- Status
- Offline
- Joined
- Mar 3, 2026
- Messages
- 546
- Reaction score
- 7
Stop snitching on yourself. I've been intercepting Rust's HTTP traffic, and the amount of data the client phones home to Facepunch — independent of EAC — is enough to flag any lazy external user or paster. If you think staying UD from the anti-cheat is enough, you're missing the bigger picture of how Facepunch uses their own telemetry to clap accounts.
The Client State Phone Home
This isn't about EAC's driver scanning your memory; this is the game client itself packaging your configuration and sending it straight to FP servers. There are two primary vectors you need to worry about.
Endpoint 1: The F7 Trap — POST /api/public/feedback/report/
When you press F7 to report some billion-hour sweat, you are actually handing over a complete snapshot of your own game state. The payload includes:
Endpoint 2: Analytics Heartbeat — POST /api/public/analytics/rust/client
This fires periodically (roughly every 10 minutes) while you're connected. It's much more dangerous because it's passive. It reports:
How Telemetry Exposes Your Features
FOV Changers & Zoom Hacks
If you use an external to write to ConVar_Graphics_Static._fov, the game still reads that value back. The UI slider caps at 90. If your telemetry reports "graphics.fov": "120", you've just signed your own death warrant. Similarly, if the heartbeat fires while your zoom override is active (e.g., FOV at 30), it's a flag because 30 is below the 60 minimum.
Weather & Time Manipulation
Internals that force clear weather by writing to weather.clear_chance are easily caught. A legit player might have a value of 0.9, but forcing 1.0/0.0 across the board stands out in the analytics cloud. The same applies to TOD_Sky writes — if the server says it's 2 AM but your telemetry shows noon lighting, you're cooked.
Visual Removals
While grass.quality and water.quality are accessible via UI, combining zeroed-out values with impossible FOVs or weather flags creates a near-unique cheat fingerprint. Removing layers (terrain/trees) also affects the rendering draw calls, which Facepunch tracks via the draw_count field.
Recommendations for Survival
The safest cheats from a telemetry standpoint are those that modify object struct fields (recoil, silent aim via PlayerEyes) rather than convars or camera properties. Stay smart and stop feeding Facepunch your data.
Anyone found a consistent way to block these specific API calls without triggering a disconnect?
You cant view this link please login.
You cant view this link please login.
The Client State Phone Home
This isn't about EAC's driver scanning your memory; this is the game client itself packaging your configuration and sending it straight to FP servers. There are two primary vectors you need to worry about.
Endpoint 1: The F7 Trap — POST /api/public/feedback/report/
When you press F7 to report some billion-hour sweat, you are actually handing over a complete snapshot of your own game state. The payload includes:
- Full Config Dump: Every graphics, audio, and input setting, including your specific crosshair config.
- Complete Keybind Table: Every single bind, specifically console command binds.
- AppInfo & World State: Hardware specs (GPU, CPU, RAM), your Steam ID, current server, and your exact coordinates and view rotation.
- Build Verification: Jenkins build tags and changeset IDs to ensure you're on a legit branch.
Endpoint 2: Analytics Heartbeat — POST /api/public/analytics/rust/client
This fires periodically (roughly every 10 minutes) while you're connected. It's much more dangerous because it's passive. It reports:
Code:
modified_convars: A list of every convar differing from default.
device_hash / steam_id_hash: Hashed identifiers for cross-account linking.
eos_security_posture: Reports TPM, Secure Boot, HVCI, and IOMMU status.
command_line: Your full launch arguments used to start the game.How Telemetry Exposes Your Features
FOV Changers & Zoom Hacks
If you use an external to write to ConVar_Graphics_Static._fov, the game still reads that value back. The UI slider caps at 90. If your telemetry reports "graphics.fov": "120", you've just signed your own death warrant. Similarly, if the heartbeat fires while your zoom override is active (e.g., FOV at 30), it's a flag because 30 is below the 60 minimum.
Weather & Time Manipulation
Internals that force clear weather by writing to weather.clear_chance are easily caught. A legit player might have a value of 0.9, but forcing 1.0/0.0 across the board stands out in the analytics cloud. The same applies to TOD_Sky writes — if the server says it's 2 AM but your telemetry shows noon lighting, you're cooked.
Visual Removals
While grass.quality and water.quality are accessible via UI, combining zeroed-out values with impossible FOVs or weather flags creates a near-unique cheat fingerprint. Removing layers (terrain/trees) also affects the rendering draw calls, which Facepunch tracks via the draw_count field.
Feature — Exposed via F7? — Exposed via Analytics?
FOV Values — Yes — Yes
Modified Convars — No — Yes
Keybind Table — Yes — No
Hardware Hash — Yes — Yes
Security Posture — No — Yes
Command Line — No — Yes
FOV Values — Yes — Yes
Modified Convars — No — Yes
Keybind Table — Yes — No
Hardware Hash — Yes — Yes
Security Posture — No — Yes
Command Line — No — Yes
Recommendations for Survival
- Don't press F7. Ever. It’s a self-report in the most literal sense.
- If you use an external FOV changer, ensure it restores to default before a heartbeat fires, or better yet, hook the analytics endpoint to block it.
- Spoof your HWID properly. The device_hash will link your alts even if EAC isn't banning you directly.
- Don't mirror configs. Using the exact same crosshair (length, width, spacing) and sensitivity across multiple accounts is a massive correlation flag.
The safest cheats from a telemetry standpoint are those that modify object struct fields (recoil, silent aim via PlayerEyes) rather than convars or camera properties. Stay smart and stop feeding Facepunch your data.
Anyone found a consistent way to block these specific API calls without triggering a disconnect?
