Description
TL;DR:
This mod intends to be the end all bee all of anti-cheat systems.
It bypasses forge and sends checksums of all .jar files contained in the mods folder and all subfolders to the server.
The server compares that list against the internally generated whitelist and decides what to do with a player.
DETAILS:
- The checksum algorithm used is MD5.
- The server whitelist is formed from the "WHITELIST" folder located in the server directory. Any .jar files in here will be allowed at the client side.
- Checksum generation and networking are done completely independent of forge, so mods can't hide from this process. This allows for the detection of non-signed and core mods.
- If the client doesn't send the verification message, the player is kicked after a currently fixed timeout period of 10 seconds!
COMMANDS:
/auth reload
Reloads the whitelist at runtime, if you have a long list of mods containing large files it is advisable to avoid using this command
as it can produce a significant lag spike.
/auth list
Prints a list of allowed MD5 sums to the sender
NOTES/ADVICE:
- The checksum algorithm ignores file names, it looks at the contents of the file.
- If you don't have forge on your server, you can listen for this verification message via some plugin or something, more info about this in the next update.
IN FUTURE VERSIONS:
+ ResourcePack validation
+ Config files validation
+ config: -port -timeout period