Warden Newsletter #1

---

Welcome!

Welcome to the Warden Anti-Cheat newsletter. What is this? Well It's simple this is a newsletter meant to fit in with Warden, which if you haven't seen you can find it [here.][1] One of the goals of Warden is to make the knowledge of how anticheats work more wide-spread knowledge. So simple It's common knowledge. So not only will this newsletter provide updates on Warden, but it will also provide you info on how some checks work :smile:.

Today’s Topics

1. New Check In Warden
2. Recruitment
3. Questions

---

New Check In Warden

There are many new checks in Warden! However right now I’ll only cover one to start us off easy .


XCarry Check
That’s right an XCarry check. So first off what is XCarry? XCarry (also known as MoreInventory) is a way of carrying more items than is normally allowed. This has been a hack since 2012, and been no successful patches according to the actual hacked client community (although they do admit to a couple of failed ones). Basically all that they do is never send the CloseInventory packet. This allows them to close their inventory without the server recognizing it. Allowing them to move around while the server thinks they have their inventory open. This provides the interesting side effect that they can carry extra items in the crafting slots of your inventory. Normally those would get dropped, however since they never actually “Close” their inventory according to the server it allows them to hold items there while moving.

So how do we combat this? This is actually really simple. When they open their inventory we add them to a list of people who have their inventory open. Then we listen for when their moving. If they’re moving while their in that list then we know for sure that they are using XCarry.

private List<UUID> map;

@Override
  public void onPacketReceiving(PacketEvent event) {
    PacketType pt = event.getPacketType();
    //A player's inventory will actually close if he gets hit before this event is fired off.
    //So no need to check for hits.
    if (pt == PacketType.Play.Client.POSITION) {
      Player p = event.getPlayer();
      if (map.contains(p.getUniqueId())) {
        Bukkit.getServer().getPluginManager().callEvent(new CheckFailedEvent(
            p.getUniqueId(), getRaiseLevel(), getName()
        ));
      }
    } else if (pt == PacketType.Play.Client.LOOK) {
      Player p = event.getPlayer();
      if (map.contains(p.getUniqueId())) {
        Bukkit.getServer().getPluginManager().callEvent(new CheckFailedEvent(
            p.getUniqueId(), getRaiseLevel(), getName()
        ));
      }
    } else if (pt == PacketType.Play.Client.ENTITY_ACTION) {
      Player p = event.getPlayer();
      PacketContainer pc = event.getPacket();
      //For opening your own inventory their is actually know packet. It just sends an actionID of 6. So we have to extract that from the packet.
      int actionID = pc.getIntegers().read(2);
      if (actionID == 6) {
        map.add(p.getUniqueId());
      }
    } else if (pt == PacketType.Play.Client.CLOSE_WINDOW) {
      Player p = event.getPlayer();
      if (map.contains(p.getUniqueId())) {
        map.remove(p.getUniqueId());
      }
    }
  }

Boom that’s it! A super super simple check! Yet somehow Warden is the first one to actually. You know. Patch this vulnerability.

---

### :busts_in_silhouette: Recruitment :busts_in_silhouette: ###

That’s right! I need help with this project. After all anticheats developed by one person are usually not as good. Today I have several positions that are open! That I will definitely need help with.

How to Apply
After you read available positions simply go, and submit an application here. When recruitment is up, I shall message you the results!

Recruitment Deadline: Before March 30th, 2015
Recruitment Results: March 30th, 2015

###Positions you can apply for:###

Community Manager:
The community manager will be responsible for keeping in touch with the multiple communities that Warden attempts to hit. They should plan this newsletter (some of it), updates to the community about certain things, and be a figure that helps Warden get new users, as well as keep old ones happy. Without the communities Warden would be nothing, and it is this persons job to make sure the communities are happy. Being the people person, and the buffer between the developer(s), and the general populous.
Amount needed: 1

Developer:
This is exactly what it sounds like. Becoming a full on developer for Warden. Although anyone can add to warden you should add on a regular basis, and be in charge of the structure of warden changes. You will also make sure only acceptable PR’s get accepted. Even if you don’t know too much about how cheating goes on, or how to patch it. That is okay. Warden has many other components too. Such as the email component, bug fixing, custom account management, etc. These are all things experienced Java developers should have no problem with.
Amount needed: 2

Those are all available positions right now!

---

Questions

Do you have any questions for me? If so please don’t hesitate to ask! I’d love to hear your questions!

I’m having some worries over your code example, specifically that the code is not even related to SpongeAPI at all (using Bukkit events and ProtocolLib?), so I don’t quite understand how you’re making it any easier for you to port Warden to Sponge whenever that happens.

Your right it isn’t utilizing the SpongeAPI right now due to the fact I’m waiting for some sort of PacketManagement. The goal of showing the check here was to get people to understand how the check works. Which is why there is even going to be a non-sponge version. More people are familiar with the BukkitAPI, and when I do make the full migration over to sponge I plan to document that as well. However this was simply trying to get people to understand what the check was actually doing. As I stated I want to get the knowledge of how Anticheats work more widespread.

Does your code know to differentiate between moving by self and moving by outside force? (water flow, damage knockback)

A seems I added the Water check inside Sprint, but not in XCarry. I’ll change that real quick. Thanks for the update. For combat knockback the server actually registers the close inventory packet, before the movement update. So they’ll safely be removed from the list before movement.

Cool! Looking forward to this.

changed the title to show number

Problem is with fixing render hacks, such as XRay, AntiHurtcam, FullBright, TrueSight, WallHack etc. Anyways, I your project!

mrw my plugin in development for sponge is named warden
and its a player management plugin
screams internally at name conflicts

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!

There you go Theres a scream for you. Technically we’re Warden Anti-Cheat, The Warden, Or WAC. If that makes it easier if not feel free to message me.

render hacks are entirely client-side, meaning the server has close to no say at all in what happens during their usage. most cant be defended against in a plugin, something that purely operates server-side based on information the client is told to send.

xray’s dependent on the information the client receives about the world though, and people’ve already found ways to defend against it.

…
tell me your plugin ID isn’t just “warden” and i’ll stay sane .w.

No when the port to sponge happens the ID will be “WAC”, and the name will be “Warden Anti-Cheat”.

This newsletter is WAC-cy! Get it? No? ok…

@DotDash, you really started something!

Hahaha that was great!

Also to let people know there has only been one person apply to be a developer, even if you don’t think you know a lot about anticheat there are plenty of other parts to being a Warden Dev! Please don’t be afraid to submit

*WAC-ky!

Put in my application yesterday. Even if I’m not selected I’d be more than happy to contribute in whatever way I can.