Skip to main content

Iron Aegis Anti-Cheat - User Guide

Русский

Core Concepts and Operating Principle

The anti-cheat essentially functions as a sniffer that intercepts and analyzes the game’s network packets.
Packets are analyzed by strings and magic numbers.

Danger Levels

The system classifies packets into the following danger levels:

  • SAFE 🟢 – Safe packets that are part of the standard game process
  • UNKNOWN 🟡 – Packets with unknown structure or new format that require analysis
  • SUSPICIOUS 🟡 – Potentially dangerous packets (false positives occur frequently)
  • WARNING 🟡 – Packets of malicious activity (false positives occur less often)
  • DANGEROUS 🔴 – Packets of malicious activity (false positives are rare)
  • BLOCKED 🔴 – Automatically blocked packets identified as malicious

Event Types

Each packet belongs to a specific event type:

Basic Gameplay Actions

  • ARMY – Army management
  • NAVY – Fleet management
  • AIR – Air force management
  • PRODUCTION – Production
  • CONSTRUCTION – Construction
  • TRADE – Trade operations
  • FOCUS – National focus research

Management and Diplomacy

  • LOBBY – Lobby actions
  • DIPLOMACY – Diplomatic actions
  • LEADERS – Leader management
  • IDEAS – National ideas
  • EVENTS – Events

Special Mechanics

  • AGENCY – Intelligence actions
  • MARKET – Market operations
  • SPECIALPROJECTS – Special projects
  • RESEARCH – Research actions
  • OCCUPATION – Occupied territories management

System Events

  • TECHNICAL – Technical packets
  • CONNECTION – Connection parameters
  • CUSTOMISATION – Unit icon and color customization
  • SECURITY – Security events
  • HEADER – Packet headers
  • CHEAT – Suspicious actions
  • UNKNOWN – Unclassified events

Interface Description

Control Panel

Action Buttons

  • REFRESH – Refresh the list of players and events.
    The interface automatically updates every 5 seconds.
  • Select All – Select all players to display their events
  • Unselect All – Deselect all players
  • Export State – Save the current state (player list, blocklist, events) to a file
  • Import State – Load a state from a JSON file
  • Clear All – Clear the list of players and events (locally).
    A backup of the current state will be created (or the previous one overwritten)
  • ENGLISH – Switch interface language

Protection Toggles

  • Forbid New Connections – Prevent new players from connecting to the server.
    Enable this after all players have joined. Disable it when opening the lobby or enabling hotjoin.
caution

May cause disconnections for already connected players if their connection port or IP address changes.
This is not an absolute guarantee — it can be bypassed by connecting via the same Steam relay, nickname, and destination port as one of your players.

Restriction Levels

A dropdown menu with protection levels:

  • None (5) – No restrictions, allows all packets.
  • Weak (4) – Blocks dangerous (DANGEROUS) packets (recommended).
    These include autosaves, country boosts, one of the DLC disable/force crash variants, one of the game-start packets, speed changes, and some actions controlling other countries.
    False positives are unlikely.
  • Medium (3) – Blocks suspicious (WARNING and DANGEROUS) packets.
    These include packets typically sent when using cheats, though false positives can occur — check them against in-game actions.
  • Strict (2) – Blocks all nonstandard (SUSPICIOUS, WARNING, and DANGEROUS) packets.
    These often appear from all players, but were also observed during cheating activity.
    Enabling this mode will likely cause many players to crash.
  • Very Strict (1) – Blocks all suspicious and previously unknown (UNKNOWN, SUSPICIOUS, WARNING, and DANGEROUS) packets.
    Enabling this mode will almost certainly cause mass player crashes.
caution

May cause players to freeze or disconnect.
However, you can analyze which packets were blocked by using the event log (filter by packet danger level).

Interface Sections

Players

A table with information about connected players:

  • Show – Checkbox to mark which players’ events to display
  • Steam name, in-game name, and country tag
  • Destination ports
  • Number of warnings
  • Connection time and last packet time
  • Number of received packets
  • Player management buttons:
    • Alive/Dead – Toggle player state
    • Ban – Block/unblock player by port and name
    • IP Ban – Block IP (and all players with that IP)

Blocked IPs

  • List of blocked IP addresses
  • Add to Blacklist button to add new IPs
  • Delete button for each IP

Events

  • Displays events only for selected players
  • Event Filter – Input field for regular expressions
    Regex works on the packet’s hex representation, player properties, and event properties
  • Apply Filter – Apply the event filter
  • Invert Filter – Invert the filter results
  • Number of Events to Display – Limit the number of displayed events (for optimization)