Anti-cheat support for custom builds

From Multi Theft Auto: Wiki

This page is meant to be informative for the creators and maintainers of custom MTA builds or forked projects based on the MTA source code. We often get questions related to AC support for them.
Information contained on this page isn't relevant for the official MTA build or releases, or open-source contribution to the official MTA repository at https://github.com/multitheftauto/mtasa-blue

Custom MTA builds and forked projects (as a lot of russian ones exist) that made their own game platform using the MTA source code, will face some challenges relating to anti-cheat.


Anti-cheat (also called: AC) support is very limited on custom builds/forked projects, and may be dropped entirely in the future (this is actually being considered). You cannot rely on the MTA anti-cheat for your project, or the limited and very basic support that remains in netc.dll for custom projects.
We strongly advise that you write and implement your own anti-cheat.

If you cannot do that, and want to use the very limited anti-cheat offered to custom projects, even though we discourage it you can optimize it by the following steps/design choices to still get the most out of limited support (and not hinder it):


- Always use the latest version of netc.dll (closed-source) e.g from https://mirror.mtasa.com/bdata/netc.dll and https://mirror.mtasa.com/bdata/net.dll matching the master branch of your base MTA source used for fork, actually you can use the latest module always unless MTA commits changed bitstream code or you did
The "bdata" modules are specifically for custom builds & forks and fetched by running https://github.com/multitheftauto/mtasa-blue/blob/master/win-build.bat
- Never block MTAHQ/client or server traffic in your project



If you don't do this and don't have professional developers to write good anti-cheat, then your fork will be more infested with cheaters than other forks enjoying the limited anticheat protection.
A good approach is to write and implement (to your custom build) some of the 'missing' anticheat features yourself, see below:

AC missing on forks/custom builds:

  • No detection of changes to gta_sa code section
  • No detection of changes to certain gta_sa variables
  • SetElementData not protected against external changes
  • No detection against various Lua injection methods
  • Much less AC heuristics and protection of internals
  • Continuous updates for all patched methods to write cheats based on (vulnerabilities) aren't guaranteed, although handpicked ones may occasionally land in custom project netc.dll updates.

This is one of the reasons why updating netc.dll to the latest offered version is beneficial.

  • MTA dll's aren't checked for modifications or remote hooking/memory writing


There are more things missing that we won't mention here, for security reasons.


The reason for limited support is that MTA AC is proprietary unlike MTA itself, and custom builds may do things differently that can set off AC and cause us to need to support custom builds, which we principally don't.
Therefore, laxing it up minimizes the issues that can arise, leaving custom builds a lot of freedom to do awkward things (such as incorrect practise and programming, hacky things) in networking layer or memory.
Basically, to keep it simple, custom projects can deviate in ways that requires adapting of the anti-cheat. Since our anti-cheat is closed source, you cannot do that, and our volunteers reasonably won't be customizing OUR anti-cheat for such projects.


Note: to visualise it, most of what works (for the 'limited' anti-cheat support that exists for custom projects) are some signature-based detections. No heuristics, patched methods, security by design and patched vulnerabilities.
Signature-based detections of known hacktools and cheats are the weakest possible, and the anti-cheat in the official MTA tackles the actual problem rather than using signatures.

Note: while AC in MTA official version is one of the strongest around, custom builds clearly do not benefit from it and are like a second SA-MP as a result; cheaters everywhere, even s0beit might work, etcetera.
So any project willing to take things seriously is advised to implement their own anti-cheat eventually, if they got developers experienced in that. Enough to eventually not rely on our limited one at all.
Until then, or until adding some hard checks to minimize the problem, you might need actual admins to use their eyes against (old-school) cheating.



Also, MTA takes pride in its good anti-cheat for official builds. When we see a video of blatant cheating on custom projects (such as the prevalent russian ones), we always facepalm ourselves because there it's just so much easier.
It is really sad to see that the maintainers of such projects aren't aware of the risks and actual situation, so that's why we are documenting it on this wiki page now. ===