When it comes to building and deploying your awesome experiences in the Roblox Studio, what we often don't account for, is the probability that what we have done could be exploited in some way that could be damaging to not only you, your company but to the active playerbase.
This AntiCheat, AntiExploit, AntiBadPerson were programmed to defend against as much as possible while keeping the entirety of the code on the server, this allows us to always remain in control and help produce an awesome API that can be integrated into your game scripts!
However, it’s never that easy, and it shouldn’t ever be that easy, we’re on the server! And so because we’re on the server, we have to face the fact that latency can hit us hard, general replication issues can also boof us, and a ton of other little insecure things can help us dig our own grave.
General
So, in hopes of bringing up a unique and reliable AntiCheat, I have turned to DevForums in order to test the AntiCheat. Of course, I can test it myself, and I have plenty of times, however, if a bigger audience decided to spend 5 minutes at max just running some simple tests, you could give me feedback which can help improve the AntiCheat on a massive scale!
So, my question to you is; Will you help me on my quest to produce a freakin stable server-side AntiCheat?
Protection
Below are the things the AntiCheat tries to defend the server against, it is important to note that most of the nodes seen below can easily be edited via the settings.
Anti Animation
Running potentially bad or inappropriate animations through their local character.
Anti Character Manipulation
Removing critical parts such as HumanoidRootPart or limbs attached to the player
Stops the spoofing of a Humanoid
Jump Power Manipulation
Changing their JumpPower/Height to gain an unfair advantage when playing certain types of games.
Possibly infinite jumping (This isn’t an active detection, but some other nodes might come in and do this job.)
Anti Noclip
Disabling collisions for seemingly most objects when faced with the characters front.
Anti Fling
A player starts to spin at an incredible rate in order to try and push player characters into a certain location or attempt to make them “fling” off.
Anti Fly
A player attempts to fly to where ever they want, ignoring Roblox physics and pushing into possibly secret locations
Anti Platform
When a player walks on air, ignoring the falling state, this is especially bad in Roblox obbies where exploiters can walk over to the finish line.
Anti Speed
When the player boosts their velocity in a way that makes them walk, run faster than the default setting.
Alt Accounts
Alt Accounts are a very big problem when it comes to roblox, we as developers have no way in getting an identification from a player, meaning we cannot create a stable or reliable Alt system.
Well, I did some experimenting, fixed up a few scripts, had a ton of bath thoughts and programmed an algorithm capable of knowing if your account is an alt or not. (Hopefully, at least, it’s been reliable to what I can see.)
Just to clarify, this will is essentially “Noob Friendly” and will NOT be used as a possible sanction against a player, this will ONLY be used after the 4th-6th attempt of breaking the AntiCheat Violations, from there it will automatically handle the player.
Others
Now, I wont lie, there is a huge ammount of ServerSide AntiCheats out here, it's amazing to know the Community is so talented and will always push modules which will back people up, so in hopes that this AntiCheat isn't exactly good enough, maybe there fellas are!
Links
Game Link
A Demo Video
A poll to help people who come across the AntiCheat post quickly summerize developers’ oppinions!
Stable & Reliable
Unstable, Yet not terrible
It needs work
No point in an AntiCheat
0voters
I uh, I might of violated a rule in the T.O.S, if that’s the case then let me know via PM’s or a message on this post and i’ll resolve it quickly!
And, I had to make a few minor changes to the Alt Algorithm. It wasn’t configured correctly!
Anyone who tests the AntiCheat should receive the correct result.
And, to add ontop of this, the list of exploits, cheats below the Anti Alt board, is a list of exploit admins, for example; If you click on Infinite Yield; You’ll have the Infinite Yield exploiter admin show up!
After some analysis of the AntiCheat, often a few flags from the so called Height Acceleration I’ve spent some time into developing a more secure method, Hopefully this should not false flag you!
Again, this is a test to see if it will; From my own experience it hasn’t yet, but it’s testing so don’t be surprised if it get’s you!
And I totally forgot that the Anti Alt algorithm was still, well not okay. I’ve had to remake the configuration for it; Now you can see statistics when you attempt to run the algorithm.
Ahaha… Dare I say but, I think it is fixed?
Thank you all for testing! This place will still remain open for anyone else to test in the mean time!
Thank you!
Alrighty, was there anything else which was causing problems; Aside from the jumping on the ladder.
Any feedback is some feedback! Thanks
(When you jump off a ladder, the force pushing you back often triggers the Anti Velocity/Speed node; Which is false positive i’m still yet to fix. This is an known issue, sorry for having to deal with it)
Okay, So in this patch, i’ve gone through a million different things in order to retain optimization & security, i’ve made a shortlist below.
Added in official Mutex support for thread handling when it comes to computing the players state.
Added in true multi-threading using Roblox’s task library (sync, desync)
Wrote a patch for some engine code in order to make the above(multi-threading) work
Edited some more values in order to create a better bias for the anti cheats player punishment
Added in a system to ban players for a limited range of time, spanning to infinite when violating the anti-cheat
Fixed a million and one problems with general detections
Overall, I’m trying to make this AntiCheat efficient, fast and stable; I’ve tested the AntiCheat in places with massive maps (About 10GB in memory) and in very broken maps where physics is constantly being computed.
I’m glad to say that the anti-cheat will adapt to its environment.
I did also add in a few more commonly used Exploit Scripts/Admins so people can get a real feel for what a hacker can do, and what my AntiCheat stops.
On top of that, we have a short video of me just testing a bunch of things (This is me just testing quickly, in no way is this a thorough test!)
Not bad, not going to lie. The flying detection is incredible.
As you asked for honest feedback, I will still leave a few issues the system has down below:
A few false positives when jumping. I tried jumping a few times over the water and it teleported me back so I assume it detected that I was speeding even if I wasn’t.
InfiniteYield’s “cfly” isn’t patched . Yep, cfly isn’t detected. This will allow exploiters to fly perfectly fine. It only detects you when you uncfly. We had a hard time with this one too.
Noclip doesn’t work when you are invisible. When you make yourself invisible, detection won’t work.
A few false positives when jumping. I tried jumping a few times over the water and it teleported me back so I assume it detected that I was speeding even if I wasn’t.
A-Okay, I’ll crack down on this and see if I can reproduce it
InfiniteYield’s “cfly” isn’t patched . Yep, cfly isn’t detected. This will allow exploiters to fly perfectly fine. It only detects you when you uncfly. We had a hard time with this one too.
Noclip doesn’t work when you are invisible. When you make yourself invisible, detection won’t work.
These commands both remove your character from the server, you may think you’re flying, or your walking around. But you’re not, It’s only you who can see and hear things around you.
imagine these commands as a wacky way on doing Free Cam, they just edit client variables, and since your character isn’t doing anything crazy but standing still in the air (because that is what happens when you use the commands), the server cannot punish you for it
Another way on explaining it is, these commands do nothing on the server, however on the client it looks like you’re doing something
Bit of a quick patch, however, I believe this patch is somewhat important to the integrity and stability of the AntiCheat itself.
Now, what has been added to the AntiCheat is the following;
Network Ownership Calculation (I’m still wondering what I can do with this information… )
Remote Event protection, choose what remotes you want to run under the Infinity Remote Watchdog; A service to make sure you’re remotes are not being invoked alot;
Added many more settings to edit the heat of each player, the base and max of a player.
Added a Threading service to single all task Sync/Desync to one module.
30% Better performance update.
Overall, the main update here is that 30% jump performance-wise.
I also added Part-Ladders as @Proville6 Suggested! Thank you
I’ll be adding another poll relatively soon, as I’ve got thoughts about open sourcing this AntiCheat for the use of the general public!
Anyway, that is it for now; thanks for sticking around
In addition to the previous update, i’ve started progress on a really challenging environment and game for the AntiCheat, a clone of Ragdoll Engine by @mister_maggot216
I feel like this choice of game will much benefit the AntiCheat in ways other games wont be able to, as an example; Obbies are much more static, not many moving parts and the server most of the time isn’t doing much.
This clone of Ragdoll Engine will essentially make the server work quite hard while making my AntiCheat check for exploiters in the background, The goal of this AntiCheat is to work in any game, so a game as dynamic as this should support the AntiCheat.
Whew, over the past few weeks i’ve been collecting data from the new Ragdoll game i’ve developed & general usage from the awesome people who decide to join my game to test my AntiCheat
The following has been added;
Continued performance development.
Completely revamped settings, now the AntiCheat can be modified in any way you would like.
Constraint safe, you can now ragdoll with constraints allowing you to swing!
Anti layered-clothing exploits
Anti “Reanimation”
Anti Multi-Tool Crashing
You can no longer separate yourself from your character
Joints inside the player are now monitored carefully
Anti Remove Hats
And, I wanted to introduce a new technology i’ve discovered. I can now reliably detect when the player destroys an instance, not the server.
This is useful to know if the player is destroying a multitude of objects in their player etc.
Again, feel free to test the game; It will always be open to the public
A new optimisation I had put into place was causing all nodes to ignore any characters which existed on anticheat runtime, as we know this isn’t adequate and there are two solutions to this.
Force regeneration of all players, reload everyone’s character so everyone is in the system.
Update all nodes to accept the chance that the players character has spawned before anticheat runtime
Now the AntiCheat will attach to your current character, instead of waiting for a new character to spawn!
Heck, pretty rookie mistake