Minecraft Servers Employ Client-Side Anti-Injection Anticheat Software

Hacking in the context of online gaming has been a problem for many companies, and with the rise of eSports and online tournaments, game companies around the globe have put a lot of investment in stoppping hackers from undermining the competitive integrity of their games.

Minecraft, strangely enough, has found itself with a competitive community of its own that’s currently expanding into broadcasted prize pool tournaments under the supervision of ESL.  In contrast to other games with eSport scenes, Minecraft has always lacked a centralized authority for its multiplayer experience, as Mojang has been fairly uninvolved with servers.  This mindset is surprising, considering that many of these servers operate as businesses dealing with several million Minecraft users every month.  (The largest of which, Hypixel, currently hits 50-60,000 players during peak hours, which is comparable to one of the top 20 games on steam.)

Minecraft is a game coded in Java and is essentially open source with its decompilation being all but officially endorsed. (Searge, the founder of such decompliation tools found in the MCP (Minecraft Coder Pack), ended up getting hired by Mojang.)  This makes client modifications incredibly easy to develop, and basic cheats such as flyhacks have been around since what feels like forever.

While the vanilla server software has little to stop such modification, most “blatant” hacks are fairly easy to detect and prevent with server-side anticheat software.  If a player is moving faster than they should or hitting another player outside of their range, it’s a trivial matter for servers to validate such packets and either ban or simply restrict users that are consistently trying to do the impossible. (Accounting for latency with such checks is surprisingly difficult, and many early anticheat server plugins were interfering with players who were using a vanilla client but simply had higher latency.)

Eventually those who developed cheats wised up and found ways to make advantages for themselves without sending packets that wouldn’t pass validation.  These cheats could do things like automatically hit players at maximum range, see resources through walls, or click faster than a human would be physically able.  This second wave of cheats were met with more sophisticated server-side validation that looked for “robotic” patterns from clients, in the case of aimbotting and autoclicking, and withholding data that wouldn’t be needed by a vanilla client, in the case of wallhacking.

For a while now cheat developers have been working to reverse engineer anticheat plugins to bypass their checks, and anticheat developers have been working to decompile and reverse engineer hacked clients to accurately detect them server-side.  However, this battle has been getting progressively harder and harder for anticheat developers because of a key flaw with Minecraft as a game, namely that it operates at 20 ticks per second both client and server-side.

20 ticks per second means that packets are rounded to 50ms intervals which severely limits the ability of servers to detect patterns in hacked clients, though the advancement of said hacked clients has always been a matter of time.  Eventually these clientside cheats would become impossible to distinguish from the best players regardless of tick rate.

To combat this, the servers that cater to the most competitive players that have been on the cutting edge of serverside detection have shifted their efforts into developing custom clients with anti-injection anticheat packaged with.  While this anti-injection software is of course optional for playing the game, it is required for participation in prize pool tournaments and special matches where a player would be put with only other players validated by this client-side anticheat.

Currently there are two competing anticheat clients, the Badlion Client (BAC),  and Cheatbreaker.  The Badlion Client is currently released and has already been used in ESL tournaments, and is devloped by Badlion, who is partnered to Turtle Entertainment AKA ESL.  Cheatbreaker is owned by FrozenOrb LLC (despite such not being listed on Cheatbreaker website), and its anticheat portion is still under development.

-Fisher Michaels

Sources:

https://www.rockpapershotgun.com/2015/09/15/minecraft-biggest-servers/

http://hypixel.wikia.com/wiki/Administrator

https://www.badlion.net/forum/thread/144254

https://www.cheatbreaker.com/