The client-server physics truth model

This is just an idea I had while pondering about my own anticheat, so I’m writing it here for my own future reference.

Intro

So, there’s a problem with rampant cheating across Roblox, with developers having access to limited means of preventing common cheat scripts.

My own anticheat is not accurate enough, no matter what I do to improve its accuracy, and it even fails to account for physics glitches, explosions, character ragdolling, trampolines, etc.

So, I had an idea for a system where a client could essentially tell the server what the player was doing, and then the server will simulate what that client did to see if it arrives at the same result.

Details

How it would work is the server will keep track of what it replicated to a given client in the past few seconds, along with a virtual simulation of what the client sees at any given time.

As the real client receives replication packets and does its simulations, it will send back a log packet containing a list of packets it received from the server, and a list of physics frames and their delta-times since the last log packet.

Once the server receives the log packet, it will use the log to advance its own simulated version of that client, and collect the simulated incoming physics replication packets.

It will then compare the simulated incoming packets with the real incoming replication packets, and if they don’t match, it will force the real client to reconnect, or something.

Truth Model

This accounts for lag in that the client will tell the server which packets it received, which allows the server to figure out what the client saw at any given frame and how it reacted to what it saw, while nuking most cheats in existence, forever, as the server is constantly checking that the client is behaving like a normal client through a truth-based system.

However, the integrity of the packets should be kept in mind while implementing this system. It would be suspicious if a client isn’t reporting some packets for a long time, or if it’s reporting packets the server never sent, or if it’s reporting strange delta-times in the frame logs.

Another hole in this system is the client still knows where everything is, so some client-side-only cheats could still be used, such as x-ray cheats and aimbots, but that’s about it.

1 Like