Skip to main content

Core Concepts Overview

ACHCE Client is an anti-cheat system designed to protect Halo Combat Evolved game servers from unauthorized modifications, injectors, and malicious tools. This overview introduces both currently implemented features and planned protection mechanisms.
Current Implementation Status: The current version (1.0.0) implements TopMost window protection and basic Firebase session tracking. Hardware-based identification, temporary folder isolation, and ban checking are architectural designs documented for future development.
This documentation describes the complete architectural vision for ACHCE Client, including both implemented features and planned enhancements.

Protection Architecture

The anti-cheat system implements four primary protection mechanisms:
1

TopMost Window Protection

Prevents external tool injection by maintaining a fullscreen overlay window that blocks unauthorized applications
2

Temporary Folder Isolation

Uses ephemeral storage for game files to prevent modified game clients from bypassing protection
3

Hardware-Based Identification

Identifies players using unique hardware identifiers instead of easily-spoofed IP addresses
4

Database-Driven Ban System

Manages player access through Firebase integration with automatic tracking and removal

How ACHCE Client Works

Initial Connection Flow

When a player launches the game through ACHCE Client, the following sequence occurs:

Code Example: Client Initialization

The main form (Form1.cs) handles the initial setup and database connection: 
public void Form1_Load(object sender, EventArgs e)
{
    try
    {
        // Connect to Firebase database
        client = new FireSharp.FirebaseClient(fcon);
    }
    catch
    {
        MessageBox.Show("there was problem in the internet.");
    }

    // Generate random session name
    GenerateRandomNames names = new GenerateRandomNames();
    Random rand = new Random();
    randomName = names.GenerateRandomName(rand);

    // Obtain player's public IP address
    PublicIPAddress IpAddressPlayer = new PublicIPAddress();
    IpPlayer = IpAddressPlayer.GetPublicIPAddress();

    // Register player in database
    PlayAcON();
}
The client generates a random session name (4-10 characters) for each connection to track active players in the database without requiring manual registration.

Core Protection Layers

1. TopMost Window Blocker

The TopMost protection creates a fullscreen overlay window that remains on top of all other applications. This prevents users from opening external tools like injectors during gameplay. Key Features:
  • Fullscreen coverage matching monitor resolution
  • Always-on-top window priority
  • Prevents focus stealing by external applications
Learn more about TopMost Protection →

2. Temporary Folder System

ACHCE Client uses temporary storage for game files, ensuring that modified clients (like HAC2 Release or Chimera) cannot bypass the anti-cheat by loading altered game assets. Key Features:
  • Isolated game file environment
  • Automatic cleanup on exit
  • Prevents persistent file modifications
Learn more about Temporary Folders →

3. Hardware Identification

Instead of relying on IP addresses (which can be easily changed with VPNs), ACHCE Client identifies players using unique hardware identifiers derived from BIOS UUID and other hardware components. Key Features:
  • Hardware-based player fingerprinting
  • VPN-resistant identification
  • Automatic player tracking
Learn more about Hardware Identification →

4. Ban Management System

The ban system uses Firebase as a real-time database to track player sessions, manage bans, and control access to protected servers. Key Features:
  • Real-time player session tracking
  • Automatic session cleanup
  • Hardware-based ban enforcement
Learn more about Ban System →

Database Integration

ACHCE Client uses Firebase Realtime Database to manage player sessions and ban data. The connection is established using FireSharp: 
IFirebaseConfig fcon = new FirebaseConfig()
{
    AuthSecret = "", // Firebase authentication token
    BasePath = ""    // Firebase database URL
};

IFirebaseClient client = new FireSharp.FirebaseClient(fcon);
Firebase credentials must be properly configured in the production build. Never commit authentication tokens to version control.

Session Management

Player sessions are automatically registered and cleaned up: 
// Register player session
private void PlayAcON()
{
    Player ply = new Player()
    {
        IP = IpPlayer,
    };
    
    // Add player to database with random session name
    var setter = client.Set("PlayerIpList/" + randomName, ply);
}

// Clean up on exit
private void Form1_FormClosed(object sender, FormClosedEventArgs e)
{
    // Remove player from active sessions
    var result = client.Delete("PlayerIpList/" + randomName);
}

IP Address Detection

The system retrieves the player’s public IP address using an external service: 
public string GetPublicIPAddress()
{
    try
    {
        using (var client = new WebClient())
        {
            string publicIP = client.DownloadString("http://ipinfo.io/ip").Trim();
            return publicIP;
        }
    }
    catch (Exception ex)
    {
        return "No se pudo obtener la dirección IP pública: " + ex.Message;
    }
}
While IP addresses are collected, they are not used as the primary identification method due to VPN bypass concerns. Hardware identification provides more reliable player tracking.

Protection Philosophy

ACHCE Client follows a multi-layered security approach:
  1. Prevention over Detection: Block cheating tools before they can be used
  2. Hardware-Based Identity: Use immutable hardware identifiers rather than changeable network addresses
  3. Isolated Environment: Run games in controlled, temporary environments
  4. Real-Time Monitoring: Track active sessions through cloud database integration
  5. Continuous Updates: Regular improvements to counter emerging cheat methods

System Requirements

To function properly, ACHCE Client requires:
  • Active internet connection (for Firebase database access)
  • Windows operating system with .NET Framework 4.7.2+
  • Administrator privileges (for TopMost window creation and file system access)
  • Access to hardware identification APIs

Next Steps

TopMost Protection

Learn how the window overlay prevents injector access

Temporary Folders

Understand the isolated file system approach

Hardware ID

Explore VPN-resistant player identification

Ban System

Discover how bans are enforced and managed

Security Considerations

IP addresses can be easily changed using VPN services, proxy servers, or by requesting a new IP from ISPs. This makes IP-based bans ineffective against determined cheaters. Hardware identification provides a more permanent tracking method.
While TopMost makes it significantly harder to open external tools, it’s one layer in a multi-faceted approach. The combination of window blocking, temporary file isolation, and hardware tracking creates a robust defense system.
When the player exits the game, the temporary folder containing game files is automatically deleted. This ensures that any modifications made during the session are not persisted, requiring fresh, verified files on the next launch.
No, ACHCE Client requires an active internet connection to communicate with the Firebase database for session management and ban checking. This online requirement is essential for real-time protection.

Build docs developers (and LLMs) love

Get started for freeTalk to us