Best KillAura Detection ?

Discussion in 'Spigot Plugin Development' started by NoComment_, Jun 2, 2017.

  1. Hello !


    I am going to introduce myself:
    I am Dreko (NoComment_ is my old nickname), I am a French hacks developer (for Minecraft), if you want to know my level I recently coded a SpeedHack wich bypass Anti-Cheats of Hypixel, FunCraft, Epicube, CubeCraft.

    Few weeks ago, I began to code an Anti-Cheats, he detects some hacks, but now I have to do the detection of KillAura, but it's very difficult to do it if you don't want to have a simple detection.
    I don't know wich methods to choose:
    -Reach ? Too easy to bypass (set the range to 4.2)
    -Angle ? Too easy to bypass, send a PacketLook and boom, bypass :)

    And NPC are very easy to bypass, example:
    -Spawning a monster ? KillAura only hit players
    -Spawning invisibles players ? KillAura only hit visibles players
    -Spawning visibles players ? KillAura only hit players with armor
    -Spawning visibles players with armor ? KillAura only hit players wich have a ticksLived greater than 100 or 200

    As you can see, all knowns methods are very easy to bypass :/

    So for you, what is the best method for KillAura detection ?

    Thanks !
    Dreko_

    Sorry for my bad English :p
     
    • Agree Agree x 2
    • Funny Funny x 1
  2. Well in the last part, about the npc with armour, why not do
    Entity#setTicksLived(500)?
    That would stop that bypass
     
  3. Becauss there is a lot others methods to bypass (FOV, check if the entity in tab etc..)
     
  4. NO best Killaura detection has Spartan Anticheat.
     
    • Funny Funny x 3
  5. use NPC name as a player in the player list or add the NPC's name to the tablist, the Other one idk yet, Ill go try to think of something
     
  6. Bypassable.
     
    • Funny Funny x 1
  7. Then make a client side anticheat I guess xD
     
  8. Mas

    Mas

    Ticks lived seems to be tracked client-side, so this doesn't work, I did some testing a while ago.
    You can however spawn the entity in the world above the player so they can't see it and keep it there for a while before spawning it around them.

    OP:
    Unless you're going to dive deep into heuristics and ML, everything is going to be bypassable. Just try and make them as hard to bypass as possible.
    I had a post a post with quite a few ideas and theories on detection methods, I'll edit this if I find it.

    EDIT: Here's the post:
    There are lots of other ways to detect Killaura like combat, not all as complicated as you might think:

    - Checking for consistent delays between clicks (yes, random killauras bypass this or if people are clicking on top, but most don't). Can also be used to detect auto-clickers.

    - Consistently reaching suspicious distances. This won't verify for certain a player is cheating.

    - Not looking at the entity they are attacking (only applies to badly made clients which don't spoof direction or multi-mode auras which are too fast for the spoofed direction packets to be registered server-side)

    - Attacking multiple entities very quickly/at the same time (again, only applies to "multi-auras").
    Eg: Attacking Player1 then attacking Player2 within a short amount of time.

    - Suddenly headsnapping (moving aim very quickly) to look at another player. If the player's yaw is changing significantly when they move, and they are looking at an entity each time they snap, they are most likely cheating. Detecting sudden yaw changes could also help identify direction spoof.
    Or headsnapping and attacking within the same tick.

    - Blocking with the sword frequently while swinging, or blocking more than humanly possible. Lots of hackers use the auto-block option on Killauras, despite it not making much of a difference.

    - Players who are straight-up spamming loads of look/attack packets at an inhuman rate. Again, only for badly made auras.

    There are almost certainly more ways I've overlooked, those are just what I can think of off the top of my head.

    EDIT: If you're really experienced and confident then using machine learning and training a neural network like konsolas has done (and is used in anticheats like GCheat (supposedly) and Watchdog) is the way to go.
     
    #8 Mas, Jun 2, 2017
    Last edited: Jun 2, 2017
    • Optimistic Optimistic x 1
  9. it hard i know. bots are also not recommend. better use calculation maths
     
    • Agree Agree x 1
  10. Mas

    Mas

    Although a variety of clients bypass bot checks, you'd be amazed at the amount of clients that don't. This is why you still see large networks employing this strategy. If it didn't catch anyone they wouldn't use it.

    It used to be very good (IMO), then they replaced all their aura checks with heuristics and it went to crap :p
     
  11. No Spartan is no crap, join test.vagdedes.me
     
  12. I agree, Spartan is a horrible anticheat, I would only recommend it to a server owner that wanted to waste their money on something completely useless
     
    • Creative Creative x 1
  13. If a player is within X blocks of a player, spawn a visible copy of that exact player behind the player
    or during combat, etc.

    The hacked client won't know which one to attack, and if it checks FOV, then spawn two NPCs on each side of the real player that's being attacked for a split second, or invis, even more out of view, etc.

    Also, I'm not sure if this topic is allowed...
     
  14. Mas

    Mas

    Why wouldn't it be allowed'?
    Also it's pretty obvious if you spawn an exact copy that you're trying to bot - the client can just ignore it and attack the first one.
    Ticks-lived will bypass your FOV check.
     
  15. Use Hypixel's Anti-ESP methods, leave invisible/visible players hidden around the map, then have them move around the player during combat then...
     
  16. Bypass too :/ Check if 2 entities has the same name
    And

    Too easy to bypass
     
    #16 NoComment_, Jun 2, 2017
    Last edited: Jun 2, 2017
    • Useful Useful x 1
  17. Then the client wouldn't attack anyone, simple, issue solved.
     
    • Funny Funny x 1
  18. No no ^^ Check if 2 entities has the same name and then, attack the entity with the biggest ticksLived :)
     
    • Agree Agree x 1
  19. I think detecting KillAura is one of the hardest things in a good AntiCheat. I agree that NPCs are usually easy to bypass (However some are quite good and detect a lot of hack clients) I would recommend checking the movement of the player (speed, angle,...). (Heuristics)
     
  20. Yes but it is very frustrating to know: If I use these methods, if a player is not stupid, he can bypass my anti-cheat :'( xD
     
    • Agree Agree x 2