Hello.
Anyone can help with blocking lua_openscript_cl? I would like to ban player when it`s used.
I think many of you will post things like "Learn Lua, here`s the link....".
[QUOTE=xSkyer;47355173]Hello.
Anyone can help with blocking lua_openscript_cl? I would like to ban player when it`s used.
I think many of you will post things like "Learn Lua, here`s the link....".[/QUOTE]
You can set sv_allowcslua convar to 0 on server but it's still bypassable. There's nothing much you can do to fully secure it.
[QUOTE=mijyuoon;47355210]You can set sv_allowcslua convar to 0 on server but it's still bypassable. There's nothing much you can do to fully secure it.[/QUOTE]
I know it, some people bypasses it on my DarkRP server.
GetConVarNumber on sv_allowcslua client-side, and send a net message to the server to kick them? Also, DarkRP defaults sv_allowcslua to 1 as far as I know, so you might want to change that.
Honestly very few people actually force sv_allowcslua to cheat anymore, so you may as well just invest in making a full anti-cheat.
What about Quack-AC? It`s free, but when i add it, advanced duplicator 2 doesn`t pastes things.
[QUOTE=xSkyer;47355865]What about Quack-AC? It`s free, but when i add it, advanced duplicator 2 doesn`t pastes things.[/QUOTE]
don't use QAC, use [URL="http://facepunch.com/showthread.php?t=1426843"]LeyAC[/URL] or [URL="https://scriptfodder.com/scripts/view/460"]CAC[/URL]
If they are doing things with lua, the best idea is not to just check/enforce sv_allowcslua, it's better to just anti-cheat. I know LeyAC and QAC are both public and are a decent choice for protection, or you could make your own with a few methods.
Few examples of methods:
_G count
Garbage count
Hook whitelisting
Convar state checking
It's not too hard to get around these but bear in mind 90% of cheaters are just skids.
[B]EDIT:[/B]
An example of why only checking sv_allowcslua is bad
[IMG]http://puu.sh/gH3em/cb3a6f0b18.png[/IMG]
Ha, przyszła koza do woza.
Niestety to jest moje królestwo :>
There isn't just one solution, any anticheat can be bypassed and so can be sv_allowcslua.
[editline]19th March 2015[/editline]
Both LeyAC and CAC get rekt with C written lua hacks.
[QUOTE=Q2F2ZSBKb2huc;47355914]If they are doing things with lua, the best idea is not to just check/enforce sv_allowcslua, it's better to just anti-cheat. I know LeyAC and QAC are both public and are a decent choice for protection, or you could make your own with a few methods.
Few examples of methods:
_G count
Garbage count
Hook whitelisting
Convar state checking
It's not too hard to get around these but bear in mind 90% of cheaters are just skids.
[B]EDIT:[/B]
An example of why only checking sv_allowcslua is bad
[IMG]http://puu.sh/gH3em/cb3a6f0b18.png[/IMG][/QUOTE]
Garbage count and _G count are only effective for pre-ac runs. However, garbage count has been proven very effective,
because even the slightest change before the AC runs triggers it. Just alone trying to overwrite it, will result in a difference garbage count.
_G is very effective too because of all the noobs creating globals, and _R is also really good.
They generally are the most effective methods for pre-ac run checking.
[QUOTE=Netheous;47355939]Ha, przyszła koza do woza.
Niestety to jest moje królestwo :>
There isn't just one solution, any anticheat can be bypassed and so can be sv_allowcslua.
[editline]19th March 2015[/editline]
Both LeyAC and CAC get rekt with C written lua hacks.[/QUOTE]
wrong.
funny enough there hasn't been a single c written lua hack that did.
There has however been a C++ DLL though, which can bypass pretty much any anticheat, but it has been made by me, and is only in my possession.
[QUOTE=Leystryku;47356057]Garbage count and _G count are only effective for pre-ac runs. However, garbage count has been proven very effective,
because even the slightest change before the AC runs triggers it. Just alone trying to overwrite it, will result in a difference garbage count.
_G is very effective too because of all the noobs creating globals, and _R is also really good.
They generally are the most effective methods for pre-ac run checking.
wrong.
funny enough there hasn't been a single c written lua hack that did.
There has however been a C++ DLL though, which can bypass pretty much any anticheat, but it has been made by me, and is only in my possession.[/QUOTE]
How can you be so sure? Do you spend your whole evening browsing skid-forums?
The fact is - if there is any anticheat, there will sooner or later be a bypass.
[QUOTE=Netheous;47357193]How can you be so sure? Do you spend your whole evening browsing skid-forums?
The fact is - if there is any anticheat, there will sooner or later be a bypass.[/QUOTE]
Actually, you can't really say that.
No serverside anticheat methods can be bypassed.
It's only possible to avoid some ( but not even that is always possible, best example=Speedhacking ).
For all good anticheats up to now, there hasnt been a working spread ( not even privately ) , or no bypass yet ,
the only thing you generally hear about is people just using C++ cheats, but that's not bypassing the AC but rather avoiding the checks,
since everything that would normally detect you still does ( e.g. LocalPlayer():SetEyeAngles(ang) ).
I'm mostly involved with the anti-cheating and cheating scene.
The current problem is that the amount of people with good knowledge has dropped, aka the amount of skids increased a lot.
[QUOTE=Leystryku;47357667]Actually, you can't really say that.
No serverside anticheat methods can be bypassed.
It's only possible to avoid some ( but not even that is always possible, best example=Speedhacking ).
For all good anticheats up to now, there hasnt been a working spread , or no bypass yet ( not even privately ),
the only thing you generally hear about is people just using C++ cheats, but that's not bypassing the AC but rather avoiding the checks,
since everything that would normally detect you still does ( e.g. LocalPlayer():SetEyeAngles(ang) ).
I'm mostly involved with the anti-cheating and cheating scene.
The current problem is that the amount of people with good knowledge has dropped, aka the amount of skids increased a lot.[/QUOTE]
MPGH and other shitty forums really aren't a good source of what the cheating scene is doing in gmod
[QUOTE=Smt;47357788]MPGH and other shitty forums really aren't a good source of what the cheating scene is doing in gmod[/QUOTE]
I feel like you didn't read my post and just posted some random message, because I never said that all my resources are forums ( especially MPGH, considering the amount of paste and spam there ).
[QUOTE=Leystryku;47357667]Actually, you can't really say that.
No serverside anticheat methods can be bypassed.
It's only possible to avoid some ( but not even that is always possible, best example=Speedhacking ).
For all good anticheats up to now, there hasnt been a working spread ( not even privately ) , or no bypass yet ,
the only thing you generally hear about is people just using C++ cheats, but that's not bypassing the AC but rather avoiding the checks,
since everything that would normally detect you still does ( e.g. LocalPlayer():SetEyeAngles(ang) ).
I'm mostly involved with the anti-cheating and cheating scene.
The current problem is that the amount of people with good knowledge has dropped, aka the amount of skids increased a lot.[/QUOTE]
setting viewangles with the engine pointer (NOT user cmd's) in c++ doesn't get you smacked by anticheats
[QUOTE=anime dad;47358065]setting viewangles with the engine pointer (NOT user cmd's) in c++ doesn't get you smacked by anticheats[/QUOTE]
Used to think the same a long time ago, sadly it's not true.
If you use CEngine::SetViewAngles, the only change will be that it'll set it the next tick ( which you can see here [url]http://pastebin.com/gz6EDC4Q[/url] ).
However, it works against CAC, but doesn't help against the fact that pretty much all other stuff still isn't changeable without detection.
[QUOTE=Leystryku;47357667]Actually, you can't really say that.
No serverside anticheat methods can be bypassed.
It's only possible to avoid some ( but not even that is always possible, best example=Speedhacking ).
For all good anticheats up to now, there hasnt been a working spread ( not even privately ) , or no bypass yet ,
the only thing you generally hear about is people just using C++ cheats, but that's not bypassing the AC but rather avoiding the checks,
since everything that would normally detect you still does ( e.g. LocalPlayer():SetEyeAngles(ang) ).
I'm mostly involved with the anti-cheating and cheating scene.
The current problem is that the amount of people with good knowledge has dropped, aka the amount of skids increased a lot.[/QUOTE]
Simply make your cheat more subtle. Me and a friend had a co-op going where we would make things like an auditory ESP (geiger counter that measured danger in TTT), a smooth aim-assist, etc. Client has supreme load order even without C. Really the best way to prevent cheating is having an active and mature admin team.
[QUOTE=Ott;47358133]Simply make your cheat more subtle. Me and a friend had a co-op going where we would make things like an auditory ESP (geiger counter that measured danger in TTT), a smooth aim-assist, etc. Client has supreme load order even without C. Really the best way to prevent cheating is having an active and mature admin team.[/QUOTE]
meh, that's where the problem lies.
in the case of CAC he has a really some really sneaky methods.
ESP and such stuff would be possible, but pretty much anything involving usercmd modification ( e.g. for an aim assist or bhop ) results in an instant ban.
However, you're kinda right about the thing with a subtle cheat. The more subtle a cheat is, the less "cheaty" stuff it does, the harder is detecting it.
I feel like we should return to the OP though, since this is slowly turning into a discussion about cheating.
I personally would recommend CAC, since I've stopped developing LeyAC and am only keeping it from breaking.
All bugs that currently may be reported to me are probably not going to be fixed.
QAC is a good free choice, it's simple, has a good method ( file source checking ) and get's rid of a huge chunk of cheaters.
CAC however, is in development, updated often, owned by a nice guy, and also is even better in detecting cheaters than CAC. So if you got some money, get CAC; else QAC.
[QUOTE=Q2F2ZSBKb2huc;47355914]If they are doing things with lua, the best idea is not to just check/enforce sv_allowcslua, it's better to just anti-cheat. I know LeyAC and QAC are both public and are a decent choice for protection, or you could make your own with a few methods.
Few examples of methods:
_G count
Garbage count
Hook whitelisting
Convar state checking
It's not too hard to get around these but bear in mind 90% of cheaters are just skids.
[B]EDIT:[/B]
An example of why only checking sv_allowcslua is bad
[IMG]http://puu.sh/gH3em/cb3a6f0b18.png[/IMG][/QUOTE]
If you deliberately turn off the basic anti script protection can you really ban people for running scripts?
Sorry, you need to Log In to post a reply to this thread.
