This plugin is still in an early stage of development, expect bugs and other issues when using. Please report any bugs or false positives to vyPal on discord

Actions on cheat detection

Currently, when a player is suspected of cheating, a Violation is created for each incident. These violations are persisted to storage (for later inspection of players), and if the cooldown time has past since the last report for the specific player has been sent out, all players with the tinyac:alert permission receive a alert in their chat with details of the violation.

Commands

The root command for TinyAC is /tinyac, but /ac and /anticheat can be used as aliases

/tinyac

Shows a list of all anticheat commands.

Required permission: tinyac:command.inspect (defaults to OP level 1)

/tinyac inspect <player>

Shows details about a player, their most recent violations, the anticheat's confidence in them cheating, the types of checks they've violated, their violation count and user reports

Required permission: tinyac:command.inspect (defaults to OP level 1)

/report <player> <reason> (alias: /rep)

Reports another player for cheating. This report also gets broadcast to all online players with tinyac:alert permission, and gets saved to permanent storage.

Required permission: tinyac:command.report (defaults to OP level 0)

Working detectors

• flight - Sustained upwards motion, hovering, or incorrect Y coordinates sent by player
• speed - Illegal horizontal or vertical player speed, taking into account modifiers and player environment
• ground_spoof - Detects inconsistencies between client position and server state
• phase - Phasing through solid blocks (this detector is still being worked on)

Feel free to suggest which detectors to implement next. Currently the plugin uses the standard player events, but once incoming packet events are implemented, I will transition most of the plugin to use them (in some cases it is still necessary/beneficial to use the internal events, as I can then compare the incoming data from the client with how the server processed it)

Timer detection (to be honest, I'm not sure if it will work on pumpkin at all)

Well, detecting timer would definitely need access to the raw packets, but I just tested and when enabling timer (at least at wurt's default speed of 2x) it triggers the speed violation, so at least something

Edit: 1.5x also triggers a speed violation most of the time

actually after testing, with the default AC settings, it can detect a timer as low as 1.1x surprisingly

(like just from movement speed)

It might be a good idea to centralize cheating reports into a database of yours, with an optional opt out feature.

That would be an option, yeah. Once I or someone else figures out how to implement IPC for plugins, I'm planning on making an API to let other plugins access violation records and reports

Update 1.0.2

Config now includes auto-generated comments for each field

Beyond just plugins, I’m recommending you do networks calls from your plugin to an api controlled by you directly to store lists of reports from every server running your plugin

Noice

Oh that's what you mean. I guess that would be possible, it could help ban cheaters before they can even ruin someone's experience. Could be useful (but yeah I'd make it opt-out definitely, maybe even opt-in instead)

Update 1.1.0

New command: /tinyac module <module> [enable | disable]
Enables or disables a specific detector during runtime, this action takes place immediately, but also gets written to the config for future startups

New detectors: jesus and boat_fly
jesus should be fully functional, detect walking, running, standing and jumping on liquids (both water and lava)
boat_fly currently only checks movement speed when in boat, actual flight detection will come later

Quality of life: inspection menu now shows time since last violation in different units based on how much time has passed (used to always show in seconds), probability bar is now rainbow colored

👀

(I'm still experimenting, might not make it into the plugin. If it does, it will all be configurable and opt-in)

the central db is a great idea (bonus if there is a api to, to block big time cheaters on others servers using the plugin), a fun detector could be a Baritone detector 😈

@jagged ravine https://github.com/NikV2/BruteForceInterpolation

Will look into it

https://github.com/GrimAnticheat/Grim/tree/2.0/common/src/main/java/ac/grim/grimac/checks/impl
This might be useful

something is brewing... 👀

New feature sneak peak: replays
Once a player has triggered X alerts in a short period of time, the plugin starts recording the player's actions (currently only position, more to come later once packet events are implemented) and records an additional 30s of behavior after the last alert. If a player has had multiple prior violations, the plugin also keeps a ring buffer of the last roughly 30s of the players actions, and adds these to the replay if/when it starts being recorded. These replays are then automatically synced to the Sentry system, and can be viewed there (currently only 2d view, 3d view with chunk surface being worked on)

now with map rendering as well

I'm hoping I can release a preview soon™, although it looks like the sentry system will be invite only for now while I iron out some issues (the tinyac plugin will send anonymous data to sentry by default, but it can be disabled in the config. The plugin won't use data from sentry yet, and I will monitor how sentry processes the data to fix any anomalies or inaccuracies before an official release)

https://sentry.vypal.me/ 👀

TinyAC [BETA] - Release 2.0.0

-# You can download the update on the market listing

New Features

Timer Detector

Detect client-side increased tick rates, should currently be able to detect timers as low as 1.2-1.3x

Replay system

Once a player triggers several alerts in a short period of time, the anticheat automatically starts recording the players actions and takes a snapshot of the surface of each chunk that the player travels through. A basic analysis can be viewed in-game, but for the full replay the Sentry web ui must be used (read more below)

TinyAC Sentry Closed Preview

-# View homepage and live stats
TinyAC Sentry is a new corss-server inteligence platform that connects instances of the TinyAC anti cheat together to a shared central repository for player violations, so that admins can easily monitor who cheated and in which way, as well as being able to see statistics about a player's previous violations on other servers on the Sentry network. This tool can help admins determine whether a player could be cheating if unsure, and in the future coule allow for network-wide bans of know cheaters.

Note: This feature is enabled by default, but is opt-out and can be disabled completely at any time in the plugin's config.toml file. All data about the server is shared anonymously. The Sentry server will be open sourced in the future to allow for self hosting for larger networks or admins who want access to the data, but want to keep it private

How this works

When a server first starts up, it generates a identifier unique to the specific system and server, and then uses it to register with the Sentry server. The server uses this unique identifier alongside some other data provided by Sentry whenever it needs to share data with Sentry. This identifier is random and not tied to any specific user (unless linked later).

On certain events (like a alert being triggered, player joining, replay finished, etc.) the plugin will share a minimized copy of the most important data with Sentry, which saves it in its database. General data (like player counts, violation counts, or player bans) can be viewed by any Sentry user, even if the data comes from a server they have not linked, however this data does not contain any information about the server. Specific data (like alerts, player details, violation types and replays) is only showed to Sentry users who have linked the server with their account.

Linking

So that Sentry is actually useful for something, Sentry users may generate a one-time link token (expires after 10 minutes or when first used), to link a server running TinyAC to their account. For this they must have the tinyac:command.link permission on the server (defaults to the highest OP level: 4). It is possible for multiple Sentry accounts to link the same server at the same time (either if the server has multiple shared owners, or if the server owners want the admin/mod team to have access to Sentry)

Alerts

All alerts that are sent in-game to admins currently online (and logged to the console) will also be mirrored to the Sentry dashboard, where the entire history and details can be viewed. The Sentry dashboard also shows a complete list of timestamped violations by player, not only the ones alerted on the server (the server alerts have cooldowns to not spam the chat).

Analytics

Sentry gathers various data from your linked servers and exposes an analytics page where admins can view information about violations taking place over time, the overall distribution of violations by type, etc. This page will be expanded later as more data is collected

Replays

One of the main new features of TinyAC is it's ability to record replays of the actions of suspected cheaters. As the Pumpkin API doesn't currently support sending custom packets and I had no better ideas, admins can now view replays in the web UI. The view is pretty basic for now, I'm planning on expanding it later, for now it's just a 2D map of the chunks that the player passed through while cheating with waypoints at each point where a violation was triggered.

Closed Preview

As the Sentry system is still under works, it is not currently possible to register for an account, unless you obtain a one-time invite token from me. If you would like to be invited, please have at least one server with the latest version of TinyAC installed, and contact me on discord (ideally in DMs to not flood this channel)