Your "best" Anti-Cheat/Hack Plugin (Premium or not)

Discussion in 'Server & Community Management' started by beyonddead, Apr 30, 2015.

Thread Status:
Not open for further replies.
  1. Cyberus is best A-I anti-cheat ever
     
  2. @asofold I found a video of a similar bypass:



    The NCP version is the newest at this time where the video was uploaded.

    Regards,
    Manic97
     
  3. ;-;
     
  4. Puremin0rez

    Moderator

    NoCheatPlus is a great free anti cheat.

    AAC is the best paid anti cheat.

    After using NoCheat for 5 years on all of my servers, I can say that it's become a lot less effective in the past year or so. People are finding bypasses, and it does jack all to stop a lot of combat related hacks. I think most of this comes down too the fact that its code base is just so god damned old and has a lot of irrelevant code for older versions of minecraft that I think that might be the biggest factor in some of these bypassable checks.

    Hoping they can do some sort of big update to NCP in the near future to make it be "the best" solution again, because while AAC is great obviously there should be fantastic free solutions too.
     
    • Agree Agree x 4
    • Like Like x 2
  5. @asofold looks like NoFall grants them infinite flying.
     
    • Informative Informative x 2
  6. The newest ... which? Development build or beta or 'recommended'? Maybe there is a short glide thing, the violations at start look quite odd (see answer to svdragster below), the video stops a little short.

    Can only repeat - during a rough year a couple of things happened, which slowed down development...
    • DMCA
    • Uncertainties with 1.8 + DMCA, then/with waiting for 1.8-Spigot, also a stabilized build.
    • Some changes in 1.8 are more complicated than adding blocks.
    • Severe exploits in Minecraft/CraftBukkit - we can't proceed with big design changes before we know it's not us :p.
    • Lack of feedback that we could use (especially on fighting), slow or no responses. (Right now we don't complain.)
    • Real life (all people busy, different time zones, other people taxed too, different versions of Minecraft...)
    • Initial judgement of glide-by-velocity was "not so important". Many people still see it that way, but NCP is meant to cover a lot of ground, so we want it down.
    • Some internal infrastructure needed to be added/changed, in order to get more efficient input from server owners (on the fly per-player debug log). Such also takes some time.
    • Switching from black-boxing to sometimes inspecting client code :p.
    • Emphasis (somewhat redundant, but we can't handle all fields for free without contribution, including bug reports and feedback - i didn't mention that there has been very few contribution (plugin-) code-wise. This clearly improved, though not yet where you'd need an open source thing to be.).
    It's not
    • Old code base (1. Some parts of the design are old, but the big structures are not really outdated. Small things can be changed easily. 2. Some things like flying checks aren't pulled off quickly, there is a lot of experience and infrastructure built in, and there is extensive amounts of testing involved to remove false positives, so changing everything just because it's old isn't advisable - we did change a good chunk, but we do it in a modular way, not changing everything at once).
    • Incapability (we're just pulling through long planned changes, bugs may happen, but essentially the design will allow catching stuff).
    • Compatibility hooks for old versions of Minecraft (it costs more to remove them than to keep for most cases).
    • Open source (not related to that, unless you make a mistake - advantage: it can be found by others, disadvantage: it can be found by others).
    What can we do?
    • Not wasting time on PR :).
    • Recent months there has been a lot of activity on development, and we started both fixing stuff and adding stuff. We just keep going, not sure how many people noticed the difference, though.
    • We started adding packet level checks for some things, using ProtocolLib.
    • There are a lot of future changes queued (including more inviting infrastructure code-wise).
    In essence, we know what we are doing. We might introduce bugs here and there, but essentially we have a pretty clear road map, including the aim of bi-weekly releases. Given that we do this for free and i don't even have an up to date server (no time, stuck pre-uuid), speed will depend on contribution and feedback as well. We do have valuable feedback and contribution, though we could use even more contribution code-wise and testing-wise at present.

    No such thing. NoFall just deals damage and damage leads to velocity. There are no NoFall violations, which would happen with the player faking onground with accumulated fall distance. Fall damage might be dealt on survivalfly violations, but the player doesn't seem to get set back, which is odd (configuration? or does the client move differently than it displays, or is there lag spikes). Regardless, if at all, velocity is the point, not NoFall.

    This might be a (short-ish? the video stops a little early, floating in air, which could just be like freecam ~ not sending packets anymore) glide. I can't distinguish if they just have fast heal activated, or if the exploit leads to those fastheal violations, it could be using a lot of packets. I'd assume they'd show gliding over a wider space.'The server also seems to lag a lot (20 / 1.7, not sure if it's spikes or rather slow ticking).

    Do they use ProtocolLib? A real hero tester would show the output of '/ncp version' and advertise config changes...

    the new y-axis handling should prevent glide-by-velocity by design, because NCP is aware of when the velocity actually can apply and how exactly it would apply (accounting changed etc.). Now client developers don't care, as long as they can glide - likely a workaround-exception is too coarse. A very recent change has been to add tracking multiple past moves, allowing to confine workarounds much more, however workarounds added until then might not all be updated, possibly one introduced this (provided this is real at all). Future changes might confine such workarounds to 'once per jump phase', so there'll be no re-using such a pattern.
     
    #186 asofold, Jan 13, 2016
    Last edited: Jan 13, 2016
    • Like Like x 1
    • Agree Agree x 1
  7. @asofold I'm not sure if you've actually watched the video at all. In the beginning I clearly show that I've deleted the NCP config, so it generates the standard config. I have not cut the video in order to show that there have been no modifications made to the config.

    I have ran /ncp version two times in the video, if you actually mean something else then please tell me.

    I'm going to be very honest with you, gliding is one of the easiest things to patch (even with any velocity changes), and NCP clearly failed to do so for well over a year.
     
  8. Wait a second - might've copied the wrong link. Looks like i used search for 'NCP latest fly' instead of the 'private' link :p. Will answer below.
     
    #188 asofold, Jan 13, 2016
    Last edited: Jan 13, 2016
    • Like Like x 1
  9. Oh really, where's your PR?

    Also, unsure why you're loading plugins vs. restarting (including possibility of doublejump plugin leaving something in) and are you using protocollib? ok you aren't using protocollib
     
    #189 RoboMWM, Jan 13, 2016
    Last edited: Jan 13, 2016
  10. I explained about the timing thing, the old velocity modeling didn't really allow for an easy fix, at least not without creating false positives in other places. Besides gliding is one of the smallest problems for server types no. 9-22.

    So why do all of the plugins have all the false positives? Could it be it's not so easy? We just started all the infrastructural changes a couple of weeks ago, now you perhaps complain about a bug that i have introduced hardly a week ago, despite it still being gliding - to help you understand: we just introduced a new y-axis handling, and are now wiping out the false positives - especially if i have to do most testing and also simple fixes, i'll probably make a mistake somewhere, so there probably is a workaround case allowing this very version of glide. Since we are tracking past n moves now (added hardly a week a go), workarounds can be made more strict in terms of side conditions for when they apply. To help understanding more deeply: after a phase of removing many false positives, we will come back to the workarounds and tighten them. This has no relation to one year of DMCA-stricken kitten.
     
    #190 asofold, Jan 13, 2016
    Last edited: Jan 13, 2016
    • Like Like x 1
  11. Ok, i watched it now.

    Interesting points:
    • There does appear to be a (short-ish?) glide (Edit 123).
    • You don't have ProtocolLib on, which means certain (moving) packet spamming can not be caught by NCP. I'd be interesting how the glide works with ProtocolLib on.
    • Plugins - lots of plugins, no idea which ones are actually running and which might conflict. E.g. CanaryNoCheat looks like it could conflict.
    • Plugin manager - problematic to reload complex plugins with potential dependencies. Except for 'it works' and the obvious convenience 'if it works', there is a reason why /reload is discouraged officially, and i don't see how reloading plugins individually makes that much better ~ but that might not be 'the issue' here.
    I don't want this to appear like trying to convince you that you were not gliding or that you have been making mistakes - but here i'd like to see this repeated just with NCP on. I hope @MyPictures can test this stuff soon again :p, because currently i can't.

    For simplicity of fixing glide, i'll probably confine necessary workarounds further, e.g. to only apply after a precondition has been set (slime specific workaround needs to be activated with jumping on slime, apply once per jump phase only), though you could argue that that's already not that simple anymore, also considering the necessary resetting logic.

    If you have a very simple suggestion, go ahead :). I'll continue making the code appear simpler, so pull requests will hurt less.

    Edit: I forgot to mention a way of contribution, which is creating a debug log with 'latest' for a working cheat or for false positives (https://github.com/NoCheatPlus/Docs/wiki/Debugging#on-the-fly-debug-output-for-individual-players). Even if you don't open a ticket, such a log can lead to almost instant fixes, compared to weeks of guessing (no guarantee though).
     
    #191 asofold, Jan 13, 2016
    Last edited: Jan 14, 2016
    • Like Like x 2
    • Agree Agree x 1
  12. Unfortunately I couldn't entertain the player with the bypass client long enough to actually keep him on my server for more testing.

    What I'm trying to prove with that video is that there have been fly bypasses in most of the new-ish releases, and that they all work with pretty much the same concept: Get damage and fly. I'm going to try and get some testing done under more ideal circumstances, however these could not be met yesterday.

    You argument about the pluginmanager and doublejump seems a little bit like a bad excuse to me that the most basic movement detection can't pick up such motion. I realize that you have to watch out from those things, however in my case it's extremely unlikely that DoubleJump and/or CanaryNoCheat (both unloaded) have interfered with that check.
     
    #192 svdragster, Jan 14, 2016
    Last edited: Jan 14, 2016
  13. These are quite important though - they could have some tasks in the scheduler for example, or hook into/cause other plugins to use different behavior (potentially). Also, having protocollib on there would be nice too, very possible he could be doing something with that as well...
     
  14. However both plugins were unloaded.
     
  15. Even when a plugin is unloaded, scheduled tasks could still (attempt to, depending on what was scheduled) execute. I've experienced this myself when temporarily disabling PurpleIRC to stop some spam from flooding the channel, yet it still printed messages to the channel even after disabling and unloading it. (It spaces out messages to prevent hitting flood limits, default 1 second).
     
  16. If the tasks are not terminated correctly, then this is indeed going to happen.
     
  17. One usually can't have them show it twice :). If we add an option to cache many moves for servers with enough memory, who would show a bypass then :p. Might add something to auto-log a couple of times for new/trusted/interesting-idk players, based on some triggers and rate-limiting the output, so it might be possible to run that always some day. Currently i'd rather fix that though.

    I'll confine workarounds and add statistics for (some) workarounds, so we'll see if such will be possible for long.

    The plugins point is pretty important - there exist plugins that exempt players from checks at times, and there could be other data altered (e.g. if events for logout are missing, and the plugin forgets to unregister a hook). Of course plugins needn't be the problem here, but we had enough trouble in the past with such side conditions, and i can't be sure which ones are running with your custom setup (configurations etc.). I assume that's not been the case, but imagine after unloading double jump dynamically, a player might've kept the allow-flight property, e.g. with queued tasks being unregistered before the task can run (some random construction here, but such things can happen, and i really can't look up all the 60-100 plugins people run at times - you've already discussed such above though).
     
    • Agree Agree x 1
    • Informative Informative x 1
  18. AAC need config for Factions server or not ?
     
  19. I would say it does.
     
  20. Kedarin, AAC n'a pas besoin de config, mais il peu occasionné certains rollback et je te le conseil car il détecte le ForceField, ce qui est vraiment utile
     
Thread Status:
Not open for further replies.