New passive anticheat system by kvipka.

[UltraNix]

Fixed https://github.com/azerothcore/azerothcore-wotlk/issues/4007.

AzerothCore version https://github.com/azerothcore/azerothcore-wotlk/commit/2189ac0b0834393f7ad9fed78fdea56f54cd6a8b OR HIGHER is a requirement.

Fo testing purpose - please disable kick options in config file (if you are sure that players don't use hacks/cheats). Logs are enough to track false positives (once https://github.com/azerothcore/azerothcore-wotlk/pull/6104 is merged) or you can add that lines to your worldserver config file:

Appender.Anticheat=2,5,0,Anticheat.log
Logger.anticheat=4,Console Anticheat

to have proper logs.

[Helias]

This PR will be really good and it requires a lot of tests. I am really happy to see that someone is working on it :rocket:

[Footman]

Tested this anticheat. There are a lot of false positive detections compared to old one. Mostly connected to some Boss spells. I am not sure if it is better yet.

[UltraNix]

@Footman Because many changes has been done to the core. Give me more info about that false positives.

[UltraNix]

Ready to be reviewed/tested.

[FrancescoBorzi]

@UltraNix the build is failing

[UltraNix]

@FrancescoBorzi Done.

[UltraNix]

Please - test it.

[Helias]

@azerothcore/testers, this is really a good feature and need a lot of tests fo avoid false positive

[Sedatyf]

@azerothcore/testers, this is really a good feature and need a lot of tests fo avoid false positive

How do you test this? Just play normally and check worldserver console to see if there is no false positive that showed up?

[Helias]

Yes, but we should test also if with flyhack and similar the anti-cheat detect them

[Sedatyf]

Well, how do you flyhack? I'll have to download some cheat on internet?

[UltraNix]

If you want some logs (at console and Server.log file), just add it to your worldserver.conf file:

Logger.anticheat=4,Console Server

[Hacki95]

Well, how do you flyhack? I'll have to download some cheat on internet?

Once saw a youtube video from some guy testing a various known hacks on private servers, maybe if you can find it you can just test out the hacks this guy used? If I find it again I will link it to you on discord.

[speedrunz]

there are false positive detections specially on LK fight (10man normal mode). Here's the log of it.

2021-05-10_23:45:54 Player::CheckOnFlyHack : FlyHack Detected for Account id : 14, Player Testerrsz (GUID Full: 0x0000000000000008 Type: Player Low: 8) 2021-05-10_23:45:54 Player::======================================================== 2021-05-10_23:45:54 Player::CheckOnFlyHack : playerZ = 840.857056 2021-05-10_23:45:54 Player::CheckOnFlyHack : normalZ = 0.000000 2021-05-10_23:45:54 Player::CheckOnFlyHack : checkz = 2.031000 2021-05-10_23:51:10 Player::CheckOnFlyHack : FlyHack Detected for Account id : 14, Player Testerrsz (GUID Full: 0x0000000000000008 Type: Player Low: 8) 2021-05-10_23:51:10 Player::======================================================== 2021-05-10_23:51:10 Player::CheckOnFlyHack : playerZ = 840.856995 2021-05-10_23:51:10 Player::CheckOnFlyHack : normalZ = 0.000000 2021-05-10_23:51:10 Player::CheckOnFlyHack : checkz = 2.031000 2021-05-10_23:52:41 Player::CheckOnFlyHack : FlyHack Detected for Account id : 11, Player Mezmowr (GUID Full: 0x0000000000000001 Type: Player Low: 1) 2021-05-10_23:52:41 Player::======================================================== 2021-05-10_23:52:41 Player::CheckOnFlyHack : playerZ = 761.502075 2021-05-10_23:52:41 Player::CheckOnFlyHack : normalZ = 0.000000 2021-05-10_23:52:41 Player::CheckOnFlyHack : checkz = 2.031000 2021-05-10_23:52:58 Player::CheckOnFlyHack : FlyHack Detected for Account id : 14, Player Testerrsz (GUID Full: 0x0000000000000008 Type: Player Low: 8) 2021-05-10_23:52:58 Player::======================================================== 2021-05-10_23:52:58 Player::CheckOnFlyHack : playerZ = 748.446350 2021-05-10_23:52:58 Player::CheckOnFlyHack : normalZ = 0.000000 2021-05-10_23:52:58 Player::CheckOnFlyHack : checkz = 2.031000

[speedrunz]

additional info. The false positive FlyHack detection usually happens on the phase when he casts Remorseless Winter.

[UltraNix]

Somebody else willing to test that module?

[Sedatyf]

It's definitively in my backlog, I'll find some time to test it

[speedrunz]

Additional Info on ICC 10man normal mode:

• When LK reaches below 40%, he goes to the mid and casts Remorseless Winter (probably when he changes the platform? not sure). This is where the Raging Spirits and other mobs e.g. ghouls fall and is being talked here -> https://github.com/azerothcore/azerothcore-wotlk/pull/5778

• This is the part where the anti-cheat falsely detects us as FlyHackers and kicks us.

How did we test it:

• We're only 2 players with Might of Mograine buff.
• Cheat god is ON (power, casttime, cooldown as well).
• gm fly is OFF
• mod speed is OFF / default 1.

[UltraNix]

@speedrunz Write to me on Discord: UltraNix#5638

[FrancescoBorzi]

@azerothcore/testers we need people testing this.

[poryagholami1374]

@azerothcore/testers we need people testing this.

I have enough free time I am at your service, give orders

[poryagholami1374]

This is a good project Thank you all for your support People like me who live in a deprived area We need such a thing

[FrancescoBorzi]

@poryagholami1374 have you tested this PR? can you please share your feedback ?

[Sedatyf]

I tried to test this, but I have to say, I'm a bit confused. At least, worldserver didn't kicked me for using gm fly. If you have some ideas, advices, things to do to test it, please give me a DM in Discord (same name at here) or a comment here

[UltraNix]

@Sedatyf Have you tried with some hack tools/ cheat engines?

[Sedatyf]

@Sedatyf Have you tried with some hack tools/ cheat engines?

Not yet. @Branel gave me some cheat engine but it seems there is a lot of harmful files in it. So I have to take time to setup a VM in order to test it

[Branel]

They are mostly false positives as a majority of the reports show its safe but please do use a VM just incase.

[UltraNix]

@Sedatyf Could you show me your config file from /bin/builtype/configs/modules/Anticheat.conf?

[Sedatyf]

Sure, here it is @UltraNix

[worldserver]
#
###################################################################################################

###################################################################################################
#   ANTICHEAT MODULE
#
#     Description: AntiCheats.SafeMode when player udner ACK packet (not handled by core), player will have immune for ASH checks.

AntiCheats.SafeMode.Enabled = 1

#    AntiCheats.FlyHack
#        Description: Enable AntiCheat.FlyHack
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.FlyHack.Enabled = 1

#    AntiCheats.FlyHack
#        Description: Enable AntiCheat.SpeedHack
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.SpeedHack.Enabled = 1

#    AntiCheats.DoubleJump.Enabled
#        Description: Enable AntiCheat.DoubleJump Kick when player sent opcode jump when has flag falling (client can't do this)
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.DoubleJump.Enabled = 1

#    AntiCheats.FakeJumper.Enabled
#        Description: Enable AntiCheat.FakeJumper : when player sent a move opcode (with new Z higher) when has flag falling (client can't sent any new packets when falling)
#             It's normal for Gagarin hacks and with Air Mode + "space" click = "falling" mode (player can't change orientation of flying, but it move up)
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.FakeJumper.Enabled = 1

#    AntiCheats.FakeFlyingmode.Enabled
#        Description: Enable AntiCheat.FakeFlyingmode : when player sent a move opcode with added fly flag but on server this flag doesn't restricted for player.
#             It's normal for Hitchhiker's Hack with Air Mode
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.FakeFlyingmode.Enabled = 1

#    AntiCheats.IgnoreControlMovement.Enabled
#        Description: Enable AntiCheat.IgnoreControlMovement : when player in root state - client can't send a new movement packets.
#        Default:     0 - (Disabled)
#                     1 - (Enabled)

AntiCheats.IgnoreControlMovement.Enabled = 1

#
###################################################################################################

###################################################################################################
# Sanctions - Kicks
#
#    AntiCheats.FlyHack.Kick.Enabled
#        Description: Enable AntiCheat.FlyHack Kick when detected
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.FlyHack.Kick.Enabled = 1

#    AntiCheats.SpeedHack.Kick.Enabled
#        Description: Enable AntiCheat.SpeedHack Kick when detected
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.SpeedHack.Kick.Enabled = 1

#    AntiCheats.FakeJumper.Kick.Enabled
#        Description: Enable AntiCheats.FakeJumper Kick when detected
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.FakeJumper.Kick.Enabled = 1

#    AntiCheats.FakeFlyingmode.Kick.Enabled
#        Description: Enable AntiCheats.FakeFlyingmode Kick when detected
#        Default:     1 - (Enabled)
#                     0 - (Disabled)

AntiCheats.FakeFlyingmode.Kick.Enabled = 1

#
###################################################################################################

###################################################################################################
#    AntiCheats.FlyHackTimer
#        Description: Timer for AntiCheat FlyHack check
#        Default:     3000 - 1 check in 3 second (for big projects better (1500ppl +) set 5000 (5 sec) or more)

AntiCheats.FlyHackTimer = 3000

#
###################################################################################################

###################################################################################################
#    AntiCheats.forceExcludeMapsid disabled maps
#        Description: disabled mapid for anticheat system
#        Example:     "616,649"

AntiCheats.forceExcludeMapsid = "616,649"

Can I ask why?

[UltraNix]

I thought you are using the old one. But looks okay. Did you enable logs by https://github.com/azerothcore/mod-anticheat/pull/32#issuecomment-836808560? Do you see ingame, in your chat that Anticheat is loaded? If you are not using any hacks/engine tools, that would mean there are no false positives. But you should definitely test it with some hack tools.

[speedrunz]

please test this guys in the Lich King encounter using 2 players so you can see it. Once you reach LK's hp below 40%, one of the players gets falsely flagged as fly hack and then gets kicked. Please try it. I'll buy the testers some beer just to keep this stuff going.

[Sedatyf]

please test this guys in the Lich King encounter using 2 players so you can see it. Once you reach LK's hp below 40%, one of the players gets falsely flagged as fly hack and then gets kicked. Please try it. I'll buy the testers some beer just to keep this stuff going.

I wanted to try LK's fight but I had a problem after Lady Deathwhisper because I couldn't pass the Gunship Battle. Did you do something specific to go to LK?

[Sedatyf]

I thought you are using the old one. But looks okay. Did you enable logs by #32 (comment)? Do you see ingame, in your chat that Anticheat is loaded? If you are not using any hacks/engine tools, that would mean there are no false positives. But you should definitely test it with some hack tools.

Forgot about the log thing, I'll definitely try again sometime later

[speedrunz]

@Sedatyf what issue are you facing on the gunship? You can simply .damage the enemy ship.

[Sedatyf]

Well, I cleaned the rampart by killing mobs and the dragon. Ships came but they were nobody to talk to or launch the event. It was weird @speedrunz

[FrancescoBorzi]

that would mean there are no false positives.

making sure there are no false positives is also good testing so keep that up too please :)

[poryagholami1374]

Hack Telport Does not take

[UltraNix]

Hack Telport Does not take

It's just a visual for you. If try to move, you will be kicked out. Everything is alright.

[UltraNix]

I tested that anticheat with Hitchhiker's tools and wowemuhacker - both are detectable by this anticheat. But need more tests, especially without hack tools to track any false positives.

[poryagholami1374]

I tested teleport, you were right, it has not been enabled since configuration I tested something yesterday. When I got on the ulduar tank, I wanted to hack the tank My game is completely closed

[mpfans]

1. Druids change to bird form and log in again... They will be kicked off the line
2. Grand Magus Telestra P2... summon player... and player will be kicked

[speedrunz]

@mpfans did you enable the logging? If yes, can you paste the output here?

If not, please enable the anticheat logging by adding this in your worldserver.conf

Logger.anticheat=4,Console Server

[speedrunz]

@UltraNix I tried replicating what @mpfans reported and indeed you get kicked instantly after you login when you are on druid bird form.

2021-05-29_03:40:04 MovementHandler::Fake_flying mode (using MOVEMENTFLAG_FLYING flag doesn't restricted) by Account id : 11, Player Testerzs (GUID Full: 0x0000000000000011 Type: Player Low: 17) 2021-05-29_03:45:01 MovementHandler::Fake_flying mode (using MOVEMENTFLAG_FLYING flag doesn't restricted) by Account id : 11, Player Testerzs (GUID Full: 0x0000000000000011 Type: Player Low: 17)

[UltraNix]

@mpfans @speedrunz Fixed. Please, retest it.

[mpfans]

in Gundrak

.go 1698.317871 792.921570 90.581955 604

2021-05-29_22:38:25 PassiveAnticheat: FlyHack Detected for Account id : 5, Player gm (GUID Full: 0x0000000000002d4d Type: Player Low: 11597) 2021-05-29_22:38:25 Player::======================================================== 2021-05-29_22:38:25 playerZ = 90.581955 2021-05-29_22:38:25 normalZ = 79.470383 2021-05-29_22:38:25 checkz = 82.738480 2021-05-29_22:38:25 ======================================================== 2021-05-29_22:38:28 PassiveAnticheat: FlyHack Detected for Account id : 5, Player gm (GUID Full: 0x0000000000002d4d Type: Player Low: 11597) 2021-05-29_22:38:28 Player::======================================================== 2021-05-29_22:38:28 playerZ = 90.581955 2021-05-29_22:38:28 normalZ = 79.470383 2021-05-29_22:38:28 checkz = 82.738480 2021-05-29_22:38:28 ========================================================

[speedrunz]

@UltraNix thank you! Druid flightform is now fixed after the commit.

I tested @mpfans new bug discovery by just running the command below and confirmed*, it kicks you in awhile. .go 1698.317871 792.921570 90.581955 604

[poryagholami1374]

When I Go To Ins Which is inside the zul dark map I jumped from a height And Antichit kicked me Inside battleground Jump from a height and test how it will be I could not test this But I said you try

[UltraNix]

@poryagholami1374 Paste logs.

[UltraNix]

@mpfans Fixed.

[poryagholami1374]

https://user-images.githubusercontent.com/80007195/120114717-bff93400-c195-11eb-8ab5-a0a045025b82.mp4

HandleSetActiveMoverOpcode: incorrect mover guid: mover is GUID Full: 0xf15000740d0063e7 Type: Vehicle Entry: 29709 Low: 25575 and should be GUID Full: 0xf15000740d0063e8 Type: Vehicle Entry: 29709 Low: 25576 HandleSetActiveMoverOpcode: incorrect mover guid: mover is GUID Full: 0xf15000740d0063e9 Type: Vehicle Entry: 29709 Low: 25577 and should be GUID Full: 0xf15000740d0063ea Type: Vehicle Entry: 29709 Low: 25578 HandleSetActiveMoverOpcode: incorrect mover guid: mover is GUID Full: 0xf15000740d006411 Type: Vehicle Entry: 29709 Low: 25617 and should be GUID Full: 0xf15000740d006412 Type: Vehicle Entry: 29709 Low: 25618