KTP / Anti-Cheat / Field Client
An external, evidence-based anti-cheat client for KTP competitive Day of Defeat. It runs alongside the game without touching it, captures session evidence, and submits a tamper-evident bundle to league admins. 100% VAC-safe, Authenticode-signed.
Earlier releases 0.7.1 and before
VAC · Safe
Never reads game memory, injects DLLs, or hooks rendering. Same OS APIs OBS and Discord use — play on your normal account.
Signed · Pinned
Every release is digitally signed (Authenticode), and the client checks that signature's fingerprint against a known-good value. A tampered copy refuses to launch.
Portable · Self-Updating
One executable, run from anywhere — nothing installed, nothing left behind after it closes. It checks its version at login and pulls its own updates: no reinstall, no manual file shuffling.
Pre-deployment
Two setup steps. Skip either and the client will reject your login. They aren't optional, they're the gate.
Own Day of Defeat
You need DoD on the Steam account you play KTP on. If you don't already have it, it's $5 on Steam. The AC runs alongside the game and is 100% VAC-safe — play on your normal account.
Get your SteamID registered
The AC accepts logins only from registered SteamIDs. If you're playing at the LAN, this is already done for you — every LAN player is pre-registered ahead of the event, so there's nothing to do here. Playing remotely instead? Ask a KTP admin in the KTP Discord to add your SteamID before your first launch.
Standing orders
The full match cycle, start to finish. Three steps. About a minute of overhead.
First login
Run KTPAntiCheat.exe. Enter your SteamID, click
First Login, and save the one-time password the app shows you.
You'll need it for every subsequent login.
Before each match
Best workflow: launch Day of Defeat first, log into the AC client, join your KTP server, then click Start Session. The full ordered list is in the Quick Start callout near the top of this page.
Reverse order also works — pressing Start before launching DoD is fine; the client retries window detection every 60s and the match resolver polls in the background. You'll just burn a few minutes of telemetry on desktop captures before the real game window shows up. A yellow banner on the AC client surfaces when DoD isn't detected yet.
After each match
Click Stop Session. The client packages everything into one encrypted ZIP and uploads it to the KTP admin server. Close the app whenever you're done playing.
Disclosure
What the AC sees during a session, what it never touches, and what ends up in the file that gets uploaded. The source code is private (so cheat developers can't reverse-engineer the detectors), but the behaviors below are the canonical description of what the client does.
What it sees
- Keyboard and mouse input — only while DoD is the active (foreground) window; the AC ignores your input the moment another program takes focus. The AC measures things like how fast you switch between A and D, how regular your clicks are, your mouse movement (both horizontal and vertical) and the on-screen position of your clicks, and your scroll-wheel input (to catch firing or crouching bound to the wheel). Stops the moment the session ends.
- Screenshots, every so often — taken at regular intervals during the session for admins to look at. Same Windows tool OBS uses to record gameplay. On fullscreen setups where the normal capture comes back black, the AC falls back to grabbing the whole monitor your game is on, then immediately crops to just the game window before anything is saved — only the game window is stored, never your other monitors or whatever else is on screen behind it. For each shot the AC also notes which window actually had focus at that instant — normally DoD; if you'd tabbed out, that window's title is recorded so a reviewer can see the game wasn't in focus. There's one setup that gives it trouble: "true" fullscreen (the exclusive kind, which DoD's older OpenGL video mode uses) running at a resolution that isn't your normal desktop resolution. In that mode Windows hands the whole screen over to the game, and no safe screenshot method can read it — so shots come through sometimes and not others. The AC keeps retrying through the session, and tries again the instant you change resolution or fullscreen setting; only if it still can't get usable frames by the end of a session does it note that capture was unavailable for that stretch — so an admin can see why the screenshots are thin instead of mistaking it for hidden activity. It's a coverage note, never a flag against you. (If this is you, running the game in borderless windowed — the
-window -noborderlaunch option — sidesteps it entirely.) - Running programs and loaded DLLs — a list taken at session start so admins can spot known cheat software. The AC has an allowlist of normal Source-engine files, so the usual stuff doesn't show up as suspicious.
- Loaded drivers — the kernel-mode drivers loaded on your system at session start (name, path, fingerprint, and whether they're validly signed), so admins can spot drivers known to be used as cheat enablers or ones loaded outside the normal Windows set. The AC loads no driver of its own — it only reads the list.
- Network connections — a snapshot of your active network connections (the remote address and port, and which program owns each) plus your system's DNS lookup cache, taken at the start and end of a session. This is to catch cheats that talk to an external service; it's inventory for a reviewer, and only captured during a session.
- Overlay windows — the title, window class, and owning program of any see-through, always-on-top windows drawn over the game — since external cheats often paint an overlay (ESP/radar) on top of DoD.
- System environment — basic machine facts read at session start: your Windows version and computer name, system model and manufacturer, memory/CPU/uptime, whether a debugger is attached to the game, and whether you're running inside a virtual machine. Context for a reviewer — none of it is a mark against you on its own.
- Game-file fingerprints — the AC takes a fingerprint (SHA256 hash) of your DoD files and compares against the league's official list. Anything different shows up in the report. As of 0.7.0 it looks harder for your DoD install — checking every Steam library and, if needed, your fixed drives — so the check still runs when the game isn't in the default location.
- Config files — binds and setup values — the AC reads your DoD
.cfgfiles for two things. First, mousewheel-bound fire or crouch binds, which Rule 4.6 disallows (a wheel scroll multiplies a single flick into a burst of inputs). Second, as of 0.7.0, the values of a small, fixed set of cvars — your netcode settings and the visual cvars the league already enforces (likegl_picmipandr_fullbright). The netcode and sensitivity values feed your public profile only if you opt in (see below); the enforced-cvar values are for admin review. Your.cfgfiles are included in the encrypted bundle for admin review, but as of 0.7.1 secret values —rcon_password, server/join passwords — are redacted out before the file is bundled, so credentials never leave your machine. Your binds and personal setup are never published to your profile. - Hardware ID — a stable code that identifies your PC across logins. It's derived from your motherboard, CPU, and disk serial numbers, plus (as of 0.6.9) your network MAC addresses. Every one of those raw values is scrambled into a one-way hash on your own machine before anything is sent — the raw serials and MACs never leave your PC. Admins only ever see the resulting code, which lets them tie sessions to the same machine without holding your actual serial numbers.
- Connected devices (0.6.9) — for the USB devices attached during a session, the AC reads what each device reports about itself: its product and manufacturer name, its vendor/product ID, and its device path (so an unusual keyboard or mouse shows up as what it actually is, instead of a generic "USB Input Device"). Identification only — it's context for a reviewer, never used as a mark against you, and never published to your profile.
- Display & in-game video settings — your monitor's resolution and refresh rate (used to tell exclusive-fullscreen from windowed when a screenshot comes back blank) and, as of 0.7.1, DoD's own in-game video setting — render resolution, color depth, and fullscreen/windowed — read from the game's own Windows registry key. This lets your profile show the resolution you actually play at (e.g. 640×480 stretched) rather than just your monitor's. Context only, never a mark against you.
- Peripheral software — fingerprints of the config files from Logitech G HUB, SteelSeries GG, Razer Synapse, and similar. Some of these support firmware features like SOCD / Snap-Tap that matter for cheat detection. Starting in 0.5.3, the AC also reads CPI/DPI, polling rate, and lift-off distance from those configs — Razer Synapse, Logitech G HUB (both the JSON and, as of 0.5.7, the
settings.dbpath), Wooting Wootility, and SteelSeries GG — so detection thresholds normalize correctly across testers running very different mouse setups. For the vendors whose firmware exposes Hall-effect / Rapid-Trigger, SOCD, or macro features, the relevant vendor config files are also collected (hashed and parsed) so an admin can confirm which firmware features were enabled — which may include your macros and button rebinds. As of 0.7.1 this collection is restricted to the actual config/profile files (settings databases, profile JSON); vendor login tokens, browser cookies, and crash dumps that happen to live in the same folders are explicitly excluded and never leave your machine. That data is used only for cheat detection, never anything else. - A "still here" ping, every ~30 seconds — while a session is active the client sends the server a tiny heartbeat: which game server you're on, the client version, and (as of 0.6.9) whether screenshot capture is currently working. Your session is identified by the secure token issued at login, not by re-sending your Steam ID. No gameplay, input, or screenshot data — it exists only so admins can tell a live session apart from one whose client was closed or killed mid-match, and see in real time if your capture has gone blind. It stops the instant the session ends.
- Weapon timeline (from the game server) — the KTP game server records which weapon you had equipped and when, and links it to your session, so a reviewer can line up detector evidence (like recoil control on automatic weapons) with the weapon you were actually holding. This comes from the server, not from the client reading your PC.
What it never touches
- Reads the game's memory. The AC has zero visibility into what DoD is doing internally. It doesn't attach as a debugger, doesn't peek at game variables, doesn't see your position or what other players are doing.
- Injects code into the game. Nothing of the AC ends up inside DoD. They're separate programs that don't talk to each other. The game can't even tell the AC is running.
- Touches the graphics layer. Screenshots come from Windows asking the desktop for a picture — same way OBS does it. The AC doesn't intercept DirectX or OpenGL.
- Changes any of your game files. File checking is read-only. The AC doesn't write to your Steam, Half-Life, or DoD folders at any time.
- Runs deep inside Windows. No kernel drivers, no admin-mode tricks. The AC runs as a normal user-level program, same as your browser or Discord.
- Talks to VAC, EAC, BattlEye, or any commercial anti-cheat. This is a KTP-only tool. None of your data is shared with Valve or any third-party anti-cheat company.
- Runs when you're not playing. Outside of an active session, the AC isn't watching anything. Hit Stop Session (or close the app) and observation stops. The one thing it may do between sessions is finish uploading a session that a crash cut off — that's data already collected during that session, never anything new.
What the AC watches for (0.7.1)
- Machine-timed inputs — key or mouse timing that matches automation rather than a human hand. Genuine keyboard firmware can produce very fast inputs legitimately — that's what keyboard registration is for.
- SOCD / Snap-Tap firmware — keyboards that auto-cancel opposing key inputs in firmware (Wooting, Razer or others with the feature on). Whether that's allowed is a league-rules call, not the AC's — it just records it for a reviewer.
- Input multiplication — mousewheel-bound fire or crouch binds, turbo/rapid-fire firmware, and keyboard macros that turn one physical action into a burst of inputs (Rule 4.6); legitimate 1:1 hardware like a Rapid Trigger switch is not affected
- Spray-pattern control — recoil compensation on automatic weapons that doesn't look hand-driven
- Known cheat programs — running program names and loaded DLLs matched against a known-cheat list
- Modified game files — files that don't match the league's official copy of DoD (custom HUDs and sound mods land here too, and get sorted out in review)
- Vulnerable or unusual drivers — drivers known to be cheat enablers, or drivers loaded outside the normal Windows set
- Screenshot-coverage problems — when capture jams on a repeated frame, or goes blind for a stretch of a fullscreen session (recorded as a coverage note so a reviewer understands the gap, never treated as hiding something)
Field queries
Questions from existing testers, answered. Click any to expand. If your question isn't here, ping a KTP admin in the KTP Discord.
What if I miss a software update?
You can't miss one. The client checks the league server's current version every time you log in, and refuses to start a session if you're behind. You'll see an "Update required" prompt; accept it, and the client downloads the new build, verifies it, and restarts on the new version. Old builds can't upload sessions at all.
Does the AC look at things outside the game?
Yes, while a session is active. See §III Disclosure for what exactly. The reason: cheat software runs outside the game. If the AC only looked at DoD, it would miss every cheat that injects input or draws overlays from a separate program — that's the whole class of cheat the AC is trying to catch. Outside an active session, the AC observes nothing at all.
What about my browser history or personal files?
Not touched. The AC doesn't read your browser, documents, email, or anything outside the DoD folder. The file check is limited to specific game files on the league's official list, all under Half-Life/dod/. Nothing else gets read. See §III Disclosure for the full picture.
Can I open my own session bundle and look inside?
No, that changed in 0.4.5. The ZIP gets encrypted with AES-256 before it ever touches your disk, using a key the server gives you at login. Only the server has the key, so the file on your machine is sealed even to you.
Before 0.4.5 the bundle sat in %USERPROFILE%\Documents\KTP Anti-Cheat\ as a plain ZIP. Anyone with access to your computer could open it and browse the screenshots and input logs. That exposure was the reason for the change.
On a successful upload, the local copy gets deleted. On a failed upload, the encrypted file stays put so the client can retry on next launch, but it's still encrypted either way. If you want to see what's in your bundle, ping a KTP admin in the KTP Discord — he can pull it server-side and walk through it with you.
Why does the First Login button stay disabled after I clicked it?
Sixty-second cooldown after a failed login. If your SteamID isn't registered, the server rejects the first-login and the AC disables the button for a minute, with a countdown in the status bar. Once it re-enables, try again.
If you wait it out and you're still rejected, your SteamID isn't on the roster yet. Send it to a KTP admin in the KTP Discord and he'll get you added.
Why does my session show very fast key reactions?
Usually your keyboard's firmware. Hall-effect / Rapid-Trigger and Snap-Tap boards — Wooting, SteelSeries Apex Pro, Razer analog, the Tekkusai Titan, and others — can fire key events far faster and more consistently than a hand can. That's the hardware doing its job, not you reacting inhumanly fast.
The AC notices unusually fast or machine-regular timing and records it for a reviewer; it doesn't decide anything on its own. As of 0.6.9, if you run one of those keyboards you can have an admin register it to your account, and the server then reads those fast inputs as your hardware rather than something to explain. A one-off on a stable PC with no other signals reads very differently from the same pattern across many sessions — admins look at each. If your legitimate keyboard is tripping this, ping an admin with the model.
I run a stretched resolution / custom HUD / sound mods — am I going to get flagged?
Custom HUDs, sound mods, and stretched res are common at KTP and don't categorically flag, but the file check does pick them up as "modified files." That's expected. Admin review handles the difference between "tester swapped their score sound" (harmless, very common) and "tester replaced client.dll" (not harmless). On its own, a modified-files note is a low-priority "an admin should glance at this," not a verdict — and every flagged session is looked at by a person before anything happens, so a custom HUD never auto-actions anything.
Does this run on Mac?
Partially as of 0.5.0. Hardware fingerprinting and basic system info works on macOS. The full input, peripheral, and driver scans are blocked on having a Mac tester to validate them against. Until then, Mac sessions record what they can and mark the missing pieces in the bundle. If you're on Mac and willing to be the validator, ping Nein.
Does the AC run when I'm not playing?
No. Observation runs between when you click Start Session and when you click Stop Session (or close the app). Outside that window the executable might still be open in your taskbar, but it's not capturing anything. No screenshots, no input logging, no scans.
How long does my data stick around?
Session bundles are kept on the KTP admin server for 60 days, then pruned automatically — long enough to be the evidence trail for a review, not forever. Weapon-switch records on the league server (which weapon you held, when) roll off after 30 days. Your hashed hardware ID and IP travel with each session, so admins can spot patterns across logins from the same machine. As of 0.6.9 the hardware ID is a one-way hash computed on your PC — your actual serial numbers and MAC addresses are never stored.
What happens if I'm flagged?
Admins look at the session and pick one of four labels: unreviewed (still in the queue), clean (false alarm confirmed), suspicious (monitor going forward), or confirmed_cheater (action taken). False alarms happen and admins look for them. If you think your session got misclassified, ping a KTP admin in the KTP Discord — he'll walk through the evidence with you.
Why isn't the source code open?
Cheat-evasion prevention. If the detector code, the cheat-signature lists, and the rules for combining flags into a verdict were public, cheat developers would have a reference to test against. What the AC does is laid out in plain English in §III above; what's kept private is which specific tools and patterns trigger which flags.
The signed binary fills the trust gap. Right-click the exe, hit Properties, open the Digital Signatures tab, and Windows will tell you whether it's the real KTP build — no source code needed to verify what you're running. If you have a specific question about a detector or about your bundle, ping a KTP admin in the KTP Discord and he'll walk through it.
Fallback procedures
The small set of things the auto-update and signed-binary flow can't fix on its own. Each one has a known cause and a fix.
SmartScreen warning on first launch
Symptom: Windows SmartScreen blocks KTPAntiCheat.exe with
"Windows protected your PC."
Cause: SmartScreen builds reputation from download volume. KTP-AC is low-volume by design, so SmartScreen hasn't seen enough installs to trust it yet, even with a valid signature.
Resolution:
- Click More info in the warning
- Click Run anyway
- The warning won't appear again on subsequent launches
Want to verify the signature first? Right-click the exe, hit Properties,
open the Digital Signatures tab. The certificate should match the thumbprint in the
permit above (25CD…06A7).
Defender / antivirus interference
Symptom: Session ends but the bundle fails to upload, or the bundle looks truncated or corrupted. Defender is real-time-scanning the file while the client is still writing to it.
Resolution: Add a Defender exclusion for:
%USERPROFILE%\Documents\KTP Anti-Cheat\%TEMP%\KTPAntiCheat\
Defender → Virus & threat protection → Manage settings → Exclusions → Add folder. Same idea for Bitdefender, Kaspersky, Norton, etc. — each one has an Exclusions menu in roughly the same place.
Auto-update fails / "Update required" loops
Symptom: Update prompt appears on every launch; client never progresses past it.
Resolution: Download the current build manually from the
Issue download button above, replace your
local KTPAntiCheat.exe, restart. If the loop persists, the update server
can't be reached from your network. Ping a KTP admin in the KTP Discord and they'll walk through it.
Mouse cursor disappears in DoD while the AC runs
Symptom: Your mouse pointer vanishes in DoD's menus (or in-game) once the AC is running, and comes back when you stop the session.
Cause: On some Windows builds the screenshot capture's cursor layer hides the live on-screen pointer in borderless/exclusive fullscreen.
Resolution: Tick "Disable cursor capture" on the
AC's main window (added in 0.6.8) — it takes effect on your next session and brings
the pointer back. Capture keeps working normally; the only difference is menu
screenshots won't include the cursor. Running DoD in borderless windowed
(-window -noborder) also avoids it.
Session won't start / "SteamID not registered"
Symptom: Login rejected with "SteamID not registered."
Cause: Your SteamID hasn't been added to the league roster yet (step BRAVO in §I Pre-deployment), or you're logging in with a different SteamID than the one that was registered.
Resolution: Check which account you're logged into Steam with. The AC reads whatever SteamID Steam reports at login time, so if you're signed into the wrong account, the AC sees the wrong ID. If you're on the right account and still getting rejected, send your SteamID to Nein — an admin adds you to the list and you can log in immediately.