Skip to content

KillAura Detection

German Vekhorev edited this page Jun 5, 2020 · 6 revisions

Introduction

In this article we will try to explain what KillAura is, how it usually works, why is it so difficult to detect it, and how we here in Reflex deal with it.

About KillAura

KillAura is a usually blatant module that is present in most of hacked clients. Initially, the idea of KillAura was to quickly attack and kill all entities around the cheater without them having to press any buttons manually. With the evolution of anticheats, however, cheaters have been forced to weaken their KillAuras, ultimately turning them into simply a combination of Aimbot, Reach, and Auto-Clicker:

  • Aimbot rotates cheater's head for them to ensure they are always looking at their attack target. It is important to note that in most of the modern hacked clients, Aimbots within KillAura are usually server-side (or "silent"). This means that the cheater itself does not see their screen being forced to look somewhere. Instead, they can move their mouse freely, but the server still believes they are looking at their attack target due to special packet data substitution made by KillAura.
  • Reach allows hackers to attack further than a legitimate player is able to. To be precise, the vanilla client in survival mode is able to attack an entity from no further than 3.0 blocks. Reach allows one to exceed this limit and attack from a distance of up to 6.0 blocks (higher ranges are prevented by the vanilla server anticheat, however, can also be achieved using quick server-side teleportations, that should be detected and prevented by movement anticheats just like Speed/Fly).
  • Auto-Clicker or Triggerbot, depending on implementation, may either just click for the cheater spoofing real mouse clicks or send arm swing and entity attack packets a configured number of times a second. Sometimes clicks/attacks are also followed by automated sword block/unblock packets (AutoBlock).

The problem

Detecting extremely blatant KillAura hacks is usually trivial, and nearly any anticheat does that well. By extremely blatant we mean KillAuras with attack range and speed close to the vanilla limits (6.0 and 20cps, respectively), and no Aimbot included (that is, hackers may be able to attack entities without looking at them).

Detecting "standard" KillAuras is where it all gets complicated. Such KillAuras, when implemented properly, only have a slight attack range and/or entity hitbox extension, random and comparably low number of clicks per second, and, of course, they make the server believe the cheater is looking at their target. Although still exploitable, these KillAuras are a real pain in the neck. They still do give the hacker a slight advantage over legitimate players, especially when combined with Anti Knockback / Small or Reduced Knockback / Velocity and BunnyHop/Strafe hacks.

Sadly, that's not the end. There are also "advanced" KillAuras, that are immune to most of the known "exploits" and make their head rotations, and sometimes X/Y/Z movement, recall those of a fair player. Despite the fact that these KillAura hacks give no unfair advantage to the cheater, they may still interrupt the competitive environment of one's server by automating cheater's actions, basically allowing them to do what legit players do without any effort.

This all gets even more complicated when it comes to false positives — those moments when a fair player gets classified by the server as a cheater and gets falsely kicked or banned. Since many modern cheats resemble legit players' behavior a lot, it is very difficult to detect them properly, without interrupting the gameplay of fair PvPers.

The solution

Reflex is able to deal with all types of KillAura/Reach/Aimbot. It comes with a plenty of packet analyses that inspect the behavior of players and detect any significant deviations from the norms, including slight Reach/Hitbox adjustments, ability to attack through entities, ability to switch between targets too quickly, non-human-like head and body movement, aiming and clicking, and more. Moreover, Reflex is able not only to detect suspicious combat patterns, but also to enforce cheaters to behave legitimately by canceling illegal actions and applying specific penalties.

Although other anticheat solutions claim to detect KillAura as well, here in Reflex we focus on it more than anybody else. Our comprehensive combat analyses not only include classical (and improved!) KillAura detection mechanisms, but also take advantage of mathematical statistics and machine learning (neural networks). This all, combined with our unique lag accounting system and continuous detection experiments and thorough testing, is exactly what leaves Reflex's KillAura detection unmatched.

Detection methods

In Reflex, we utilize a broad range of ways to prevent cheaters from breaking into your competitive environment and removing them if they manage to do so: from plain-old NPC checks tuned to the perfection and accurate ray-tracing/hitbox calculation to deep behavior analysis and experimental statistics-based surveillance.

Despite some of the rumors, all of the methods we use are effective in one or another way, and they all do their job well. If you'd like to deep dive into our detection methods, see the Check's Components page.

Is Reflex flawless?

Nothing in this world is flawless :(

However, we still do our best to protect your server better than our competitors. And that includes our highest-grade support. If you ever happen to experience any kind of issue with Reflex, make sure to contact us, and we guarantee you that we will always find a way to solve your problems, be that just a few simple configuration tweaks, personal advanced configuration assistance or fixes in plugin's code.

Although we must admit that even our KillAura detection is bypassable, we guarantee you that any combat cheat that gives hacker any unfair advantage over legitimate players will be punished, and those who manage to stay undetected will make a lot of effort to, ultimately rendering the whole purpose of cheating on your Reflex-protected server useless, thus keeping up your great competitive environment.

If any of your questions were not answered in this article, don't hesitate to ask us in Discord!.