BLACK
Background
Everyone knows how Tibia cheating works. It is insanely easy for even the most unskilled of cheaters to, well, cheat. Two major clients are currently being used in the OpenTibia scene: Cipsoft's client, and OTCv8. Both of them are very vulnerable. Anyone can just use a public injector like Xenos and load their own code into the client
Maybe your protection system is pretty strong, well then they grab their kernel driver and hook ntoskrnl.exe to directly to map physical pages of memory to your process without you even knowing! they will hijack your client's own threads to run their shellcode, and your client's entire machinery will serve their dark purposes.
Once they gain code execution (and they WILL gain code execution) they might use your own client to fuze random thrash to your server, and manage to discover an item duplication zero-day exploit in your server that the community doesn't even know of.
And it just goes on. This is the struggle that big mainstream games like VALORANT and League of Legends have to go through every single day.
Possible solutions
VALORANT makes use of Vanguard. A game with millions of players around the world, with such a competitive scene, needs only the strongest protection. Vanguard is actually a system driver, which boots along with critical hardware components, during the PC's early initialization process. This is why you have to reboot your computer to install Vanguard, and to relaunch it after closing it. Vanguard runs with the highest privilege possible, far down in the ring0 domains, where Windows' brain (ntoskrnl.exe) resides and where no usermode application may enter.
But albeit being a sick piece of software, you have a lot more tools to protect yourself when you run blessed by the CPU with ring0 execution privileges.
League of Legends is a lot more interesting. Riot protects their MOBA with a protection software that not so many people know of. Its name is Packman. You can have an interesting read about it here: Riot's approach to Anti-Cheat
BLACK is heavily inspired on my findings about Packman during my extensive investigation about usermode (ring3) protection techniques.
How does it actually work
BLACK is fused into the client at the binary level, by manually rebuilding the .exe file without touching a single line of the actual source code. You can think of this as hex-editing with steroids. This also allows me to use BLACK without editing the client's source at all.
As Packman does, BLACK loads before the client, and performs a number of checks. It will then load the encrypted client to a monitored, protected region of memory, and only decrypt the necessary blocks when they must be used, encrypting them back when they are done with.
Once BLACK has initialized and the client is up and running, it will run self-integrity checks at random intervals, looking for suspicious activity using every possible resource in the ring3 domains.
Running the client without BLACK attached results in a nasty crash, because the client does not know how to decrypt by itself. Same thing happens if BLACK is unloaded during runtime.
Please excuse me for being vague on this. It is done on purpose to reveal as little details as possible on the internal functioning.
Problems and Limitations
BLACK, just as Packman, is constrained by the protection policies physically enforced by the CPU, and can only be as strong as the CPU will allow it. ring0 cannot be tampered with from ring3 without exploiting the kernel.
BLACK, instead, makes use of well known ring3 protections techniques without breaking the whole operating system in the process.
One problem inherent to anticheating software, which you most likely are aware of, is that erradicating cheaters is completely impossible. Once a skilled reverse engineer has access to your .exe, they have access to your source code and it is just a matter of time to get cracked.
Epic's EasyAntiCheat, BattlEye, Valve's VAC and Denuvo invest millions of dollars in making their protections stronger, only to delay cheaters. Do they not try hard enough?
Why on Earth would I even try to code something like BLACK, then, when it's condenmed to fail sooner rather than later?
Why BLACK?
BLACK's goal, just as EasyAnticheat or BattlEye, is not to erradicate cheaters or to make it actually impossible to cheat. BLACK aims to make cheaters' life a lot harder, and to narrow the potential cheater base.
If you cheat, you will get flagged by BLACK. In a community of thousands, or even tens of thousands of players, having a list of 100 potential cheaters is a lot more manageable than manually checking everyone.
Having 20 reverse engineers who can evade BLACK and cheat, is a lot more manageable than thousands being able to just download a cheat.exe from Google.
Last but not least, I would like to add that the sole purpose of this thread is to know the opinion of both players and server owners on this approach to antibotting. If you have any question, feel free to just ask. I try to answer to everyone.