In this thread you can talk about anti cheating methods, share your short scripts and so on. I made this thread so all the chitchat can be found from one place.
The cheaters are the cancer killing gmod online playing on big servers. You can't report from the cheaters to anywhere except to the server admin and the cheaters usually turn off the cheats after the deed is done so usually there's no way to capture evidence of the player cheating. So what we need is a public and powerful way to prevent these assholes from ruining the online gaming experience.
What i personally want to ask is that is there any possibility to stop clients from running clientside scripts? You know something like sv_pure.
sv_scriptenforcerenabled 1
Script Enforcer.
[QUOTE=Mr Affinity;14239432]sv_scriptenforcerenabled 1[/QUOTE]
Does this prevent the client from running all the scripts he has?
[QUOTE=1live;14239528]Does this prevent the client from running all the scripts he has?[/QUOTE]
Yes.
[QUOTE=Salads;14239580]Yes.[/QUOTE]
With an exception of the ones allowed in the clientscripts.txt file.
Take away shitty lua hacks and people will just use hl2 hooks. Hell, most tf2 hacks work for gmod anyway.
[QUOTE=C++;14239652]Take away shitty lua hacks and people will just use hl2 hooks. Hell, most tf2 hacks work for gmod anyway.[/QUOTE]
Yeah but that wont be a problem since most of the servers should have VAC protection, So if the player gets a ban it will be global.
:facepalm:
[QUOTE=C++;14239874]:facepalm:[/QUOTE]
if you have something to say just say it.
Gmod doesn't use VAC
[QUOTE=1live;14239749]Yeah but that wont be a problem since most of the servers should have VAC protection, So if the player gets a ban it will be global.[/QUOTE]
Garry's Mod does not have VAC enabled, period. It won't even disconnect you from the server for hacking.
That and if you're sad enough to aimbot on a sandbox game then my bet is that you would have cafe accounts too.
[QUOTE=1live;14239749]Yeah but that wont be a problem since most of the servers should have VAC protection, So if the player gets a ban it will be global.[/QUOTE]
Apparently VAC bans don't work in gmod.
The only somewhat reliable way is scriptenforcer - Everything else is stupid and futile. Not even scriptenforcer works properly though.
[QUOTE=CowThing;14239908]Gmod doesn't use VAC[/QUOTE]
Well that's fucking great... Why's this?
[QUOTE=1live;14239956]Well that's fucking great... Why's this?[/QUOTE]
Probably because client modules would break it, or the way garry's doing something breaks it.
[QUOTE=1live;14239956]Well that's fucking great... Why's this?[/QUOTE]
Because VAC is a piece of shit.
[QUOTE=CowThing;14239982]Because VAC is a piece of shit.[/QUOTE]
[QUOTE=CowThing;14239982]Because VAC is a piece of shit.[/QUOTE]
Kinda true.
[QUOTE=CowThing;14239982]Because VAC is a piece of shit.[/QUOTE]
Says a hacker, no?
[QUOTE=Kidd;14242124]Says a hacker, no?[/QUOTE]
No.. it sucks pretty hard as it doesn't actually work in gmod.
[QUOTE=Catdaemon;14242227]No.. it sucks pretty hard as it doesn't actually work in gmod.[/QUOTE]
Would Lua be possible with it?
I think someone told me if it was activated Lua wouldn't work or would consider it cheating.
Also...Does VAC warn when it detects something?
I do think it's stupid when an Anti-Cheat doesn't warn.
Like "WARNING: VAC HAS FOUND <NAME> A THREAT."
Or something like that.
[QUOTE=Kidd;14242241]
I do think it's stupid when an Anti-Cheat doesn't warn.
Like "WARNING: VAC HAS FOUND <NAME> A THREAT."
Or something like that.[/QUOTE]
VAC does the opposite by waiting a random interval of time to ban making it harder for people to find ways to bypass it.
The point of the delay and lack of warning is not making it clear what causes the ban.
[QUOTE=Overv;14242508]The point of the delay and lack of warning is not making it clear what causes the ban.[/QUOTE]
Which makes it harder for people to find ways to bypass it.
You have several functions available ( unless the script was super anal hardcore rootkit ).
debug.getinfo( [thread,] func )
thread is optional.
Returns a table containing things such as the line the function is defined on, what the source is ( Lua for something defined in the script, [C] for stuff compiled in ), etc.
By checking for lines defined on, or the source, you can weed out a lot of stuff, especially if the script depends on re-defining a function that was code.
Searching for files.
file.Exists
file.ExistsEx ( dunno how it works )
file.Find
file.FindInLua
file.Rename
file.Size
file.TFind
file.Time
All of these can be used to attempt to locate suspicious scripts, browsing through folders, or guessing common scripts.
file.Write
filex.Append
file.Read
Read files, or overwrite them. Useful for harming ones that use the dua exploit and RunString to 'inject' the aimbot into a script.
A great tool is the function engineConsoleCommand, which is called whenever a function added with AddConsoleCommand, but not an engine command, is ran in the console, regardless of concommand.Add being localized, or AddConsoleCommand being localized. By merely having the function run a console command when called with a command other than the log command, you can find out what commands a client is running.
Strategies:
[b]Enable script enforcer[/b] ( will stop most people )
Look for common aimbot functions that are global ( namely Jetbot's functions )
Look for common console commands ( will get most people )
Look for common hooks / hook names
Look for functions that have incorrect sources / line numbers
Read config.cfg, parse out the binds, and look for suspicious ones ( namely + binds that aren't in a whitelist ).
Alter all your scripts on the server to be different from normal ones by a single character in length or more
Search client data, dua, or scripts for certain keywords in the code.
List in engineConsoleCommand and have human interaction or automation serverside
Listen to the gamemode table for __newindex on gamemode functions to attempt to find injections
---
Those are just some thoughts. The drawback is that it isn't difficult to get around these blocks.
Why do aimbots use console commands anyway?
GMOD uses V.A.C but of course V.A.C does not detect lua
GMod doesn't use VAC.
[QUOTE=Overv;14243137]Why do aimbots use console commands anyway?[/QUOTE]
It's convenient to bind it to a key, is why. Tacking it onto one of the IN_ keys is annoying with how few there are, and most people don't seem to be aware of the input library.
Sorry, you need to Log In to post a reply to this thread.
