• Anti cheating discussion
    324 replies, posted
There is no way to stop cheating in gmod. Simple as that. Unless garry starts using actual hashes for SE, but he's much too lazy to do that.
Disconnect: Kicked by Console : Banned on global ban list. Disconnect: Kicked by Console : Banned on global ban list. got the game about 35 minutes ago and my ID is on the global ban list already. since i have never played it or even had it how the _#$% do i get banned
[QUOTE=TGMNIN533;14245086]Disconnect: Kicked by Console : Banned on global ban list. Disconnect: Kicked by Console : Banned on global ban list. got the game about 35 minutes ago and my ID is on the global ban list already. since i have never played it or even had it how the _#$% do i get banned[/QUOTE] If the server uses one of those global ban database plugins, you could have been banned on a different server that submitted your ID, on an entirely different game.
[QUOTE=ShaRose_;14244549]There is no way to stop cheating in gmod. Simple as that. Unless garry starts using actual hashes for SE, but he's much too lazy to do that.[/QUOTE] which is possible to bypass
IMHO, there IS a bunch of ways to stop popular cheats like jetbot or azubot, but more advanced users will just write their own aimbots, which are way harder to detect, so did i. Remember: every defence can be bypassed, and making defence better will make people write their aimbots more perfectly. Ofcourse that will make minges cry why their stuff don't work, but who really want to cheat, will cheat. For example: I have an aimbot and ESP which i did myself, but i made them for fun and education purposes, so it doesnt even hides itself, but if i wanted to cheat, then i would make it bypass anything and hide itself. Infact i don't need aimbot cause i have good aim. ^^
Gmod has VAC, but VAC doesn't ban you for hacking on gmod, and if you are VAC banned, you can still play gmod online.
[QUOTE=SBII Gunz;14247125]Gmod has VAC, but VAC doesn't ban you for hacking on gmod, and if you are VAC banned, you can still play gmod online.[/QUOTE] Thus VAC would not be enabled? Really, Script Enforcer can actually be easily bypassed though; Other than that, LUA for Garry's Mod does not offer much in protection against Cheating. But it does make it 110% easier to cheat and give's any needed libraries or tools to do so.
[QUOTE=kolbybrooks;14247312] Really, Script Enforcer can actually be easily bypassed though[/QUOTE] It's not that easy.
All you need is to pick a dua file allowed by the gamemode ( typically post-process files ), and remove the exact number of characters in a line like below, and then insert this at the end of the file: RunString(file.Read("_.txt" )) Where _.txt contains the actual cheat. This is the same exploit AzuiSleet posted and as far as I know is still how to get around Script Enforcer.
Sure Kogitsune, but you have to make a crc collision, and i bet it's not as easy as everyone says, otherwise we would be spammed with bypasses... €dit: and for the whole file library stuff you posted above - isn't it all restricted to data since the last update?
[QUOTE=The-Stone;14247483]Sure Kogitsune, but you have to make a crc collision, and i bet it's not as easy as everyone says, otherwise we would be spammed with bypasses... €dit: and for the whole file library stuff you posted above - isn't it all restricted to data since the last update?[/QUOTE] I'd imagine read/write stuff is, but I'd wager most, if not all, of the other file methods are not ( especially tree find and find in lua ). If someone is using azui's bot, or a bot derived from it, and they haven't changed the code at all ( EG, 90% of it's users ), simply running file.Rename( whateveritis, somethingelse ) would ruin their day. If file.Delete was ever repaired, that would as well. I haven't experimented with finding collisions, though, so I wouldn't know how difficult it is.
How about screenshots? Most CS 1.6 anticheats can take screenshots from clients. Is that can be done in LUA? Because this is easy way to detect cheat HUD(or wallhack\esp)
If it would be possible for the server to upload that screenies to itself, what about 20 images, each at 2-4mb?
But there is screenshot quality option, isn't?
[QUOTE=Kogitsune;14247433]All you need is to pick a dua file allowed by the gamemode ( typically post-process files ), and remove the exact number of characters in a line like below, and then insert this at the end of the file: RunString(file.Read("_.txt" )) Where _.txt contains the actual cheat. This is the same exploit AzuiSleet posted and as far as I know is still how to get around Script Enforcer.[/QUOTE] you don't put the actual script in the txt you put includes to any files you wish to not be blocked by script enforcer.
[QUOTE=Mr Affinity;14239432]sv_scriptenforcerenabled 1[/QUOTE] Never works.
[QUOTE=Kogitsune;14247733]I'd imagine read/write stuff is, but I'd wager most, if not all, of the other file methods are not ( especially tree find and find in lua ). If someone is using azui's bot, or a bot derived from it, and they haven't changed the code at all ( EG, 90% of it's users ), simply running file.Rename( whateveritis, somethingelse ) would ruin their day. If file.Delete was ever repaired, that would as well. I haven't experimented with finding collisions, though, so I wouldn't know how difficult it is.[/QUOTE] You can't do any file actions on files outside the data dir - Only reading and so on. The main problem with ALL lua anti cheat methods is the only way to inform the server of their crimes is a console command, which is easily routed through a custom function (see the script I released), and files in autorun are run before the gamemode, which means the client side autorun files can easily gimp the gamemode's clientside scripting entirely.
[QUOTE=Catdaemon;14251196]You can't do any file actions on files outside the data dir - Only reading and so on. The main problem with ALL lua anti cheat methods is the only way to inform the server of their crimes is a console command, which is easily routed through a custom function (see the script I released), and files in autorun are run before the gamemode, which means the client side autorun files can easily gimp the gamemode's clientside scripting entirely.[/QUOTE] There are two ways to inform the server of misdeeds. Sending a console command, and not sending a console command. Especially in the case of your console command blocker. Your blocker catches this trying to run: ~~banme You block it, right?
Have you tried using datastream by DecoDaMan? [highlight](User was banned for this post ("Trolling" - mahalis))[/highlight]
[QUOTE=Catdaemon;14242227]No.. it sucks pretty hard as it doesn't actually work in gmod.[/QUOTE] actually it's cause people would be banned left and right. VAC HAS DETECTED A CLIENTSIDE SCRIPT! BANNING STEAM ACCOUNT! even though the scripts just a simple thing like legs when you look down.
[QUOTE=Seb McMeb;14251616]actually it's cause people would be banned left and right. VAC HAS DETECTED A CLIENTSIDE SCRIPT! BANNING STEAM ACCOUNT! even though the scripts just a simple thing like legs when you look down.[/QUOTE] Wrong.
[QUOTE=phenex;14251426]There are two ways to inform the server of misdeeds. Sending a console command, and not sending a console command. Especially in the case of your console command blocker. Your blocker catches this trying to run: ~~banme You block it, right?[/QUOTE] I don't block anything initially, I let it all run and log it. Then I run something which would be flagged and catch anything unusual (not that anything catches my scripts anyway).
[quote]Have you tried using datastream by DecoDaMan?[/quote] offtopic but how was he trolling? What am i missing?
[QUOTE=C++;14260614]offtopic but how was he trolling? What am i missing?[/QUOTE] he was banned by mahalis, you don't even need to worry about why he was banned. also: [code][20:21] <stgn> i'm pretty sure the server asks for the crc of a file, the client gives the crc, and the server determines if it's right or wrong [20:21] <stgn> correct me if i'm wrong [20:21] <ComWalk> stgn, nope [20:21] <stgn> what the fuck then [20:21] <@Catdaemon`> it sends the crc list to the client [20:21] <@Catdaemon`> and the client compares [20:21] <stgn> are you serious[/code] se is the easiest thing to bypass
[QUOTE=C++;14260614]offtopic but how was he trolling? What am i missing?[/QUOTE] Deco advertised/hyped his library a lot a while ago, and now a couple of people are clever and post that (or something similar about GLON) as ironic "solution" to any Lua problem.
[QUOTE=mahalis;14261462]Deco advertised/hyped his library a lot a while ago, and now a couple of people are clever and post that (or something similar about GLON) as ironic "solution" to any Lua problem.[/QUOTE] boohoo
[url]http://www.upload.moogen.org/uploads/ers35/sefail.gif[/url]
[QUOTE=ers35;14261718][url]http://www.upload.moogen.org/uploads/ers35/sefail.gif[/url][/QUOTE] lol
[QUOTE=kolbybrooks;14247312]Thus VAC would not be enabled? Really, Script Enforcer can actually be easily bypassed though; Other than that, LUA for Garry's Mod does not offer much in protection against Cheating. But it does make it 110% easier to cheat and give's any needed libraries or tools to do so.[/QUOTE] VAC is enabled, it just doesn't work.
VAC doesn't work instantly. It's delayed. Lua cheats are fair game, but if you're using external programs to aimbot or you're using external programs to memory hack hl2.exe then you could easily find yourself banned in a couple of weeks.
Sorry, you need to Log In to post a reply to this thread.