When it comes to building and deploying your awesome experiences in the Roblox Studio, what we often don't account for, is the probability that what we have done could be exploited in some way that could be damaging to not only you, your company but to the active playerbase.
This AntiCheat, AntiExploit, AntiBadPerson were programmed to defend against as much as possible while keeping the entirety of the code on the server, this allows us to always remain in control and help produce an awesome API that can be integrated into your game scripts!
However, it’s never that easy, and it shouldn’t ever be that easy, we’re on the server! And so because we’re on the server, we have to face the fact that latency can hit us hard, general replication issues can also boof us, and a ton of other little insecure things can help us dig our own grave.
So, in hopes of bringing up a unique and reliable AntiCheat, I have turned to DevForums in order to test the AntiCheat. Of course, I can test it myself, and I have plenty of times, however, if a bigger audience decided to spend 5 minutes at max just running some simple tests, you could give me feedback which can help improve the AntiCheat on a massive scale!
So, my question to you is; Will you help me on my quest to produce a freakin stable server-side AntiCheat?
Below are the things the AntiCheat tries to defend the server against, it is important to note that most of the nodes seen below can easily be edited via the settings.
Running potentially bad or inappropriate animations through their local character.
Anti Character Manipulation
Removing critical parts such as HumanoidRootPart or limbs attached to the player
Stops the spoofing of a Humanoid
Jump Power Manipulation
Changing their JumpPower/Height to gain an unfair advantage when playing certain types of games.
Possibly infinite jumping (This isn’t an active detection, but some other nodes might come in and do this job.)
Disabling collisions for seemingly most objects when faced with the characters front.
A player starts to spin at an incredible rate in order to try and push player characters into a certain location or attempt to make them “fling” off.
A player attempts to fly to where ever they want, ignoring Roblox physics and pushing into possibly secret locations
When a player walks on air, ignoring the falling state, this is especially bad in Roblox obbies where exploiters can walk over to the finish line.
When the player boosts their velocity in a way that makes them walk, run faster than the default setting.
Alt Accounts are a very big problem when it comes to roblox, we as developers have no way in getting an identification from a player, meaning we cannot create a stable or reliable Alt system.
Well, I did some experimenting, fixed up a few scripts, had a ton of bath thoughts and programmed an algorithm capable of knowing if your account is an alt or not. (Hopefully, at least, it’s been reliable to what I can see.)
Just to clarify, this will is essentially “Noob Friendly” and will NOT be used as a possible sanction against a player, this will ONLY be used after the 4th-6th attempt of breaking the AntiCheat Violations, from there it will automatically handle the player.
Now, I wont lie, there is a huge ammount of ServerSide AntiCheats out here, it's amazing to know the Community is so talented and will always push modules which will back people up, so in hopes that this AntiCheat isn't exactly good enough, maybe there fellas are!
A Demo Video
A poll to help people who come across the AntiCheat post quickly summerize developers’ oppinions!
Stable & Reliable
Unstable, Yet not terrible
It needs work
No point in an AntiCheat
I uh, I might of violated a rule in the T.O.S, if that’s the case then let me know via PM’s or a message on this post and i’ll resolve it quickly!
And, I had to make a few minor changes to the Alt Algorithm. It wasn’t configured correctly!
Anyone who tests the AntiCheat should receive the correct result.
And, to add ontop of this, the list of exploits, cheats below the Anti Alt board, is a list of exploit admins, for example; If you click on Infinite Yield; You’ll have the Infinite Yield exploiter admin show up!
Alrighty, was there anything else which was causing problems; Aside from the jumping on the ladder.
Any feedback is some feedback! Thanks
(When you jump off a ladder, the force pushing you back often triggers the Anti Velocity/Speed node; Which is false positive i’m still yet to fix. This is an known issue, sorry for having to deal with it)
Okay, So in this patch, i’ve gone through a million different things in order to retain optimization & security, i’ve made a shortlist below.
Added in official Mutex support for thread handling when it comes to computing the players state.
Added in true multi-threading using Roblox’s task library (sync, desync)
Wrote a patch for some engine code in order to make the above(multi-threading) work
Edited some more values in order to create a better bias for the anti cheats player punishment
Added in a system to ban players for a limited range of time, spanning to infinite when violating the anti-cheat
Fixed a million and one problems with general detections
Overall, I’m trying to make this AntiCheat efficient, fast and stable; I’ve tested the AntiCheat in places with massive maps (About 10GB in memory) and in very broken maps where physics is constantly being computed.
I’m glad to say that the anti-cheat will adapt to its environment.
I did also add in a few more commonly used Exploit Scripts/Admins so people can get a real feel for what a hacker can do, and what my AntiCheat stops.
On top of that, we have a short video of me just testing a bunch of things (This is me just testing quickly, in no way is this a thorough test!)
A few false positives when jumping. I tried jumping a few times over the water and it teleported me back so I assume it detected that I was speeding even if I wasn’t.
A-Okay, I’ll crack down on this and see if I can reproduce it
InfiniteYield’s “cfly” isn’t patched . Yep, cfly isn’t detected. This will allow exploiters to fly perfectly fine. It only detects you when you uncfly. We had a hard time with this one too.
Noclip doesn’t work when you are invisible. When you make yourself invisible, detection won’t work.
These commands both remove your character from the server, you may think you’re flying, or your walking around. But you’re not, It’s only you who can see and hear things around you.
imagine these commands as a wacky way on doing Free Cam, they just edit client variables, and since your character isn’t doing anything crazy but standing still in the air (because that is what happens when you use the commands), the server cannot punish you for it
Another way on explaining it is, these commands do nothing on the server, however on the client it looks like you’re doing something
In addition to the previous update, i’ve started progress on a really challenging environment and game for the AntiCheat, a clone of Ragdoll Engine by @mister_maggot216
I feel like this choice of game will much benefit the AntiCheat in ways other games wont be able to, as an example; Obbies are much more static, not many moving parts and the server most of the time isn’t doing much.
This clone of Ragdoll Engine will essentially make the server work quite hard while making my AntiCheat check for exploiters in the background, The goal of this AntiCheat is to work in any game, so a game as dynamic as this should support the AntiCheat.