cev-api
diff --git a/‎README.md‎
Lines changed: 8 additions & 1 deletion b/‎README.md‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎src/main/java/net/wurstclient/hacks/AntiCheatDetectHack.java‎
Lines changed: 231 additions & 0 deletions b/‎src/main/java/net/wurstclient/hacks/AntiCheatDetectHack.java‎
Lines changed: 231 additions & 0 deletions
@@ -530,6 +530,11 @@ Credits to [Trouser-Streak](https://github.com/etianl/Trouser-Streak/blob/main/s
 - Flags the likely protection so you know which hacks might be risky to use
 - Setback Detection, tracks sudden position corrections/teleports that indicate that the server rejected your hack and automatically disables it.
   - Works independantly of Anticheat Detector
+- Anti-ESP Detection:
+  - Detects suspicious anti-ESP behavior world-wide based on packet patterns (rapid block swaps, high update bursts and delayed block-entity reveals)
+  - Noise handling for fluid/air transitions
+  - Will be able to detect anti-xray traffic as well but will likely trigger burst signals
+  - Added Anti-ESP detection specifically to ChestESP and Search in addition to global detection to avoid any false positives
 
 ### Livestream Detector
 - Scans the player list for Youtube, Twitch, Tiktok and Kick for live streams and announces them in chat
@@ -911,6 +916,7 @@ Purpose: helps you avoid and debug anticheat flags by cleaning risky movement pa
 - Added Buried chest highlighting including a filter to only find buried chests
 - Added filters for chests and barrels to not highlight them if near spawners, trial chambers and villages (Excluding double chests and shulkers)
 - Added opacity settings
+- Added anti-ESP detection
 - Option to suppress single chests in favor of double
 - Optional alert for shulkerboxes in chat
 
@@ -970,7 +976,8 @@ Examples:
 - Replaced full-sort approach to bounded max-heap (PriorityQueue) that keeps the closest N matches. This avoids sorting entire result and keeps search as fast as X-Ray.
 - Safer rescans and better crash handling.
 - Improved search speed.
-- Added highlight corners (lines) and fill settings (Same as X-Ray)
+- Added highlight corners (lines) and fill settings (Same as X-Ray).
+- Added anti-ESP detection.
 
 ![Search](https://i.imgur.com/jxcn89u.png)
 
 
@@ -7,14 +7,35 @@
  */
 package net.wurstclient.hacks;
 
+import java.util.ArrayDeque;
+import java.util.HashMap;
+import net.minecraft.core.BlockPos;
+import net.minecraft.core.registries.BuiltInRegistries;
+import net.minecraft.network.protocol.Packet;
+import net.minecraft.network.protocol.game.ClientboundBlockEntityDataPacket;
+import net.minecraft.network.protocol.game.ClientboundBlockUpdatePacket;
+import net.minecraft.network.protocol.game.ClientboundSectionBlocksUpdatePacket;
+import net.minecraft.world.level.block.state.BlockState;
 import net.wurstclient.Category;
+import net.wurstclient.events.PacketInputListener;
+import net.wurstclient.events.PacketInputListener.PacketInputEvent;
+import net.wurstclient.events.UpdateListener;
 import net.wurstclient.hack.Hack;
 import net.wurstclient.settings.CheckboxSetting;
+import net.wurstclient.settings.SliderSetting;
+import net.wurstclient.settings.SliderSetting.ValueDisplay;
 import net.wurstclient.util.ChatUtils;
 import net.wurstclient.util.ServerObserver;
 
 public final class AntiCheatDetectHack extends Hack
+	implements PacketInputListener, UpdateListener
 {
+	private static final long GLOBAL_BLOCK_BURST_WINDOW_MS = 2000L;
+	private static final long GLOBAL_BLOCK_FLIP_WINDOW_MS = 1500L;
+	private static final long GLOBAL_BLOCK_HISTORY_TTL_MS = 10000L;
+	private static final long GLOBAL_BE_BURST_WINDOW_MS = 2000L;
+	private static final int GLOBAL_BE_BURST_THRESHOLD = 40;
+	private static final long GLOBAL_BLOCK_UPDATE_GRACE_MS = 1200L;
 	private String lastAnnounced;
 	private long lastAnnouncedMs;
 	private static final long ANNOUNCE_COOLDOWN_MS = 3000L;
@@ -24,22 +45,89 @@ public final class AntiCheatDetectHack extends Hack
 	private final CheckboxSetting suppressUnknown =
 		new CheckboxSetting("Suppress unknown alerts",
 			"description.wurst.setting.anticheatdetect.suppress_unknown", true);
+	private final CheckboxSetting detectGlobalAntiEsp = new CheckboxSetting(
+		"Detect global anti-esp",
+		"Detect suspicious anti-ESP style block-update patterns across all block changes.",
+		false);
+	private final CheckboxSetting globalAntiEspAlerts = new CheckboxSetting(
+		"Global anti-esp alerts",
+		"Show chat warnings when global anti-ESP patterns are detected.", true);
+	private final SliderSetting globalBlockBurstThreshold =
+		new SliderSetting("Global block burst threshold",
+			"Warn if this many block changes arrive within 2 seconds.", 400, 50,
+			5000, 10, ValueDisplay.INTEGER);
+	private final ArrayDeque<Long> globalBlockChangeTimes = new ArrayDeque<>();
+	private final ArrayDeque<Long> globalBePacketTimes = new ArrayDeque<>();
+	private final HashMap<Long, BlockChangeSnapshot> globalLastBlockChanges =
+		new HashMap<>();
+	private final HashMap<Long, Long> globalRecentBlockUpdates =
+		new HashMap<>();
+	private final HashMap<String, Long> globalAntiEspCooldowns =
+		new HashMap<>();
+	private final Object globalAntiEspLock = new Object();
+	private boolean globalAntiEspSuspicious;
+	private int globalAntiEspSignals;
 
 	public AntiCheatDetectHack()
 	{
 		super("AntiCheatDetect");
 		setCategory(Category.OTHER);
 		addSetting(setbackDetection);
 		addSetting(suppressUnknown);
+		addSetting(detectGlobalAntiEsp);
+		addSetting(globalAntiEspAlerts);
+		addSetting(globalBlockBurstThreshold);
 	}
 
 	@Override
 	protected void onEnable()
 	{
 		WURST.getServerObserver().requestCaptureIfNeeded();
+		EVENTS.add(PacketInputListener.class, this);
+		EVENTS.add(UpdateListener.class, this);
+		resetGlobalAntiEspState();
 		alertAboutAntiCheat();
 	}
 
+	@Override
+	protected void onDisable()
+	{
+		EVENTS.remove(PacketInputListener.class, this);
+		EVENTS.remove(UpdateListener.class, this);
+		resetGlobalAntiEspState();
+	}
+	
+	@Override
+	public void onUpdate()
+	{
+		if(detectGlobalAntiEsp.isChecked())
+			pruneGlobalAntiEspState();
+	}
+	
+	@Override
+	public void onReceivedPacket(PacketInputEvent event)
+	{
+		if(!detectGlobalAntiEsp.isChecked())
+			return;
+		
+		Packet<?> packet = event.getPacket();
+		if(packet instanceof ClientboundBlockUpdatePacket blockUpdate)
+		{
+			recordGlobalBlockChange(blockUpdate.getPos(),
+				blockUpdate.getBlockState());
+			return;
+		}
+		
+		if(packet instanceof ClientboundSectionBlocksUpdatePacket deltaUpdate)
+		{
+			deltaUpdate.runUpdates(this::recordGlobalBlockChange);
+			return;
+		}
+		
+		if(packet instanceof ClientboundBlockEntityDataPacket bePacket)
+			recordGlobalBlockEntityPacket(bePacket);
+	}
+	
 	public void completed()
 	{
 		if(isEnabled())
@@ -72,4 +160,147 @@ public boolean isSetbackDetectionEnabled()
 	{
 		return setbackDetection.isChecked();
 	}
+	
+	@Override
+	public String getRenderName()
+	{
+		return super.getRenderName();
+	}
+	
+	private void recordGlobalBlockChange(BlockPos pos, BlockState state)
+	{
+		if(pos == null || state == null)
+			return;
+		
+		long now = System.currentTimeMillis();
+		String blockId =
+			BuiltInRegistries.BLOCK.getKey(state.getBlock()).toString();
+		boolean currentRelevant = isRelevantBlockState(state, blockId);
+		
+		synchronized(globalAntiEspLock)
+		{
+			if(currentRelevant)
+			{
+				globalBlockChangeTimes.addLast(now);
+				while(!globalBlockChangeTimes.isEmpty()
+					&& now - globalBlockChangeTimes
+						.peekFirst() > GLOBAL_BLOCK_BURST_WINDOW_MS)
+					globalBlockChangeTimes.removeFirst();
+				
+				if(globalBlockChangeTimes.size() >= globalBlockBurstThreshold
+					.getValueI())
+					flagGlobalAntiEspLocked("global-burst",
+						"Observed " + globalBlockChangeTimes.size()
+							+ " block changes in 2s.");
+			}
+			
+			long key = pos.asLong();
+			globalRecentBlockUpdates.put(key, now);
+			BlockChangeSnapshot previous = globalLastBlockChanges.put(key,
+				new BlockChangeSnapshot(blockId, now, currentRelevant));
+			if(previous != null && previous.relevant() && currentRelevant
+				&& !previous.blockId().equals(blockId)
+				&& now - previous.timestamp() <= GLOBAL_BLOCK_FLIP_WINDOW_MS)
+				flagGlobalAntiEspLocked("flip-flop",
+					"Rapid block swap at " + pos.getX() + ", " + pos.getY()
+						+ ", " + pos.getZ() + " (" + previous.blockId() + " -> "
+						+ blockId + ")");
+		}
+	}
+	
+	private void flagGlobalAntiEspLocked(String key, String message)
+	{
+		long now = System.currentTimeMillis();
+		Long cooldown = globalAntiEspCooldowns.get(key);
+		if(cooldown != null && now - cooldown < 8000L)
+			return;
+		
+		globalAntiEspCooldowns.put(key, now);
+		globalAntiEspSuspicious = true;
+		globalAntiEspSignals = Math.min(globalAntiEspSignals + 1, 999);
+		if(globalAntiEspAlerts.isChecked())
+			ChatUtils.warning("AntiCheatDetect Global Anti-ESP: " + message);
+	}
+	
+	private void pruneGlobalAntiEspState()
+	{
+		long now = System.currentTimeMillis();
+		synchronized(globalAntiEspLock)
+		{
+			while(!globalBlockChangeTimes.isEmpty()
+				&& now - globalBlockChangeTimes
+					.peekFirst() > GLOBAL_BLOCK_BURST_WINDOW_MS)
+				globalBlockChangeTimes.removeFirst();
+			while(!globalBePacketTimes.isEmpty() && now
+				- globalBePacketTimes.peekFirst() > GLOBAL_BE_BURST_WINDOW_MS)
+				globalBePacketTimes.removeFirst();
+			globalRecentBlockUpdates.entrySet().removeIf(
+				e -> now - e.getValue() > GLOBAL_BLOCK_HISTORY_TTL_MS);
+			globalLastBlockChanges.entrySet().removeIf(e -> now
+				- e.getValue().timestamp() > GLOBAL_BLOCK_HISTORY_TTL_MS);
+		}
+	}
+	
+	private void resetGlobalAntiEspState()
+	{
+		synchronized(globalAntiEspLock)
+		{
+			globalBlockChangeTimes.clear();
+			globalBePacketTimes.clear();
+			globalLastBlockChanges.clear();
+			globalRecentBlockUpdates.clear();
+			globalAntiEspCooldowns.clear();
+			globalAntiEspSuspicious = false;
+			globalAntiEspSignals = 0;
+		}
+	}
+	
+	private void recordGlobalBlockEntityPacket(
+		ClientboundBlockEntityDataPacket packet)
+	{
+		BlockPos pos = packet.getPos();
+		if(pos == null)
+			return;
+		
+		long now = System.currentTimeMillis();
+		synchronized(globalAntiEspLock)
+		{
+			globalBePacketTimes.addLast(now);
+			while(!globalBePacketTimes.isEmpty() && now
+				- globalBePacketTimes.peekFirst() > GLOBAL_BE_BURST_WINDOW_MS)
+				globalBePacketTimes.removeFirst();
+			
+			if(globalBePacketTimes.size() >= GLOBAL_BE_BURST_THRESHOLD)
+				flagGlobalAntiEspLocked("be-burst",
+					"Received " + globalBePacketTimes.size()
+						+ " block-entity packets in 2s.");
+			
+			Long lastUpdate = globalRecentBlockUpdates.get(pos.asLong());
+			if(lastUpdate == null
+				|| now - lastUpdate > GLOBAL_BLOCK_UPDATE_GRACE_MS)
+				flagGlobalAntiEspLocked("late-be",
+					"Block entity at " + pos.getX() + ", " + pos.getY() + ", "
+						+ pos.getZ()
+						+ " arrived without a recent block update.");
+		}
+	}
+	
+	private boolean isRelevantBlockState(BlockState state, String blockId)
+	{
+		if(state == null || blockId == null)
+			return false;
+		
+		if(state.isAir())
+			return false;
+		
+		if(!state.getFluidState().isEmpty())
+			return false;
+		
+		return !"minecraft:water".equals(blockId)
+			&& !"minecraft:lava".equals(blockId);
+	}
+	
+	private record BlockChangeSnapshot(String blockId, long timestamp,
+		boolean relevant)
+	{}
 }