Knightmare Server-side Anti-Cheat Service [updated 10/22/2024]

Okay, but I still don’t understand the problem, it’s 25 seconds, less than half a minute, 25/60 of a minute, it’s no big deal, you can live by spending 25 seconds copy-pasting this

Hey! Nice anti-exploit. From what I can tell, it’ll do a good job at preventing movement based exploits. However, I have some critiques of how the anti-cheat itself operates.

  1. Everything is in a big script.
    With everything being in one big script, it is quite clustered, and hard to modify to specific needs. Additionally, making updating will be a hassle, especially if there is a change in configuration.
  2. Speaking of updates, a possible solution to this could be using a modular approach to this.
    Like most modern game administrative systems (Kohls, Adonis, etc), most of the systems use require(assetId) in order to provide real time updates to their services without people needing to re-insert and reconfigure the system. I personally do this with my own commercial anti-cheat, and I find it works quite well.
  3. The internal logic could be further optimized.
    This anti-cheat does have some great optimizations present, however, there are some issues with it. Some of these issues are the sheer number of if else statements that are ran every 0.25 seconds, which can cause a large amount of stress on the server. Another issue I found was the vast amount of coroutines being created and used each “service step”. One solution to this could be preloading all systems that need to be executed into a table, and calling them each frame (to reduce the number of if statements used).
  4. There are a few “vulnerabilities” present in the system.
    While this system does not have any serious vulnerabilities (such as free admin), it does expose some internal components to the client. Specifically, the attributes that get set to flag exploiters can be read from the client. This means that people could automatically detect the presence of your exploit, and actively load systems to bypass it (example: fine-tuned movement hacks). This can be easily prevented by storing all relevant data in a table that is not exposed to the client.

Overall, your anti-cheat is a useful resource at preventing movement exploits. It just has a few small flaws that if fixed, could make it’s functionality even greater. If you’d like some help implementing my suggestions / critiques, feel free to PM me.

Edit was to fix typos.

3 Likes

I’m glad that this can be useful for so many. I thought I would only benefit from it, but I see now there is an interest in some basic anti-cheats to help combat all the more blatant cheating in games. For that reason, I’m going to look at creating a dedicated “service” for this that will be easier to install, update, and configure using the feedback in this topic. I have a few ideas to streamline the installation and maintaining updates of this so developers can spend more creative time on their projects and less time trying to figure out what all the cheaters are doing. :sweat_smile:

5 Likes

I updated the first post, so now installing the service is just downloading the model and setting up the configuration file to enable it. Any future updates won’t require you to re-do your configuration or custom cheat punishments. :sweat_smile:

2 Likes

Another update today to address my own coding mistake with regards to others using the custom punishment module. If you create your own custom punishment, I (by habit I guess), used the default module name “Module” which others probably use too. Trying to create your own custom punishment might conflict, so I re-worked the anti-cheat service to use “KMModule” instead. This only affects you if custom punishments have already been created under the old template. The new template will have this simple code change in it, so it should be as simple as comparing the two files “KnightmareCustomPunishment” to fix this. Otherwise with the new update, if your old custom punishment is still using “Module”, the anti-service will not start because it will be expecting the KMModule instead. Thanks to the others here that brought that to my attention, better to fix it now than to run into this later for other devs. :sweat_smile:

[edit] You may have to copy some configuration settings from your old file to this new version it seems, again, related to the name of the default Module. Once you get that updated, you should not have to hopefully make any more changes to your config or custom rules for future updates as they should only go the service itself. :melting_face:

1 Like

FINALLY, no more copy paste

huh? what do you mean by the “easy route”?

1 Like

Using an external service requires more accounts, works, etc. and since this is only a simple service and not something super complex, using github is probably overkill. Better to keep it within the Roblox forums where it is easier to interact with people using it.

3 Likes

The most recent update changelog. Since no changes to the configuration file or custom punishment file is needed, you can download the model again and just overwrite the “KnightmareAntiCheatService” script from the new model to finish your update.

7/27/2023

  • Rework soft punishments to avoid conflicting with each other if a player is doing
    multiple cheats at the same time to avoid the yo-yo affect on them. While it is funny
    to watch the cheater yo-yo around, if it happens to a player via false detection
    it’s not so fun. :frowning:
  • Gravity direction for Fly Cheating detection now supports the X and Z axis with the
    Y axis still the default. This helps games that don’t have players falling down the
    Y axis to avoid doing a code hack to make it work every update.
2 Likes

suggestion:
instead of having to redownload your entire anti cheat make it compatible with a function called “require” it will basicially auto update with your latest version of anti cheat every each time you update model of your anti cheat

example usage:

require(13939717922)({
  CustomPunishment=function()
      --do something for custom punishment
  end,
  MaxAllowedWalkSpeed=20,
  MaxAllowedJumpPower=100,
})

I think you get it what i mean your module just needs update to support “require” function

tutorial how to do it cuz im too lazy to explain it: https://www.youtube.com/watch?v=KaWoN6bXnvU

in your case you want to do this on MainModule:

return function(config:{CustomPunishment:()->nil,MaxAllowedWalkSpeed:number,MaxAllowedJumpPower:number})
      --do something here to activate the anti cheat maybe like parent the server script to ServerScriptStorage
end

UPDATE: i just made my own version of your anticheat and its require version
all you need to do is just drag and drop this into studio then right click and “save to roblox” then it will display numbers and all you need to do is copy those numbers then do this

require(copiednumbershere)({
    knightmarePunishSpeedCheater=function(oPlayer, oLastPlayerPosition)
		warn(oPlayer,oLastPlayerPosition,"grrr speed cheater")
	end,
	speedCheatDetectionEnabled = true,
	sendSpeedCheaterBack=false,
})

this will print “grrr speed cheater” every each time someone walks faster than 16-20 walkspeed
knightmare anticheat.rbxm (15.3 KB)

1 Like

Do you mean it will pull the scripts directly from the model that is on the Roblox servers at the latest version or it will pull the function from those scripts directly from the model directly from the Roblox servers?

1 Like

i dont know what do you mean but

Do you mean it will pull the scripts directly from the model that is on the Roblox servers

yes every each time you update the model it will always pull latest version but it must be named “MainModule” and it must return something like a function or function in a table so you can launch your anticheat like that by passing config to that function and then that function launches your anticheat

it will automaticially download latest version of asset id 13939717922 and then it will work only if your ModuleScript is named “MainModule” then it returns functions from that ModuleScript (depending on what you do in that modulescript like if you do return 1 then its gonna return number if your gonna do return function then it returns functiont that can be called like this require(13939717922)(“args”) if you return {test=function()end} it can be called like this require(13939717922).test(“args”)

1 Like

Ok, I will certainly do some testing with this because it would make it easier to update the engine part this way if devs only need to download the model once to get the template setup and not have to worry about future updates that need them to re-download the model just to copy over a single script. I like stuff that can auto-update :grinning:

1 Like

This is very useful, I really want to use this in the games I’m planning to make.
However, I have a few questions.

  1. How much will this impact performance? On a game as heavy as Jailbreak for example, will you notice the difference in performance that comes with running the script?
  2. If I have admin commands in my game, which allow me to increase speed, fly or teleport, will this script then prevent me from performing that action? If so, could you implement a feature to whitelist certain people?
  3. Could you add detection for jump height changes too? I want to make an obby game, and it would be useful there.
4 Likes
  1. I did test a few of those myself a while back, so my memory is a little fuzzy and not be exactly, but basically for every 15 players in the game, using all the options (anti-run, fly, teleport), it’s about a 1% hit on the CPU of the server, but it’s not linear because if everyone is standing still, it’s nearly 0% and if all 15 are running around like crazy, it can toggle between 1% and 2%. The scripts are setup to avoid latency stacking in the code, which means if the server becomes bogged down to where it can’t run a check every 0.25 seconds, it will “skip” them until it can. So a server that is under a heavy CPU load can technically be missing some cheating if it is maxed out. I have tested it myself by purposing making scripts that were out of control and eating all the server CPU just to see what would happen and it surprisingly had little effect on stopping me from cheating.

  2. There is already a feature to disable those checks on single players with a local variable set on the player object (not in game model). So if you want to fly and teleport through walls without being flagged, it is possible and I even use it myself to debug my games just for that very reason. :grinning:

  3. While it doesn’t have an official jump height detector, I’ve found that the teleport cheating seems to catch this when used on the extreme. So if a player is only ever using the default jump power and then they hack it to 500, they “jump” so fast that it often triggers the teleport cheating. I’ll look into it though as it can be useful to have something that is tailored more to monitoring how the player jumps than depending on the “teleport” detection finding on the most extreme cheaters vs. the ones that just increase jump power by 50% instead of 500% for example.

Sorry about the long delay, was banned for a while from here…

1 Like

Another update to the service. Rework the player attributes to use private attributes stored on the ServerScriptService which is not accessible to Clients. This adds additional security and also cuts down on a lot of unnecessary replication traffic between the server and client by -80%! :money_mouth_face:
You need only download the model again and just overwrite the “KnightmareAntiCheatService” file over-top of your existing one or just rename your old one, your choice. No configuration changes needed. :sweat_smile:

Jump Cheat detector will be the next future addition to this anti-cheat service. It will take a while to setup and test because Jump cheating has a lot of variable to account for such as player running up a ramp and jumping that will increase jump height and not cheating along with a lot of other math based formulas that need to be created to make it work well on the server when it can’t trust the client. :melting_face:

2 Likes

Just a suggestion: If it isn’t already, you could convert it into a package, which is much easier for consuming and also you publishing updates!

It would allow people to auto-update on publish too, which I’d be more comfortable with than auto-download and deployment of such critical third party code. That’s just my unsolicited opinion.

I personally haven’t used the anti-cheat, just here to give this tip.

1 Like

I have not had the time to research how the package process works in Roblox as I assumed it was only for your own projects or team, but you are saying that a Package can be made public so that anyone can use it the same way, basically when it gets updated, everyone using it gets updated automatically? I was looking at the using the script pulling method on models as a way to simulate that kind of “auto-updating” but I like the package process much better and would actually prefer it that way if possible.

2 Likes

Yes, but for packages to auto update when you publish you need to enable it on the PackageLink under the package. And yes you can share packages, I think I remember Roblox’s dev modules being packages too, at least a few of them. They’d be good examples.

1 Like

Thanks for the links, I got a lot of reading to do then. :melting_face:

3 Likes

Well, after all that work, come to find out you can’t make them public. :face_exhaling: So it is still restricted to groups and owners. If in the future they allow this, you can bet I will do it that way!

1 Like