Learning to detect Hacks

Discussion in 'Spigot Plugin Development' started by _xXProDudeXx_, May 6, 2017.

  1. Hello Spigotiers,

    I know I might not get a clear answer on my question, or maybe it isn't even possible very well, but can anyone tell me how to learn detecting Hacks?

    Regards,

    ~Wouter
     
  2. I asked the same a few months ago, the thread ended with a: "Decompile hacked clients and look at how they found, then make a system that nullizes the hacked client".

    It's a hard world, if you want to learn deep Java it's recommended xD
     
    • Informative Informative x 2
  3. There is no way to really detect hacks just to find people with inhuman reactions. For example if a player clicks 100 times each second that obviously is not humanly possible so he would be kicked for auto clicking.

    You need to basically find out if someone spins too fast or is constantly aiming at an area etc. Learn some more Java before getting into an anti cheat.
     
  4. You'd have to put math into your code and have it alert staff is the player breaks that code.
     
  5. Never thought about decompiling hacked clients, that's a great idea
     
  6. Everything is based on packets
     
    • Useful Useful x 1
  7. protocollib it
     
    • Agree Agree x 1
  8. Photon

    Supporter

    Some things you should have done before coding an AC:
    • Learn java. Really, you should have a deep insight of how to do stuff efficiently.
    • Code a client yourself (no release, just for testing and for insight) and do not just copy and paste everything, you won't learn from such behavior.
    • Learn how to use the minecraft packets (wiki.vg and ProtocolLib and PacketWrappers)
    • Think about your algorithms. There is stuff which might cause fps / bypasses.
    • Finally, do not present your work as the best of all times. There are Anticheats which have been maintained for years, but still new fps and bypasses appear. It is an eternal game of cats and mice.
     
    • Winner Winner x 3
    • Agree Agree x 1
  9. As an addition on this topic:
    I recently decompiled some AntiCheat plugins and I saw that many of them use doubles to check things, for instance the maximum speed of walking in water, or the maximum jumpheight. Is there a place to find these doubles, or otherwise: how to get these?
     
  10. Mas

    Mas

    Experiment.
    You'll need to factor in everything in the game which can affect these values, and then account for latency (ping). And don't forget server lag (tps) too.
     
  11. I'm currently working on an anti cheat, and I learned to detect hacks not by decompileing others, not by watching tutorials (if there even are tutorials), but by thinking logical...

    For example, of we want to detect Flight:
    we check if the player has flight allowed, then we check of the player is still in the air after a right amount of time (so it doesn't confise with Jump), and if the player still is in the air, he's using a flight hack!

    Hope to help!

    Sincerely,
    Matthias
     
  12. Choco

    Moderator

    You're going to both get a lot of false positives and not catch many hackers. Those methods can be spoofed by a hacked client. What about a player jumping off of a large cliff? They'll get flagged for fly hacks when they were only in the air for x amount of seconds. In order to make a relatively effective anti cheat (which is rare or impossible to create), you have to listen for anomalies at packet-level. Either way, it's not worth learning to make an anti cheat. They're always poorly made when done by beginners, and it's a bit of a let-down and rather frustrating once you realize it's not working to its full potential.
     
    • Agree Agree x 1
  13. Can't you just patch the cliff thingy using the #getFallingDistance method?
     
  14. Choco

    Moderator

    Using more and more methods to negate any work-around of an already flawed system of other methods is not going to help your case. Again, the only effective way to do something such as this would be a combination of packet listening and Bukkit API event listening. As far as I'm aware, fly hacks are capable by sending packets to the server telling it that the player is on the ground, when in fact they are flying in the air. Eh... I'm no hacked client expert, but that's what I've heard
     
  15. Wouldn't it be like,
    if(player is flying && isnt allowed to fly)
    if(player doesnt have any effects)
    // cheating?
     
  16. Choco

    Moderator

    If only it were that easy, then everyone would have an anti cheat, they wouldn't cost as much and hackers wouldn't be around. Read my above reply
     
    • Like Like x 1
  17. I personnally don't recommend using packets exept maybe for flight. For the only reason that if someone is lagging very hard at 1000ms for example. You can also have false positives. And even if you deactivate your detection when someone lags, some hacks can bypass your anti cheat.
    But otherwise for fastBow for example. You check if the player shoots x amount of arrows fully charged in a certain amount of time and then you execute what you want to be done.
    Or for example AutoRespawn. Use real time. You get the currentTimeMillis when the player dies and the time when he respawn. You substract the time after by the time before and if its equal to a certain amount you do what you want to do.

    The key to this is to have a hack yourslef on a personnal server to try everything possible.
    Think logically and use event and current times to detect some hack especially fast hack suche as fastBow, fastRespawn, fastRegen, etc...

    For Kill aura, there's the basic way by spawning one NPC and if the player hits the 1st NPC you spawn another one. You repeat this 5 times and if the player hits the 5 targets, he uses a kill aura.
     
  18. Ohhwww, I would love to make an anti cheat but it honestly seems so difficult.. >.<
     
  19. WAS

    WAS

    Though really seems like bugs/exploits that should be addressed at the API level. Lol

    Though I suppose when a developer is doing good they feel obligated to donated as apposed to anyone choosing to donate.