Configurator coverage: the Configurator emits runtime settings, backend guidance, and documentation-only metadata in one anticheat.ini. Runtime-read sections are [Enforcement], [Logging], [Identity], [Telemetry], [TelemetryEvents], [TelemetryFields], [AccessCheck], [ValueGuard], and [SaveGameProtection]. [Profile], [BanEnforcement], [ProtectedValues], and [EventSchema] are emitted so studios know how to integrate the backend and game code; they are not trusted client-side security boundaries.
[Profile]
This section is Configurator metadata. It records which preset the config started from; every concrete behavior is still controlled by the sections below.
| Key | Typical value | Meaning |
|---|
preset | detection_only | Human-readable starting profile such as detection-only, balanced, or strict. The SDK runtime does not use it for enforcement. |
| Preset token | Generated by | Intent |
|---|
detection_only | Detection only | Shipped default: evidence collection, local logs, no local game termination, and ValueGuard off. |
balanced | Balanced | Opt-in after first-run logs are clean: restore protected values, keep eject off, and correlate stronger signals. |
strict | Strict | More aggressive local enforcement after false-positive testing. Still requires license entitlements and eject = 1. |
[Enforcement]
| Key | Default | Meaning |
|---|
restore | 0 | Allows ValueGuard to restore a protected value after an out-of-band write. Default is off so first integrations are report-only. |
eject | 0 | Global switch for local termination. Keep off until logs are clean. |
eject_on_reader | 0 | Separate aggressive reader-only override. When enabled and licensed, unsigned read-only external reader handles can close the protected game even if eject = 0. |
handle_response | corroborated | External handle policy: corroborated, terminate_write, or terminate_reader. With eject = 0, this remains evidence-only. |
module_response | report | Injected DLL / known signature policy. Supports report, corroborated, terminate_high, terminate_unsigned. |
memory_response | report | Manual-mapped PE and memory-integrity evidence policy. |
hook_response | report | IAT, inline, and ntdll hook evidence policy. |
debugger_response | report | Debugger evidence policy. |
selfprotect_response | report | SDK self-protection and watchdog evidence policy. |
behavior_response | report | Policy for optional game-supplied shot reports. The SDK does not read aim input by itself; if the game never calls AC_ReportAim or an engine wrapper report-shot node, this category has no events. |
scan_interval_ms | 1000 | Background sensor cadence. Lower is faster, higher is quieter. |
Rule: terminate-style response settings need eject = 1 and the license must include the matching entitlement. The exception is eject_on_reader = 1, which is a separate reader-only override and needs the reader enforcement entitlement.
[Logging]
| Key | Default | Meaning |
|---|
enabled | 1 | Writes local anticheat.log. Useful for integration and support. Production evidence should still go through studio telemetry if enabled. |
[Identity]
| Key | Default | Meaning |
|---|
game_id | empty | Non-secret game identifier. Can also be set at runtime. |
environment | production | Environment label, such as production or staging. |
provider | steam | Identity/platform provider label. |
require_verified_identity | 1 | Documents that production telemetry/access should be bound to verified identity. |
player_id_source | sdk_runtime | Expected source for player ID. |
session_id_source | sdk_runtime | Expected source for session ID. |
platform_user_id_source | steam_auth | Expected source for platform identity. |
game_build_source | sdk_runtime | Expected source for build/version context. |
[Telemetry]
| Key | Default | Meaning |
|---|
enabled | 0 | Posts detection events to a studio endpoint. |
endpoint | empty | Studio-owned HTTPS URL. Treat it as public. |
min_severity | low | Minimum event severity to send. |
batch_interval_ms | 5000 | Forward-compatible batching policy value. |
timeout_ms | 2500 | HTTP timeout. |
auth_header | Authorization | Header used for telemetry and access-check auth. |
token_source | runtime_session_token | Generated/configurator default. Recommended mode: game passes a short-lived backend-issued token at runtime. If omitted entirely, the runtime keeps config_fallback compatibility behavior. |
auth_token | empty | Public fallback for config_fallback only. Never a server secret. |
The exact POST bodies are documented in Telemetry event payload and Access-check payload. Use those schemas when building a studio backend parser.
[TelemetryEvents] and [TelemetryFields]
[TelemetryEvents] turns event categories on or off. [TelemetryFields] controls which context fields are included. Keep privacy-sensitive fields off unless the studio has a clear reason.
| Event key | Default | Meaning |
|---|
injection | 1 | Injected module and unexpected DLL evidence. |
hook_detection | 1 | IAT, inline, and ntdll hook events. |
handle_checks | 1 | External process handle events. |
debugger | 1 | Debugger, test-signing, and related environment evidence. |
boot_state | 1 | Secure Boot / test mode style status events where available. |
memory_integrity | 1 | Manual mapping and memory tamper evidence. |
sdk_integrity | 1 | Self-protection and SDK integrity evidence. |
protected_value | 0 | ValueGuard mismatch, restore, and protected-value events. Off until ValueGuard is integrated. |
access_check | 1 | Startup/recheck access decision events. |
aim_behavior | 1 | Optional game-supplied shot reports that can become AimSnap, Triggerbot, or Wallhack evidence. |
savegame_integrity | 1 | Failed protected-save verification from AC_VerifySaveBuffer or AC_VerifySaveFile. |
Shot reports are only produced by AC_ReportAim or an engine wrapper report-shot call, and still respect telemetry enablement plus min_severity. Local close/eject events use the telemetry category enforcement. That category is part of the JSON schema, but it is not a separate [TelemetryEvents] checkbox.
| Field key | Default | Meaning |
|---|
player_id | 1 | Studio account/player ID. |
session_id | 1 | Game, login, or match session ID. |
platform_user_id | 1 | Platform user identifier, such as Steam ID when the studio provides it. |
game_build | 1 | Game build/version context. |
sdk_version | 1 | Korvayne runtime version. |
module_sha256 | 1 | Reserved for module evidence. Current runtime telemetry does not emit this as a top-level JSON field. |
module_signer | 1 | Reserved for signer evidence. Current runtime telemetry does not emit this as a top-level JSON field. |
action_taken | 1 | Whether the SDK reported, restored, blocked, or terminated. Current detection telemetry sends reported. |
server_observed_ip | 1 | Sends a boolean marker; the backend should use the request IP it observes, not a client-supplied IP value. |
client_sends_ip | 0 | Reserved client-supplied IP mode. Current runtime telemetry sends false. |
hardware_id | 0 | Reserved for higher-friction identity models. Current runtime telemetry does not emit it. |
process_names | 0 | Controls message redaction for handle events. Current payload does not emit a raw process list. |
process_name_mode | redacted | Reserved representation mode for process-name evidence. |
redact_paths | 1 | Redacts full local paths before telemetry/log output where supported. |
[AccessCheck]
| Key | Default | Meaning |
|---|
enabled | 0 | Enables client startup/recheck requests when the endpoint is valid and mode is not server_guidance_only. |
provider | studio_backend | Backend authority label. |
endpoint | empty | Access-check URL. |
mode | startup_and_recheck | startup_only, startup_and_recheck, or server_guidance_only. server_guidance_only documents server-side enforcement and sends no client access-check request. |
timeout_ms | 2500 | HTTP timeout. |
recheck_interval_sec | 300 | Recurring check interval. |
fail_mode | block | Endpoint outage behavior: block fails closed and can lock out players during outages; allow/offline_grace fail open. |
on_banned | block_start | Startup deny action. block_start / terminate closes the protected game in drop-in mode; show_message_only only logs/emits unless wrapper/game UI handles it. |
on_session_ban | disconnect | Recheck deny action. disconnect, show_message_only, and none are wrapper/game-code UX instructions; only terminate closes the protected game locally during recheck. |
appeal_url | empty | Optional support/appeal URL shown by the game wrapper. |
AccessCheck uses the same auth_header and token_source/auth_token settings as telemetry. The request body includes client_side_only = true because the SDK is an early-rejection UX layer; trusted ban enforcement belongs on the studio/game backend.
[BanEnforcement]
This section is guidance for the studio, not a magic client-side ban system. Reliable enforcement belongs on the trusted game or studio server.
| Key | Meaning |
|---|
server_side_required | Documents that backend enforcement is required. |
template | Suggested platform/backend model. |
client_enforcement | Client can perform access-check UX only. |
verify_identity_server_side | Identity must be verified server-side. |
platform_ban_requests_from_client, steam_game_bans_from_backend | Document that platform ban actions should come from trusted backend processes, not the game client. |
[ValueGuard]
| Key | Default | Meaning |
|---|
enabled | 0 | Allows protected value checks when the game registers values. Default is off until integration work is done. |
default_action | report | Default local response: report, restore, or terminate. |
report_min_severity | medium | Severity for protected value events. |
max_tracked_values | 128 | Default integration limit. |
sdk_api_required | 1 | Values must be registered at runtime. |
api_style | typed_helpers | Use typed helpers for u32, i32, and float. |
supported_types | u32,i32,float | Current supported guarded value types. |
legit_write_model | write_through_setter | Preferred model for legitimate gameplay writes. |
direct_write_fallback | note_legit | Legacy fallback after direct writes. |
telemetry_event | 0 | Emit protected value events when telemetry is enabled and the event category is enabled. |
[SaveGameProtection]
This section controls the cooperative save API. The game still owns serialization, file naming, backup behavior, and load UX.
| Key | Default | Meaning |
|---|
enabled | 1 | Allows AC_ProtectSaveBuffer/File and AC_VerifySaveBuffer/File to run. |
mode | sign_and_obfuscate | Documentation value for the generated config. Current runtime signs the envelope and can obfuscate the payload. |
obfuscate_payload | 1 | Stores protected payload bytes in a non-plain form. Integrity comes from signing, not obfuscation alone. |
tamper_severity | high | Severity used when verification fails and telemetry is enabled. |
max_save_bytes | 1048576 | Maximum plain save payload size accepted by the API. |
on_tamper | reject_load | Guidance for the wrapper/game. The API returns an error; the game decides the player-facing recovery path. |
context_binding | game_id,player_id,slot,schema | Recommended context fields to include in the string passed to protect and verify. |
telemetry_event | 1 | Send savegame_integrity events when telemetry is enabled and verification fails. |
Use the same context string when saving and loading, for example player=studio-123;slot=campaign-1;schema=2. Treat failures as local save tamper/corruption evidence, not as standalone account-ban proof.
[ProtectedValues]
This section is documentation only. The Configurator writes examples such as float:player.health or i32:weapon.ammo so a developer can plan which values to register. The runtime does not discover values from this section.
| Item | Meaning |
|---|
| Suggested examples | Human-readable tags for values the game should register with AC_GuardFloat, AC_GuardI32, or AC_GuardU32. |
| Recommended API comments | Reminder to use AC_SetGuarded* for legitimate writes and AC_NoteLegit* only as a fallback after legacy direct writes. |
| Avoid list | Position, velocity, or values changing every frame without a clear write path are poor ValueGuard targets. |
[EventSchema]
This section is Configurator guidance for backend developers. The runtime does not read it. Treat the linked JSON Schemas as the real parser contract.