Hello.
I want to create my own DRM system for gmod.
The 2 reasons is because I want to further learn Lua in this capacity and how to utilize websites to work with servers, and I just want to see if I can do it.
I understand the concept of how it works. I know that the server fetches the Lua code from the server and just runs it. I have some ideas to actually prevent it from being run unless all the checks pass. I want to know how much should I know besides Lua.
I know basic HTML but I don't think that really matters too much for what I'm making. Do I need to use Ruby or PHP for this? How would I go about creating the checks I want on a website? Any knowledge and pointers of where I could start would be appreciated. Thanks.
Please don't bother posting if all you're gonna say is "Oh, DRM is shit, don't do it." or "Wow, can you stop skid." Just don't post unless it is helpful in making me learn this.
Edit*** Just had another idea, don't know if this would work. I would label all my variables like so
VarC = {}
VarC.v1 = whatever
VarC.v2 = whatever
and every single variable would get a different name, even if they are the same name variable. (So I have two vars called Dingus and one is being called and the other is being stated, both would get different numbers).
Since every single variable has a different number attached to it, (both client and server), I could create on my website server the references to those variables. So I would declare what variable is equal to what.
For example:
*Redid this because it wasn't very understandable
On the server, you would have the whole script. You would have all the variables and everything. However, since every single variable is different you wouldn't be able to work the script (without my website references).
*Keep in mind, all of the variables are dynamic, none of them = to a specific value that stays the same. (It will always be a different number, or player object or whatever. There are no variables that = 1 or = "Hello" or any of that)
example:
A bullet hits a player. Simple enough right? (Keep in mind, there are about 100-300 variables and about 50-60 functions.) Let's say we want to get the attacker and make him take the same damage and make the victim take half the damage.
This is what the server code would look like for that particular situation.
(I'm not gonna bother getting the correct names for hooks and such, the main idea is to get my point across)
[CODE]
VarC = {}
//Skip the first three becuase that is going to be connected by Meta Function.
VarC.v4
VarC.v5
VarC.v6
VarC.v7
VarC.v8
VarC.v9
VarC.v10
VarC.v11
VarC.v12
SendToWebsite(VarC, "SomeIdShit1")
RevieveFromWebsite(ConnectedTable, "SomeIdShit2", function()
VarC = ConnectedTable
end)
local function ObfuscatedFunctionName(VarCv1, VarCv2, VarCv3)
VarC.v4:SetHealth(VarC.v4:GetHeath() - VarC.v5)
VarC.v6:SetHealth(VarC.v6:GetHealth() - (VarC.v5/2))
end
hook.Add("PlayerTakeDamage", "SomeRandomName", function(victim, dmg, attacker)
VarC.v7 = attacker
VarC.v8 = victim
VarC.v9 = dmg
ObfuscatedFunctionName(VarC.v12, VarC.v10, VarC.v11)
end)
[/CODE]
As you can see, it makes no sense. You don't really know which is what and what variable goes where. (Of course this would be more effective the more complicated your functions are and less obvious of what they do, but this is just to show you how it would work).
Now, if you run this, it wouldn't work. Why, because none of the variables are alike, or being called. However, the idea is (with proper authentication) the website connects all the variables to each other.
So on the website (which only a gmod server with gmod ports as a whitelisted IP only able to refrence to it with an authentication key, only useable BY that IP), it would look something like this:
*Assume this is PHP or whatever you would use on a website/server
[CODE]
RecevieTable(UnconnectedTable, "SomeIdShit1", function()
UnconnectedTable = VarC
VarC.v12 = VarC.v9
VarC.v10 = VarC.v8
VarC.v11 = VarC.v7
//Assume this is a metafunction with code being added and run.
//Maybe this will get attached with the table or just written to the server, doesn't really matter that much
function ObfuscatedFunctionName:add (VarCv1, VarCv2, VarCv3)
VarC.v5 = VarCv1
VarC.v6 = VarCv2
VarC.v4 = VarCv3
end
UnconnectedTable = ConnectedTable
SendToGmodServer(ConnectedTable, "SomeIdShit2")
end)
[/CODE]
Below is a nice little refrence of how the vars are connected (with the paranthensis showing how far it is connected).
[CODE]
// v1 = v9 ((Dmg))
// v2 = v8 ((Victim))
// v3 = v7 ((Attacker))
// v4 = v3 (((Attacker)))
// v5 = v1 (((DMG)))
// v6 = v2 (((Victim)))
// v7 = attacker
// v8 = victim
// v9 = dmg
// v10 = v8 (Victim)
// v11 = v7 (Attacker)
// v12 = v9 (Dmg)
[/CODE]
The only problem I have yet to figure out is how to make one variable a constant reference to another. If I just do v1 = v2, v1 won't update when v2 does. I am going to be looking further into this. But if I can somehow make it state on the website and define constant variables, I think this system would be golden.
TL;DR/Alternatve Explanation.
Gmod server has the whole script with all the dots unconnected (the dots being variables). Website DRM connects all the dots. Since there is no way to read actual variable names in Lua (like if I do var1 = var2, you can't do print(var2) or some shit, it will only give you a value, not the actual variable name) unless you use C++ and try an get refrence ID numbers and such (which I highly doubt people would go and do that because it's too much work), this system can't be exploited unless you have a shitty authentication system of where anyone can get your code where the "dots" are connected.
Unless I'm missing something, this can be done. I just wanna know how I can go about doing it.
Of course, Marcuz just told me to use bytecode with my own Lua VM. Seems like a 10x easier option.
http.fetch was used by scriptenforcer, that's a method to use but not at all secure tbh
[QUOTE=SmithStanley;52284532]http.fetch was used by script enforcer, that's a method to use but not at all secure tbh[/QUOTE]
Yea, I realize how ScriptEnforcer did it. I don't really know their system but I plan on creating something along the lines of "If your code is different from what I have set in my code, then you sir are b-b-b-b-b-b-b-banned"
It would grab the file code and make sure they aren't trying to read it or anything of the such. Of course, people could just go to source and do it by C++ but like 80% of "Lua Devs" don't know shit, the other 20% most likely don't know C++. Otherwise they wouldn't be in gmod so to speak. It would also make sure the IP is that of the server, and make sure that the port is also a gmod server. To prevent people from trying to connect to it with an authkey on their computer.
[editline]28th May 2017[/editline]
Another guy also gave me advice on just hard coding some shit and making it so they must call it from my server, and it wouldn't be written to their server. (His example) would be like dark rp jobs. They could only refrence it from their server but it wouldn't actually fetch anything.
[QUOTE=PerkyMcRibs;52284542]80% of "Lua Devs" don't know shit, the other 20% most likely don't know C++. Otherwise they wouldn't be in gmod so to speak.[/QUOTE]
Obviously, that's the reason we're all doing this; we simply don't know how to code in a [I]real language.[/I]
:hammered:
[QUOTE=TFA;52284852]Obviously, that's the reason we're all doing this; we simply don't know how to code in a [I]real language.[/I]
:hammered:[/QUOTE]
The point is that most people who interact with Gmod Lua don't really know anything beyond it. The people who do don't have the time or want to spend the time cracking addons.
Also, again. Please don't reply unless you're actually helping me understand the system. I would like to know more about bytecode and Lua VM and how it works. If anyone can link easy to understand tuts that would be great. I saw a couple when googling but they are really technical with VM's (which I have never worked with)
If you can't wrap your head around simple concepts as variable remapping then I would advise not trying to learn something as complex as the LuaJIT VM and bytecode structure as it's mostly undocumented and where it is, it is very hard to understand.
If you want to start with something much, much simpler try remaking this: [url]https://github.com/lua/lua/blob/master/lvm.c[/url]
I'd also advise against making your own DRM if you haven't a clue about any types of security or have the willpower to do hard research and study source code of what you want to replicate.
[QUOTE=MeepDarknessM;52285044]If you can't wrap your head around simple concepts as variable remapping then I would advise not trying to learn something as complex as the LuaJIT VM and bytecode structure as it's mostly undocumented and where it is, it is very hard to understand.
If you want to start with something much, much simpler try remaking this: [url]https://github.com/lua/lua/blob/master/lvm.c[/url]
I'd also advise against making your own DRM if you haven't a clue about any types of security or have the willpower to do hard research and study source code of what you want to replicate.[/QUOTE]
I'm looking at this as a black and white situation.
For my security it would be if the IP and Port, that is requesting the remapping, is one of the whitelisted IP's and Port's then check the authentication key. If it matches to that IP, then allow the request. Not really sure how it could be exploited, again, looking at this from a black and white perspective.
As for variable remapping, I haven't heard that term. I tried googling it for Lua, is it the same thing as pointer refrence in C++?
That's basically what I am trying to do, I make each variable a pointer refrence to the prevouise variable that it represents. I tried reading up on it but lots of people say it can only be done by tables. Of course if I do it by tables, anyone can just print it and have the whole system.
[QUOTE=PerkyMcRibs;52284499]I want to create my own DRM system for gmod.[/QUOTE]
[QUOTE=PerkyMcRibs;52284499]I know that the server fetches the Lua code from the server and just runs it.[/QUOTE]
[QUOTE=PerkyMcRibs;52284499]I know basic HTML[/QUOTE]
Hilarious
[highlight](User was banned for this post ("Trolling - Not very helpful to anyone even if the dudes not great" - icemaz))[/highlight]
[QUOTE=VXP;52287594]Hilarious[/QUOTE]
Can you go away? Stop shitposting and just trolling.
[highlight](User was banned for this post ("Report or PM a mod if people are trolling/flaming" - icemaz))[/highlight]
Sorry, you need to Log In to post a reply to this thread.
