SoCS — SoChestStealer
What is SoCS?
SoCS is a purpose-built anti-cheat focused entirely on container theft detection — ChestStealer, AutoSteal, Inventory macros, and through-wall looting. While generic anti-cheats try to cover everything and catch nothing well, SoCS does one thing and does it perfectly.No broken physics. No lag. No honest players banned by mistake.
Detection Engine
SoCS runs 6 independent detection layers that work together to catch every known steal method — from raw instant-grab to the most sophisticated humanized stealers with randomized delays.
ChestStealer
Detects instant item grabs — taking items faster than a human could physically react after opening a container. Sub-100ms reaction times are flagged.
AutoSteal
Two-trigger system analyzing extraction speed:- Fast Streak — catches sub-tick item bursts (multiple items within a single server tick). Impossible for vanilla input.
- Sliding Window — monitors items-per-second throughput. Smart enough to distinguish Q-key spam from actual automation.
StealerPattern (5 sub-checks)
Behavioral fingerprinting that catches macro stealers disguised as legit play:- ConstantInterval — robotic rhythm detection. Flags unnaturally consistent timing between takes (jitter < 8ms).
- SequentialSlots — detects bots iterating through container slots in perfect order.
- UniformAction — catches mass shift-transfer or drop-dump macros repeating the same click action at inhuman speed.
- SameTickBurst — multiple extractions resolved within one server tick (50ms). A human can only do one.
- OpeningBurst — grab-and-go detection. Flags sessions where too many items are taken within milliseconds of opening.
Heuristic ML Classifier (HRPattern)
The brain of SoCS. A nearest-centroid classifier trained on real recorded sessions — both legit gameplay and known cheats.Each looting session is decomposed into a 12-feature vector: meanInterval, jitter, minInterval, maxInterval, itemsPerSecond, maxTakesPerTick, monotonicRatio, distinctSlots, distinctMaterials, takeCount, openToFirstTake, duration
The classifier computes Z-score normalized distance to both the legit and cheat centroids. If the session is closer to cheat — it's flagged.
Train it on YOUR server's data. Two commands:
/socs record legit → play normally, loot chests
/socs record cheat → use your stealer, loot chests
/socs reload → model retrains instantly
The more data you feed it, the smarter it gets. Your anti-cheat adapts to your playerbase.
AntiHooker
Prevents opening containers through walls, from behind blocks, or out of reach:- Distance check — configurable max reach (default 6 blocks).
- Line-of-sight verification — ray traces from the player's eye to the container. Solid blocks (walls, slabs, stairs) block access. Transparent blocks (signs, torches, plants) are ignored.
- Aim angle validation — checks that the player is actually looking at the container, not opening it from the side.
Architecture
100% Local — everything runs on your server. No cloud, no API keys, no external dependencies, no data leaving your machine. Your player data stays yours.Lightweight — SoCS hooks into InventoryClickEvent and InventoryOpenEvent. No packet injection, no NMS hacks, no reflection into server internals. Compatible with any server software.
Zero TPS Impact — all checks are O
Punishment System
Fully configurable violation-level (VL) based punishment chains:auto-steal:
vl-threshold: 3
punish-commands:
- "kick %player% SoCS: [%check%]"
- Per-check thresholds — ChestStealer, AutoSteal, StealerPattern, HRPattern, AntiHooker each have independent VL counters.
- Placeholders — %player%, %check%, %vl% in punishment commands.
- Console execution — works with any ban plugin (LiteBans, AdvancedBan, etc.).
- Grace period — configurable immunity window after join/teleport to prevent false flags from teleport plugins.
Compatibility
| Supported | |
|---|---|
| Server Software | Spigot, Paper, Purpur, Folia, and forks |
| Java | 17+ |
| Minecraft | 1.20+ |
| Bedrock | Via Geyser (container events are server-side) |
Verbose Mode
Run /socs verbose and loot a chest to see real-time detection data in console — every take, every interval, every window count. Tune your thresholds with actual numbers, not guesswork.max1soft take #1 | first take | 404ms after open | 1 in 1000ms
max1soft take #2 | +555ms | 959ms after open | 2 in 1000ms
max1soft take #3 | +29ms | 988ms after open | 3 in 1000ms
Why SoCS?
| Generic Anti-Cheat | SoCS |
|---|---|
| Broad detection, shallow coverage | Deep specialization in container exploits |
| Fixed thresholds, easy to bypass | ML-based adaptive detection |
| Breaks vanilla mechanics | Zero gameplay interference |
| Heavy, lags server | Negligible performance footprint |
| Cloud-dependent, subscription model | One-time purchase, runs locally |
| Can't catch humanized stealers | 5 behavioral pattern sub-checks + heuristic ML |
By MLSAC team for KINGMC (https://mlsac.net)
