User:Qaisjp/sandbox-forks: Difference between revisions

From Multi Theft Auto: Wiki
Jump to navigation Jump to search
(add https://wiki.multitheftauto.com/wiki/Anti-cheat_support_for_custom_builds?oldid=64865)
 
mNo edit summary
Line 1: Line 1:
'''This page is meant to be informative for the creators and maintainers of custom MTA builds or forked projects based on the MTA source code. We often get questions related to AC support for them.
'''This page is intended for maintainers of custom MTA builds or forked projects based on the MTA source code. Information on this page does not apply to the official builds of MTA.'''
'''<br />Information contained on this page isn't relevant for the official MTA build or releases, or open-source contribution to the official MTA repository at https://github.com/multitheftauto/mtasa-blue


Custom MTA builds and forked projects (as a lot of russian ones exist) that made their own game platform using the MTA source code, will face some challenges relating to anti-cheat.
Custom MTA builds and forked projects will face some challenges relating to anti-cheat (AC). This is due to custom builds performing in ways that the anti-cheat does not expect.


<br />Anti-cheat (also called: AC) support is very limited on custom builds/forked projects, and may be dropped entirely in the future (this is actually being considered). You cannot rely on the MTA anti-cheat for your project, or the limited and very basic support that remains in netc.dll for custom projects.
AC is generally unsupported for forked projects and may be dropped entirely in the future. This means that you generally ''cannot'' rely on the MTA anti-cheat for your fork. '''We strongly advise that you write and implement your own AC.'''
<br />'''We strongly advise that you write and implement your own anti-cheat.'''


If you cannot do that, and want to use the very limited anti-cheat offered to custom projects, even though we discourage it you can optimize it by the following steps/design choices to still get the most out of limited support (and not hinder it):
If you cannot build your own AC, here are steps you can follow to get the most out of our unsupported AC:


<br />- Always use the latest version of netc.dll (closed-source) e.g from https://mirror.mtasa.com/bdata/netc.dll and https://mirror.mtasa.com/bdata/net.dll matching the master branch of your base MTA source used for fork, actually you can use the latest module always unless MTA commits changed bitstream code or you did
* Always use the version of our net modules (e.g [https://mirror.mtasa.com/bdata/netc.dll netc.dll] and [https://mirror.mtasa.com/bdata/net.dll net.dll]) that matches our commit on master that your fork is based on
<br />The "bdata" modules are specifically for custom builds & forks and fetched by running https://github.com/multitheftauto/mtasa-blue/blob/master/win-build.bat
** To be specific, you can use the latest module that is bitstream version compatible
<br />- Never block MTAHQ/client or server traffic in your project
** You can fetch these modules by running https://github.com/multitheftauto/mtasa-blue/blob/master/win-build.bat
* Never block MTA traffic (client or server) in your project


 
== AC features missing in custom builds ==
 
<br />If you don't do this and don't have professional developers to write good anti-cheat, then your fork will be more infested with cheaters than other forks enjoying the limited anticheat protection.
<br />A good approach is to write and implement (to your custom build) some of the 'missing' anticheat features yourself, see below:
 
'''AC missing on forks/custom builds:'''
* No detection of changes to gta_sa code section
* No detection of changes to gta_sa code section
* No detection of changes to certain gta_sa variables
* No detection of changes to certain gta_sa variables
* SetElementData not protected against external changes
* SetElementData not protected against external changes
* No detection against various Lua injection methods
* No detection against various Lua injection methods
* Much less AC heuristics and protection of internals
* Much fewer AC heuristics and protection of internals
* Continuous updates for all patched methods to write cheats based on (vulnerabilities) aren't guaranteed, although handpicked ones may occasionally land in custom project netc.dll updates.
* Continuous updates for all patched methods to write cheats based on (vulnerabilities) aren't guaranteed (this is one of the reasons why updating netc.dll to the latest offered version is beneficial)
This is one of the reasons why updating netc.dll to the latest offered version is beneficial.
* MTA modules aren't checked for modifications or remote hooking/memory writing
* MTA dll's aren't checked for modifications or remote hooking/memory writing
* and much more
 
 
There are more things missing that we won't mention here, for security reasons.
 
 
 
The reason for limited support is that MTA AC is proprietary unlike MTA itself, and custom builds may do things differently that can set off AC and cause us to need to support custom builds, which we principally don't.
<br />Therefore, laxing it up minimizes the issues that can arise, leaving custom builds a lot of freedom to do awkward things (such as incorrect practise and programming, hacky things) in networking layer or memory.
<br />Basically, to keep it simple, custom projects can deviate in ways that requires adapting of the anti-cheat. Since our anti-cheat is closed source, you cannot do that, and our volunteers reasonably won't be customizing OUR anti-cheat for such projects.
 
<br />Note: to visualise it, most of what works (for the 'limited' anti-cheat support that exists for custom projects) are some signature-based detections. No heuristics, patched methods, security by design and patched vulnerabilities.
<br />Signature-based detections of known hacktools and cheats are the weakest possible, and the anti-cheat in the official MTA tackles the actual problem rather than using signatures.
 
Note: while AC in MTA official version is one of the strongest around, custom builds clearly do not benefit from it and are like a second SA-MP as a result; cheaters everywhere, even s0beit might work, etcetera.
<br />So any project willing to take things seriously is advised to implement their own anti-cheat eventually, if they got developers experienced in that. Enough to eventually not rely on our limited one at all.
<br />Until then, or until adding some hard checks to minimize the problem, you might need actual admins to use their eyes against (old-school) cheating.
 


<br />Also, MTA takes pride in its good anti-cheat for official builds. When we see a video of blatant cheating on custom projects (such as the prevalent russian ones), we always facepalm ourselves because there it's just so much easier.
Generally, most of what will work are some signature-based detections. No heuristics, patched methods, and patched vulnerabilities. Signature-based detections of known cheats are the weakest kinds of cheats, and the mainstream anti-cheat tackles the actual problem rather than being signature-based.
<br />It is really sad to see that the maintainers of such projects aren't aware of the risks and actual situation, so that's why we are documenting it on this wiki page now. ===

Revision as of 20:11, 16 January 2020

This page is intended for maintainers of custom MTA builds or forked projects based on the MTA source code. Information on this page does not apply to the official builds of MTA.

Custom MTA builds and forked projects will face some challenges relating to anti-cheat (AC). This is due to custom builds performing in ways that the anti-cheat does not expect.

AC is generally unsupported for forked projects and may be dropped entirely in the future. This means that you generally cannot rely on the MTA anti-cheat for your fork. We strongly advise that you write and implement your own AC.

If you cannot build your own AC, here are steps you can follow to get the most out of our unsupported AC:

AC features missing in custom builds

  • No detection of changes to gta_sa code section
  • No detection of changes to certain gta_sa variables
  • SetElementData not protected against external changes
  • No detection against various Lua injection methods
  • Much fewer AC heuristics and protection of internals
  • Continuous updates for all patched methods to write cheats based on (vulnerabilities) aren't guaranteed (this is one of the reasons why updating netc.dll to the latest offered version is beneficial)
  • MTA modules aren't checked for modifications or remote hooking/memory writing
  • and much more

Generally, most of what will work are some signature-based detections. No heuristics, patched methods, and patched vulnerabilities. Signature-based detections of known cheats are the weakest kinds of cheats, and the mainstream anti-cheat tackles the actual problem rather than being signature-based.