Minecraft PC IP: play.cubecraft.net

Coding Behind the Cube #2 - Sentinel

Hulk_

AntiCheat Developer
Staff member
Developer
May 19, 2020
7
172
39
Hello CubeCrafters!

Welcome to the second edition of "Behind the Cube"! We hope these development blogs can give you guys some insight into what we are doing behind the scenes. In this edition, we will be discussing the development of Sentinel since we've started in May.

⚔️ Why is cheating such a problem?

Minecraft allows for a lot of creativity and freedom within the game. In fact, this is the very reason we can create awesome experiences and work on the detection of cheats on the server side with great precision. Minecraft would not be the same without the modding community. However, the darker side of the modding community is when modifications are created to promote unfair advantages. This is where we come in.

The main thing that separates Minecraft from most other online games is that movement is client authoritative, so your game session calculates your motion from your inputs. When you move, your position is sent to the server for it to be updated. On the other hand, server authoritative movement means all motion is calculated on the server's side. When you press the W key to move forward, that action is sent to the server and the server will attempt to calculate where your next position will be. Then, your position sent back to you to tell you where you should be. It’s a bit more complicated than that but that is the general idea (Here’s an article about it if you’re interested in how other online games handle movement). The Minecraft protocol gives a lot of authority to the client that allows them to create destructive cheats. However, Minecraft is designed in a way where we can easily confirm almost everything sent from the client to check for cheats.

The people that are cheating on the network can be very smart. They can be quick to understand why they are being banned and adapt to avoid being banned. No longer are we fighting against a few people with a few clients, but a wide range of clients and large groups of people targeting the network being the first to try and find a bypass. The abundance of stolen/compromised accounts makes it easy for people to continue to come back after they’ve been banned. Once they’ve been banned, they can adjust their settings the next time they join in an attempt to bypass. This can be a difficult situation for us. On one hand, we want to remove the cheater as quickly as possible to minimize their impact on the game. On the other hand, quickly banning a player makes it easier for them to understand why they've been banned. We have to find a compromise between making sure the cheaters impact on the game is minimal, while also preventing them from learning why they've been banned so quickly. Connection blocks help a lot with preventing users from continuing to cheat once they've been banned, but we see the majority of cheaters are on home ISP's using dynamic IP's. Once there's a connection block applied to their IP, they can simply restart their router to get a new IP.

⚡ The dilemma of creating a new check

The first thing to understand is that AntiCheat development on a network size of CubeCraft's is a very, very long process. We shouldn’t have the expectations that we can eradicate the problems of cheaters in a short period of time. It can be a constant cat and mouse game between us and the client developers. We release a check, and they try to figure out a way around it.

We take multiple different approaches to detecting cheaters. We may sometimes look into popular hacked clients and figure out flaws that we can detect. We may look at a players behavior over a period of time to determine if what they are doing is common with a player that is cheating. Ideally, we look at how the Minecraft Vanilla client does something and apply that logic on the server. We can then use that on the server to detect if the player is sending data that does not come from a Vanilla client (in action this can get much more complicated).

2020-11-14_13.47.50.png

A cool packet debugging tool we've developed to
help make debugging packets easier

These different approaches come with their pros and cons and vary in development time. Releasing a detection that detects a certain implementation of a cheat could catch a lot of cheaters quickly, but it servers very little long term protection. Once it has been bypassed, we are stuck in the same position as we were before. At the same time, working on a more concrete check that aims to give long term protection can mean we have to bare with the situation we have now until we can finalize this check. This can be sometimes difficult to deal with, especially with a growing pressure from the community to deal with cheaters.

The biggest problem with a detection is the false positives that it may bring. We spend most of our time not on creating new checks, while fixing issues with our current ones. False positives are our biggest priority as we cannot allow a check to start banning if there are instances where a legit player can be flagged. A detection can have a great detection rate, but the false positives prevent it from being able to ban. This can be tricky to tackle as they may not always mean a simple fix. It can be also difficult as we are mostly relying on the violation data associated with an alert to try and fix the issue without having a step by step on how to recreate the false positive. Having a lot of false positives with a check usually means there is a fundamental flaw with how the detection works. At this point, we need to decide if we should continue to try and fix all of these issues or completely scrap our work and start on something new.

slack cheater alert.jpg

When a player is detected for cheating by a new detection,
an alert is sent for staff to verify if the player was cheating or not

Now with Minecraft Bedrock edition, creating an anti-cheat is extremely difficult. The game is still incredibly easy to create mods for, but we have no access to view its source code and therefore create checks based on its internal algorithms. So we're flying blind, making checks created solely from trial and error. This is why development for Sentinel Bedrock is extremely slow. And because we don't have source code or documentation, any false positives that occur are impossible to diagnose with certainty. This is especially a problem when our Bedrock network reaches player counts of over 20,000 players daily, while being harder to develop for than our Java network. Creating an anti-cheat for a closed source video-game is incredibly difficult, which is why our Java Sentinel is much more mature.

We're asking our loyal Bedrock players to please be patient, because we're trying our best despite the circumstances.

📰Our first introduction to Sentinel

When we were first introduced to Sentinel at the end of May, there was a lot of things we knew we had to cover. There were a lot of issues with the current detections and various clients that were able to bypass most of our detections. Having detections that had a lot of false positives and little detection rate of cheaters was a problem.

Since then, we have introduced many different new checks that are meant to replace the old ones, as well as checks to detect cheaters that were not already detected. We've also done a lot of work to the internals of Sentinel to make creating new checks easier and to improve certain aspects of Sentinel to help improve performance and accuracy. Most of the detections that were on the network when we first started have been removed or improved. Dawson (@funkemunky) has worked a lot in making our code framework a lot more stable and provide tools for stable detection making, as well as creating many new additional checks movement and combat wise. @Elevated has worked on patching numerous client exploits and has done an incredible job. @Hulk_ has been working on Bedrock Sentinel detections, exploits from clients in Minecraft Java, and many quality of life improvements for Moderator-Team/Sentinel interactions.

gitlab progress graph.PNG

Our progress to Sentinel since we've started!

Apart from working directly on Sentinel, there's also a lot of moving parts outside of Sentinel. We work to maintain all things related to Sentinel. This includes appeals, bug fixing, and systems we use for staff involvement. Appeals take up most of our time besides programming. Appeals are very important to us as we want to make sure that if a player was falsely banned, they are unbanned as quickly as possible and we can work to fix the issue that caused the player to be banned. You may recognize Dawson and Hulk_ from the responses to your appeals, and @Elevated if you're lucky. Appeals give us a good guide as to how a detection is doing and allow us to spot any issues that we did not notice while the detection was in the testing stage. But, appeals can be time-consuming. After enabling a new detection for banning on Bedrock, we were seeing up to a hundred appeals a day which caused delays in how long an appeal took to be looked at. Since then, we've made adjustments to how appeals are handled to make sure that we are answering appeals in a timely manner (thanks @Elenahh for organizing this and to the entire moderation team for the help).

copy of appeal message.png

If you're lucky enough, you may be able to witness Sentinel in the player form

We've been working a lot to redesign Sentinel to make things easier for staff and for future development. We work closely with the staff team as they provide most of the feedback about the detections in testing. There will never be a time where Sentinel will be able to detect all cheaters, so we want to make sure that we are able to provide the tools for staff to be able to quickly deal with the undetected cheaters. Staff work to fill in the areas that Sentinel lacks in, while Sentinel works to help make things manageable for staff.

⌛ The perfect AntiCheat - What's to come next?

The perfect AntiCheat will probably never exist. Cheaters will be constantly changing their techniques as we play the catch up game. But, given enough time we can work to create something that minimizes the cheater's impact on a game. We still have a lot of plans for both Java and Bedrock to improve all aspects of Sentinel.

sentinel stats.PNG

A more detailed look into our Sentinel ban statistics

On Java, we plan to continue to improve our existing checks and put more focus on preventing movement related cheats. There are some major changes coming but we are continuing to test to ensure there are no issues. Currently, we are also working to improve our existing detections before introducing anything new. Many new detections have been implemented on Java that have been tweaked and improved, and we will continue to do so into the future. We have more plans in the future to add more detections for minor cheats that we did not focus on at the beginning. In fact, we already detect a lot of "ghost" cheats that players use to provide an unfair advantage without being blatant and plan to implement much more. We definitely enjoy the feedback from our community regarding this issue and are working towards a completely fair competitive community.

On Bedrock, we have a lot of plans for future detections to help improve the situation. Yes, we have heard your cries! We are doing our absolute best but its been quite a challenge. We do not have the knowledge or tools that we do with Java Edition so creating new detections can take much longer. It can also be a challenge managing both Bedrock and Java at the same time since these games have similar but fundamentally different mechanics.

Our current plans are to focus on movement and combat related cheats. We have already released a couple of detections already automatically removing cheaters but we are hoping to work on something that serves better long-term protection and a lower false-positive rate. As we did with Java, we want to work more heavily on the internals of Sentinel on Bedrock to help make creating new checks in the future easier.

Looking back at when we first started, Sentinel has come a long way. We are continuing to learn on what works best and the best approach to dealing with cheaters. All of us have learned a lot and are still constantly improving our methodology. We know it can be hard to understand what is going on behind the scenes with Sentinel as most information is kept private. Every day we work on Sentinel and it can be frustrating that the community is unable to see the progress we make. We hope that this blog will give better insight into what we've been doing and the challenges we need to overcome.

Written by:
 

s0cial_

Member
Feb 17, 2016
87
149
103
17
Portugal
I'm a former developer not here. I know what it's like to have to spend several hours developing and giving the best of everything possible to a big server like these. I see a lot of players complaining, but if they stopped to understand a little bit, they would see that really creating a system of this type takes a lot of effort, dedication, and time, because over time several bugs that can cause let this happen to some players who have been banned for no reason etc. In my point of view, I have nothing to criticize about the server's anti-cheat, it is much better than other servers that I won't mention names, as I said above, I believe in the work of the server developers, I know who are doing everything to give us players a good environment without hackers etc.
Keep your great work and nice thread!


 
  • Like
Reactions: Hulk_

Toxuka

Member
Dec 6, 2018
151
415
79
16
Vancouver
I'm trying to learn to program myself, I have so much respect for all that you guys do. Awesome job, and keep at it!

Got false banned by sentinel right after posting this loll, still love you guys <3
Getting False banned but banning so much cheaters, it's amazing job :3
 
  • Like
Reactions: Hulk_

Katsia Stray

Member
May 18, 2020
410
502
94
Ireland
www.youtube.com
The problem with bedrock edition is that in bedrock, someone can dounle jump and everyone will believe its lag. The same goes for antikb just blame the 30 ping and it's suddenly not cheating. I'm impressed that bedrock Sentinel can function even if it's only a little. Congrats!
 
  • Like
Reactions: Toxuka
Discord
Members Online

Team Online

Latest profile posts

Ge1ster wrote on Zed's profile.
Happy birthday Zed! 🥳 🎉
GiGaGekkies wrote on Zed's profile.
Happy Birthday! 🎉
Ge1ster wrote on Enⅾer's profile.
same picture.jpg
Rawrbin wrote on Zed's profile.
Happy birthday
SnowyGoefy❄️ wrote on Zed's profile.
Happy birthday🎉🎉
Top Bottom