*Put banner which i do not have made here* - Anyone wana make one?
Introduction:
Hi there! If you are not familiar with the original idea of this project, you can see the original discussion thread that started the idea here: http://www.mc-market.org/threads/58762
This is basically an anti-cheat system that will stop hackers before they can even join the server!
Now, lets get down into the details!
Note: Anything with a * means the category is a WIP and is subject to change at any time. (Due to a better recommended system, or a security fault. Who knows!)
P.P.S: I really want this to be a community project. I would like other developers to offer some input, advice or even offer to help. I am willing to allow any developer on board who i feel can benefit this project further! So please contact me or post here to get in! If you notice a security flaw in my logic, PLEASE SAY IT!!
How it will work *
*These are just ideas i have. None are final. Notice something wrong? Or a security risk? LET ME KNOW*
So i was thinking there would be 3 parts to this system. Website, Plugin, Launcher.
Launcher:
So i think we will use a launcher system for this, instead of a standalone program i had worked on a while ago. This way the players can easily launch their games without having to open another program. I have put together code in another Java program (Not the VB.net launcher) which scrubs the jar for known "Threat definitions", and as well watches the process for any un-recognized process mapping/injections. This will all be moved over to VB.net shortly, Then will work out how to make this stuff for MAC. Basically when the user uses the launcher (literally is almost the same as the vanilla launcher) before the game opens it decompiles your jar and scans every class (size, name, modification date, etc) and compares the names to known hack classes. This allows us to control what mods are "safe" E.g optifine. Once the jar is deemed safe, the launcher proceeds to opening the game as normal. The launcher has the regular 3 options once your game runs:
"Keep the launcher open"
"Hide launcher and re-open when game closes"
"Close launcher when game starts"
All 3 of these options will remain, however when the game starts after the initial scan, the launcher will decide what action to execute from the list above, and do it. Meanwhile when the game is started, another process (Very lightweight) is started that is constantly scanning for process changes/mapping/injection. This will protect the game once it is launched to prevent hackers from injecting their hacks manually. Once your minecraft Java VM is closed, and 100% terminated, the process itself for the scanner will end, and the launcher will follow whatever option you chose earlier in the list above.
If a user is detected using hacks, the launcher will submit 1 point to the global database. This database basically holds your UUID, Points, HWID, IP. If you get caught with hacks, you get 1 point added. You wonder why? I will explain once we get to the plugin portion! Once one point is added, your game process (or VM) is terminated and the launcher will prevent the game from opening until the version is changed.
Plugin:
The plugin is basically what will connect the server to the user. If a server owner has the MAC plugin installed, they will be able to customize many things. One of which is the join point threshold. Basically it works like this.
By having the threshold set to 2, This means the user who joins can still play on your server if they have 2 or less points on their global profile. Once they get caught with a hack, and they reach 3 points. They will no longer be allowed to join your server due to their points reaching the max threshold. If the threshold were set to 1, a user can be caught using hacks once, but can still join. If the user reaches 2 points (caught 2 times) they will no longer be able to play. And lastly if threshold is set to 0, the user cannot be caught at all. The users record must be 100% clean in order to play. Now you may think, Oh pablo well you can just get another account for like $1 so whats the point? Well sir i have the answer for you! Every time a user logs into the Launcher, the HWID of their current PC is saved, as well as their IP. So take this following scenario as an example.
*Please read the example i spend a ton of time typing in the spoiler.*
So what happened was Joe tried to hack on his first account. His first account got 1 point. His favorite server only lets him play with 0 points. So he thought he could try using his second account which failed. Reason? When Joe logged on for the first time on the MAC launcher, it also updated his HWID, and IP to the global database. When he logged onto his second account, it also updated the database with his second account, but something was noticed. His HWID or IP was similar? In this case a new profile is created for the user Joe. His 2 accounts were added to this profile in the database which contains his 2 accounts because they had matching HWID's, IP's. One or the other, or even both. Any account Joe logs into with his HWID or IP, will be added under the same profile for Joe in the Database.
If you dont quite understand the whole profile thing, let me explain it. When multiple accounts are found containing the same HWID or IP's they get moved in the Global database. A unique profile is created for this user. The profile is identified by a unique id that will be generated when the 2 similarities were discovered. The 2 accounts are then added into this profile and saved. Any other account that is detected under the same IP, or HWID will be added into this profile. Instead of his individual accounts having ban points on them, Joe's entire profile will have 1 point. This will stop Alts! (hopefully)
The reason why Joe couldn't join his favorite server is the owner of the server had
"AllowIPBans" set to false, as well as "AllowHWIDBans" set to false. This means if the plugin finds the account the user is logging in with is contained within a profile, the user will NOT be allowed into the server because one or more of the user's accounts have been banned. You can simply let people into the server who's accounts are on a profile, but contain no points by setting these to true.
*Note: There was one problem that i was having a problem, and i need YOUR Help. Lets say a user purchases a dedicated server or some used laptop. Some times (a lot of the time) hosts recycle the boxes and re-sell them. If a user happened to be using the launcher, on that server in RDP or something similar, got banned, the HWID of the server box itself will be stored in the users profile. So this means, if i were to buy the box, and just so happened to login, i would get instantly banned because someone before me on this server box got banned, so either the IP matched, or the HWID did. This is a very slim case and i couldn't see this happening often at all. Solution anyone? Slap a massive warning on the website or launcher? I have no idea!
Website
Lastly comes the website. For the website it will be nothing different than any other website (vacbanned.com, mcbans.com). Users can check their bans, contact support etc etc. The website will also have a PHP api system which is what the plugin (and website) will use to query for bans. Basically you punch in the UUID and out comes shitloads of JSON to be read. This is how the plugin will make it queries.
Other uses
Some people have come to me with some interesting ideas. One of them is a cloud system. When you login to the launcher, the launcher will Sync your server list, Game settings (video etc, ) AND i am not 100% sure yet, but possibly worlds and resource packs. This way if you are mobile, and on a different pc, all you would need to do is download the launcher and login, it would then start syncing your stuff down to the pc you logged into.
Time to wrap it up
Well my fingers are broken from typing all that. As i mentioned up top, if you have any ideas, want to get involved, or find any loopholes please let me know here, or in a pm! Please post any suggestions you have! I cant do it all on my own! If you are a web developer who can do the web side, or know how to make the same launcher on a Apple computer, let me know. Any help is needed!
If you need to contact me, Add me on Skype: pablo673400 (Make sure you specify Minecraft Anti Cheat in your contact request)
Or pm me!
Progress (what little i have anyway)
MAC Launcher E 1.1:
- Logins complete
- Version browsing complete
- Basic GUI complete
TODO:
- Get the game to launch lol
- Add user profiles
- Add version selection drop down
- Add launcher options
- Re-create AntiCheat code from Java into VB.net.
- Other things.
Preview:
Introduction:
Hi there! If you are not familiar with the original idea of this project, you can see the original discussion thread that started the idea here: http://www.mc-market.org/threads/58762
This is basically an anti-cheat system that will stop hackers before they can even join the server!
Now, lets get down into the details!
Note: Anything with a * means the category is a WIP and is subject to change at any time. (Due to a better recommended system, or a security fault. Who knows!)
P.P.S: I really want this to be a community project. I would like other developers to offer some input, advice or even offer to help. I am willing to allow any developer on board who i feel can benefit this project further! So please contact me or post here to get in! If you notice a security flaw in my logic, PLEASE SAY IT!!
How it will work *
*These are just ideas i have. None are final. Notice something wrong? Or a security risk? LET ME KNOW*
So i was thinking there would be 3 parts to this system. Website, Plugin, Launcher.
Launcher:
So i think we will use a launcher system for this, instead of a standalone program i had worked on a while ago. This way the players can easily launch their games without having to open another program. I have put together code in another Java program (Not the VB.net launcher) which scrubs the jar for known "Threat definitions", and as well watches the process for any un-recognized process mapping/injections. This will all be moved over to VB.net shortly, Then will work out how to make this stuff for MAC. Basically when the user uses the launcher (literally is almost the same as the vanilla launcher) before the game opens it decompiles your jar and scans every class (size, name, modification date, etc) and compares the names to known hack classes. This allows us to control what mods are "safe" E.g optifine. Once the jar is deemed safe, the launcher proceeds to opening the game as normal. The launcher has the regular 3 options once your game runs:
"Keep the launcher open"
"Hide launcher and re-open when game closes"
"Close launcher when game starts"
All 3 of these options will remain, however when the game starts after the initial scan, the launcher will decide what action to execute from the list above, and do it. Meanwhile when the game is started, another process (Very lightweight) is started that is constantly scanning for process changes/mapping/injection. This will protect the game once it is launched to prevent hackers from injecting their hacks manually. Once your minecraft Java VM is closed, and 100% terminated, the process itself for the scanner will end, and the launcher will follow whatever option you chose earlier in the list above.
If a user is detected using hacks, the launcher will submit 1 point to the global database. This database basically holds your UUID, Points, HWID, IP. If you get caught with hacks, you get 1 point added. You wonder why? I will explain once we get to the plugin portion! Once one point is added, your game process (or VM) is terminated and the launcher will prevent the game from opening until the version is changed.
Plugin:
The plugin is basically what will connect the server to the user. If a server owner has the MAC plugin installed, they will be able to customize many things. One of which is the join point threshold. Basically it works like this.
Join-Threshold: 2
By having the threshold set to 2, This means the user who joins can still play on your server if they have 2 or less points on their global profile. Once they get caught with a hack, and they reach 3 points. They will no longer be allowed to join your server due to their points reaching the max threshold. If the threshold were set to 1, a user can be caught using hacks once, but can still join. If the user reaches 2 points (caught 2 times) they will no longer be able to play. And lastly if threshold is set to 0, the user cannot be caught at all. The users record must be 100% clean in order to play. Now you may think, Oh pablo well you can just get another account for like $1 so whats the point? Well sir i have the answer for you! Every time a user logs into the Launcher, the HWID of their current PC is saved, as well as their IP. So take this following scenario as an example.
Joe has a minecraft account named "User1". He also has an account named "User2". Joe tries to log onto his favourite server that has a threshold of 0. But when he opens his launcher it detects his hacks 
. Joe says "Oh no!" but Joe starts thinking with a big grin on his face, "Im going to use my other account, User2" But when Joe logs on without hacks, and tries to log onto his server, He is still banned some how? Joe then wonders, how could this be???
. Joe says "Oh no!" but Joe starts thinking with a big grin on his face, "Im going to use my other account, User2" But when Joe logs on without hacks, and tries to log onto his server, He is still banned some how? Joe then wonders, how could this be???*Please read the example i spend a ton of time typing in the spoiler.*
So what happened was Joe tried to hack on his first account. His first account got 1 point. His favorite server only lets him play with 0 points. So he thought he could try using his second account which failed. Reason? When Joe logged on for the first time on the MAC launcher, it also updated his HWID, and IP to the global database. When he logged onto his second account, it also updated the database with his second account, but something was noticed. His HWID or IP was similar? In this case a new profile is created for the user Joe. His 2 accounts were added to this profile in the database which contains his 2 accounts because they had matching HWID's, IP's. One or the other, or even both. Any account Joe logs into with his HWID or IP, will be added under the same profile for Joe in the Database.
If you dont quite understand the whole profile thing, let me explain it. When multiple accounts are found containing the same HWID or IP's they get moved in the Global database. A unique profile is created for this user. The profile is identified by a unique id that will be generated when the 2 similarities were discovered. The 2 accounts are then added into this profile and saved. Any other account that is detected under the same IP, or HWID will be added into this profile. Instead of his individual accounts having ban points on them, Joe's entire profile will have 1 point. This will stop Alts! (hopefully)
The reason why Joe couldn't join his favorite server is the owner of the server had
"AllowIPBans" set to false, as well as "AllowHWIDBans" set to false. This means if the plugin finds the account the user is logging in with is contained within a profile, the user will NOT be allowed into the server because one or more of the user's accounts have been banned. You can simply let people into the server who's accounts are on a profile, but contain no points by setting these to true.
*Note: There was one problem that i was having a problem, and i need YOUR Help. Lets say a user purchases a dedicated server or some used laptop. Some times (a lot of the time) hosts recycle the boxes and re-sell them. If a user happened to be using the launcher, on that server in RDP or something similar, got banned, the HWID of the server box itself will be stored in the users profile. So this means, if i were to buy the box, and just so happened to login, i would get instantly banned because someone before me on this server box got banned, so either the IP matched, or the HWID did. This is a very slim case and i couldn't see this happening often at all. Solution anyone? Slap a massive warning on the website or launcher? I have no idea!
Website
Lastly comes the website. For the website it will be nothing different than any other website (vacbanned.com, mcbans.com). Users can check their bans, contact support etc etc. The website will also have a PHP api system which is what the plugin (and website) will use to query for bans. Basically you punch in the UUID and out comes shitloads of JSON to be read. This is how the plugin will make it queries.
Other uses
Some people have come to me with some interesting ideas. One of them is a cloud system. When you login to the launcher, the launcher will Sync your server list, Game settings (video etc, ) AND i am not 100% sure yet, but possibly worlds and resource packs. This way if you are mobile, and on a different pc, all you would need to do is download the launcher and login, it would then start syncing your stuff down to the pc you logged into.
Time to wrap it up
Well my fingers are broken from typing all that. As i mentioned up top, if you have any ideas, want to get involved, or find any loopholes please let me know here, or in a pm! Please post any suggestions you have! I cant do it all on my own! If you are a web developer who can do the web side, or know how to make the same launcher on a Apple computer, let me know. Any help is needed!
If you need to contact me, Add me on Skype: pablo673400 (Make sure you specify Minecraft Anti Cheat in your contact request)
Or pm me!
Progress (what little i have anyway)
MAC Launcher E 1.1:
- Logins complete
- Version browsing complete
- Basic GUI complete
TODO:
- Get the game to launch lol
- Add user profiles
- Add version selection drop down
- Add launcher options
- Re-create AntiCheat code from Java into VB.net.
- Other things.
Preview:
Last edited:
