Upvote Upvoted 26 Downvote Downvoted
[StAC] - anticheat plugin
posted in Projects
1
#1
Spaceship Servers
0 Frags +

Hi

I've been pretty good at catching cheaters for a long while now. I originally started learning about how to spot cheaters and exploiters and whatever else in tf2 a couple weeks after i played on my first steel highlander team with Miggy, god bless him. He at the time was developing an anticheat plugin called "IntegriTF2", which he claimed (correctly!) would catch some cheaters.

Fast forward to a few months ago, I began to write a small sourcemod plugin that checked players' interp and other basic net settings, forked off IntegriTF2, to make sure that they weren't exploiting or cheating for RGL, as I was at that time a part of their anticheat team. As I went on, eventually splitting with RGL, it began to become more of a full blown anticheat as opposed to a smallish one-off sorta deal.

i feel like it is now stable enough to release to the public, seeing as how it runs on my servers (which are mildly active) as well as other server networks which i help develop for.

Meet StAC- Steph AntiCheat - because i am uncreative and slightly egotistical enough to name it after myself

So far on my servers alone, it has banned >30 people, of which I randomly look through demos of, and further conclude to be cheating.

False positives are always a possibility, though I've tried my best to make them as rare as i possibly can.

List of features (keep in mind some of these aren't necessarily just for cheating, for example, the turn bind test was written to help enforce rgl's bans on turn binds, but it defaults to disabled):

https://i.imgur.com/21bk7vh.png

Most notable of these is the Silent Aim detection, which 99% of people who are cheating use to aimbot, and it has caught the most people out of all the detection methods.

This plugin is still in development, and new detection methods are added as I figure out ways to write them.

Check it out here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2
^^^^^

report bugs here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2/issues
^^^^^

<3

Hi

I've been pretty good at catching cheaters for a long while now. I originally started learning about how to spot cheaters and exploiters and whatever else in tf2 a couple weeks after i played on my first steel highlander team with Miggy, god bless him. He at the time was developing an anticheat plugin called "[url=https://github.com/Miggthulu/IntegriTF2]IntegriTF2[/url]", which he claimed (correctly!) would catch some cheaters.

Fast forward to a few months ago, I began to write a small sourcemod plugin that checked players' interp and other basic net settings, forked off IntegriTF2, to make sure that they weren't exploiting or cheating for RGL, as I was at that time a part of their anticheat team. As I went on, eventually splitting with RGL, it began to become more of a full blown anticheat as opposed to a smallish one-off sorta deal.

i feel like it is now stable enough to release to the public, seeing as how it runs on my servers (which are mildly active) as well as other server networks which i help develop for.

Meet StAC- Steph AntiCheat - because i am uncreative and slightly egotistical enough to name it after myself

So far on my servers alone, it has banned [url=https://steph.anie.dev/bans/index.php?p=banlist&advSearch=0&advType=admin]>30 people[/url], of which I randomly look through demos of, and further conclude to be cheating.

False positives are always a possibility, though I've tried my best to make them as rare as i possibly can.

List of features (keep in mind some of these aren't necessarily just for cheating, for example, the turn bind test was written to help enforce rgl's bans on turn binds, but it defaults to disabled):

[img]https://i.imgur.com/21bk7vh.png[/img]

Most notable of these is the Silent Aim detection, which 99% of people who are cheating use to aimbot, and it has caught the most people out of all the detection methods.

This plugin is still in development, and new detection methods are added as I figure out ways to write them.

Check it out here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2
^^^^^

report bugs here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2/issues
^^^^^

<3
2
#2
14 Frags +

no it ban me for interp abuse and kick me often for it

no it ban me for interp abuse and kick me often for it
3
#3
21 Frags +

What would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.

What would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.
4
#4
Spaceship Servers
3 Frags +
Gabinono it ban me for interp abuse and kick me often for it

the first issue here was fixed like 2 months ago and the second issue youre talking about was fixed in 3.1.0

_KermitWhat would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.

honestly it's a holdover from rgl, which at least when i was there, banned pingmasking

i'll add a cvar for it and default it to off in the next commit though
added
https://github.com/stephanieLGBT/StAC-tf2/commit/9a26cd0c00c5267af225fe39f61bb01c350fe3a5

[quote=Gabino]no it ban me for interp abuse and kick me often for it[/quote]
the first issue here was fixed like 2 months ago and the second issue youre talking about was fixed in 3.1.0

[quote=_Kermit]What would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.[/quote]
honestly it's a holdover from rgl, which at least when i was there, banned pingmasking

[s]i'll add a cvar for it and default it to off in the next commit though[/s]
added
https://github.com/stephanieLGBT/StAC-tf2/commit/9a26cd0c00c5267af225fe39f61bb01c350fe3a5
5
#5
46 Frags +

you cant cheat on vac secured servers whats the point

you cant cheat on vac secured servers whats the point
6
#6
0 Frags +
wolsneWhile I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

[quote=wolsne]While I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.
7
#7
4 Frags +
ondkajawolsneWhile I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.
Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

??

[quote=ondkaja][quote=wolsne]While I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.[/quote]

??
8
#8
tf2pickup.org
3 Frags +
wolsneondkajawolsnesnip
Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.

By preventing cheats, you introduce more talented people to make better cheats to circumvent those securities. By making yours open source, you allow people to people to see how it works, meaning that there's 2 outcomes:

  1. You allow people to develop it further, making it even better
  2. You allow people to find ways around it


Making this open source is not a bad idea, it's those who say they're using this is where that'll be a bad idea.

[quote=wolsne][quote=ondkaja][quote=wolsne]snip[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.[/quote]

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.[/quote]
By preventing cheats, you introduce more talented people to make better cheats to circumvent those securities. By making yours open source, you allow people to people to see how it works, meaning that there's 2 outcomes:
[olist]
[*] You allow people to develop it further, making it even better
[*] You allow people to find ways around it
[/olist]
Making this open source is not a bad idea, it's those who say they're using this is where that'll be a bad idea.
9
#9
5 Frags +
wolsneondkajawolsnesnip
Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.

Having the source code is more like having the blueprints to a lock than the keys. If the lock is a bad lock, then having the blueprints will make it easier for an attacker to bypass it, but if it is a good lock, it doesn't matter whether the attacker has the blueprints or not. Hiding the implentation behind layers of obfuscation is called security through obscurity and is generally considered a bad practice as it allows security flaws to stay present for longer than if the implementation could openly be scrutinised by everyone. Not only malicious hackers can look at the source code and find flaws in the code, anyone can.

As for the open-source discussion. Companies defintely don't frequently develop open-sourced software compared to how often they develop proprietary software. Almost all software I have installed on my computer is proprietary software. The reason for this is simply to make more money and prevent theft of code, not to enhance the security.

[quote=wolsne][quote=ondkaja][quote=wolsne]snip[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.[/quote]

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.[/quote]

Having the source code is more like having the blueprints to a lock than the keys. If the lock is a bad lock, then having the blueprints will make it easier for an attacker to bypass it, but if it is a good lock, it doesn't matter whether the attacker has the blueprints or not. Hiding the implentation behind layers of obfuscation is called security through obscurity and is generally considered a bad practice as it allows security flaws to stay present for longer than if the implementation could openly be scrutinised by everyone. Not only malicious hackers can look at the source code and find flaws in the code, anyone can.

As for the open-source discussion. Companies defintely don't frequently develop open-sourced software compared to how often they develop proprietary software. Almost all software I have installed on my computer is proprietary software. The reason for this is simply to make more money and prevent theft of code, not to enhance the security.
10
#10
-4 Frags +

society isn't ready for this anticheat, nice stuff steph

society isn't ready for this anticheat, nice stuff steph
11
#11
Spaceship Servers
16 Frags +

StAC has been finally publicly released with version 5.0. Check it out here:

https://forums.alliedmods.net/showthread.php?t=332794
https://github.com/sapphonie/StAC-tf2
https://www.reddit.com/r/tf2/comments/nq61u0/stephs_anticheat_50_public_release/

StAC has been finally publicly released with version 5.0. Check it out here:

https://forums.alliedmods.net/showthread.php?t=332794
https://github.com/sapphonie/StAC-tf2
https://www.reddit.com/r/tf2/comments/nq61u0/stephs_anticheat_50_public_release/
12
#12
-1 Frags +

i have a slight feeling this will occasionally ban players with really crappy/inconsistent internet connections but most games anticheat does that so its a good trade off imo.

i have a slight feeling this will occasionally ban players with really crappy/inconsistent internet connections but most games anticheat does that so its a good trade off imo.
13
#13
Spaceship Servers
6 Frags +
Tholei have a slight feeling this will occasionally ban players with really crappy/inconsistent internet connections but most games anticheat does that so its a good trade off imo.

Naw. I've tuned it over months to ignore laggy players - take a look here and here if you want to see how specifically it does this.

TLDR, checks clients to make sure they're not repeating usercmds or sending them out of order, and that alone filters out 99% of ppl with shitty internet. checks if any angles are 0.0, and checks approximate client command rate after that, just in case.

[quote=Thole]i have a slight feeling this will occasionally ban players with really crappy/inconsistent internet connections but most games anticheat does that so its a good trade off imo.[/quote]

Naw. I've tuned it over months to ignore laggy players - take a look [url=https://github.com/sapphonie/StAC-tf2/blob/master/scripting/stac/stac_onplayerruncmd.sp#L167-L194]here[/url] and [url=https://github.com/sapphonie/StAC-tf2/blob/master/scripting/stac/stac_onplayerruncmd.sp#L967-L991]here[/url] if you want to see how specifically it does this.

TLDR, checks clients to make sure they're not repeating usercmds or sending them out of order, and that alone filters out 99% of ppl with shitty internet. checks if any angles are 0.0, and checks approximate client command rate after that, just in case.
14
#14
13 Frags +

so is this gonna be used by RGL? i would hope they do something instead of letting tons of cheaters run rampant in lower divs

so is this gonna be used by RGL? i would hope they do something instead of letting tons of cheaters run rampant in lower divs
15
#15
6 Frags +

maybe you fixed it by now but I remember a few months ago this plugin considered rocket jumping to be 'aimsnap detections' or something

maybe you fixed it by now but I remember a few months ago this plugin considered rocket jumping to be 'aimsnap detections' or something
16
#16
-1 Frags +

thx

thx
17
#17
5 Frags +

How do turn binds fuck up hitboxes?

How do turn binds fuck up hitboxes?
18
#18
7 Frags +
YeeHawHow do turn binds fuck up hitboxes?

Yeah I agree the way banning turnbinds is handled is kinda dumb. Some people with really low sens use turnbinds when strafing and turnbinds in general are cool. Banning it based on seconds spent turning is dumb. Couldn't you instead put a limit on yawspeed? As I understand the whole point of the rule against it is that you can make a +right yawspeed 99999 bind that makes you very hard to hit on sniper

[quote=YeeHaw]How do turn binds fuck up hitboxes?[/quote]
Yeah I agree the way banning turnbinds is handled is kinda dumb. Some people with really low sens use turnbinds when strafing and turnbinds in general are cool. Banning it based on seconds spent turning is dumb. Couldn't you instead put a limit on yawspeed? As I understand the whole point of the rule against it is that you can make a +right yawspeed 99999 bind that makes you very hard to hit on sniper
19
#19
7 Frags +

I'm very sure tviq used to abuse the +left/right and high yawspeed back in the day.

I do wonder though, is there a difference between high yawspeed +left/right, and sensitivity 50 and spinning with your mouse?

I'm very sure tviq used to abuse the +left/right and high yawspeed back in the day.

I do wonder though, is there a difference between high yawspeed +left/right, and sensitivity 50 and spinning with your mouse?
20
#20
Spaceship Servers
3 Frags +
turbochad69maybe you fixed it by now but I remember a few months ago this plugin considered rocket jumping to be 'aimsnap detections' or something

Yeah, I've reworked it several times since then, it used to be based on shitty SMAC logic. It detects only on players who have "spikes" (e.g. snaps) in their viewangle delta (changes) surrounded on both sides by negligible angle changes - see logic here: https://github.com/sapphonie/StAC-tf2/blob/c6b6ec48847463360cca2b768561ba08c2745b84/scripting/stac/stac_onplayerruncmd.sp#L708

ReeroYeeHawHow do turn binds fuck up hitboxes?Yeah I agree the way banning turnbinds is handled is kinda dumb. Some people with really low sens use turnbinds when strafing and turnbinds in general are cool. Banning it based on seconds spent turning is dumb. Couldn't you instead put a limit on yawspeed? As I understand the whole point of the rule against it is that you can make a +right yawspeed 99999 bind that makes you very hard to hit on sniper

Honestly, the logic for turnbinds has remained basically unchanged in the plugin since 2019, when I was making StAC as a plugin to be run on all RGL servers, because RGL has a rule against it. It currently has no checks for yawspeed or anything else, but that could definitely be implemented, because I agree that there's no reason to blanket ban all turn inputs - which is why it's defaulted to never even check for them unless explicitly set with the cvar.

_KermitI'm very sure tviq used to abuse the +left/right and high yawspeed back in the day.

I do wonder though, is there a difference between high yawspeed +left/right, and sensitivity 50 and spinning with your mouse?

Technically yes, in regards to usercmd differences, but practically no. StAC has a check for spinbotting, but it (almost) never detects on legit players (unless they're using weird gamepads/stylus touchpads etc) because it only checks for exact repeated angle differences. I'm not exactly sure how to fix or check for that outside of kicking people with ultra high sens, but then you could just turn your dpi up to a million and do the same thing.

[quote=turbochad69]maybe you fixed it by now but I remember a few months ago this plugin considered rocket jumping to be 'aimsnap detections' or something[/quote]
Yeah, I've reworked it several times since then, it used to be based on shitty SMAC logic. It detects only on players who have "spikes" (e.g. snaps) in their viewangle delta (changes) surrounded on both sides by negligible angle changes - see logic here: https://github.com/sapphonie/StAC-tf2/blob/c6b6ec48847463360cca2b768561ba08c2745b84/scripting/stac/stac_onplayerruncmd.sp#L708

[quote=Reero][quote=YeeHaw]How do turn binds fuck up hitboxes?[/quote]
Yeah I agree the way banning turnbinds is handled is kinda dumb. Some people with really low sens use turnbinds when strafing and turnbinds in general are cool. Banning it based on seconds spent turning is dumb. Couldn't you instead put a limit on yawspeed? As I understand the whole point of the rule against it is that you can make a +right yawspeed 99999 bind that makes you very hard to hit on sniper[/quote]

Honestly, the logic for turnbinds has remained basically unchanged in the plugin since 2019, when I was making StAC as a plugin to be run on all RGL servers, because RGL has a rule against it. It currently has no checks for yawspeed or anything else, but that could definitely be implemented, because I agree that there's no reason to blanket ban all turn inputs - which is why it's defaulted to never even check for them unless explicitly set with the cvar.

[quote=_Kermit]I'm very sure tviq used to abuse the +left/right and high yawspeed back in the day.

I do wonder though, is there a difference between high yawspeed +left/right, and sensitivity 50 and spinning with your mouse?[/quote]

Technically yes, in regards to usercmd differences, but practically no. StAC has a check for spinbotting, but it (almost) never detects on legit players (unless they're using weird gamepads/stylus touchpads etc) because it only checks for exact repeated angle differences. I'm not exactly sure how to fix or check for that outside of kicking people with ultra high sens, but then you could just turn your dpi up to a million and do the same thing.
Please sign in through STEAM to post a comment.