1. Sequent Initialization
Step 1 On build, native module computes a SHA256 signature of the game binary.
Step 2 On game launch, runtime signature is compared with original.
Mismatch? Escalate immediately to the Authoritative Anticheat Backend.
Purpose: Detect tampered binaries, modded game files, or injected code.
2. Authoritative Backend Overview
The Authoritative Backend is the core of the anticheat system. It performs:
- Token & User Validation: Validates client tokens, User IDs, and device IDs.
- Behavior Analysis: Receives real-time alerts from the client about suspicious behavior.
- Integrity Checks: Compares SHA256 signatures and verifies runtime authenticity.
- Alert Staging: Escalates alerts into Short, Little, or Big Eye stages for further monitoring.
- Ban Enforcement: Executes bans on Device ID, IP, and account based on consistent evidence.
- Webhook Reporting: Sends secure JSON logs to Discord for legal record keeping, then deletes locally.
3. Authoritative Authentication Flow
Step 1: Client SDK generates a unique User ID and login token.
Step 2: SDK sends {user_id, device_id, login_token, game_signature} to backend.
Step 3: Backend validates SHA256, token, and device integrity.
Step 4: If checks pass, login is authorized. If checks fail, escalate to ban procedure.
Example Request:
{
"user_id": "a409C-4091-Df76",
"device_id": "ABC-1299-XYZ",
"login_token": "AEW2-10WP-9IOM-34BN==",
"game_signature": "sha256:ABC123XYZ"
}4. Real-Time Behavior Monitoring & Alert Staging
Every client action is logged as an alert when suspicious:
- 3 alerts → User is monitored.
- 5+ similar alerts → Big Eye Mode.
- Reports less than 30 minutes apart → flagged as suspicious.
Eye Modes:
- Short Eye Mode: Moderate alerts, gather more detailed logs.
- Little Eye Mode: Minor alerts, monitor long-term anomalies.
- Big Eye Mode: Heavy alerts, prepare to execute ban if pattern confirmed.
Alert logic uses time spacing to reduce false positives:
- Alerts spaced > 1 hour 30 mins → user off watchlist.
- Alerts < 30 mins → escalate stages.
5. Ban Protocol
Bans are executed when:
- SHA256 mismatch
- 15+ consistent behavior logs
- Detected inhuman or impossible behavior
Ban Actions:
- Block Device ID + IP from backend requests.
- Kick user from game and prevent login.
- Send secure JSON to Discord webhook.
- Delete JSON locally after sending.
6. API Endpoints
| Endpoint | Method | Description |
|---|---|---|
| /api/authoritative/authicate/login | POST | Validate user token, SHA256, and device info. |
| /api/moderate | POST | Send real-time alerts to backend for analysis and staging. |
| /api/status | GET | Retrieve current eye-stage status for a user. |
| /api/banMe | POST | Execute ban on device ID, IP, and user account, and send JSON to Discord webhook. |
7. Discord Webhook Integration
When ban is executed, the backend sends:
{
"user_id": "a409C-4091-Df76",
"device_id": "ABC-1299-XYZ",
"ip_address": "192.168.1.10",
"timestamp": "2025-08-28T15:24:00Z",
"alert_reasons": ["Rig movement Inhuman", "Device ID failed auth"]
}JSON is deleted from backend storage immediately after delivery for privacy and legal compliance.
8. SDK Integration
Client SDK responsibilities:
- Generate User ID and Login Token at login.
- Monitor game objects for inhuman movement or rig tampering.
- Send alerts to backend with timestamps and details.
- Receive eye-stage status from backend and adjust monitoring accordingly.
- Refresh tokens periodically for security.
9. Security Notes
- All communications must use HTTPS.
- Client tokens are short-lived; refresh each session.
- Alert staging reduces false positives by using timing and frequency checks.
- SHA256 signature checks prevent tampering or modded clients from bypassing anticheat.
- All sensitive logs are sent to webhook and deleted for legal protection.