Brainstorm - Anti Forcefield PvP Cheats

Discussion in 'Plugin Development' started by Prgr, May 23, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Prgr

    Hello guys, I need to prevent forcefield on my server from pvp combat.
    Forcefield is a modification to a client that will detect entities in range of the sword, and smashes the ones that are close using packets that change the direction you are looking and hitting the animal/player. After use, I have been able to easily kill a stone sword wielder with a wood sword on various hg servers. Also the hack allows you to hit all creatures in range all at once allowing you to kill multiple animals with very few hits of the sword. I have some ideas already but I dont want to sway any one. Tell me what you guys think.
     
  2. Offline

    ZachBora

    I thought NoCheat+ stopped this. I could be wrong.
     
  3. Offline

    Prgr

    ZachBora I use NoCheat+, it does not protect against this. I have looked for plugins with these protections I cannot find any.
    NoCheat does protect against hurting players and creatures that the player is not facing, but the client sends the packets for the new direction.
     
  4. What first got into my mind would be to check the delay between the hits of the player, since a normal player can't hit every 1/4 second (or at least not for a long time). Checking the delay between the hits wouldn't be that hard, but to find the correct delay to actually *try* to be able to differentiate between a player and the hack wouldn't be that easy.
     
  5. Offline

    makskay

    Might it be possible to keep track of every time a player damages an entity, check to see how many times he's inflicted damage during a certain amount of time, then kick if the number of damage inflictions is higher than a reasonable cutoff? It's kind of an inelegant solution, and I imagine the overhead for monitoring every time a player damages an entity is fairly high, but it seems like it'd be the most accurate way of distinguishing illegitimate/hacked client behavior from legitimate gameplay.

    EDIT: Ninja'd by kumpelblase2
     
  6. Offline

    ZachBora

    If it was me, I'd make the plugin damage the hacker instead
     
  7. Offline

    Prgr

    I have the thoughts of a delay detector, and I also wonder if you had an npc spawn and despawn near the player and if the npc is hit, then boot the player.
    I like the delay detection idea, so delving into that idea, kumpelblase2 makskay what method would we use to test delays? I am imagining a run able for every damage
     
  8. Well, first I thought about delay between two consequent hits, but you gave me a new idea: How about checking the hits per second?
    For this you'd just count up each time a player hits/clicks something. Then you have a scheduler running each second, getting the hits of the player and check if they're to much or not for a normal player. At the end resets the hit count for every player.
    For my original idea you'd save the time of the last hit and check the difference between that hit and the current hit and depending on the time difference you know if it's either a normal player or not.
     
  9. Offline

    makskay

    This is basically what I'm suggesting - I'd probably keep a directory of hit events, then count up how many hit events each player has contributed on a regular basis (using a runnable, and clearing the hit events directory after every count). If the number of hit events contributed for any particular player is too high, that player is likely hacking.
     
  10. Offline

    PandazNWafflez

    It's what NoCheat does, the reason it's not that efficient is because if you didn't allow for a decent amount of lag it would be a bunch of false positives.
     
  11. Offline

    ZachBora

    I'd find more useful a way to prevent people from downloading my worlds :(, aside from not allowing them on the world.
     
  12. Offline

    Prgr

    makskay kumpelblase2 Thanks guys, I will experiment with different times, but I will probably be trying a single runnable that check how many times a player has hit another player or mob then if that is more than possible, then boot them.
    ZachBora What are you talking about?
     
  13. Offline

    Sorroko

    May I suggest a different approach to this? As you said the issue lies in NoCheat not taking notice of the direction packets, a player cannot suddenly turn 180 degrees (As far as I know) so checking that the player hasnt turned an obsurd amount of degrees would stop that. And for even better results check to see if the player turns and hits an entity in under a second. What do you think?
     
  14. Offline

    ZeusAllMighty11


    You're onto something, but keep in mind that players can choose 'Hyperspeed!!!!' sensitivity which allows them to easily turn by barely moving their mouse. And as for knowing the player is there, most gamers use headsets like Astros, Beaches, etc.
     
  15. Offline

    ZachBora

    There's clients mods that allow people to download your world of the chunks they visit. There's at least one server out there using my server spawn and making it their own. They banned my server staff that went there for silly reasons to prevent us from telling their people that they stole. I went myself and got banned for "improper skin", which isn't the case.
     
  16. Offline

    Sorroko

    Hmm, but no one can turn and aim (unlikely...) and manage to hit an animal/player.
    EDIT: In less than a second as I assume the packets are sent at the same time one after the other
     
  17. Offline

    Kaikz

    All your protections are defeated once a client sends the correct aiming packets or has an actual aimbot, and has customizable delays.
     
  18. Offline

    Sorroko

    Ah but then they would have to wait the same delay as every other players giving them no advantage.
     
  19. Offline

    Kaikz

    Not necessarily. If you jump into a group of five players, with your delay set to 500 (1/2 second), with a diamond sword, you have a much better advantage over all five, since you're attacking all at once, rather than one.

    If you have a server, I can show you exactly what I mean.
     
  20. Offline

    Sorroko

    Maybe only check so that one player can get damaged at a time?
     
  21. Offline

    B3NW

    What people seem to forget is that badly written code can be noticed by analysing packets, this is your first port of call. You need to measure the consistency of the attacks, here's what I can think about the consistency:
    • Range: The range of the attacks could be measured. This can identify if the player is going for exactly the closest person in range (Many "forcefields" do this), it can also be used to determine the threshold when the player is out of range (eg if it is constantly hitting at 4? blocks range threshold, it's likely shenanigans).
    • Timing: Detection usually relies on a set amount of time between each hit, sure that's okay, but when the "hacks" take this into account, they can work around this, making it harder to detect whether it's a player or not, sure measuring the timing of stuff would can still be avoided with randomness, but randomness in hitting is less useful for them.
    • Eraticness of rotation: Either the player will be hitting when his back is turned (Instant detection in itself) or it will immediately snap into position (No transition packets).
     
    Prgr likes this.
  22. Offline

    Prgr

    B3NW I really like the idea of calculating the range their each swing, because with knock back a consistent 3.5-4.0 block distance would be relevant.
    ryan7745 Kaikz This was one of my original thoughts, I want to know if it's possible to send a packet to each client for a invisible player or a player within range of the client, probably a few blocks above the clients head and only for a split second, and if the player stabs at the fake player fast enough, then the stabber is kicked. this idea would also work with a run able.
    Should I start a thread for sending a packet for an invisible player?
    ZeusAllMighty11 I've not heard of people using high end headphones in minecraft, is it possible to get more than stereo?
     
  23. Offline

    CorrieKay

    it would look weird, having NPC's spawning above everyone in combat, but i guess it w ould work.

    also, yes, some people use higher end headphones in minecraft, and oddly enough, it supports, as far as i can test, 7.1
     
  24. Offline

    Prgr

    I was thinking an npc would spawn for a split second if the player attacks another player.
    So when I hit another player, an npc spawns above me to see if I hit it. Then it can despawn.
    Do you know if an npc can have an invisible skin? Or maybe the packet for an npc is sent
     
  25. Offline

    CorrieKay

    hmm... Im not quite sure about that. But to be honest, to account for lag, you really gotta have the npc spawned for quite a substantial amount of time, reletively. enough where someone will notice the npc there. not saying it wont work, but it will look odd :p
     
  26. Offline

    Prgr

    CorrieKay Haha I know right :)
    I think I am going to stick with range tests and swing counters that B3NW & makskay summed up so nicely.
    Thanks everybody :)
     
  27. Offline

    nicholasntp

    Lets say Player1 Has an NPC Above His Head, and He is fighting with Player 2.

    But in combat, the Player 2 could accidentally hit Player 1's NPC in combat and Vice Versa. You would have to check who the attacker is and track the NPC to see who "owns" it. If the owner and the attacker match, THEN you would have a hacker.
     
  28. Offline

    Kaikz

    Easily bypassed by adding a check to the aura to stop attacking players if the target Y is above the attacker Y.
     
Thread Status:
Not open for further replies.

Share This Page