Anti-Cheat Systems (Some Basics And Ideas…)

One guy sent me a really interesting topic for a blog post: anti cheat systems.

Anti Cheat Systems. I’ve been researching ACS and such for a while, but haven’t actually found an article on your blog about them.

1. How to create one
2. How to find a creator
3. Types of ACS to choose from
4. Why ACS are good
5. How to stop dll injections.

I must admit that I know very little about anti cheating systems, but when I was working on my multiplayer code I got some ideas about this – and here’s some basics about cheating in games in general.

Here’s some basics

  • For single-player games these aren’t needed (if somebody wants to play solo and cheat in game – let him do. Who cares? I know this was basic, but I just had to share this)
  • Multiplayer modes that use “dumb client, server handles stuff” are less likely to get cheated by the client (of course there’s still cheats available because it’s practically impossible to have server to handle 100% of the stuff in most games). So basically this means that for example, instead of letting client to say “move character X to location Y” the client should send command something like “I have character X selected and I just clicked location Y”. Now server can calculate where the character X currently is, and where it should be going. (This was very simplified example, and there’s situations where you need to consider letting client have control over their character – to get physics for example to run pretty smoothly. There’s plenty of discussion about how this should be handled, and I won’t go into this here right now. People interested can check out links in this blog post to get more info)
  • Play only with people who you can trust. This won’t always be possible, but something I’ve found very easy way to solve cheating.

Valve’s anti-cheat system
There are some anti-cheat systems, such as Valve’s anti-cheat (VAC) system (see also VAC page in wikipedia). I don’t know where to get more information about how this systems work, but there’s one thing to consider: these might get non-cheaters banned accidentally.

If anti-cheat system harms ‘fair players’, consider not using them
Just like with DRM – if the anti-cheat system can do any harm to people who don’t cheat, then I think it’s quite bad. I think that cheating & piratism are something that you kind of can’t beat in the end. I think that it can be worth investing some time to ensure that cheating does not occur.

Like said, I don’t know much about this – but I’d consider some sort of server checking what goes on. Server could see if “clients are playing by the rules” and if not, then perhaps give warnings to other players that “this guy might be cheating”. I would be hesitant to use automatic banning system, since people are pretty good in moderating things. For example, if the guy who is constantly killing everybody gets “this guy might be cheating” message from the server, then I’d be more keen to check out how the guy is playing. On the other hand, if that cheater is a friend of mine who I know is playing fair, then I could say that this was a false alarm.

7 thoughts on “Anti-Cheat Systems (Some Basics And Ideas…)

  1. @ Ezequiel:

    that’s exactly what they do in Left 4 Dead. a cheating/flaming/hacking/otherwise undesirable person can be banned based on vote of team members. you might think “lets keep this guy in, because he’s winning for us” but on the other hand “he’s hacking which makes us all look bad” counter balances that.

    it works very well actually

  2. Someone I know was banned under VAC, but did not cheat. The complicated part is that Valve will not address the issue with the consumer. They will only cut and paste a form letter saying that you are guilty. You cannot defend yourself at all. They will not admit that their system is not perfect.

    If you wish to implement an anti-cheating system, prepare the customer service end of things and be prepared to be on the customer’s side sometimes. Allow an investigation to happen. Communicate openly and transparently, and above all, not in form letters.

  3. Why don’t you give some in-game ways for the players to handle this by themselves?

    Instead of them relying on you (the game creator/game admins) to handle the issue you could give them tools to ban/kick people for cheating. Maybe a player proposes a ban, and once some do the same a poll comes up on all nearby players to vote for the ban. And if the ban is issued, the user gets banned.

    That’s just an example.

  4. I used a process at a former job where we did a CRC check to get the hash values of every file we distributed and stored them on a server. Then, when the client is launching it performs the same CRC check and makes a webservice call to send the hash values to the server. The client cant proceed until the server responds that the codes match.

  5. As I understand, the job of the client is only to visualize the data the server sends him, and send the input by the user.
    That is, you need to represent the visual aspect of the game as data.
    So the server will only tell the client, you see a human at position X,Y.
    If the user is far in the desert, and in the enemy base there are enemy troops, the user does not need to know about them, because he doesn’t see them visualy.
    So a sophisticated system could simply not give the information about characters unseen by the user player, like a character behind a wall.
    The problem might begin when the enemy character is only partially hidden.
    Or when the client extrapolates, he might be in a position he should see the enemy already, but he didn’t get that information yet.

  6. But… think about somesort of really fancy hacks that make walls invisible or something (since it’s rendered by the client’s computer it’s technically possible)… in theory, there’s always some way to cheat even with fancy AC systems :)

  7. Hmm, I think some of the cheatings can be completly prevented, depenging on the game.
    For a multiplayer WW2 FPS with a client\server scheme, you can make the server limit “super human” abilities.
    You can make the server limit players movement to only 1 meter per second?
    Or you can limit the crosshair rotation speed, like, you can’t rotate 180 degrees in less than half a second.
    Things like that.
    Other than that, there is punk buster, that I think checks that the client software isn’t hacked, somehow.