So how exactly does it work? What does it ban based on, because I'm going to assume it's meant to be a lot more effective than VAC. Will people also be unbanned should there be the occasional mistake (As it's possible).
On a sidenote, apologies if this is the wrong section, I was a little unsure on where to post this.
Garry designed it to specifically find SethHack. Which ironically, no longer exists.
Mistakes aren't really easily possible.
SethHack?
[QUOTE=BorisJ;37770911]Garry designed it to specifically find SethHack. Which ironically, no longer exists.
Mistakes aren't really easily possible.[/QUOTE]
Wrong.
I've been googling for info for a bit, and came across this[URL="http://www.gamedeception.net/archive/index.php?t-24997.html"]
http://www.gamedeception.net/archive/index.php?t-24997.html[/URL]
It's actually pretty funny googling for info, because you get a bunch of forums for servers with threads by the owner which basically say "GARRY VAC SYSTEM IN PLACE USE WALLHACKS OR HUDS AND BE BANNNED PERMA FROM ALL SERVERS"
[QUOTE=Wizard of Ass;37771916]Wrong.[/QUOTE]
I haven't tried reversing it myself (Nor do I have any idea where to start looking for it), but from what I have seen from tidbits found online here and there, it does look like it was targeted toward Sethhack.
It bans ANYTHING that bypasses script enforcer. Run what you like apart from anything that aims to circumvent script enforcer.
[QUOTE=jellybaby34;37772964]It bans ANYTHING that bypasses script enforcer. Run what you like apart from anything that aims to circumvent script enforcer.[/QUOTE]
Give it 2 months, it will be bypassed easily.
[QUOTE=The freeman;37773211]Give it 2 months, it will be bypassed easily.[/QUOTE]
To late, although the rumours I heard related to server hosting bypass. To block loading of banned players.
That been said SethHack was definitely a reason for Garry to introduce this. SethHack was famous, but also easy to detect. It doesn't just work for SethHack though, any attempts to bypass SE can potentially get you banned.
[QUOTE=Pantho;37774577]To late, although the rumours I heard related to server hosting bypass. To block loading of banned players.
That been said SethHack was definitely a reason for Garry to introduce this. SethHack was famous, but also easy to detect. It doesn't just work for SethHack though, any attempts to bypass SE can potentially get you banned.[/QUOTE]
My friend has been bypassing SE since May without any problems.
[QUOTE=SashaWolf;37776024]My friend has been bypassing SE since May without any problems.[/QUOTE]
Key words being can potentially.
Garry doesn't know about methods or certain modules to bypass cheats until he is informed of such. Just like ANY anticheat system the most private ones stay operational the longest.
wut 'bout faphack?
doesn't bypass SE
STICK TO LUA, YOU'LL BE FINE
[QUOTE=Wizard of Ass;37771916]Wrong.[/QUOTE]
If you're saying wrong about it mainly being SethHack: Only sdef2 is the other 'detected' cheat.
If you're saying SethHack exists:
[img]http://flapadar.co.uk/img/2012-09-25-17-17-01.png[/img]
If you're saying mistakes aren't easily possible:
You could fool Garry's anti-cheat into banning someone by creating a SethHack texture previously, but I believe he fixed that and unbanned the wrongly banned people a long time ago.
[QUOTE=BorisJ;37796237]If you're saying wrong about it mainly being SethHack: Only sdef2 is the other 'detected' cheat.
If you're saying SethHack no longer exists:
[img]http://flapadar.co.uk/img/2012-09-25-17-17-01.png[/img]
If you're saying mistakes aren't easily possible:
You could fool Garry's anti-cheat into banning someone by creating a SethHack texture previously, but I believe he fixed that and unbanned the wrongly banned people a long time ago.[/QUOTE]
You realise the last recorded ban there was a month ago right? And only 2 since the 17th of july.
[QUOTE=Pantho;37806464]You realise the last recorded ban there was a month ago right? And only 2 since the 17th of july.[/QUOTE]
Those aren't ban logs, just stack count failures. The one a month ago couldn't have been a cheat (stack was lower than normal).
The one on the 23rd July was the last logged instance of (what I'm pretty sure is) SethHack.
Yes, but why you arguing that sethack still exists when it's not recorded any form of detection since then?
[QUOTE=Pantho;37807003]Yes, but why you arguing that sethack still exists when it's not recorded any form of detection since then?[/QUOTE]
I wasn't (The post with the screenshot has a typo)
[QUOTE=BorisJ;37770911]Garry designed it to specifically find SethHack. Which ironically, no longer exists.
Mistakes aren't really easily possible.[/QUOTE]
[QUOTE=SashaWolf;37771945]I've been googling for info for a bit, and came across this[URL="http://www.gamedeception.net/archive/index.php?t-24997.html"]
http://www.gamedeception.net/archive/index.php?t-24997.html[/URL]
It's actually pretty funny googling for info, because you get a bunch of forums for servers with threads by the owner which basically say "GARRY VAC SYSTEM IN PLACE USE WALLHACKS OR HUDS AND BE BANNNED PERMA FROM ALL SERVERS"
I haven't tried reversing it myself (Nor do I have any idea where to start looking for it), but from what I have seen from tidbits found online here and there, it does look like it was targeted toward Sethhack.[/QUOTE]
does that mean adding 127.0.0.1 api.garrysmod.com to your hosts file will block the anticheat?
So many of those guys going "Lol garrys retarded!".
Yet Garry achieved his exact goal of shutting down SethHack without resorting to anything childish or causing massive drama threads. In my opinion he executed it perfectly, best way to removing the plague :)
[QUOTE=Hentie;37816849]does that mean adding 127.0.0.1 api.garrysmod.com to your hosts file will block the anticheat?[/QUOTE]
Someone asked before and garry claimed that it wouldn't block it.
[url=https://gmod.game-host.org/bar/tmp/GMod_Anti-Cheat_Analysis.htm]Analysis[/url]. And you guys forget that there's more out there than SethHack.
[editline]30th September 2012[/editline]
[quote]The anti-cheat in Garry’s Mod resides entirely in client.dll. It all begins in
CGarrysMod::LevelInit(). Given a random 1 in 100 chance and that the user is not in singleplayer, the
anti-cheat will engage after 30 to 360 seconds. However, if g_bHighPriBigEye is true, there is a 1 in 3
chance the anti-cheat will engage after 20 to 60 seconds. g_bHighPriBigEye is set to true in the Lua
function Surface.CreateFont() if the argument new_font_name matches the pattern /shm.n.+/. This
targets a private cheat for Garry’s Mod known as SethHack, since it creates a font called
“shmenufont”.
The second part of the anti-cheat resides in CGarrysMod::PaintVGUIOverlay(), which calls
a function every frame that will calls the main anti-cheat routine under the following conditions:
1. The time set in LevelInit() has passed.
2. The user is not in the menu.
3. The user is not in singleplayer.
4. The user is not in the Sandbox gamemode.
5. The main routine hasn’t been executed before.
The main routine of the anti-cheat assembles a payload and sends it over insecure HTTP as
application/x-www-form-urlencoded to [url]http://api.garrysmod.com/stats/001/[/url] (obfuscated using
ROT13 in the executable). The payload consists of:
1. The API version.
2. A chunk of data consisting of the user’s process list (and their loaded modules) encoded in
JSON and the game’s console log, obfuscated using a cipher mostly equivalent to XORing
with 0x40.
3. The user’s 64-bit Steam ID.
4. A screenshot of the game, compressed with JPEG, encoded in Base64.
Certain processes will be excluded from the process list if their executable names match one of the
following:
tsvncache.exe
spotify.exe
tortoiseproc.exe
skype.exe
rundll32.exe
system
mspdbsrv.exe
devenv.exe
googlecrashhandler64.exe
googlecrashhandler.exe
fraps64.dat
presentationfontcache.exe
ccc.exe
wmpnetwk.exe
mom.exe
adobearm.exe
jusched.exe
dropbox.exe
spotifywebhelper.exe
msseces.exe
puush.exe
fraps.exe
explorer.exe
taskeng.exe
dwm.exe
searchindexer.exe
wlidsvcmM.exe
mdnsresponder.exe
spoolsv.exe
conhost.exe
nvvsvc.exe
nvxdsync.exe
atieclxx.exe
winlogon.exe
atiesrxx.exe
lsm.exe
lsass.exe
services.exe
csrss.exe
wininit.exe
smss.exe
[system process]
svchost.exe
chrome.exe
From this analysis, we can conclude that this is literally the most retarded shit ever. The fact
that it has caught SethHack users is fucking hilarious. Why?
1. You can block the HTTP request (so easy even Garry could do it, maybe) and absolutely
nothing will happen.
2. You can hide processes from the process list scan by simply renaming them to something
from the whitelist (a.k.a. Garry’s process list).
3. It primarily targets SethHack. It’s just a matter of time before someone less retarded than
Seth, Avaster, or Flapadar starts selling a private cheat.
4. Because of the use of URL and Base64 encoding, the payload ends up being unnecessarily
huge. Like, 1.6 times larger than it should be. Garry doesn’t know how to send binary data
over HTTP it seems.
5. The payload is not authenticated, unless it’s done out-of-band from the HTTP request.
Massive abuse potential, and no way of validating the data.
6. BONUS! Garry doesn’t know what the XOR operator is either, so he ends up implementing
his cipher using conditionals and arithmetic. [/quote]
[editline]30th September 2012[/editline]
Google harder next time.
[quote] [url]http://www.gamedeception.net/archive/index.php?t-24997.html[/url][/quote]
I like how they call Garry "Gayrey" and think Gmod is retarded, yet they take the time to look into its anti-cheat systems and install cheats for it.
[QUOTE=DragonAwesome;37881556]I like how they call Garry "Gayrey" and think Gmod is retarded, yet they take the time to look into its anti-cheat systems and install cheats for it.[/QUOTE]
I chuckled at that, non stop insulting gmod + garry yet they take the time to investigate and bypass the system just so they can play what they apparently hate.
I'm pretty sure that's mostly because of the anti-cheat. They go on and on about how retarded it is and how he needed to hide it with Themida.
Well, I don't necessarily agree with their opinions, but they have some good points.
[QUOTE=The freeman;37773211]Give it 2 months, it will be bypassed easily.[/QUOTE]
I hate to burst the bubble here, but it has already been bypassed. There's module hiding ways of doing it, via injecting into the game using an HL2.exe loader like the ValveHacks one that Ember released with the last version of the VH public CS:S release, it still works. And in short it is possible to bypass, people have already done it and I have contact with these people, the thing garry is doing is annoying though because he keeps updating and breaking everyones signatures, the annoying thing is finding the new signatures because themidia.
It's simple. If you [I]were[/I] to do it, not that you would, you would just detour the function in the main class and don't do anything. When Garry's anticheat gets called, your function (that does nothing) gets called instead, and nothing happens.
The ant-cheat system doesn't try to stop you from cheating.. so I don't know how you think you're bypassing it.
[QUOTE=Se1f_Distruct;37853948][url=https://gmod.game-host.org/bar/tmp/GMod_Anti-Cheat_Analysis.htm]Analysis[/url]. And you guys forget that there's more out there than SethHack.
[editline]30th September 2012[/editline]
[editline]30th September 2012[/editline]
Google harder next time.[/QUOTE]
[lua]if ( SERVER ) then
AddCSLuaFile( );
end
if ( CLIENT ) then
surface.CreateFont( "shmenufont", {
font = "arial",
size = 1337
} );
end[/lua]
Time to get people banned on servers I host. [img]http://facepunch.com/fp/navbar/controlpanel.png[/img]
Sorry, you need to Log In to post a reply to this thread.
