Upvote Upvoted 10 Downvote Downvoted
[StAC] - anticheat plugin
posted in Projects
1
#1
DM Servers
0 Frags +

Hi

I've been pretty good at catching cheaters for a long while now. I originally started learning about how to spot cheaters and exploiters and whatever else in tf2 a couple weeks after i played on my first steel highlander team with Miggy, god bless him. He at the time was developing an anticheat plugin called "IntegriTF2", which he claimed (correctly!) would catch some cheaters.

Fast forward to a few months ago, I began to write a small sourcemod plugin that checked players' interp and other basic net settings, forked off IntegriTF2, to make sure that they weren't exploiting or cheating for RGL, as I was at that time a part of their anticheat team. As I went on, eventually splitting with RGL, it began to become more of a full blown anticheat as opposed to a smallish one-off sorta deal.

i feel like it is now stable enough to release to the public, seeing as how it runs on my servers (which are mildly active) as well as other server networks which i help develop for.

Meet StAC- Steph AntiCheat - because i am uncreative and slightly egotistical enough to name it after myself

So far on my servers alone, it has banned >30 people, of which I randomly look through demos of, and further conclude to be cheating.

False positives are always a possibility, though I've tried my best to make them as rare as i possibly can.

List of features (keep in mind some of these aren't necessarily just for cheating, for example, the turn bind test was written to help enforce rgl's bans on turn binds, but it defaults to disabled):

https://i.imgur.com/21bk7vh.png

Most notable of these is the Silent Aim detection, which 99% of people who are cheating use to aimbot, and it has caught the most people out of all the detection methods.

This plugin is still in development, and new detection methods are added as I figure out ways to write them.

Check it out here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2
^^^^^

report bugs here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2/issues
^^^^^

<3

Hi

I've been pretty good at catching cheaters for a long while now. I originally started learning about how to spot cheaters and exploiters and whatever else in tf2 a couple weeks after i played on my first steel highlander team with Miggy, god bless him. He at the time was developing an anticheat plugin called "[url=https://github.com/Miggthulu/IntegriTF2]IntegriTF2[/url]", which he claimed (correctly!) would catch some cheaters.

Fast forward to a few months ago, I began to write a small sourcemod plugin that checked players' interp and other basic net settings, forked off IntegriTF2, to make sure that they weren't exploiting or cheating for RGL, as I was at that time a part of their anticheat team. As I went on, eventually splitting with RGL, it began to become more of a full blown anticheat as opposed to a smallish one-off sorta deal.

i feel like it is now stable enough to release to the public, seeing as how it runs on my servers (which are mildly active) as well as other server networks which i help develop for.

Meet StAC- Steph AntiCheat - because i am uncreative and slightly egotistical enough to name it after myself

So far on my servers alone, it has banned [url=https://steph.anie.dev/bans/index.php?p=banlist&advSearch=0&advType=admin]>30 people[/url], of which I randomly look through demos of, and further conclude to be cheating.

False positives are always a possibility, though I've tried my best to make them as rare as i possibly can.

List of features (keep in mind some of these aren't necessarily just for cheating, for example, the turn bind test was written to help enforce rgl's bans on turn binds, but it defaults to disabled):

[img]https://i.imgur.com/21bk7vh.png[/img]

Most notable of these is the Silent Aim detection, which 99% of people who are cheating use to aimbot, and it has caught the most people out of all the detection methods.

This plugin is still in development, and new detection methods are added as I figure out ways to write them.

Check it out here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2
^^^^^

report bugs here
vvvvv
https://github.com/stephanieLGBT/StAC-tf2/issues
^^^^^

<3
2
#2
9 Frags +

no it ban me for interp abuse and kick me often for it

no it ban me for interp abuse and kick me often for it
3
#3
16 Frags +

What would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.

What would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.
4
#4
DM Servers
0 Frags +
Gabinono it ban me for interp abuse and kick me often for it

the first issue here was fixed like 2 months ago and the second issue youre talking about was fixed in 3.1.0

_KermitWhat would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.

honestly it's a holdover from rgl, which at least when i was there, banned pingmasking

i'll add a cvar for it and default it to off in the next commit though
added
https://github.com/stephanieLGBT/StAC-tf2/commit/9a26cd0c00c5267af225fe39f61bb01c350fe3a5

[quote=Gabino]no it ban me for interp abuse and kick me often for it[/quote]
the first issue here was fixed like 2 months ago and the second issue youre talking about was fixed in 3.1.0

[quote=_Kermit]What would it matter if someone masks their ping? Surely it has literally 0 effect on gameplay if the actual rate they're sending packets to the server is the same.[/quote]
honestly it's a holdover from rgl, which at least when i was there, banned pingmasking

[s]i'll add a cvar for it and default it to off in the next commit though[/s]
added
https://github.com/stephanieLGBT/StAC-tf2/commit/9a26cd0c00c5267af225fe39f61bb01c350fe3a5
5
#5
30 Frags +

you cant cheat on vac secured servers whats the point

you cant cheat on vac secured servers whats the point
6
#6
-1 Frags +
wolsneWhile I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

[quote=wolsne]While I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.
7
#7
4 Frags +
ondkajawolsneWhile I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.
Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

??

[quote=ondkaja][quote=wolsne]While I love the idea of seeing an open source anti-cheat be developed, it's existence brings up problems of it's own. By giving cheaters and/or cheat developers direct access to see exactly how the software works, you're inviting them to create proxies or bypass these catching mechanisms altogether. Regardless, I hope the projects bodes well and you continue to catch disingenuous players trying to get an edge, just some food for thought. This is why most anti-cheat programs are closed source.[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.[/quote]

??
8
#8
3 Frags +
wolsneondkajawolsnesnip
Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.

By preventing cheats, you introduce more talented people to make better cheats to circumvent those securities. By making yours open source, you allow people to people to see how it works, meaning that there's 2 outcomes:

  1. You allow people to develop it further, making it even better
  2. You allow people to find ways around it


Making this open source is not a bad idea, it's those who say they're using this is where that'll be a bad idea.

[quote=wolsne][quote=ondkaja][quote=wolsne]snip[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.[/quote]

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.[/quote]
By preventing cheats, you introduce more talented people to make better cheats to circumvent those securities. By making yours open source, you allow people to people to see how it works, meaning that there's 2 outcomes:
[olist]
[*] You allow people to develop it further, making it even better
[*] You allow people to find ways around it
[/olist]
Making this open source is not a bad idea, it's those who say they're using this is where that'll be a bad idea.
9
#9
3 Frags +
wolsneondkajawolsnesnip
Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.

Having the source code is more like having the blueprints to a lock than the keys. If the lock is a bad lock, then having the blueprints will make it easier for an attacker to bypass it, but if it is a good lock, it doesn't matter whether the attacker has the blueprints or not. Hiding the implentation behind layers of obfuscation is called security through obscurity and is generally considered a bad practice as it allows security flaws to stay present for longer than if the implementation could openly be scrutinised by everyone. Not only malicious hackers can look at the source code and find flaws in the code, anyone can.

As for the open-source discussion. Companies defintely don't frequently develop open-sourced software compared to how often they develop proprietary software. Almost all software I have installed on my computer is proprietary software. The reason for this is simply to make more money and prevent theft of code, not to enhance the security.

[quote=wolsne][quote=ondkaja][quote=wolsne]snip[/quote]

Not really. Most AC software is proprietary and owned by for-profit companies, and these very rarely make software open-sourced. Whether it's more secure or not is not a factor.[/quote]

Not sure if you're saying that for-profit companies don't make open source software frequently, or that they specifically don't make open sourced anti-cheats, because the former is certainly false.

While there is ways to data mine, reverse engineer, and/or circumvent close source software and this code is not publicly audited, I think we'd both agree that it is probably better than just giving cheat developers the keys to your game.[/quote]

Having the source code is more like having the blueprints to a lock than the keys. If the lock is a bad lock, then having the blueprints will make it easier for an attacker to bypass it, but if it is a good lock, it doesn't matter whether the attacker has the blueprints or not. Hiding the implentation behind layers of obfuscation is called security through obscurity and is generally considered a bad practice as it allows security flaws to stay present for longer than if the implementation could openly be scrutinised by everyone. Not only malicious hackers can look at the source code and find flaws in the code, anyone can.

As for the open-source discussion. Companies defintely don't frequently develop open-sourced software compared to how often they develop proprietary software. Almost all software I have installed on my computer is proprietary software. The reason for this is simply to make more money and prevent theft of code, not to enhance the security.
10
#10
-5 Frags +

society isn't ready for this anticheat, nice stuff steph

society isn't ready for this anticheat, nice stuff steph
Please sign in through STEAM to post a comment.