3.3.5 Nemesis Anticheat
- Passive hack detection for multiple hacks tested with different paid hacking tools
- Detects hacks by looking at movement flags, opcodes and calculating values with server-side knowledge
- Clean console and database logging with a custom view to identify frequent offenders
- System in place to reduce false positives
- Speedhack: Increase of movement speed.
- Flyhack: Flying without flying mounts.
- Teleporthack: Teleport to a selected location.
- Jumphack: Jump again before you land on the ground.
- Gravityhack: Lower gravity allows higher jumps.
- Climbhack: Climb impossible angles. Can detect certain types of No Fall Damage Hacks as well.
- ZAxisHack: Disable falling so you can run in the air.
- Waterwalk: Walk on water.
- Antiswim: Walk under water.
- Ignore Control: Ignore roots.
- Anti-Knockback: Ignore knockbacks.
Wrath of the Lich King is still a very popular game that attracts a lot of players on private servers. This also means that there is a huge market for cheat tools. TrinityCore only has basic functionality to detect fake movement flags. This detection is entirely side-stepped by commen paid hack tools. Anticheat modules that can detect these hacks are mostly closed-source and paid. The problem with server-side anti-cheat software is less the detection of cheaters, but the collateral damage to innocent players through false-positive detection. Due to this, we believe that server-side measures should not work automatically, but should support the admin to identify cheaters. Therefore we "only" provide methods for database logging. Its up to the admin/users to take actions based on the collected data. There are a number of factors that (can) have a negative impact on cheat detection:
- Quality of maps
- Latency
- Server load
We got our hands on 3 frequently used cheat tools (WoWAdminPanel, WoW Hitchhiker, Gagarin) and worked on detecting the most harmful hacks these tools offer.
There are hacks where you want to catch every violation, for example teleport hacks. Then there are also hacks where detection is about continous violation of the rules, for example speed hack, where someone is travelling faster than allowed for extended periods of time. For the second type, we were able to reduce the amount of false positives by allowing every player a certain amount of detections (default 3) in a certain amount of time (default 5 seconds). We believe that legit players will have a hard time accidentally triggering the anti cheat detection this often while our test have shown that cheaters will trigger it still. We also tried to find better solutions than to write exceptions for specific spells or areas. When a cheater is detected, we output a warning in the console. There will also be an incident report in the „nemesis_anticheat“ table in the auth database that offers valuable information about the incident:
- Time of the report
- Realm ID
- Account ID and Account Name
- Character GUID and Character Name
- Character Class
- What hack was detected and useful values depending on the type of hack
- Where the detection took place
- A gm command to teleport directly to this location
But as everyone that ever worked on a wow server emulator, we are now at a point where additional tests to collect more data are too much for just two people. This is why we decided to make the script available for the community to gather more usage data. We hope to use this feedback to further reduce false positives.
###################################################################################################
# Nemesis Anti-Cheat System
#
# Anticheat.Enable
# Description: Enables or disables the Anticheat System
# Default: 0 - (Disabled)
# 1 - (Enabled)
Anticheat.Enabled = 1
# False Positive Reduction
# Hack.Counter (Int, Default 3) - How many positive hack detections a player needs to generate a report
# Reset.Timer (Int, Default 5000) - How much time in ms we want to wait until resetting the hack counter
#
# Example: With default values, a player has to trigger a hack detection 3 times in the span of 5 seconds to generate a cheat report
Anticheat.Hack.Counter = 3
Anticheat.Reset.Timer = 5000
# Anticheat Subsystems - Enable or Disable as needed
# Speedhack - cheaters running faster than allowed
# Tolerance - Percentage increase of allowed speed (Default 1.075 for 7.5% increase)
Anticheat.SpeedHack = 1
Anticheat.SpeedHack.Tolerance = 1.075
# Flyhack - cheaters flying when not allowed
Anticheat.FlyHack = 1
# TeleportHack - cheaters teleporting from A to B when not allowed
Anticheat.TeleportHack = 1
# JumpHack - cheaters using multiple jumps at once, reaching higher areas
Anticheat.JumpHack = 1
# AntiknockbackHack - cheaters ignoring knockbacks
Anticheat.AntiknockbackHack = 1
# GravityHack - Manipulating gravity so player can jump higher
Anticheat.GravityHack = 1
# ClimbHack - cheaters climbing hills they should not be able to
# MaxSlope - Maximum angle in radians a player can climb (Default 55 degrees converted to radian -> 0.9599)
Anticheat.ClimbHack = 1
Anticheat.ClimbHack.MaxSlope = 0.9599
# ZAxisHack - cheaters hovering
Anticheat.ZAxisHack = 1
# WaterwalkHack - cheaters walking on water and can disengange from combat that way
Anticheat.WaterwalkHack = 1
# AntiswimHack - cheaters walking in water
Anticheat.AntiswimHack = 1
# IgnoreControlHack - cheaters ignoring control loss effects
Anticheat.IgnoreControlHack = 1
#
###################################################################################################
Console Logging
Console Logging
Custom Database View
