Auditable runtime integrity for Unreal and custom C++ games
← Back to Docs

Threat Model

What Compuon defends against, what it doesn't, and why that's the right tradeoff.

Primary Threat: Cheat Tool Commoditization

Most game cheating isn't done by reverse engineers. It's done by players downloading commercial cheat tools — programs like CheatEngine, ArtMoney, or paid subscription cheats that offer point-and-click memory editing.

These tools rely on universal techniques: scan for a value, find its address, write a new value. This is the class of problem behind infinite ammo, frozen health, and forked currency values in live games. Compuon makes that approach economically painful by turning unauthorized edits into mismatches the integrity server can prove.

What Compuon Defends Against

+
Memory scannersCheatEngine-style tools that find and modify runtime values. Unauthorized edits are proven server-side.
+
Value freezingTools that lock a value such as health, ammo, or durability. The integrity server catches the inconsistency on the next spot-check.
+
Universal cheat toolsEach build has a unique internal structure. A cheat built for one build won't cleanly carry over to the next.
+
Replay attacksKey rotation invalidates old proof data, so captured responses can't simply be reused.

What Compuon Does NOT Defend Against

Compuon is not a silver bullet. These are explicitly out of scope:

!
Dedicated reverse engineeringA skilled attacker spending weeks on YOUR specific build can eventually bypass protection. Compuon raises the cost, not the ceiling.
!
Nation-state actorsIf a state-level adversary targets your game, no client-side protection is sufficient.
!
Server-side cheatsCompuon protects client-side variables. Server logic bugs or database manipulation are separate concerns.
!
Aimbots / ESPCompuon protects data integrity, not rendering or input. Visual cheats that read (but don't modify) game state are a different problem.

Per-Build Uniqueness

Each build gets a unique internal structure that changes automatically, making reusable cheat tools uneconomical.

Server-Side Proof

Compuon doesn't try to make cheating impossible on the client. Instead, it makes runtime tampering provable from the server side:

// Integrity server perspective
reported_value = 999999 // what client claims
expected_value = 47 // what the integrity state reveals
// MISMATCH — suspicion increased

The server accumulates suspicion scores over time. Occasional mismatches (network issues, bugs) don't trigger action. Persistent, high-magnitude mismatches indicate intentional tampering. See Suspicion Scoring for details.