Anti cheating discussion - Developers

[QUOTE=The-Stone;14403987]No, otherwhise there would be lots of virus servers. A day has 48 hours? cool :D Show us a proof that you can run your UBERHACKZ on a server with scriptenforcer whithout using a memory editor (most people don't even know what to do with it...).[/QUOTE] 1) No, That's where you are wrong. because first comes the virus author, and then comes the virus. If the virus author doesn't know how to do something there won't be a virus. 2) yeah, obviously because i totally didn't mean that you would have 2 admins for each hour since in teams they will get things done faster and are less likely to be useless when shit hits the fan. I bet you feel really stupid now. 3) With an heavily modified GMod client you can do this or by simply poisoning temp files. And i will not demonstrate this.

[img]http://j.photos.cx/scriptenforcer_is_perfect-a4d.gif[/img] Not made by me - just cought it up.

[QUOTE=HeliøS;14396864]Ok here is what i have to say. If you enable vac in this game it will it turn into another open gate for big hacking websites such as [url]www.artificialaiming.net[/url] to make hack for this game so go right ahead and enable your fail vac cheat protection you still won't stop us we will always be there bypassing your anticheat systems with our l33t gateway hacking systems :) [highlight](User was permabanned for this post ("super hacker" - garry))[/highlight][/QUOTE] lol HelioS always was a shitlord even when I used to be a hacker script kiddie at 13 years. PS your hacks suck. ~prepare for beign hacked gary~

[QUOTE=The-Stone;14404261][img]http://j.photos.cx/scriptenforcer_is_perfect-a4d.gif[/img] Not made by me - just cought it up.[/QUOTE] You guys aren't getting it. Read my blog.

[QUOTE=garry;14404577]You guys aren't getting it. Read my blog.[/QUOTE] It was not me who made this, as i said i just cought it up.

So there's no way to stop that shit?

[QUOTE='-[ Fizzadar ]-;14404839']So there's no way to stop that shit?[/QUOTE] Admins are the best way that you can choose.

[QUOTE=HeliøS;14396864]Ok here is what i have to say. If you enable vac in this game it will it turn into another open gate for big hacking websites such as [url]www.artificialaiming.net[/url] to make hack for this game so go right ahead and enable your fail vac cheat protection you still won't stop us we will always be there bypassing your anticheat systems with our l33t gateway hacking systems :) [highlight](User was permabanned for this post ("super hacker" - garry))[/highlight][/QUOTE] Powned By tha G and the thing is why im not sharing the hole coding shit of my expoid, is simple also hackers/cheaters are on this forum. and if this is geting leaked all servers are fucked. and yes, the only ready posible solusion to get enough admins online to ban all hackers on sight. simply becouse thay keep comming, it dosent matter if garry makes VAC enabled, or fix scriptenforcer for every thing, THERE WIL BE ALWAYS WAYS AROUND IT thats simple. look to the game "warrock" thay got punkbuster, 2 weeks later punkbuster was totaly fucked there, so thay went using an other one, what is even easyer to hack. nothing wil work get admins and its over whitin a minute

[QUOTE='-[ Fizzadar ]-;14404839']So there's no way to stop that shit?[/QUOTE] Yeah there is, try doing it on game1.facepunch.com

[QUOTE='-[ Fizzadar ]-;14401553']I'm quite sure garry will make sure that custom dll's and anything like that won't result in bans. Then again, isn't it possible to use custom dlls to aimbot? (I honest have no idea).[/QUOTE] There's .lua scripts, which are 100% out of VAC's scope, that operate as an aimbot right now. Hell, you can find them on Gmod.org if you want...tho why you'd want to aimbot in a game where you aren't susposed to kill in the first place is beyond me, but you can. VAC will not do a damn thing to a nasty clientside .lua script..

You're kind of meant to kill in Instagib

[QUOTE=TestECull;14406353]There's .lua scripts, which are 100% out of VAC's scope, that operate as an aimbot right now. Hell, you can find them on Gmod.org if you want...tho why you'd want to aimbot in a game where you aren't susposed to kill in the first place is beyond me, but you can. VAC will not do a damn thing to a nasty clientside .lua script..[/QUOTE] I know, SE is for that, I was referring to custom modules. And yeah, killing IS the point in some gamemodes (and GMod is designed around the ability to add gamemodes, sort of).

[QUOTE=garry][b]But what about the music modules and all the other awesome Lua dlls![/b] VAC is Valve Anti Cheat - not Valve Anti DLL. It bans for Cheats, not DLLs.[/QUOTE] VAC does not operate solely on a blacklist; such a solution would make for an ineffective anti-cheat. The general fear is not for Lua modules in general, but for those Lua modules that rely on code modification to provide functionality that you are unable to (particularly due to you understandably not wanting to ship a modified engine). These modules include AzuiSleet's concommand logging module, as well as my own gmsv_gatekeeper. Both of these modules rely on code modifications within engine.dll that are, although not capable of being used for cheating, indistinguishable from malicious changes that are. VAC doesn't care about the benevolent or malevolent nature of the code modifications it detects; it assumes that the client is guilty of hacking and subsequently bans them. Although these particular commands are both intended for server-side use, anybody unlucky enough to attempt to host a listen server with them active is at the mercy of VAC. I'm skeptical that VAC has been scanning at all, as people have been able to get away with using cheat engine to speedhack in garrysmod for ages without repercussions, however losing the ability to create our own hooks will be a serious hindrance to any coder seeking to do anything meaningful or interesting with Lua modules, malicious or beneficial in nature. The only reason I've been tinkering with ScriptEnforcer at all is because I wanted to demonstrate that it can not possibly be secured in a way that would cause VAC provide enough (or even any) protection to warrant enabling. The gif quoted earlier in the page is my own, and the method used to accomplish it does not, by design, rely on anything such as code modification that would trigger VAC. If it turns out that VAC has been enabled all along, then I suppose that it isn't effective enough to warrant worrying about anyways. If it hasn't, however, enabling it won't provide any protection against anybody who is capable of reversing anything at all, and in the process will make several perfectly legitimate modules incredibly dangerous for listen server hosts to run. It harms legitimate coding while doing very little to combat those who actually know what they are doing.

Can you test your SE hack on my server please.. game1.facepunch.com

[QUOTE=garry;14406916]Can you test your SE hack on my server please.. game1.facepunch.com[/QUOTE] It doesn't work at the moment, AzuiSleet getting kicked earlier was proof of that. Once I have the binaries I'll work on fixing it, but my objective is not to cheat so I have little interest in changing things around until it works. My interest in doing any of this at all is to preserve the ability of code-modifying Lua modules to be used safely by listen server hosts. Edit: Well, the test case worked just fine but the actual hack was caught as expected. I think I know what's going on but can't test any more.

[QUOTE=garry;14404577]You guys aren't getting it. Read my blog.[/QUOTE] Me Reads Garrys Blog Has a sigh of relief :) Finally a game which the UT2k4 saga won't happen again :) (I set up a client side clock which loaded the same way a run of a mill aimbot did, and i got global banned :$) Sorry for being thick

[QUOTE=Bletotum;14364466]I sense a cheater.[/QUOTE] nah but it's fucking gmod [quote="Dumb cunt"]OMG U USE HAX IN GMOD (which by the way is a sandbox game, meant for fun, if someone is using an aimbot/hack that isn't lua coded [which I've never seen], you can leave. Also who hacks on Gmod? Seriously.) VAC BAN CALFKDJSLFKSDJLFSD[/quote]

Hahaha, That fancy; Did a basic force and left it open, once I used my mic I was toast. I wanna fiddle with it more!

I've been popping in; Flipping a couple switches and watching what it does, and so far it looks like you've done a pretty decent job at nullifying any forceful bypasses or memory edits. Good work Garry.

I love these l33t haxors L 04/01/2009 - 09:39:31: "Ġŗēēņ Ąяяőŵ<8><STEAM_ID_PENDING><>" connected, address "82.44.76.180:27005" L 04/01/2009 - 09:39:32: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" STEAM USERID validated L 04/01/2009 - 09:40:11: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" entered the game L 04/01/2009 - 09:40:17: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "lol ." L 04/01/2009 - 09:40:23: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "jetboom bypassed this shit" L 04/01/2009 - 09:40:34: Banning player 'Ġŗēēņ Ąяяőŵ' (STEAM_0:1:14293896) - Failed SE check (0.25) L 04/01/2009 - 09:40:34: Banid: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" was banned "permanently" by "Console" L 04/01/2009 - 09:40:34: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" disconnected (reason "Kicked by Console : CHEAT")

[QUOTE=garry;14417942]I love these l33t haxors L 04/01/2009 - 09:39:31: "Ġŗēēņ Ąяяőŵ<8><STEAM_ID_PENDING><>" connected, address "82.44.76.180:27005" L 04/01/2009 - 09:39:32: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" STEAM USERID validated L 04/01/2009 - 09:40:11: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" entered the game L 04/01/2009 - 09:40:17: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "lol ." L 04/01/2009 - 09:40:23: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "jetboom bypassed this shit" L 04/01/2009 - 09:40:34: Banning player 'Ġŗēēņ Ąяяőŵ' (STEAM_0:1:14293896) - Failed SE check (0.25) L 04/01/2009 - 09:40:34: Banid: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" was banned "permanently" by "Console" L 04/01/2009 - 09:40:34: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" disconnected (reason "Kicked by Console : CHEAT")[/QUOTE] I laughed out loud.

[QUOTE=garry;14417942]I love these l33t haxors L 04/01/2009 - 09:39:31: "Ġŗēēņ Ąяяőŵ<8><STEAM_ID_PENDING><>" connected, address "82.44.76.180:27005" L 04/01/2009 - 09:39:32: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" STEAM USERID validated L 04/01/2009 - 09:40:11: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" entered the game L 04/01/2009 - 09:40:17: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "lol ." L 04/01/2009 - 09:40:23: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "jetboom bypassed this shit" L 04/01/2009 - 09:40:34: Banning player 'Ġŗēēņ Ąяяőŵ' (STEAM_0:1:14293896) - Failed SE check (0.25) L 04/01/2009 - 09:40:34: Banid: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" was banned "permanently" by "Console" L 04/01/2009 - 09:40:34: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" disconnected (reason "Kicked by Console : CHEAT")[/QUOTE] So you added a post-check right now if all clientfiles are really the correct one. Clever. I like how you started making SE more reliable. Thank you.

[QUOTE=ers35;14261718][url]http://www.upload.moogen.org/uploads/ers35/sefail.gif[/url][/QUOTE] I lol'd

[QUOTE=garry;14417942]I love these l33t haxors L 04/01/2009 - 09:39:31: "Ġŗēēņ Ąяяőŵ<8><STEAM_ID_PENDING><>" connected, address "82.44.76.180:27005" L 04/01/2009 - 09:39:32: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" STEAM USERID validated L 04/01/2009 - 09:40:11: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" entered the game L 04/01/2009 - 09:40:17: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "lol ." L 04/01/2009 - 09:40:23: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><Team>" say "jetboom bypassed this shit" L 04/01/2009 - 09:40:34: Banning player 'Ġŗēēņ Ąяяőŵ' (STEAM_0:1:14293896) - Failed SE check (0.25) L 04/01/2009 - 09:40:34: Banid: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" was banned "permanently" by "Console" L 04/01/2009 - 09:40:34: "Ġŗēēņ Ąяяőŵ<8><STEAM_0:1:14293896><>" disconnected (reason "Kicked by Console : CHEAT")[/QUOTE] He always tried to act so bad ass in the server

Player Hunterbolt_Angel[ANT] left the game (Kicked by Console : CHEAT) I don't assume that so much ppl are cheating .. :/

It might not be intential. They probably have some dodgy addon that's overriding another Lua file.

[QUOTE=garry;14422169]It might not be intential. They probably have some dodgy addon that's overriding another Lua file.[/QUOTE] So you added post-check to see if all the clientside dua files are correct?

Instead of kicking, is it not possible to simply stop the files running? And if that means the client gets lua errors, so be it? Rather that than people being disconnected because they have a bad addon.

Arg I have to rewrite my reply because I was writing it for page one Gj on script enforcer, its starting to improve. Only issue is I have noticed people are getting kicked for wire mod file mismatches on a server I play on, it's not even meant to be running SE (as its more or less a sandbox server (SB3)) Bellow is my thread that I wrote then realised i was reading page 1. [quote=MBainrot's Brain originally] I also have a "bot", but its rarely used. I frequently use my radar, only because it has a "prop" info plug-in written by yours truly and it detects SBEP entities thus making minge detection a fuck load easier The other feature I use freq is the automatic load out, on re-spawn it automatically calls gm_giveswep and arms me with the weapons i freq use (namely the five seven and the mp5) My auto aim code is shit, so that's why I learned how to aim, I got a good ping now and a good computer and a half decent shot. The only (what I see as a legitimate) reason one would bot is if they got a really shit connection (say NetSpeed dialup which was crap in its time) and a ultra shit computer (think AMD Duron 1200) resulting in epically shit FPS and a ping of 120+ on a server in the same area as self). Another interesting fact is.... People say once a botter always a botter... Then why don't I cheat in Counter Strike: Source or Battlefield 2, or any other game like that? And why don't I take advantage of the fact that I got a brilliant ping and a decent connection with a good computer? [/quote] Another side thought (When I write replies to threads they're an STDOUT of my brain) if people ask why I let it still load if I don't use it. I use it to load test code for experimenting with new things I am coding for Garry's Mod, I know people will squirm at this thought, but I think people should start to learn how to write cheats because, if it wasn't for me becoming interested in cheating back in 2002 (when I first got UT GOTY) I wouldn't be as good of a coder as I am today. The first programming language I taught my self was UnrealScript, it was modifying an aimbot to remove "coder protect" (which dealt with script kiddies by not aiming at people with [DD], HelioS or Zelious in their name) as well as adding new features (like automatic translocation when a redeemer was detected), I then taught my self VB6, then moved on to (VB.Net 2005, php, JAL, some random C like language for Lego Mindstorms and Javascript), then onto VB Net 2008 and a little ASP.net, and finally today Visual C# 2008, Visual C++ 2008 I think botting is bad, due to the fact that when abused it gives an unfair advantage, but I also think, that the challenge of circumventing Anti-Cheat protection is a good thing, cause people to learn how to code properly, and learn how to make "secure" code, as they have to hide everything from the anti-cheat (thus teaching them not to leave valuable functions exposed which is a good thing if they are coding something like, say, a money system ;) ) Sorry for writing an SA instead of a reply :$ edit: [QUOTE='-[ Fizzadar ]-;14423222']Instead of kicking, is it not possible to simply stop the files running? And if that means the client gets lua errors, so be it? Rather that than people being disconnected because they have a bad addon.[/QUOTE] +Agree, it also should be up to the server admin on what action to take.

The new SE feature garry added is very interesting indeed. It hashes all the lua code on the client state. You could say anti-cheat is a democracy in this new version. It also has quite a few bugs. People sometimes have no hash or completely wrong hashes.