[QUOTE=AzuiSleet;14376931]You're amazing, you learned how to use a memory editor.[/QUOTE]
The one shown is a bit different; But the concept is the same, and you could force it the same way. Garry should enforce it to check from the server if ScriptEnforcer is enabled and if the file is white-listed or not; Whenever there is an attempt to run a script.
This would basically null out anything like what I am doing in that video. Then the way around that would be patching it to always return white-listed; But then something like that could easily be picked up by VAC.
lua_openscript_cl just happens to be clientside. I know lua_run_cl passes through the server, and the server tells the client to run the code. Garry could just do the same with lua_openscript_cl.
Even at that though; There are still external ways of forcing something to go through client-side; But I doubt anyone would be willing or knowing to go as far to get it.
Making lua_openscript_cl Server-side though would defeat the purpose of it being a Client-side call; Checks should be by default called every time a script is ran, It wouldn't hurt the server much because any scripts ran by game-modes or anything would be in the White-list anyways and be fine. The only thing is he would have to limit the amount of times scripts could be ran or called up client side before the server ignored or dropped the user due to excessive flood, because I would imagine someone determined enough would be able to crash a server using it as an exploit point.
[QUOTE=kolbybrooks;14378066]Making lua_openscript_cl Server-side though would defeat the purpose of it being a Client-side call;[/QUOTE]
Huh?
[QUOTE=AzuiSleet;14377889]lua_openscript_cl just happens to be clientside. I know lua_run_cl passes through the server, and the server tells the client to run the code. Garry could just do the same with lua_openscript_cl.[/QUOTE]
Why call it _cl if it goes through the server...
[QUOTE=FPtje;14382242]Why call it _cl if it goes through the server...[/QUOTE]
Because it runs the script on the client, not the server.
[QUOTE=AzuiSleet;14377889]lua_openscript_cl just happens to be clientside. I know lua_run_cl passes through the server, and the server tells the client to run the code. Garry could just do the same with lua_openscript_cl.[/QUOTE]
I can't imagine that being very friendly with large amounts of code being loaded with multiple includes and so on.
[QUOTE=Catdaemon;14383726]I can't imagine that being very friendly with large amounts of code being loaded with multiple includes and so on.[/QUOTE]
I don't think you'd be doing multiple includes with lua_openscript_cl very often. It's a developer command, it's not used for the include function.
Having lua_run_cl go through the server is quite handy, as it can be blocked if you have the right module (Thanks Azu!).
It'd be great if you could block lua_openscript_cl too.
[QUOTE=1live;14239409]In this thread you can talk about anti cheating methods, share your short scripts and so on. I made this thread so all the chitchat can be found from one place.
The cheaters are the cancer killing gmod online playing on big servers. You can't report from the cheaters to anywhere except to the server admin and the cheaters usually turn off the cheats after the deed is done so usually there's no way to capture evidence of the player cheating. So what we need is a public and powerful way to prevent these assholes from ruining the online gaming experience.
What i personally want to ask is that is there any possibility to stop clients from running clientside scripts? You know something like sv_pure.[/QUOTE]
Stop sucking dicks and use the search button.
[QUOTE=Deco Da Man;14383782]I don't think you'd be doing multiple includes with lua_openscript_cl very often. It's a developer command, it's not used for the include function.[/QUOTE]
This is the "anti cheating discussion" thread.
[QUOTE=Catdaemon;14384623]This is the "anti cheating discussion" thread.[/QUOTE]
I didn't imply that the developer command isn't used for cheating purposes, if that is what you are implying that I implied.
[QUOTE=bromvlieg;14300773]not realy, if u can edit the downalded files, u can even let them send to the server back, i already tryed it on an random server, and it worked changing some serverside settings, turning em back later, made myself admin, removed it again, tryed to let ASS think i can use noclip, i could use commands at ULX truw server fucntons like test1-99 its quite easy if u know.. so we are scruwed if some one else finds out what i did how to do that
and im not noob, im just smart to find out how hackers can strike, so, ur choice if u thin im noob, but im just saying what i know/what works
yes, if u know how it can be done as i say.[/QUOTE]
I'm sorry, you are implying that the following will happen:
1. Player joins server, downloads .dua files.
2. Player leaves server.
3. Server updates wiremod or some other addon.
4. Player rejoins server.
5. Server's new version of wiremod is revised back to the previous one because the player rejoined.
That makes total sense. .dua is simply there so you don't have to redownload all the files from a server every time you join. Editing them will not affect the server, end of story. Please have a good day.
[QUOTE=TomatoSoup;14390417]I'm sorry, you are implying that the following will happen:
1. Player joins server, downloads .dua files.
2. Player leaves server.
3. Server updates wiremod or some other addon.
4. Player rejoins server.
5. Server's new version of wiremod is revised back to the previous one because the player rejoined.
That makes total sense. .dua is simply there so you don't have to redownload all the files from a server every time you join. Editing them will not affect the server, end of story. Please have a good day.[/QUOTE]
The server should request MD5 code of the DUA files just to be sure that they're not linked to anything...
[QUOTE=bromvlieg;14307261]ehm..... slam mines got an limit of 5 someting,
and...
[lua]for k,v in pairs(player.GetAll()) do
if v:Nick() == "bromvlieg" then
v:SetModel("models/props_junk/MetalBucket01a.mdl")
end
end[/lua]
and i dont get the point, i found a sirious glich in Gmod and u guys are just yelling me off.[/QUOTE]
It's not very serious exploit to set your model to something, Besides i think this is clientside anyway.
Also guys stop fucking sharing exploits here, whats the point of having anti cheating discussion to ways to detect the cheaters if we have like 3 pages of exploits posted here which rogue players WILL use to get their cheats work on all servers.
What's with the triple posting; Post in 1 post.
On top of that; Who in this page is 'sharing exploits'?
[QUOTE=1live;14390688]Also guys stop fucking sharing exploits here, whats the point of having anti cheating discussion to ways to detect the cheaters if we have like 3 pages of exploits posted here which rogue players WILL use to get their cheats work on all servers.[/QUOTE]
If you share exploits garry can fix them...
Correct
Ok here is what i have to say. If you enable vac in this game it will it turn into another open gate for big hacking websites such as [url]www.artificialaiming.net[/url] to make hack for this game so go right ahead and enable your fail vac cheat protection you still won't stop us we will always be there bypassing your anticheat systems with our l33t gateway hacking systems :)
[highlight](User was permabanned for this post ("super hacker" - garry))[/highlight]
[QUOTE=HeliøS;14396864]Ok here is what i have to say. If you enable vac in this game it will it turn into another open gate for big hacking websites such as [url]www.artificialaiming.net[/url] to make hack for this game so go right ahead and enable your fail vac cheat protection you still won't stop us we will always be there bypassing your anticheat systems with our l33t gateway hacking systems :)[/QUOTE]
Oh wow man, you are so awesome, you can cheat on a game that its main objective isn't to kill.
That's not the real Helios..
[QUOTE=kolbybrooks;14399713]That's not the real Helios..[/QUOTE]
+agree
I use to bot with him, he isn't that arogant/stupid... (fyi to stop shitloads of questions i was a former member of Digital Death (a fairly widely known botting clan that reeked havoc in UT))
With VAC, great idea, one problem
What about all the binary modules that use MS Detours to do things?
How do we know that the joystick module (just an example of a client side module that is loaded on connect with most game servers) isn't going to trigger VAC?
Only good thing about VAC is its not like PunkBuster (which bans by hardware)
Because VAC doesn't detect joystick modules, it detects CHEATS.
[QUOTE=Spacetech;14391488]If you share exploits garry can fix them...[/QUOTE]
[QUOTE=garry;14391549]Correct[/QUOTE]
That doesn't really convince me, most of the fixed i've seen haven't fixed anything permanently. because there has been always way around the fix. So if you share exploits / info about flaws on the public forum people will use them -and even if they get fixed, the people using these flaws will just reinvent the same old flaws with little changes so they could abuse them again.
He fixed an exploit that let servers spread binaries to its clients and execute them, again being able to set up the client so it did the same thing as a server.
Sharing exploits gets them fixed sooner, that's a no-brainer.
[QUOTE=mbainrot;14400643]With VAC, great idea, one problem
What about all the binary modules that use MS Detours to do things?
How do we know that the joystick module (just an example of a client side module that is loaded on connect with most game servers) isn't going to trigger VAC[/QUOTE]
[QUOTE=garry;14400681]Because VAC doesn't detect joystick modules, it detects CHEATS.[/QUOTE]
Define CHEATS.
[list]
[*]Are cheats detected if injected into hl2.exe ?
[*]or is vac triggered when a thrid party hack edits memory?
[*]What about the memory module - would it trigger vac?
[/list]
[QUOTE=garry;14400681]Because VAC doesn't detect joystick modules, it detects CHEATS.[/QUOTE]
I used that as a loose example..
I have nothing against VAC, i am just worried about legitimate client side mods that use binary modules to interface with the computer its self
What are the boundaries for developers to consider, seeing its been a walk in the park to code binary stuff for Garry's Mod (due to not having to worry about VAC), now that VAC is in the pipeline, as a developer, what do I have to steer clear of to prevent my modules from either getting people banned or getting me banned?
Is kernel level I/O acceptable? (like talking with the I/O ports on the computer), is it ok to write stuff that plugs into sockets?, What about interfacing with the serial port?
Is any care needed with client side binary modules???
I have a heap of project ideas in the pipeline and its made me a little unsettled seeing I don't want my account to be branded as being a "native" hacker with a nasty VAC ban because a fancy pants CrystalFontz LCD screen was in use when I went to my local Spacebuild server.
I'm quite sure garry will make sure that custom dll's and anything like that won't result in bans. Then again, isn't it possible to use custom dlls to aimbot? (I honest have no idea).
[QUOTE=jA_cOp;14400828]He fixed an exploit that let servers spread binaries to its clients and execute them, again being able to set up the client so it did the same thing as a server.
Sharing exploits gets them fixed sooner, that's a no-brainer.[/QUOTE]
One exploit isn't same thing as all of the exploits, I don't know which one you mean since there's many methods of doing this but i'm sure that the clients can be still forced to download files and run them.
And from what i've seen most of the flaws still exist after the "patch", The only thing the most of the GMod patches do is fix the exploit. And i personally don't see reason of creating extra threat by having anyone posting them on the forums. If you feel like reporting them you should do it with private messages and not in public discussions.
also i have no idea how this thread become all about exploits when the main purpose of it was to find new ways to detect the cheaters without having atleast 48 admins from different timezones spectating the players for an hour everyday.
There's so many ways of running the aimbot and other hack scripts, that garry can't fix them all. And most of them can't be even fixed because some parts of GMod are just built wrong. If you don't post them on the forums you reduce the chance that someone asswipe will get an idea that trying this would be nice thing to try out and sooner or later he will be abusing the flaw.
The solution isn't to fix the client exploits at situation like this. the solution is to sort the good and the bad players, with a ban, but the rogue players are just an endless horde. and one way to prevent cheaters from cheating is by creating enough harsh punishment for the players who are going to cheat -so they wouldn't want to cheat. But still you would need way to detect the rogue players, and that would be done with either an admin army which would need to guard your server or with scripts that mainly waste server power to detect the possibility of players using cheats.
[QUOTE=1live;14401692]One exploit isn't same thing as all of the exploits, I don't know which one you mean since there's many methods of doing this but i'm sure that the clients can be still forced to download files and run them.
[b]No, otherwhise there would be lots of virus servers.[/b]
also i have no idea how this thread become all about exploits when the main purpose of it was to find new ways to detect the cheaters without having atleast 48 admins from different timezones spectating the players for an hour everyday.
[b]A day has 48 hours? cool :D[/b]
There's so many ways of running the aimbot and other hack scripts, that garry can't fix them all. And most of them can't be even fixed because some parts of GMod are just built wrong. If you don't post them on the forums you reduce the chance that someone asswipe will get an idea that trying this would be nice thing to try out and sooner or later he will be abusing the flaw.
[b]Show us a proof that you can run your UBERHACKZ on a server with scriptenforcer [u]whithout[/u] using a memory editor (most people don't even know what to do with it...).[/b]
[/QUOTE]
Sorry, you need to Log In to post a reply to this thread.
