CARBON STEALTH ANTICHEAT
CARBON STEALTH ANTICHEAT · FOR FIVEM OPERATORS

Forensic integrity verification for FiveM servers.

A client-side scanner that performs a deep integrity check on each player's machine, then submits an HMAC-SHA256-signed verdict to your panel. Built to catch live cheats as well as historical evidence that persists even after bypass tools and "cleaners" have run. No kernel driver, no persistent telemetry, GDPR-compliant by design. Updated continuously — our detection surface evolves faster than the cheat-dev community can map it.

Deep integrity check Multi-layer forensics <1 min median scan 0 telemetry
Widecoverage
CHEAT DETECTION
Multilayer
SCAN PIPELINE
<1min
MEDIAN SCAN
0
PERSISTENT TELEMETRY
§01 · ARCHITECTURE

Three stages, signed end-to-end.

CLIENT → PANEL · HMAC-SHA256
01
CONSENT
The player launches a signed binary.
A compact Windows executable with a server-pinned fingerprint. A GDPR Art. 6(1)(a) consent dialog explains, in plain language, the categories of data that will be inspected and the purpose. The scanner never runs without explicit acceptance, never installs a driver, never loads a kernel module, never persists anything between sessions.
02
INSPECT
Multi-layer integrity check, in parallel.
The scanner runs a broad pipeline of independent checks covering live process state and persistent system artefacts. The exact surface list evolves with every release — we intentionally don't publish the module map, so bypass-tool vendors can't map it either. Each finding carries a severity and confidence score, never a single-signal verdict.
03
SUBMIT
The report is signed, then you decide.
Every scan produces a JSON bundle of findings with severity (critical|high|medium|low) and per-finding confidence (0–99). The bundle is HMAC-SHA256-signed with your server's secret, POSTed to your panel, and stored locally. Operators decide whether the player gets a download key, a warning, or a ban — the scanner never bans anyone on its own.
§02 · WHAT WE CATCH

Outcomes, not a roadmap for cheat devs.

CATEGORIES · NO SPECIFICS

Publishing the exact list of what a detection engine looks for is handing bypass-tool vendors a target list. We deliberately describe Carbon Stealth in terms of outcomes and categories, not specific indicators. Operators get the full technical manifest under NDA; cheat devs don't.

The high-level categories below cover the majority of the detection surface. Within each category there are multiple independent checks, each with its own signatures, heuristics, and confidence scoring. The roster changes with every release.

If you're an operator evaluating Carbon Stealth and want the detailed technical breakdown for your procurement review, contact enterprise@carbonstealth.eu and we will share the full module inventory under mutual NDA.

Live process & memory broad Cheats running right now. Injected modules, hooked APIs, runtime spoofing, memory-resident loaders, suspicious driver activity.
Repacked & renamed loaders heuristic Cheats redistributed under innocuous filenames are identified through behavioural invocation patterns, not just by name — because anyone can rename a file.
Persistent system artefacts forensic Traces that the OS records for its own housekeeping and that survive normal "cleanup". Catches cheats that were used, then deleted — evidence the user didn't know existed.
Anti-forensic bypass tools forensic "Cleaner" utilities and bypass drivers are themselves flagged. Their presence on a player's machine is near-certain evidence of intent.
Network & web activity curated Traffic and visit patterns cross-referenced against a curated list of cheat-distribution infrastructure. Strong signal, never the sole criterion.
Scoring & false-positive control built-in Every finding carries severity + confidence. Ambiguous signals are gated behind context checks and whitelists. Operators review evidence; the scanner never auto-bans.
§03 · OUTPUT

What operators see in their panel.

SAMPLE · IDENTIFIERS REDACTED
carbon-stealth://scan/0xA4E1F3 — completed
● LIVE
00:00.00init OK · HWID=[redacted] · OS fingerprint captured187 procs
00:02.14├─module-01 · live process state · 0 matches0 hits
00:03.91├─module-04 · inspecting game-process integrity · 412 items1 target
00:04.70├─module-04 · ! signature match #A7 · CRITICALconf 95
00:05.22├─module-09 · ! known hijack vector in game directoryconf 90
00:06.88├─module-12 · ! registry trace foundconf 90
00:08.03├─module-24 · ! prior execution evidence · persistentconf 92
00:09.41├─module-27 · ! persistent artefact matchedconf 93
00:10.17├─module-28 · ! residue of removed file detectedconf 88
00:11.46├─module-30 · ! script-host bypass patternconf 92
00:14.20├─module-33 · ! suspect external activityconf 80
00:18.50├─module-11 · 94 items enumerated · 0 matches0 hits
00:23.77├─module-14 · 1,402 objects inspected · 0 matches0 hits
00:41.15├─module-26 · ! additional cheat evidence surfacedconf 99
00:44.92submit · signed HMAC-SHA256 · POST /api/scan · 2001.8 kB
RISK · CRITICAL · 830/1000 — multiple findings across live process state and persistent forensic evidence that survived prior cleanup attempts. Player fingerprinted with historical cheat-usage record. Scan ID #0xA4E1F3 logged to operator panel with full evidence chain and HWID [redacted]. Decision: operator's.
§04 · PRICING

Self-hosted, or we host it for you.

EUR · EXCL. VAT · CANCEL ANYTIME
Community
Self-hosted on your own VPS. For hobby and small-community FiveM servers.
0 /forever
NO CARD REQUIRED
  • Unlimited scans
  • 1 server / 1 panel
  • Full detection pipeline included
  • Multi-layer forensics included
  • SQLite storage · HMAC-signed reports
  • Community Discord support
  • Managed hosting
  • Email & SMS alerts
  • API access · Webhooks
  • Priority support · SLA
Operator
We host the panel. You just ship the scanner to your players. Email & webhook alerts.
29 /month
BILLED MONTHLY · 2-MONTH FREE TRIAL
  • Unlimited scans
  • Up to 3 servers per account
  • Full detection pipeline included
  • Managed hosted panel (EU datacenter)
  • PostgreSQL storage · 365-day retention
  • Email alerts on critical findings
  • Discord webhooks · ban-evasion tracking
  • REST API · OAuth2 access
  • Scanner branding (your server logo)
  • Standard email support · 24h response
Enterprise
For FiveM networks & multi-server organisations. Custom signatures, SLA, direct dev line.
Let's talk
CUSTOM PRICING · INVOICE
Contact sales
  • Unlimited scans, servers, seats
  • Custom signatures for your specific cheats
  • White-label scanner & panel
  • Dedicated VPS or on-premise deploy
  • 99.9% uptime SLA
  • 2-hour response · priority dev line
  • Custom integrations (txAdmin, CFX, Discord)
  • Quarterly roadmap sync
  • DPIA & enterprise DPA on request
  • GDPR / ISO 27001 compliance artefacts
§05 · OPERATORS

Trusted by roleplay & PvP servers.

FIVEM · RAGEMP · ALT:V
We migrated from a homebrew whitelist system in a weekend. Within the first 48 hours Carbon Stealth caught three players who had been banned before and come back with "fresh" HWID spoofs — the persistent-evidence layer is the real differentiator.
MR
Marko R.
Admin · Balkan Roleplay · ~420 daily
No kernel driver was a dealbreaker for us — our players don't accept invasive anticheats, but they do accept a one-shot signed scan. Carbon Stealth threads that needle perfectly.
LP
Luca P.
Tech Lead · Civil RP Italy · ~780 daily
Carbon Stealth caught players running cheats repacked under innocent filenames — the kind of thing our old live anticheat missed entirely. Zero false positives across our first wave of scans. Worth it at this price.
KN
Kevin N.
Owner · PvP Network UK · ~1.2k daily
§06 · FAQ

Questions operators actually ask.

OPERATOR QUESTIONS
Do you install a kernel driver or a background agent?+
No. Carbon Stealth runs as a standard userland process under the player's own user context. It performs one scan, submits the signed report, and exits. There is no persistent service, no driver, no autorun entry, no telemetry beacon. A scan is a discrete, one-shot act.
Is Carbon Stealth GDPR compliant?+
Yes. The scanner collects only the minimum data required for the cheat-detection purpose, operates under Art. 6(1)(a) consent obtained at each scan via a plain-language EULA, and produces no persistent tracking. The EULA discloses the categories of data inspected (live process state and persistent system artefacts) in terms consistent with GDPR Art. 13. Reports are stored by you (self-hosted) or by us (Operator tier) with 365-day retention and a documented deletion path. DPIA templates and a full DPA are available for Enterprise customers.
How does "forensic detection" differ from a live anticheat?+
Live anticheats (EAC, BattlEye, FiveGuard) stop cheats in real time by injecting into the game. Forensic detection looks at the residue a cheat leaves behind in normal OS operation — evidence that persists after the user has "cleaned" their system and that bypass tools frequently overlook. It is the only way to catch cheats that were used between your live scans. We intentionally don't publish the specific artefacts we inspect, to keep bypass-tool vendors from mapping us.
What happens if the scanner false-positives on a legitimate tool?+
Every finding carries a confidence score (0–99). Ambiguous signatures — the kind that collide with legitimate developer tools, backup utilities, note-taking apps, protocol analyzers — are gated behind a context check and fire only when a supported game is actively running. An extensive whitelist covers common legitimate software (IDEs, chat apps, GPU tools, audio/video stacks, password managers, etc.). Operators see severity + confidence + full evidence and make the ban decision — Carbon Stealth never auto-bans.
Can I self-host on my own VPS?+
Yes — and it's free. The Community tier is a single ZIP with scanner binary, Flask panel, and deploy script. SQLite storage, Nginx reverse proxy, systemd service. One operator can comfortably handle 500+ scans/day on a €5/mo VPS. The Operator tier (€29/mo) is for when you'd rather not run infrastructure yourself.
How do you update detection?+
Continuous. Detection surface is tuned weekly based on cheat-market intelligence and operator telemetry. The scanner binary is republished every few weeks. Community-tier users fetch updated binaries from the website; Operator tier auto-updates. Enterprise customers get pre-release access and can commission custom detection for cheats specific to their server.
How are payments handled?+
Via Stripe (EU-based processor, PCI-DSS compliant). We don't see or store your card. Monthly subscription auto-renews until cancelled. Cancel anytime in your dashboard — no retention traps. UK/EU consumers have a statutory 14-day right of withdrawal on digital services unless they've explicitly consented to immediate access. See Terms of Service.
Who is behind Carbon Stealth?+
Carbon Stealth VCC — a Bulgarian/Italian software company (EIK BG208725180), registered office at ul. Samuil 3, Bobov Dol 2670, Bulgaria, with operational staff in Milan, Italy. We build anticheat, civic tech, and composites tooling. Our portfolio is at carbonstealth.eu.

Stop playing cat-and-mouse with manual screenshares.

Two months free on the Operator tier. Community self-host is free forever. Either way, you can have a signed scan running in under five minutes.

Carbon Stealth VCC · EIK BG208725180 · ul. Samuil 3, Bobov Dol 2670 · BG
Privacy Terms Cookies panel/eu-west