multiplayer_Networking
https://developer.valvesoftware.com/wiki/Latency_Compensating_Methods_in_Client/Server_In-game_Protocol_Design_and_Optimization

It wasn’t really “too hard” because the alternatives would have all been unplayable with people teleporting around all the time.

In a few weeks, I hope to open source my object sync library… that’s why I’ve been working on Ethereal Space which is meant to be an open source demo/test of that lib.

2 Likes

Well actually I can come up with my experience in writing WoW Bots :stuck_out_tongue:

Every game is ‘hackable’, at least on Singleplayer, no matter what you do against it. That’s the reason, shazams’ algorithms are Server side.

No matter if you send the keystrokes or not, you’d still need to validate them. This is the same CPU Load but you don’t have a delay.

Pspeeds Article states, though, that they use a delay to match the Players depending on their tickrate.

Imagine you wouldn’t have an delay. You could shoot a Player but infact he already moved further… So you need to Check if he was there at the time of shooting.

You can do simple plausibility Checks:
Get the delta of movement and then you already have speedhacks.

Then you could follow that path with a raytrace, prevents no-collision. Do it for weapons aswell.

For climbing walls, Do a raycast down to the ground, if there is a difference, simply kill the connection.

Just think about all circumstances, track the HP on the Server aswell.

Remember it’s all about thresholds, like, through delays or connection issues you could have bigger Deltas then usual, or due to Physics the Player could fly to some degree (also take jumping into Account).

This means you could cheat to some degree, but it’s all about limiting them correctly.

You will still have some behavior you cannot eliminate though. This is the botting one. WoW has no real chance in elminiating Bots, because they exactly behave like humans. You will have the case where you can’t exactly tell if you face some cheaters or simply a pretty good Player.
You could have heuristics as Empire suggests, but don’t take that as an offense, but I wouldn’t really believe that your game is ‘soo cool’, that somebody writes cheats for it.

You could take that into Account as you see Player numbers go up, but i think it’s too much to use heuristics. Same with the Screenshot. It’s a common technique for esl I guess it was, but it’s not worth the effort.

You would kill my connection. I’d have an 36337373 ms ping. Also, you could automatically check them periodically for always occuring patterns (like gui overlays), but it would be easy to hook your Screenshot library, applying them in the glSwapBuffers (by also hooking).

What I want to say is: Don’t overdo it. Add the functionality of reporting Players. If they have 10? Manually react.

Implement an hidden spectator Mode just like in said valve games.

You could, as Empire said, Check the mouse Deltas aswell and they are uncheatable (as you can trace the view direction and see if the Players mouse Deltas result in nearly the same vector), but as I said, what if the Player has a fast mouse, has increased mouse speed in his OS settings? What if he uses a Joystick (even without native Support)?

You’ll never know. Just play the game actively and maybe spectate your flagged ppl. You might get a feeling for it, but you can never tell 100%. You can then ofcourse chat with him, asking how he became so good, maybe if he has a cheat, but think of the 80-20 principle.

It is 20 percent effort to catch 80 percent of the cheaters but 80 percent effort zo catch the last 20 percent.

Just keep things simple and have a look. If he cheats too good for you to notice by spectating, other Players wont notice aswell.

I can remember playing css for the first time. It felt like everybody was cheating but infact I was simply too lame.

I’d try that Basic stuff and see how it evolves. If you’ve got something just hit us up, maybe one has time to find and report cheat-issues.

Other than that I wish you a big success with your game :wink:

Oh and one thing: WoW had an ‘last Hardware Action timestamp’. This would be simply overloading inputmanager or correct treatment in the onAction/onAnalog Calls. They used it to detect when you were going afk, but also to see if somebody injects packets.

Again this could be hacked but it would be a Basic protection against all cheatengine Users.

2 Likes