First,
I want to indicate that I know that any information sent from the client cannot be trusted as it can be spoofed. I am interested in methods of security through obscurity to deter 99.9% of potential cheaters and ability to detect programs that do get around the security in real time.
Some ideas I had for this included verifying file and memory check-sums of both the game it is securing and also any potential cheat apps by allowing the client-side to scan on request from the server (via TCP), both for detecting memory injection cheats and or a cheats memory footprint. Therefore the bypass hack would have to listen for all TCP information being sent to it on SSL, and then unencrypt the message by disassembling the encryption/decryption function to understand what it wants. Similarly, the client itself may be self changing and allow for it to add/remove features as needed at random (but keep by the server) so that it would be hard for a cheat to learn how to bypass it. This may be pointless?
I only find this to be moderately difficult for the more experienced, so I am open to other methods that may be hard to bypass.
I am only interested in possible implementations and not how it's impossible to have a client-side anticheat, I just want to make it really really hard.
Added minecraft and java tag, and it's for Minecraft, and I know the community is large enough that someone is likely to beat my system, but I hope through the use of constant updates and changes that I can beat them through ingenuity and perseverance.
Edit: I found this post: How to prevent cheating in our (multiplayer) games? and I am adding his suggestions so not to duplicate things, as I am looking for more ideas than the obvious (and I am not sure if his aren't bypassable)
1) Open all other processes, and hook their WriteProcessMemory functions so that they can't write to the memory in your game's process. Done right this one step will block 90% of all cheats and cheat engines.
2) Do the same thing, hooking the various mouse and keyboard emulation functions. This will prevent a lot of aimbots and other types of automation bots.
3) Hook into the VirtualProtectEx/VirtualAllocEx/etc functions in your game's own process and monitor which modules are changing protection levels or allocating new memory chunks. You have to be crafty with this in order to prevent it from being too CPU intensive when your game does a lot of allocations, but it can be done.
4) Hook into the LoadLibrary functions and monitor any DLLs that are being loaded dynamically, to prevent DLL injection.
5) Use some lightweight polymorphic encoding on your game connections.
6) Use some anti-debugging techniques to prevent debuggers from attaching to your processes. Google anti-debugging and you should be able to find lots of stuff.
7) Use a custom proprietary PE packer to prevent useful disassembly of your game.
8) Hook into your OpenGL or Direct3D functions and methods that deal with transparency and alpha blending.
9) If using shaders, checksum your shaders and the shader constant values.
10) Use additional occlusion culling techniques on player characters to prevent them from being rendered at all when the line of sight to them is blocked by other geometry. It may or may not help with your performance also, but it will prevent many wallhacks.
