There are a lot of cheats in GMod, and not a lot of resources that can teach you how to fight them. For the most part, cheaters have no idea what they're doing, blindly download hacks, and join random DarkRP servers. Unfortunately, not everybody is like that. There is the 1% who know what they're doing and are able to create their own cheats and circumvent whatever you have in place. I made this in the hopes that it will at least teach people how to make a decent anti cheat. Obviously you can't stop 100% of all cheating, so please, don't post saying that this thread is dumb/pointless. [b][i]I know it's impossible to stop all cheating, thank you.[/i][/b] Another thing I want to add is that I'm not perfect. I don't know all the rules, I don't know all the quirks, and I'm no master of Lua. I haven't even actually created an anti cheat, I've just been in the GLua business for a while. [B][I]If you see something that's wrong or could be improved, please, tell me so I can fix it. You can even contribute your own stuff and I will add it to the OP.[/I][/B]
The point of this thread is to teach you how to stop experienced cheaters: the ones who are above the average skid but aren't quite yet at the level of being able to say that they are fairly advanced at cheating. Although this guide may teach you to catch even cheaters that are at the top, you'll probably be catching the medium level cheaters, as I said before. Furthermore, this thread assumes you know how to work with Garry's Mod. I'm not going to hold your hand and teach you about Lua. With all of that jargon out of the way, let's get started.
[b]Loading First[/b]
Your first objective when creating an anti cheat is to load first, that is, before any other file has loaded. This step is optional, but I highly recommend it, as it vastly increases the security of your anti cheat.
The very first file to be ran is [B]garrysmod/lua/includes/init.lua[/B]. This file is core to GMod and your game would break if it didn't load, since it loads every other core GLua feature. A nifty little thing you can do is actually replace init.lua with your own version - without [I]actually[/I] replacing the file. To do this, you simply mimic its file path in your addon. I'll name my addon [B]hat-trick[/B], and will use it throughout the rest of this guide.
[IMG]http://i.imgur.com/DUnt3vK.png[/IMG]
As you can see in the image, I mirrored the path to the file in my addon. If you were eager enough to launch your server after I just told you about this little trick, you're probably wondering why your server just shit itself.
[IMG]http://i.imgur.com/1lOQJD7.png[/IMG]
Since we overrode the init file, the core functions of GMod never load, and your server goes kaput. Remember, this is a SHARED file, so the server runs it too. To overcome this obstacle, simply all we need to do is copy and paste all the code from the [B]original[/B] init file to [B]our[/B] init file. Yes, it's that simple. The only other step you need to do is to add your own code to the bottom of the file. Since you only really need to load first on the client, your code should look like this.
[CODE]-- The original init file's contents
if (CLIENT) then
-- Anti cheat stuff for the client to load
end[/CODE]
We haven't yet created a file for the anti cheat to load, so we should probably get on that now. Go ahead and create a folder in the same place as init.lua. In the folder, create a lua file. This is how I've done it.
[IMG]http://i.imgur.com/QAqrx7g.png[/IMG]
And here's the init file.
[CODE]-- The original init file's contents
if (CLIENT) then
include("hat-trick/hat-trick.lua")
end[/CODE]
Congratulations for making it this far. Now, it's onto the next section.
[B]Garbage[/B]
So we've got our anti cheat loaded first before any other addon, but unfortunately, this isn't enough. There exists methods to load even before this. Although only possible through cheats created in C++, it is still a threat nonetheless. If they've loaded before your anti cheat, they can take measures to deceive it. Such is the never ending struggle between cheat and anti cheat. For those that don't take measures against your anti cheat (aka 99.9% of cheaters), here is your first step to catching them. When a script loads, the amount of memory Lua uses increases. There exists a function, [URL="http://wiki.garrysmod.com/page/Global/collectgarbage"]collectgarbage[/URL], to retrieve the amount of memory in use by Lua. The function actually serves multiple purposes, but for our objective, we specifically want to use it for this purpose. We can get the amount of memory (in kilobytes) by executing the [B]count[/B] command in the function.
[CODE]local memory = collectgarbage("count")[/CODE]
You're probably wondering why this is useful, but I bet some of you keen readers are understanding where this is going. Since executing a script increases the amount of memory in use, we can check to see if any foreign scripts have loaded before us. Something as simple as printing the number 1 will change the value returned by the function, although very insignificantly. Take a look at this example.
[CODE]local memory = collectgarbage("count")
-- The original init file's contents
if (CLIENT) then
include("hat-trick/hat-trick.lua")
end[/CODE]
On my [B]server[/B] (not client), the value of [B]memory[/B] is [B]711.787109375[/B]. This number is, in my experience, consistent. Although I am unsure of this myself, the number for your server or client may change, so I don't recommend banning someone over a billionth of a byte being higher than what you expected. Another thing you may want to do is actually receive the amount of memory both before and after loading the core init script, or maybe even after loading your anti cheat's file. Doing this is very simple, but this stuff is entirely up to you.
[CODE]local memory = collectgarbage("count")
-- The original init file's contents
memory = collectgarbage("count") - memory
if (CLIENT) then
include("hat-trick/hat-trick.lua")
end[/CODE]
If the memory is higher than expected, you may set a global for your anti cheat to use. How you handle this is entirely up to you. [B]Remember, I did this for my server, not my client. Use proper if statements. I am running the code on the server only as an example. Use proper if statements to make it run only on the client. Don't check for super tiny decimal places, check for more significant increases in memory. As a reference, the original value for my memory's difference was 338.4326171875 and was increased to 338.947265625 after I simply printed the number 1. Beware of GMod updates increasing the amount of memory on startup, and thus, causing false positives.[/b]
[B][highlight]The memory returned will be different on different operating systems. You can use these functions to check which operating system the client is running, and compare accordingly.[/highlight][/B]
[img]http://wiki.garrysmod.com/favicon.ico[/img] [url=http://wiki.garrysmod.com/page/system/IsWindows]system.IsWindows[/url]
[img]http://wiki.garrysmod.com/favicon.ico[/img] [url=http://wiki.garrysmod.com/page/system/IsLinux]system.IsLinux[/url]
[img]http://wiki.garrysmod.com/favicon.ico[/img] [url=http://wiki.garrysmod.com/page/system/IsOSX]system.IsOSX[/url]
[B]Function Integrity[/B]
Making sure the functions you're using are not detoured is an important thing. Detoured functions usually mean either that an addon has detoured it or the player has detoured: probably to cheat or find out how your AC functions. It's important you don't ban everybody just because Wiremod or whatever decided to detour RunString, so take into consideration the fact that detouring functions is a legitimate thing if you're a legitimate developer. Here's a few simple methods on making sure your functions are safe.
First off, save your functions. At the top of your anti cheat file (hat-trick.lua for me), save a local copy of functions you want to use. That way, you'll (hopefully) have access to the original functions. Cheats won't be able to simply detour your functions then. I'll use
For someone who was planning to later develop his own personal anti-cheat this is very useful! Thanks writing this up!
I never found out how RunString, PCall and such can be used to cheat? Mind explaining me those?
[QUOTE=whitestar;48749875]I never found out how RunString, PCall and such can be used to cheat? Mind explaining me those?[/QUOTE]
If RunString is detoured, the client can log what is sent through it, which means code that you want to be private is exposed. pcall is completely unrelated, I just used it in that example to check if string.dump threw an error.
[img]http://wiki.garrysmod.com/favicon.ico[/img] [url=http://wiki.garrysmod.com/page/Global/CompileString]Global.CompileString[/url] is actually better to use than RunString, I just used RunString as an example. It is just as susceptible as RunString, it just works better because you can check for compiling errors and you can use a custom identifier.
Ahh, thanks very much!
[QUOTE=man with hat;48749267][B]Garbage[/B]
So we've got our anti cheat loaded first before any other addon, but unfortunately, this isn't enough. There exists methods to load even before this. Although only possible through cheats created in C++, it is still a threat nonetheless. If they've loaded before your anti cheat, they can take measures to deceive it. Such is the never ending struggle between cheat and anti cheat. For those that don't take measures against your anti cheat (aka 99.9% of cheaters), here is your first step to catching them. When a script loads, the amount of memory Lua uses increases. There exists a function, [URL="http://wiki.garrysmod.com/page/Global/collectgarbage"]collectgarbage[/URL], to retrieve the amount of memory in use by Lua. The function actually serves multiple purposes, but for our objective, we specifically want to use it for this purpose. We can get the amount of memory (in kilobytes) by executing the [B]count[/B] command in the function.
[CODE]local memory = collectgarbage("count")[/CODE]
You're probably wondering why this is useful, but I bet some of you keen readers are understanding where this is going. Since executing a script increases the amount of memory in use, we can check to see if any foreign scripts have loaded before us. Something as simple as printing the number 1 will change the value returned by the function, although very insignificantly. Take a look at this example.
[CODE]local memory = collectgarbage("count")
-- The original init file's contents
if (CLIENT) then
include("hat-trick/hat-trick.lua")
end[/CODE]
On my [B]server[/B] (not client), the value of [B]memory[/B] is [B]711.787109375[/B]. This number is, in my experience, consistent.[/QUOTE] It's only consistent on each operating system, if you're only checking one value (which would be the windows one) then you're gonna get false positives for anyone using mac or linux.
Although this is a very good thread for beginners just keep in mind that all of these "anticheat" methods can not detect a c++ ESP or a proper C++ cheats and they never will thankfully.
I have had several experiences on many servers and none of the so called "anticheats" have ever worked against a pure c++ esp, I can't say the same for other features such as speedhack, bhop ect even if they are in c++ but these will almost never be bypassed. You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.
H). However I don't think there's any method to use aimbots on CAC servers as it will kick you for the slightest modification to the eye angles, but I guess this is a good thing because aimbots can only be used for bad unless maybe HackvHack or if the person has a disability...,,.
The only anticheat that is good in gmod is HAC (hex anticheat) it is amazing, even though that can't detect a c++ ESP it still is an amazing anticheat that other anticheats have stolen detection methods from and if i were to make an anticheat I would read this code [url]https://github.com/MFSiNC/HAC/tree/master/v13/HeX's%20AntiCheat[/url] first.
[QUOTE=serverwatch;48750285]You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.[/QUOTE] Except that [b]is[/b] cheating, you are getting an unfair advantage over other players.
[QUOTE=isnipeu;48750392]Except that [b]is[/b] cheating, you are getting an unfair advantage over other players.[/QUOTE]
Well it had to be done, I think its a FAIR advantage. and I'm not affecting other peoples experiences negatively so it's fine in my opinion., , , , ..,
[QUOTE=isnipeu;48750126]It's only consistent on each operating system, if you're only checking one value (which would be the windows one) then you're gonna get false positives for anyone using mac or linux.[/QUOTE]
Thanks, I've added that to the OP.
[QUOTE=serverwatch;48750285]Although this is a very good thread for beginners just keep in mind that all of these "anticheat" methods can not detect a c++ ESP or a proper C++ cheats and they never will thankfully.
I have had several experiences on many servers and none of the so called "anticheats" have ever worked against a pure c++ esp, I can't say the same for other features such as speedhack, bhop ect even if they are in c++ but these will almost never be bypassed. You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.
H). However I don't think there's any method to use aimbots on CAC servers as it will kick you for the slightest modification to the eye angles, but I guess this is a good thing because aimbots can only be used for bad unless maybe HVH or if the person has a disability.
The only anticheat that is good in gmod is HAC (hex anticheat) it is amazing, even though that can't detect a c++ ESP it still is an amazing anticheat that other anticheats have stolen detection methods from and if i were to make an anticheat I would read this code [url]https://github.com/MFSiNC/HAC/tree/master/v13/HeX's%20AntiCheat[/url] first.[/QUOTE]
You could at least take the time to read a single paragraph at the very beginning of the post.
[CODE]local memory = collectgarbage("count")
local RunString = RunString
...[/CODE]
Be careful if you are going to store these kinds of values on the client.
Remember that somes cheaters can be able to attack these values using:
[CODE]debug.getlocal / debug.setlocal[/CODE]
You may want too to detour debug.getlocal / debug.setlocal to prevent cheaters finding/changing your variables.
(And then report to server if a cheater is trying to change your local variables using debug.setlocal)
Also, fenv things can be a risk if I'm not wrong.
Some dll has to be on the hl2.exe (thinking about inb4autorun.dll) folder to work, don't forget you can use the undocumented "BASE_PATH" in file.Find's second argument, so you can scan the entire gmod folder.
[QUOTE=serverwatch;48750285]Although this is a very good thread for beginners just keep in mind that all of these "anticheat" methods can not detect a c++ ESP or a proper C++ cheats and they never will thankfully.
I have had several experiences on many servers and none of the so called "anticheats" have ever worked against a pure c++ esp, I can't say the same for other features such as speedhack, bhop ect even if they are in c++ but these will almost never be bypassed. You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.
H). However I don't think there's any method to use aimbots on CAC servers as it will kick you for the slightest modification to the eye angles, but I guess this is a good thing because aimbots can only be used for bad unless maybe HackvHack or if the person has a disability...,,.
The only anticheat that is good in gmod is HAC (hex anticheat) it is amazing, even though that can't detect a c++ ESP it still is an amazing anticheat that other anticheats have stolen detection methods from and if i were to make an anticheat I would read this code [url]https://github.com/MFSiNC/HAC/tree/master/v13/HeX's%20AntiCheat[/url] first.[/QUOTE]
You'd think that someone who coined the term "Big Server Men" would recommend something from someone who didn't prove time and time again to be a psychopath.
[QUOTE=serverwatch;48750285]Although this is a very good thread for beginners just keep in mind that all of these "anticheat" methods can not detect a c++ ESP or a proper C++ cheats and they never will thankfully.
I have had several experiences on many servers and none of the so called "anticheats" have ever worked against a pure c++ esp, I can't say the same for other features such as speedhack, bhop ect even if they are in c++ but these will almost never be bypassed. You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.
H). However I don't think there's any method to use aimbots on CAC servers as it will kick you for the slightest modification to the eye angles, but I guess this is a good thing because aimbots can only be used for bad unless maybe HackvHack or if the person has a disability...,,.
The only anticheat that is good in gmod is HAC (hex anticheat) it is amazing, even though that can't detect a c++ ESP it still is an amazing anticheat that other anticheats have stolen detection methods from and if i were to make an anticheat I would read this code [url]https://github.com/MFSiNC/HAC/tree/master/v13/HeX's%20AntiCheat[/url] first.[/QUOTE]
Can you stop posting we already know this you don't have to flaunt your ~C++ undetectable esp~ that is most likely under 10 lines long including player iteration. While not detectable it can be rendered useless.
Thanks for this thread, I'll finally be able to bypass those pesky anticheats!
[QUOTE=serverwatch;48750285]Although this is a very good thread for beginners just keep in mind that all of these "anticheat" methods can not detect a c++ ESP or a proper C++ cheats and they never will thankfully.
I have had several experiences on many servers and none of the so called "anticheats" have ever worked against a pure c++ esp, I can't say the same for other features such as speedhack, bhop ect even if they are in c++ but these will almost never be bypassed. You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.
H). However I don't think there's any method to use aimbots on CAC servers as it will kick you for the slightest modification to the eye angles, but I guess this is a good thing because aimbots can only be used for bad unless maybe HackvHack or if the person has a disability...,,.
The only anticheat that is good in gmod is HAC (hex anticheat) it is amazing, even though that can't detect a c++ ESP it still is an amazing anticheat that other anticheats have stolen detection methods from and if i were to make an anticheat I would read this code [url]https://github.com/MFSiNC/HAC/tree/master/v13/HeX's%20AntiCheat[/url] first.[/QUOTE]
There are [B]Lua[/B] anticheats that are currently in development/in use that can detect C++ ESP's, It's just that not many people know about them.
Checking for bad metatables on objects like _G, net.Receivers, hook.Hooks and concommand.CommandList, where there shouldn't be a metatable is very useful to detect cheaters. Cheats use this to hide added concommands and hooks.
debug.getlocal(func, index) can also be used to check function integrity - cheats may detour the function and change the parameter names, and debug.getlocal doesn't show C-function's parameters aswell.
Blue Kirby's convar query module is very useful aswell, it's only server-side ([URL]https://facepunch.com/showthread.php?t=1311304[/URL]).
[QUOTE=serverwatch;48750285]Although this is a very good thread for beginners just keep in mind that all of these "anticheat" methods can not detect a c++ ESP or a proper C++ cheats and they never will thankfully.[/QUOTE]
"thankfully". What? How is this a good thing?
[QUOTE=serverwatch;48750285]
I have had several experiences on many servers and none of the so called "anticheats" have ever worked against a pure c++ esp, I can't say the same for other features such as speedhack, bhop ect even if they are in c++ but these will almost never be bypassed. You may ask why are you using a c++ esp? Simply for utility, to find players quicker and to make sense of the map, not to cheat but just because its useful for DarkRP and other servers that are similar ect.
The only anticheat that is good in gmod is HAC (hex anticheat) it is amazing, even though that can't detect a c++ ESP it still is an amazing anticheat that other anticheats have stolen detection methods from and if i were to make an anticheat I would read this code [URL]https://github.com/MFSiNC/HAC/tree/master/v13/HeX's%20AntiCheat[/URL] first.[/QUOTE]
99.9% of the GMod community can't make their own proper bypass (or even an sv_allowcslua forcer).
The reason anticheats fail to detect pure C-based cheats is because there is barely any way to detect them. You'll only detect them if they leave traces in the engine (cvars, concommands), or if they modify the lua_State badly. Speedhack is incredibly easy to detect but also prone to false-positives, along with bhop - even if done in C.
In what way is a pure C++ ESP a "utility to find players"? That isn't an excuse at all.
[QUOTE=serverwatch;48750285]
I don't think there's any method to use aimbots on CAC servers as it will kick you for the slightest modification to the eye angles
[/QUOTE]
CAC's aimbot detection is off by default (iirc) and is known to be pretty bad.
[QUOTE=stev_;48752168]
CAC's aimbot detection is off by default (iirc) and is known to be pretty bad, as it's difficult to reliably detect an aimbot.[/QUOTE]
Doesn't Ley's serverside AC have a really good aimbot detector?
Don't know, I'll change what I said in the original post.
[QUOTE=Liquidsocks;48752370]Doesn't Ley's serverside AC have a really good aimbot detector?[/QUOTE]
Well, LAC randomly banned people for doing nothing for my server.
So I think there's no really good aimbot anti cheat at the moment?
Sorry, you need to Log In to post a reply to this thread.
