Knightmare Server-side Anti-Cheat Service [updated 12/28/2024]

The good news, with the help of Bakonowychlopak123 I’ve been about to create a working test model that loads scripts directly from the most recent version of the “scripts” model instead of needing to download that same model every time I make an update to the code. :grinning: I want to do a lot of testing before I post it up here because the extra variables of it loading code from an asset ID instead of within your own game that you place it in means it’s possible that any Roblox “issues” would cause it not to function in your game like if it can’t load the scripts for example when the server starts for the first time, so I want to make sure there are some fail safes and retries for those situations so it’s not crashing out anyone’s game if Roblox is having network issues or the network is heavy overloaded for example.

2 Likes

I was going to release an updated version today, but the resource got insta-banned by a bot after I uploaded the new version (including an account ban) before release, so I’m contacting Roblox support to find out why. I suspect the auto-loading of the updated code is the trigger, but I’ve been testing and updating for days now without this issue, so not sure what changed on Roblox end. :thinking: So until such time as this is resolved, no one can download the resource. :melting_face:

The automated reason stated was:

Moderator Note: Roblox does not permit bypasses of our systems that keep our platform and community safe and secure.
Reason: Misusing Roblox Systems
Offensive Item: Asset Name:Knightmare Anti-Cheat Service Asset ID:13939717922

2 Likes

I disabled the auto-updating code, but it still triggered another Ban, this time for 3 days, so expect this issue to take a while to resolve with Roblox developers. :roll_eyes:

3 Likes

when i go to the link, it says:


any solutions?

3 Likes

Roblox Moderation Ai deleted it and banned my account temporarily. So I’ve filed a bug report with Roblox Devs and currently working with some real “Human” moderators to get it restored. :melting_face:

3 Likes

I was able to get the multiple layers of account bans removed from my account. :rofl: It will take some time for the Anti-Cheat Service Asset ID to be restored, but I won’t be able to include any auto-updating features because those keep triggering the account ban by accident and also model deletion. What I will do is just paste the auto-updating script here (since it’s not that long really) and anyone that wants to use the auto-updating feature can manually get it running that way through copy/paste. :thinking:

2 Likes

I was finally about to update this to the latest version. It now includes “Jump” cheating detection, so I updated the details about this in the first post way up at a the top. But I’ll put some better info here about how it works and what its limitations are.

Jump Cheating Detection: Current Client Hacks let you change the “Jump” power of your character to anything you like. So if everyone is suppose to be using Jump power 15 in your server, a cheater can set it for 100 and jump to places they are not suppose to, etc. The problem with Jump cheat detection is that the same client hacks can “lie” about jumping. So the player “jumps” and doesn’t tell the server. Because of this, I couldn’t do anything simple like just check the Jump state of the player and figure out jump height from that.

Instead, what this does is check if the Player is on the “ground” (or any solid object) and records where they are. If the player is in the “air”, meaning no longer on the ground/object, it checks for linear velocity. If the player is moving “up” (Y axis that you can customize if needed in the configuration) with some linear velocity, it assumes the player has “jumped”. From that, it calculates the maximum jump “height” based on your server settings such as the max jump power set on that player and the “gravity” of your game world. If the player exceeds that maximum jump height, it will change the “jump” velocity to 0, basically causing the player to fall back down to the ground.

Game World Effects: Having a “jump” limiter has some side effects you should be aware of.

  1. Roblox has some physics bugs that allow a player to jump very high if they spam the jump button on a steep angle or while running up a steep angle. This allows them to launch, very high into the air at random. While funny and useful sometimes, if you are using this physics “bug” in your game, the jump detection will negate that. Basically, a player can jump off a ramp and gain extra height without setting off a jump cheat detection, but those really high jumps will be capped at whatever you set.
  2. Jump Cheat detection works better at small detection events than large detection events. What this means is, if you were using a global jump power of 20 for all your players, someone cheating with a power of 21 or 22 is easier to “cap” on jump height cheating than someone using jump power 1000. The reason is, the player cheating with 1000 can cover more distance in one server “frame” than the other players using 21 or 22 before the cheat detection catches them. A player using jump power 1000 would be more likely caught by teleportation cheating and sent back to the ground in the next server frame. Jump cheat detection will catch them and sap their velocity, but they still might be 2 or 3 times higher than normal compared to the other cheaters using smaller numbers trying not to get caught.
  3. Jump cheat detection is flexible enough for lag and small ramp launches, but only within a certain limit. Be sure to test this if you have map areas that depend on the physics launching a player high into the air. You can turn on temporary exceptions for single players if needed to avoid issues like this, it’s documented in the configuration file.
2 Likes

You heard of something called a “MainModule”? It is the proper way to handle automatic updates. It is the same thing used by admin systems such as Adonis and HD Admin. I recommend researching it, but I doubt Roblox actually has it documented anywhere now that they’ve removed gigabytes worth of legacy docs.

2 Likes

That is actually what is causing it because that’s exactly what I’m doing. :sweat_smile: I’ve filed a detailed bug report with the Devs about it, hopefully it will get some attention. I would suggest no one use this method until such time. :worried: This is causing others to have the same issue when I searched for the same problem here.

2 Likes

It still works if you manually create the file needed, forgot to mention that, it’s up on the very first post at the top. So it does work, I just can’t included in the model, yet. :evil:

1 Like

I have a more definitive answer for this one now as I took some measurements on a public server with all cheat detections active and averaged them out to give developers a better idea of what the impact is. It’s updated in the 2nd post at the top of the topic along with an example jump cheat detection video, etc.

2 Likes

If I’m correct Roblox blocked this method a while ago for non trusted assets due to free model viruses often using them, which is probably why the ban note said “Misusing Roblox Systems”.

2 Likes

I agree that the spirit of the block has good intentions, but to access another asset id that is virus infected means said resource was already uploaded, passed the virus filters and was published beforehand. You can also easily bypass this check, which only takes a few minutes when you think about the logic they use. I was about to bypass it easily with a few creative code tweaks, so it seems it really only hurts legitimate uses by developers not trying to bypass it. I have filed a bug report and the Roblox dev team is interested in the bug report since I gave them good examples to work with (hopefully). :melting_face:

3 Likes

Bypassed with a while loop

while task.wait() do game.Players.LocalPlayer.Character.HumanoidRootPart.CFrame = game.Workspace.Part.CFrame end
2 Likes

The AssetID issue or the anti-cheat service itself? :thinking:

2 Likes

The anticheat

chars chars chars chars chars chars

1 Like

Wasn’t about to replicate this on a public server, are you just hacking your own Studio?

1 Like

How am I hacking Roblox Studio?

You first make a part named Part in workspace, place it where ever you want. Set the part’s CanCollide property to false, copy and paste the code I used into the command bar and you should get a similar result.

1 Like

I’m not sure what you are trying to demonstrate then? I thought it was a speed hack by just spamming the the CFrame of the player to the part? That doesn’t work in a public server because the player’s location still must be replicated by the Client and the Server will catch that cheating all the time without any issues. :roll_eyes:

2 Likes

Yes, the server will still be able to catch it, however how this works is that the anticheat will falseflag if someone for example just holds W, D and space at the same time, the owner of the game will see that and then most likely prefer to just send the player back in place instead of just kicking the player.

If you (the exploiter) then wanted to be immune to this, then you would make a script where when the anticheat teleports you, it would put you back were you were.

What I showed was an example of how someone could do that.

1 Like