• Anti cheating discussion
    324 replies, posted
[QUOTE=Incompatible;14289299][lua] local OldRemove = hook.Remove function hook.Remove(Hook,Name) if (Name != "MyHook") then OldRemove(Hook,Name) end end [/lua] As I recall, there was a way of doing this not too long ago, I will have to check it out later when I get in game. As for trying to block 99% of cheaters with scripts, it still quite futile, it only takes one person cheating to ruin the server.[/QUOTE] So how is 5 noobs with JetBot better?
[QUOTE=slayer3032;14289924]So how is 5 noobs with JetBot better?[/QUOTE] I agree, it's better to have 1 cheater every now and again rather than to have 5 cheaters all the time.
wel, even 1 cheater is too much. and stil, if 1 cheater fucks up, then it doesnt matter if there are 30 people cheating or 1, as the gameplay is already fucked. so, always online admins are the best way to solve this.
[QUOTE=The-Stone;14287655]It doesn't block known cheats, it blocks everything unless you overwrite the Gamemode itself, and 99.9% of the GMod users can't do this at their own.[/QUOTE] [lua] local rget, rset = rawget, rawset --later in code local think, paint, cm, g g = rget( _G, "GM" ) or rget( _G, "GAMEMODE" ) or { } think = rget( g, "Think" ) paint = rget( g, "HUDPaint" ) cm = rget( g, "CreateMove" ) rset( g, "Think", function( ) YourThinkFunction( ) think( ) end ) rset( g, "HUDPaint", function( ) YourPaintFunction( ) paint( ) end ) --And so on [/lua] Really simple. That's all it takes to inject code into a gamemode function, probably even simpler ways that I didn't think of doing.
[QUOTE=Incompatible;14289299][lua] local OldRemove = hook.Remove function hook.Remove(Hook,Name) if (Name != "MyHook") then OldRemove(Hook,Name) end end [/lua] As I recall, there was a way of doing this not too long ago, I will have to check it out later when I get in game. As for trying to block 99% of cheaters with scripts, it still quite futile, it only takes one person cheating to ruin the server.[/QUOTE] You can tell if a function has been overwritten or not.
Why can't people just play Sandbox and be done with it?!?! (Well, Spacebuild too, since that's just basically a beefed up Sandbox in space) All this RP shit trying to disguise a DM game you could all just play CS:S or HL2:DM for. I mean, yeah, DM on Sandbox happens, but aimbots can also be overpowered by uber scripted weapons or by just surrounding yourself in cargo containers.
[QUOTE=Kogitsune;14290988] Really simple. That's all it takes to inject code into a gamemode function, probably even simpler ways that I didn't think of doing.[/QUOTE] local oldgm=GAMEMODE.HUDPaint function GAMEMODE.HUDPaint(self) oldgm(self) PaintESP() end
[QUOTE=Catdaemon;14291142]local oldgm=GAMEMODE.HUDPaint function GAMEMODE.HUDPaint(self) oldgm(self) PaintESP() end[/QUOTE] Well, I did forget to do stuff with self :/. I did the raw function to hide from listening to __index, __newindex, but some quick testing showed it as flawless. So, yeah, better solution there.
[QUOTE=Kogitsune;14283768][url=http://www.lua.org/manual/5.1/manual.html#pdf-debug.sethook]debug.sethook[/url]. I've never used it myself, but I imagine that would be fairly simple to find functions being called unless the script maimed the function. ( rawset( debug, "sethook", function( ) end ) )[/QUOTE] debug.sethook is brutally slow in pure Lua. [QUOTE=hegrec;14287777]Not sure if a SendLua can be intercepted.[/QUOTE] Yes, it can. JetBoom used SendLua to send anticheat code before ScriptEnforce was implemented. Everyone should know that a lua script is "invisibly" wrapped up in a function, when you run the script, you run that function, and debug.sethook can catch it before it does anything. You can't stop it from running in Lua, as far as I know, but you can use setfenv to change the _G environment that the function uses. In short, you can "teleport" SendLua code into a "parallel universe" where it can't get at you. [QUOTE=hegrec;14291120]You can tell if a function has been overwritten or not.[/QUOTE] How? By using debug.getinfo? Gee, I hope nobody overwrote THAT, too.
If I'm correct, when you download a client/shared file from a server this one is transfered into your garrysmod/cache/dua folder and renamed as "<insert number here>.dua". Basicaly, if you have knowledge of what file is used on what server, can't you insert your code into this one to trick scriptenforcer? Note that I have no knowledge of how scriptenforcer works.
[QUOTE=CrashLemon;14292124]If I'm correct, when you download a client/shared file from a server this one is transfered into your garrysmod/cache/dua folder and renamed as "<insert number here>.dua". Basicaly, if you have knowledge of what file is used on what server, can't you insert your code into this one to trick scriptenforcer? Note that I have no knowledge of how scriptenforcer works.[/QUOTE] no
[QUOTE=CrashLemon;14292124]If I'm correct, when you download a client/shared file from a server this one is transfered into your garrysmod/cache/dua folder and renamed as "<insert number here>.dua". Basicaly, if you have knowledge of what file is used on what server, can't you insert your code into this one to trick scriptenforcer? Note that I have no knowledge of how scriptenforcer works.[/QUOTE] Not quite, Scriptenforcer will check the CRC of the file and if it differs, send you the new one. You can however find a CRC collision and make your new script have the same result as the old one.
ye, its quite easy, just by modding the DUA for it, you can make look every script u have is in the gamemode itself, i can even hack my way intro the globals of any gamemode (0_o) like i can change in an dark rp server the payment to 9999999999999999999999999999999999999, wel u get the point. aslong as there's leaks in the lua protecting system, the admins/coders cant do any thing agenst it.
What's a DUA? Sorry for my ignorance.
[QUOTE=HubmaN;14299846]What's a DUA? Sorry for my ignorance.[/QUOTE] its an file that u download for every file/or only lua aslong as u can find the roght lua file for the right dua, u can do every thing even server side stuff.................. biggest leak as far as i found now... ... hacker vs server.. auto killing systems... every 5 se it selects all playeras and kill em truw serverside... disconecting.... varibles scoreboard modding binds... renaming the server.... banning.. kicking.... making random admins... ban the owner... this has to be fixed whit scriptenforecer before some one finds out how to do it like me... else.. we... are.... scruwed...
Surley the simplest method would be to have hash checks of files, and ones that don't check don't run. Plain n' simple. Just make it so clientfiles run AFTER they join.
[QUOTE=bromvlieg;14299855]its an file that u download for every file/or only lua aslong as u can find the roght lua file for the right dua, u can do every thing even server side stuff.................. biggest leak as far as i found now... ... hacker vs server.. auto killing systems... every 5 se it selects all playeras and kill em truw serverside... disconecting.... varibles scoreboard modding binds... renaming the server.... banning.. kicking.... making random admins... ban the owner... this has to be fixed whit scriptenforecer before some one finds out how to do it like me... else.. we... are.... scruwed...[/QUOTE] It mirrors Lua files you've downloaded? What?
[QUOTE=bromvlieg;14299855]its an file that u download for every file/or only lua aslong as u can find the roght lua file for the right dua, u can do every thing even server side stuff.................. biggest leak as far as i found now... ... hacker vs server.. auto killing systems... every 5 se it selects all playeras and kill em truw serverside... disconecting.... varibles scoreboard modding binds... renaming the server.... banning.. kicking.... making random admins... ban the owner... this has to be fixed whit scriptenforecer before some one finds out how to do it like me... else.. we... are.... scruwed...[/QUOTE] Wait, are you suggesting that by modifying .dua files on the client, you can control the server?
[QUOTE=bromvlieg;14299855]its an file that u download for every file/or only lua aslong as u can find the roght lua file for the right dua, u can do every thing even server side stuff.................. biggest leak as far as i found now... ... hacker vs server.. auto killing systems... every 5 se it selects all playeras and kill em truw serverside... disconecting.... varibles scoreboard modding binds... renaming the server.... banning.. kicking.... making random admins... ban the owner... this has to be fixed whit scriptenforecer before some one finds out how to do it like me... else.. we... are.... scruwed...[/QUOTE] Lol you noob, it only packages the client lua into that. No server stuff is in them files. And even you you were to edit that file, it would redownload from server.
[QUOTE=ChewGum;14300528]Lol you noob, it only packages the client lua into that. No server stuff is in them files. And even you you were to edit that file, it would redownload from server.[/QUOTE] not realy, if u can edit the downalded files, u can even let them send to the server back, i already tryed it on an random server, and it worked changing some serverside settings, turning em back later, made myself admin, removed it again, tryed to let ASS think i can use noclip, i could use commands at ULX truw server fucntons like test1-99 its quite easy if u know.. so we are scruwed if some one else finds out what i did how to do that and im not noob, im just smart to find out how hackers can strike, so, ur choice if u thin im noob, but im just saying what i know/what works [QUOTE=Lexi;14300479]Wait, are you suggesting that by modifying .dua files on the client, you can control the server?[/QUOTE] yes, if u know how it can be done as i say.
[quote="bromvlieg"]not realy, if u can edit the downalded files, u can even let them send to the server back, i already tryed it on an random server, and it worked changing some serverside settings, turning em back later, made myself admin, removed it again, tryed to let ASS think i can use noclip, i could use commands at ULX truw server fucntons like test1-99 its quite easy if u know.. so we are scruwed if some one else finds out what i did how to do that [/quote] Wait, now you are suggesting that the server wants to download your modified Dua-files? Probably there was just a part in the code that accepted any data the client gave to it, or some weird mess in a shared file, that contained information on how to access the server commands without authentication. But the server does not download your .dua-files.
[QUOTE=bromvlieg;14300773]not realy, if u can edit the downalded files, u can even let them send to the server back, i already tryed it on an random server, and it worked changing some serverside settings, turning em back later, made myself admin, removed it again, tryed to let ASS think i can use noclip, i could use commands at ULX truw server fucntons like test1-99 its quite easy if u know.. so we are scruwed if some one else finds out what i did how to do that and im not noob, im just smart to find out how hackers can strike, so, ur choice if u thin im noob, but im just saying what i know/what works yes, if u know how it can be done as i say.[/QUOTE] Learn to speak english. This crap is unreadable. -Any proofs for your 'hacks' ?
I honestly don't think someone who can't even speak English can program.
[QUOTE=Overv;14301901]I honestly don't think someone who can't even speak English can program.[/QUOTE] He probably isn't English. go and make a admin mod or something
>:(
Four thousand lines
snip
[QUOTE=Overv;14301901]I honestly don't think someone who can't even speak English can program.[/QUOTE] thats not nice, and thanks C++ im dutch(netherlands) and i got dyslectie (dunno if its spelled right dint find translation on google:P) and btw, im great at coding aslong as i got my debug consule, and for the guys who cant read it Suck My Hairy Balls <<<( that includes admins that need glasses or crappy-english-reading lesson :D) [QUOTE=The-Stone;14301860]Learn to speak english. This crap is unreadable. -Any proofs for your 'hacks' ?[/QUOTE] how schould i proof? im not making any pics of the code, else every idiot can read it here and go on an rampage [QUOTE=esalaka;14301755]Wait, now you are suggesting that the server wants to download your modified Dua-files? Probably there was just a part in the code that accepted any data the client gave to it, or some weird mess in a shared file, that contained information on how to access the server commands without authentication. But the server does not download your .dua-files.[/QUOTE] thats also posible, wel, u get the point of it.
[QUOTE=bromvlieg;14304920]how schould i proof? im not making any pics of the code, else every idiot can read it here and go on an rampage[/QUOTE] Connect to my build server (64.27.13.31:27015) and give yourself admin privelages using ASSMod. Screenshot yourself with admin privs.
[QUOTE=bromvlieg;14304920]how schould i proof? im not making any pics of the code, else every idiot can read it here and go on an rampage[/QUOTE] Video of you giving yourself admin, exploiting etc? or pics...
Sorry, you need to Log In to post a reply to this thread.