[IMG]http://i.imgur.com/DMppLUf.png?1[/IMG]
A friend and I made this with the intention of selling it somewhere until I realized how much of a cunt I'd be to charge for this fantastic tool. I'm sick of servers only being cool because of how much money someone's mom gave them to spend on CoderHire Pointshop skins, and gigantic communities like 420.
[I][U]When it prompts you for a license, just enter anything you want.[/U] [/I]Lost the original source code, so I made my license server return "true" for every key.
[B]What it does[/B]
It decompresses Garry's LZMA compression on clientside/shared lua cache files found in [U]garrysmod/cache/lua.
[/U]
This includes and [I]is not limited to[/I]:
*Most SWEPs
*All UI/HUD elements
*Basically anything that shows something on your monitor (I.e. shitty pointshop skins)
[B]A couple pictures[/B]
[IMG]http://puu.sh/6r2nR.png[/IMG]
[IMG]http://puu.sh/6r2qg.png[/IMG]
(my tray got in the way of the open button when using it to take the screenshot)
[B]Download[/B]
[URL]http://puu.sh/5ErDF[/URL] ([I]because this contacts a PHP license script[/I] ([URL]http://c1yd3i.com/license/check.php[/URL]), [I]shitty AVs might give it a false positive[/I])
EDIT:
As Bloodwave pointed out you need to fill in all available characters in the serial number, or the program thinks you entered a wrong serial.
I see more DMCA filings in the near future...:suicide:
EDIT:
On a more serious note stay the fuck away from Lua caches.
If someone uses this to look at the code in the gamemode I'm might eventually but probably wont run on a server and most certainly not release due to shittyness... God help them.
Last time I looked at it... I nearly went blind from how crappy it is.
"I'm too much of a cunt to sell it, so I'll just release it publicly for everybody to have for free."
Oh god...
Great... -_-
This whole project is just wrong. It will just ruin the uniqueness of servers if you can just steal their content.
"I'm sick of servers only being cool" You have a weird view of things don't you? It is illegal to steal their scripts that they bought of CoderHire.
[QUOTE=Fortune11709;43598723]This whole project is just wrong. It will just ruin the uniqueness of servers if you can just steal their content.
"I'm sick of servers only being cool" You have a weird view of things don't you? It is illegal to steal their scripts that they bought of CoderHire.
[/QUOTE]
You don't have access to serverside code, granted that can be reverse engineered if you know Lua.
This program's purpose isn't to steal from CoderHire -- it's to decompress cache files.
You have to post the source code if you want to avoid a ban.
[QUOTE=Aide;43598873]You have to post the source code if you want to avoid a ban.[/QUOTE]
[url]http://facepunch.com/showthread.php?t=1351140&p=43599085&viewfull=1#post43599085[/url]
[QUOTE=rbreslow;43598741]You don't have access to serverside code, granted that can be reverse engineered if you know Lua.
This program's purpose isn't to steal from CoderHire -- it's to decompress cache files.[/QUOTE]
Oh, that makes it all better then! I know there's a lot of useful cases for decompressing someone else's work!
Your only seeming reason to release or even make a thing like this with the intent of giving it away paid or unpaid, would be because 'programming gmod isnt a real job everything should be free and public!!!'.
[editline]19th January 2014[/editline]
Would it be possible for garry to store these compressed scripts in RAM?
It's a non-obfuscated .NET program that uses the .NET library SevenZip, so it can be decompiled into pretty much source code :
[url=http://pastebin.com/R4tTCauP]Program.cs[/url]
[url=http://pastebin.com/D6KkvvSG]MainForm.cs[/url]
[url=http://pastebin.com/pSEcx0JY]KeyValidator.cs[/url]
[url=http://pastebin.com/PNTYsR1q]KeyPopup.cs[/url]
[url=http://pastebin.com/TPH6zpTS]Decrypter.cs[/url]
hmm :
[img]http://puu.sh/6r6ya.png[/img]
@OP: releasing this doesn't combat : [I]"I'm sick of servers only being cool because of how much money someone's mom gave them to spend on CoderHire Pointshop skins (granted I was on CH myself), and gigantic communities like 420."[/I] at all, nor is it a valid argument really.
Code to do this has also been released before.
[QUOTE=bitches;43599050]Oh, that makes it all better then! I know there's a lot of useful cases for decompressing someone else's work!
Your only seeming reason to release or even make a thing like this with the intent of giving it away paid or unpaid, would be because 'programming gmod isnt a real job everything should be free and public!!!'.[/QUOTE]
idk man. Being able to look at others code is kinda useful for learning things, and as all the "good" code gets put on to CoderHire (seriously, how the fuck does some of that stuff sell?) it's getting harder and harder to find actual resources to learn from. Especially as there are so few tutorials and the GMod wiki documentation is still incomplete or really vague.
Seeing as this won't get the server files, it's not like it's the most harmful thing ever, most of the things that make servers "unique" have the important parts server-side after all. Besides, if you see someone running code you sold when they shouldn't be, deal with it yourself, it's your duty to protect your products after all.
[QUOTE=bitches;43599050]Oh, that makes it all better then! I know there's a lot of useful cases for decompressing someone else's work!
Your only seeming reason to release or even make a thing like this with the intent of giving it away paid or unpaid, would be because 'programming gmod isnt a real job everything should be free and public!!!'.[/QUOTE]
It's not my business how people use it, I'm just making the tool available.
Garry's Mod cache files are just LZMA compression with "CAT" (yes the word cat) appended to the beginning. Anyone could write a basic program to do this in an hour.
Its the serverside code that's got the important stuff usually.
I already assumed any client side work I did was in the hands of everyone the second it was transferred to the client. That still does not give you the right to just rip off someones work or their purchase.
Also, you make it sound like you just ripped the program off from someone else. Sounds like you just debugged the simple licensing system.
I would be afraid to run this on my computer, who knows what else this program does.
[QUOTE=>>oubliette<<;43599085]
hmm :
[IMG]http://puu.sh/6r6ya.png[/IMG]
[/QUOTE]
Just chose the first thing that popped into my head, he didn't actually change that HWID SEED (seed to generate a unique hardware id off of for the licensing system) if you were wondering.
Regardless you decided to take it upon yourself to make a tool only useful for theft. How people use it is limited to one purpose, so you cannot unlink yourself from responsibility for it.
You said yourself this is to combat coderhired servers. That's plain theft from the programmers making money by selling their work that you are explicitly encouraging.
You reference the 420 server, wanting people to steal their code... but 420 is already a mish mash of stolen code.
[editline]19th January 2014[/editline]
So you're just replicating the same problem.
[QUOTE=bitches;43599128]
You reference the 420 server, wanting people to steal their code... but 420 is already a mish mash of stolen code.
[/QUOTE]
I know.
[URL]http://facepunch.com/showthread.php?t=1317457&p=43597737&viewfull=1#post43597737[/URL]
Why does gmod store the files in the first place, doesn't it download them every game join since its all one file now? I'm guessing it downloads them and once the client has finished connecting it reads the file to execute the code within.
Why not download it to RAM, execute, then remove from RAM?
[QUOTE=bitches;43599144]Why does gmod store the files in the first place, doesn't it download them every game join since its all one file now? I'm guessing it downloads them and once the client has finished connecting it reads the file to execute the code within.
Why not download it to RAM, execute, then remove from RAM?[/QUOTE]
Whats the point of doing the above all that would do is turn it into a game of cat and mouse, as soon as the code is sent to the client and ran on the client then its easily viewable no matter how you handle it.
[QUOTE=JayneHJKL;43599114]I already assumed any client side work I did was in the hands of everyone the second it was transferred to the client. That still does not give you the right to just rip off someones work or their purchase.
Also, you make it sound like you just ripped the program off from someone else. Sounds like you just debugged the simple licensing system.
I would be afraid to run this on my computer, who knows what else this program does.[/QUOTE]
I made the licensing system for the program, a friend coded it. I asked if he was okay if I public-ally released it and disabled the licensing system.
[IMG]http://puu.sh/6r75y.png[/IMG]
[CODE]<?php
// Generate an authentication key using the user's seed and a random number
function generateKey($seed="secret", $split_length=5, $length=3, $join="-") {
if ((($split_length * $length) + ($length - 1)) > 32) {
throw new InvalidArgumentException('not enough data to satisfy length requirements');
}
$random = rand(0, 100000);
$generated = md5($seed + $random);
$generated_length = strlen($generated);
$parts = array();
for ($i = 0; $i < $generated_length; $i+= $split_length) {
$sub = substr($generated, $i, 5);
array_push($parts, $sub);
}
$shortened = array_slice($parts, 0, $length);
$key = implode($join, $shortened);
return strtoupper($key);
}
(generate a key)
[/CODE]
[CODE]<?php
$db = mysql_connect('mysql.c1yd3i.com','LOL SORRY','LOL SORRY') or die("Database error");
mysql_select_db('license', $db);
$code = mysql_real_escape_string($_GET["code"]);
$res = mysql_query('select count(*) from codes where code = "' . $code . '"') or die("Query error");
$row = mysql_fetch_row($res);
if ($row[0] > 0) {
echo "true";
}
else {
echo "true";
}
[/CODE]
[QUOTE=King Penisless;43599162]Whats the point of doing the above all that would do is turn it into a game of cat and mouse, as soon as the code is sent to the client and ran on the client then its easily viewable no matter how you handle it.[/QUOTE]
The point is so you can't have a random early/pre-teens server operator download a point and click program to steal content.
[QUOTE=bitches;43599144]Why does gmod store the files in the first place, doesn't it download them every game join since its all one file now? I'm guessing it downloads them and once the client has finished connecting it reads the file to execute the code within.
Why not download it to RAM, execute, then remove from RAM?[/QUOTE]
Storing it in RAM wastes a lot of time every reconnection as you need to redownload the cache again. There's zero point to storing it in RAM as whatever is in there needs decrypting at some point anyway, making it vulnerable. Which is why the client/ server divide is important. Clients should not be receiving or running important code unless they absolutely have to.
[QUOTE=hexpunK;43599200]Storing it in RAM wastes a lot of time every reconnection as you need to redownload the cache again. There's zero point to storing it in RAM as whatever is in there needs decrypting at some point anyway, making it vulnerable. Which is why the client/ server divide is important. Clients should not be receiving or running important code unless they absolutely have to.[/QUOTE]
Just a heads up, this isn't encryption, only [url=http://en.wikipedia.org/wiki/Lempel%E2%80%93Ziv%E2%80%93Markov_chain_algorithm]encoding[/url] of which Garry changed the first 4 (if I remember right) bytes
[QUOTE=Teddi Orange;43599230]Just a heads up, this isn't encryption, only [url=http://en.wikipedia.org/wiki/Lempel%E2%80%93Ziv%E2%80%93Markov_chain_algorithm]encoding[/url] of which Garry changed the first 4 (if I remember right) bytes[/QUOTE]
Ah I knew the word I was using was the wrong one but for some reason couldn't remember the right word :v: Been doing that all day, it's annoying.
[QUOTE=hexpunK;43599200]Storing it in RAM wastes a lot of time every reconnection as you need to redownload the cache again. There's zero point to storing it in RAM as whatever is in there needs decrypting at some point anyway, making it vulnerable. Which is why the client/ server divide is important. Clients should not be receiving or running important code unless they absolutely have to.[/QUOTE]
As I said, my zero point is to prevent the unlearned masses from having effortless access to paid or private content.
OP supports the commonizing of such theft purely to spite servers whose renters pay for additional scripting; I'm proposing making this a task left to those who can write addons on their own.
Guys, you can be mad at OP all you want. But he's doing the right thing.
If he was to release it privately he could of easily of made a good lump some of money and the chance of Garry caring about fixing it is around 0%
Now its been publically released Garry might give half a shit to work up a newer system.
Or he could of not released it at all and there would be nothing to fix :v
At least nothing obvious or publicly accessible.
[QUOTE=bitches;43599349]As I said, my zero point is to prevent the unlearned masses from having effortless access to paid or private content.
OP supports the commonizing of such theft purely to spite servers whose renters pay for additional scripting; I'm proposing making this a task left to those who can write addons on their own.[/QUOTE]
Considering they are only getting the client/ shared code, assuming the addons are written remotely decently (which they should be if you're paying for them (a concept that still eludes me, paying for mods)), then the "theft" won't really give them anything interesting. Sure they can get PointShop skins and shit, but that stuff is borderline worthless.
If you are concerned about people stealing your shit, then you have to take some action to ensure your shit isn't being run by unauthorised users. Thanks to the encoding being used here being so simple you aren't ever going to stop this from happening, this tool is a frontend for a very simple action after all.
[QUOTE=Fortune11709;43599407]Or he could of not released it at all and there would be nothing to fix :v[/QUOTE]
It still would have existed though. It's between a rock and a hard place; either release it publicly and hope that it causes Garry to create a new system, or keep it private and the exploit still exists.
Sorry, you need to Log In to post a reply to this thread.
