Cerberus SDK Documentation

Integrate Cerberus anti-cheat into your game in under 2 hours.

Quick Start

Cerberus ships as a single static library (cerberus_sdk.lib) and a header file. The SDK handles all communication with the Cerberus kernel driver — your game code only needs to initialize, start a session, and listen for callbacks.

Cerberus is currently in closed beta. You'll need an API key from your partner dashboard to initialize the SDK.

C++ — Minimal integration

// 1. Include the SDK header
#include "cerberus_sdk.h"

// 2. Initialize on game launch
CerberusConfig config = {};
config.apiKey       = "crb_live_xxxxxxxxxxxxxxxx";
config.gameId       = "your-game-id";
config.enableAI     = true;   // Layer 2: Behavioral AI
config.enableHW     = true;   // Layer 3: Hardware fingerprinting
config.banCallback  = OnPlayerBanned;

CerberusResult result = Cerberus_Init(&config);
if (result != CERBERUS_OK) {
    // Handle init failure — game can still run (graceful degradation)
    Log("Cerberus init failed: %d", result);
}

// 3. Start session when player joins match
Cerberus_StartSession(playerId, matchId);

// 4. End session when match ends
Cerberus_EndSession();

// 5. Shutdown on game exit
Cerberus_Shutdown();

System Requirements

Developer / Studio Requirements

Visual Studio 2019+ or compatible C++ compiler (MSVC v142+)
.NET 6.0+ for C# bindings (Unity integration)
Unreal Engine 5.1+ for UE plugin
Partner dashboard account + API key

Player / End-User Requirements

Players running games protected by Cerberus need:

OS: Windows 10 20H2+ or Windows 11 (x64 only)
BIOS — Secure Boot: Must be enabled. Required for hardware verification (Layer 3). Check: msinfo32 → "Secure Boot State" should show "On"
BIOS — TPM 2.0: Recommended (enables firmware attestation in v0.6+). Most modern systems have this enabled by default
Windows Update: System must be on a supported Windows build. Outdated builds may fail driver signature verification
GPU Drivers: Up to date. Outdated GPU drivers can trigger false positives on overlay detection
No unsigned drivers: Systems with test-signing mode enabled (bcdedit /set testsigning on) will be flagged
Virtualization: Running inside a VM (VirtualBox, VMware, Hyper-V) is not supported for competitive multiplayer. Cerberus will detect and flag virtualized environments

Players do NOT need to change any BIOS settings beyond enabling Secure Boot. No manual TPM configuration, no VT-x/AMD-V changes, no special setup. If Secure Boot is already on (default on most PCs sold after 2016), the player is ready.

Installation

Add the SDK to your project:

Shell

# Download the SDK package (provided via partner dashboard)
cerberus-sdk-v0.4.2.0b-win64.zip

# Contents:
├── include/
│   └── cerberus_sdk.h
├── lib/
│   ├── cerberus_sdk.lib      # Static library (Release)
│   └── cerberus_sdk_d.lib    # Debug build
├── bin/
│   └── cerberus_driver.sys   # Kernel driver (signed)
└── docs/
    └── integration_guide.pdf

Initialization

CerberusConfig

Parameter	Type	Description
apiKey	const char*	Your API key from the partner dashboard. Required.
gameId	const char*	Unique game identifier. Required.
enableAI	bool	Enable Layer 2 (behavioral AI). Default: true. Aegis+ tier required.
enableHW	bool	Enable Layer 3 (hardware fingerprinting). Default: true. Cerberus+ tier required.
scanInterval	uint32_t	Kernel scan interval in ms. Default: 2000. Min: 500.
aiSampleRate	uint32_t	Input sampling rate in Hz. Default: 1000. Range: 250-2000.
banCallback	CerberusBanFn	Called when a player is banned mid-session.
flagCallback	CerberusFlagFn	Called when a player is flagged for review (optional).
logLevel	CerberusLogLevel	LOG_NONE, LOG_ERROR, LOG_WARN, LOG_INFO, LOG_DEBUG.

Configuration

Cerberus can be configured at runtime. Common patterns:

C++

// Disable hardware scanning for singleplayer modes
Cerberus_SetOption(CERBERUS_OPT_HW_SCAN, false);

// Lower scan frequency for menu screens (save CPU)
Cerberus_SetOption(CERBERUS_OPT_SCAN_INTERVAL, 5000);

// Enable enhanced monitoring for ranked matches
Cerberus_SetOption(CERBERUS_OPT_AI_SAMPLE_RATE, 2000);
Cerberus_SetOption(CERBERUS_OPT_SCAN_INTERVAL, 500);

Callbacks

C++

void OnPlayerBanned(const CerberusBanEvent* event) {
    // event->playerId   — the banned player
    // event->reason     — CERBERUS_BAN_AIMBOT, _DMA, _INJECTION, etc.
    // event->confidence — 0.0 to 1.0
    // event->details    — human-readable description

    Log("Player %s banned: %s (%.1f%% confidence)",
        event->playerId,
        event->details,
        event->confidence * 100.0);

    // Kick the player from the match
    Game_KickPlayer(event->playerId, "Anti-cheat violation detected");
}

void OnPlayerFlagged(const CerberusFlagEvent* event) {
    // Player flagged but NOT banned — under enhanced monitoring
    // event->confidence will be between 0.30 and 0.95
    // No action needed — Cerberus handles escalation internally
    Analytics_Track("cerberus_flag", event->playerId);
}

Session Lifecycle

Always call Cerberus_EndSession() when a match ends. Orphaned sessions consume monitoring resources and may trigger false stale-session alerts.

Typical flow:

Cerberus_Init()          // Game launch — loads driver
  ├─ Cerberus_StartSession() // Match start — begins scanning
  │   ├─ ... gameplay ...
  │   ├─ Ban/Flag callbacks fire if needed
  │   └─ Cerberus_EndSession()  // Match end — stops scanning
  ├─ Cerberus_StartSession() // Next match...
  │   └─ Cerberus_EndSession()
  └─ Cerberus_Shutdown()     // Game exit — unloads driver

Ban API

Query and manage bans via the REST API. All endpoints require your API key in the Authorization header.

GET /api/v2/bans

List recent bans for your game.

Response (200 OK)

{
  "bans": [
    {
      "id": "ban_8f2a1b3c",
      "player_id": "steam_76561198012345678",
      "reason": "AIMBOT",
      "confidence": 0.992,
      "detection_head": "AI",
      "hardware_id": "hw_a1b2c3d4e5f6",
      "timestamp": "2026-05-19T14:32:01Z",
      "session_id": "ses_9d8e7f6a"
    }
  ],
  "total": 847,
  "page": 1
}

POST /api/v2/bans/{ban_id}/appeal

Submit a ban appeal for manual review. Returns the review ticket ID.

Webhooks

Cerberus sends real-time webhook events to your configured endpoint. Configure webhooks in your partner dashboard.

Webhook payload — ban.created

{
  "event": "ban.created",
  "timestamp": "2026-05-19T14:32:01Z",
  "data": {
    "ban_id": "ban_8f2a1b3c",
    "player_id": "steam_76561198012345678",
    "reason": "DMA_EXTERNAL_READ",
    "confidence": 0.997,
    "heads_triggered": ["KERNEL", "HW"],
    "hardware_fingerprint": "hw_a1b2c3d4e5f6"
  }
}

Detection Evidence

When Cerberus detects a cheat, it captures a structured evidence package for review. This data is stored on the Cerberus backend and accessible through your partner dashboard.

What is collected on detection

Data	Scope	Description
Detection type	Always	Which head triggered (KERNEL, AI, HW, NET) and the specific detection category (e.g., AIMBOT, INJECTION, DMA_READ)
Confidence score	Always	0.0-1.0 float representing detection certainty. Auto-ban threshold: 0.95+
Session snapshot	Always	Anonymized session metadata: game ID, session duration, region, SDK version
Hardware fingerprint	Layer 3	Hashed device identifiers for ban evasion tracking. No PII — hardware IDs are one-way hashed
Memory region info	Kernel	Address range, permissions (RWX), and module association of suspicious memory regions. Game memory content is NOT captured
Behavioral profile	AI	Statistical summary: aim correction speed, reaction time distribution, headshot rate deviation from player baseline
Device audit log	Layer 3	List of enumerated PCIe devices and firmware verification results. Used to identify DMA boards
Network anomaly report	Layer 4 (NET)	Server-side traffic analysis summary: packet timing anomalies, impossible state transitions, and position desync indicators

Cerberus never captures game memory contents, screenshots, keystrokes, browsing data, or any PII. All hardware identifiers are one-way hashed before transmission. Evidence is retained for 90 days (configurable per partner) to support ban appeals.

Where evidence is stored

Detection evidence is processed locally on the player's machine and only the structured metadata is sent to the Cerberus API over TLS 1.3. Raw memory dumps or input recordings are never transmitted. Partners can access evidence through:

Partner Dashboard — visual timeline of detection events with evidence viewer
Ban API — GET /api/v2/bans/{id}/evidence returns the full evidence package as JSON
Webhooks — ban.created events include a summary; full evidence available via API

Event Types

Event	Trigger	Description
ban.created	Auto-ban	Player banned with >95% confidence
ban.appealed	Player action	Ban appeal submitted
flag.created	Threshold	Player flagged (30-95% confidence), under enhanced monitoring
flag.escalated	Auto	Flag escalated to manual review after re-analysis
flag.cleared	Auto/Manual	Flag cleared — player confirmed clean
session.start	SDK call	Cerberus session started for a player
session.end	SDK call	Session ended cleanly
hw.anomaly	Layer 3	Unrecognized or suspicious hardware detected

Unreal Engine Integration

For Unreal Engine projects, use the Cerberus plugin instead of the raw SDK:

// In your .Build.cs
PublicDependencyModuleNames.Add("CerberusSDK");

// In your GameInstance or GameMode
#include "CerberusSubsystem.h"

void AMyGameMode::BeginPlay() {
    UCerberusSubsystem* Cerberus = GetGameInstance()->GetSubsystem<UCerberusSubsystem>();
    Cerberus->StartSession(PlayerState->GetUniqueId(), MatchId);
}

Unity Integration

C# — Unity

using Cerberus.SDK;

public class AntiCheatManager : MonoBehaviour {
    void Start() {
        CerberusSDK.Init(new CerberusConfig {
            ApiKey = "crb_live_xxxxxxxxxxxxxxxx",
            GameId = "your-game-id",
            OnBan = HandleBan,
            OnFlag = HandleFlag
        });
    }

    void HandleBan(BanEvent e) {
        Debug.Log($"Player {e.PlayerId} banned: {e.Reason} ({e.Confidence:P0})");
        NetworkManager.Singleton.DisconnectClient(e.PlayerId);
    }

    void OnDestroy() => CerberusSDK.Shutdown();
}

FAQ

Does Cerberus run at boot?

No. The kernel driver loads only when your game launches and unloads when it exits. Cerberus has zero presence on the system outside of active game sessions.

What happens if a player is falsely banned?

Detections below the 95% confidence threshold are never auto-banned — they go to manual review. If a ban is appealed, our threat analyst team reviews the full session replay within 4 hours (Cerberus tier SLA). False positive rate in our current beta cohort is 0.14%.

Does Cerberus collect player data?

No PII is ever collected. Cerberus processes hardware IDs, input patterns, and memory state locally. Only detection events (ban/flag) with anonymized session metadata are sent to the API. Zero telemetry — we don't know what games your players play, how long they play, or anything else.

What kernel access does Cerberus need?

The driver requires kernel-mode access (ring-0) to monitor memory permissions, detect mapped drivers, and enumerate PCIe devices. The driver is EV code-signed and submitted for WHQL certification (pending). We plan to complete third-party security audits before public release.

Can I use Cerberus for singleplayer games?

Yes, but it's designed for competitive multiplayer. For singleplayer, you can use Layer 1 only (kernel integrity) at the free Argus tier to prevent save file tampering or achievement exploits.

What engines are supported?

Cerberus works with any Windows game that can link a C++ or C# library. We have first-class plugins for Unreal Engine 5.x and Unity 2022+. Custom engine integration takes 1-2 hours with the raw SDK.