Jack Burford

Project: Client-side anti-cheat for games

By Jack Burford on Sep 23, 2025
Client-side anti-cheat for games

Client-side anti-cheat for games

Cheating in online games doesn’t just ruin the fun - it undermines the entire player experience. To combat this, I worked on developing a client-side anti-cheat system designed to detect, prevent, and deter malicious activity. The project combined multiple layers of detection and tamper-prevention techniques, creating a stronger barrier between fair players and those attempting to gain an unfair advantage.

The challenge

Game servers are constantly targeted by cheaters using tools like memory editors, injected DLLs, scripting utilities, and sandbox environments. The challenge was clear:

  • Detect a wide range of cheats without impacting performance
  • Prevent tampering with the anti-cheat itself
  • Secure communication between client and server

The system had to remain lightweight enough to not disrupt normal gameplay, while still being sophisticated enough to detect and prevent modern cheating methods. It also had to deal with a key opponent to adoption: user trust & opposition, and so transparency was important as well as ensuring that the software itself was not too intrusive.

My approach

I designed the anti-cheat with two main components: detection mechanisms (to find cheats) and protection mechanisms (to defend the anti-cheat itself).

Detection Methods

  • File integrity checks to detect modified or suspicious files
  • Memory scanning for injected code and cheat signatures
  • Process inspection to spot unauthorized programs running alongside the game
  • DLL retrieval to identify injected libraries
  • AHK (AutoHotkey) detection to block hidden cheat scripts
  • Game screenshots for reviewing possible visual cheats

Anti-Tampering & Protection

  • Ahead-of-Time (AOT) compilation via .NET to obscure code and reduce runtime exposure
  • Anti-DLL injection techniques to block unauthorized libraries
  • Anti-debugger measures to stop reverse engineering
  • RSA cryptography for signing and validating sensitive data
  • Anti-sandbox and anti-VM checks to detect when the system was being tested or bypassed in artificial environments
  • Executable modification checks to prevent patching or altering the anti-cheat itself

The end product was a launcher that would allow the users to connect to the gameserver with this launcher essentially ‘backpacking’ onto their gameplay to monitor it with no other visible impact. The launcher was designed as an intuitive and visually appealing user interface displaying other data such as player statistics and relevant links to the gameserver.

To send the data from the client, it was passed via Websocket protocols and API calls to a server where all checks took place and data was validated. A complementary website was made in React.js to interact with this, allowing human actors (administrators) to make requests to certain game sessions for extra data - for example, a screenshot at a specific time.

The solution

The final system was a multi-layered client-side anti-cheat that made it significantly harder for cheats to operate undetected. It continuously monitored the game environment, flagged suspicious activity, and reported it securely back to the server.

Key features included:

  • Lightweight background scanning with minimal performance impact
  • Encrypted communication for integrity and security
  • Real-time cheat detection combined with strong anti-tampering defenses

The impact

By combining detection and protection, the anti-cheat system created a strong deterrent against cheating. It successfully identified common forms of abuse: such as injected DLLs and automation scripts while resisting attempts at tampering or bypassing.

This layered approach ensured a fairer and more enjoyable experience for players, helping to maintain trust in the game environment.

As a result, this anti-cheat was tested in a relatively small environment with players. During its one month tenure, it was adopted by a fair few players and successfully caught five cheaters. These were flagged automatically and upon manual inspection, it confirmed the alert was correct. It was also discovered that these users had attempted to evade the launcher by altering the illegal files or using injected cheats, but it was ultimately unsuccessful.

We were also aware of tampering attempts on the anti-cheat, but these were ultimately unsuccessful as well proving that the techniques in place were adequate and firm.

Reflection

What stood out most during this project was how much of anti-cheat development is about staying one step ahead. No single technique can block every cheat, but by combining multiple methods via file checks, memory scans, cryptography, anti-debugging, and more, you can raise the barrier high enough to discourage most attackers.

Final thoughts

Building this anti-cheat reinforced the importance of defense-in-depth in software security. For competitive online games, even a lightweight but well-structured client-side protection system can make a huge difference in keeping gameplay fair and fun.

© Copyright 2026 by Jack Burford. Built with ♥ by CreativeDesignsGuru.