Movement Speed Calculations

stormy547 · 05/21/2023, 23:11

Has anyone found or devised equations for a player's base movement speed and for modifiers (cyclone, oblivion, divine hare, fly, etc) and combinations of those?

I'm looking into server-side validation for movement and so far my approach is to just record myself moving in every possible way for quite some time and then take the lowest values for each distance and combination to create an acceptable minimum and then allow for a slight variation faster.

This seems finicky at best because there's plenty of room for human error generating the data and the data doesn't seem to be forming a meaningful line for an equation should I want to mathematically validate speed.

Is there a better approach I should be taking, or speed equations I can lift out of the client or someone's public research?

For example, here's the graph I've gotten out of the combination of using Cyclone and Fly.

Since the graph itself is a massive scatter and doesn't really help with predicting an expected minimum travel time between jump requests to the server, should I just flag any cyclone flies that are under around 285ms based on this?

Thanks!

Spirited · 05/22/2023, 06:12

What's your baseline latency to the server? Was it removed for these estimates? I'd say you can probably rely enough on this if you include margin of error, but you'd be better off looking at timings built into the client rather than trying to measure with latency on the server. I'm not super knowledgeable on that since I don't really mess with the client, but I suspect those timings are part of animating c3 models.

stormy547 · 05/22/2023, 20:01

Latency is a consistent 60-97, it's being hosted on my local machine.

The data I'm recording is the time between jump packets received by the server while I spam click jumping as fast as I can on the client, assuming little to no fluctuation in latency then I expect latency shouldn't be a huge factor as the packets should still come with a standard amount of time separating them.

I'm also gathering thousands of data points for each "type" of jump possible and then using a script to reduce them down to the fastest time for each distance reported, I was hoping it would give me a line that I could use to estimate a general equation.

I no longer believe that an equation would be reliable.

I also considered the model's animation cycle, especially since if you flip between the "old" jump and "new" jump (relative terms given the age of the new jump), the character feels distinctly faster, but the character only ever goes through one animation cycle regardless of how far they jump.

I'm also not sure what the modifiers on Cyclone and other spells are, so I figured it would take significantly more effort for potentially less/no fruit.

The margin of error I'm considering implementing is allowing for 5-15ms faster than my lowest recorded times (just in case), and requiring the player to violate the expected minimum possible speed multiple times in quick succession before the server flags them for manual review or goes as far as halting their movement. Active violation counts will be decremented after a set period of time to ensure that old violations are not considered.

Spirited · 05/23/2023, 00:18

Well, if you're going to do server-based anticheat on movement and attacks, then you might try simulating the client clock and tracking latency. It needs to have flexibility for latency spikes and for packets being delayed and all coming in at the same time... and you also need to have constraints on how much latency is acceptable before you get disconnected. Packets usually have the tick count associated with them as well, which can be used if the logical clock is synced with the server's clock... but it also has complexities. The processor frequency can change and so the tick intervals can change. Generally, a logical clock like that takes lots of frequent data points and feedback from other players with similar hardware, etc.

But... your anticheat doesn't have to be that complicated. Maybe focusing on a client anticheat first is enough? It's a small community, after all. MVP first, more complex solution later?

stormy547 · 05/23/2023, 00:52

Good point, I hadn't considered delayed packets.

The server that I'm working with already has a client anti-cheat being provided by another party that I do not have access to and is being targeted by a cheating program that I have gained access to.

The cheat program has broken through our client's anti-cheat by imitating the login procedure and hard-coding and sending the file hashes necessary to log in to our server, bypassing the anti-cheat entirely.

It's also hardcoded to work with numerous "notable" servers on the xtremetop list, including Immortals.

Truthfully, my opinion is that our main two problems are that the client anti-cheat is not controlled by us and that clearly, the handshake between client and server isn't secure or secure enough.

I don't have sufficient background in writing C++ or modifying memory to create a better clientside anti-cheat in a timely manner, so I'm looking for a server-side solution.

I work with a mid-size Minecraft network and so I'm familiar with the concept of securing your server from cheating by ignoring the client entirely and using a server-side cheat detection by detecting theoretically illegal actions.

Currently, concerns are aimbots and auto hunting. The auto-hunting feature of this particular bot will use archers with fly and cyclone to zip around the map quicker than humanly possible, so I'm hoping to add server-side detection for players who break theoretical speed limits and flag them for manual review or in extreme cases, outright stop them programmatically.

The server averages 90 players outside of events, and anywhere between 100-300 during events, so absolutely not large enough for hardware comparisons or to need anything super complex.

Edit:

The hack that I have access to is written in .NET and obfuscated, I've tried multiple deobfuscators and decompilers but I can't get anything readable out of it to further determine how it works.

It does check against a txt file hosted on an OVH server for "subscription" validation, I've circumvented that by redirecting that IP to point to a local web server so that way when it checks validation, it validates against my list and grants me access.

The hack is also easily disabled by simply changing one of our hash-checked files, however, it's extremely tedious to send daily patches updating some random value in the magic type. It would also not stop the developer from simply calculating hashes on the fly with the patched files, since our anti-cheat "developer" uses a simple md5 hash without any salting and claims it's "the best" and refuses to update the anti-cheat.

It really renders the anti-cheat more of an anti-idiot, because anyone who knows what they're doing can fool it.

Spirited · 05/23/2023, 01:39

That's a hilariously weak client anticheat. Well, nothing you do on the server side will prevent auto hunting / aim bots on its own (assuming they're programmed well). It takes a lot of effort to keep up with crackers and bot makers, not just a single solution that never gets updated again. It's unfortunately all about barrier to entry for cracking the protection, and how often that protection is updated (and how difficult it is to keep up with those changes). Anti-idiot is actually a very accurate way to describe it. It'll catch the majority of people trying to use off-the-shelf solutions.

Just curious, what anti-cheat did they pay for and from who? You don't have to answer both questions, but I do wonder if it's a certain individual posting bad, paid content to this forum.

pintinho12 · 05/23/2023, 03:10

I've been looking to do some checks on the serverside aswell.
After looking into the latest leaked cq_action table, I've found the codes for CTF and they look for a status 22 (1UL << 24 on status flags) which I renamed from "unknown" to "Jumping", but I never saw the client doing any confirmation about it.
Maybe TQ ever planned to do this check, maybe they just did the validation but it never worked.
Sniffing packets on current versions they do not attach this status to player status flag, but I don't know, maybe it's a serverside flag only.

EpochCommunity · 05/23/2023, 08:02

Quote:

Originally Posted by stormy547

Good point, I hadn't considered delayed packets.

The server that I'm working with already has a client anti-cheat being provided by another party that I do not have access to and is being targeted by a cheating program that I have gained access to.

The cheat program has broken through our client's anti-cheat by imitating the login procedure and hard-coding and sending the file hashes necessary to log in to our server, bypassing the anti-cheat entirely.

It's also hardcoded to work with numerous "notable" servers on the xtremetop list, including Immortals.

Truthfully, my opinion is that our main two problems are that the client anti-cheat is not controlled by us and that clearly, the handshake between client and server isn't secure or secure enough.

I don't have sufficient background in writing C++ or modifying memory to create a better clientside anti-cheat in a timely manner, so I'm looking for a server-side solution.

I work with a mid-size Minecraft network and so I'm familiar with the concept of securing your server from cheating by ignoring the client entirely and using a server-side cheat detection by detecting theoretically illegal actions.

Currently, concerns are aimbots and auto hunting. The auto-hunting feature of this particular bot will use archers with fly and cyclone to zip around the map quicker than humanly possible, so I'm hoping to add server-side detection for players who break theoretical speed limits and flag them for manual review or in extreme cases, outright stop them programmatically.

The server averages 90 players outside of events, and anywhere between 100-300 during events, so absolutely not large enough for hardware comparisons or to need anything super complex.

Edit:

The hack that I have access to is written in .NET and obfuscated, I've tried multiple deobfuscators and decompilers but I can't get anything readable out of it to further determine how it works.

It does check against a txt file hosted on an OVH server for "subscription" validation, I've circumvented that by redirecting that IP to point to a local web server so that way when it checks validation, it validates against my list and grants me access.

The hack is also easily disabled by simply changing one of our hash-checked files, however, it's extremely tedious to send daily patches updating some random value in the magic type. It would also not stop the developer from simply calculating hashes on the fly with the patched files, since our anti-cheat "developer" uses a simple md5 hash without any salting and claims it's "the best" and refuses to update the anti-cheat.

It really renders the anti-cheat more of an anti-idiot, because anyone who knows what they're doing can fool it.

My advice is to flag them for manual review for the time being until you get your skills on par to combat such a situation. Also, all of these anti-cheats are made for massive "marketing" so there is no uniqueness. Why do you not see these cheats working on Primal?

Ultimation · 05/23/2023, 21:17

i can assure you that every anticheat that has been done for conquer servers have been cracked / reversed / completely destroyed, the only thing that has changed is they are kept private from the masses that get the anticheats changed in days of abusing.