Hi, If i were todo
[code]
local t = {}
function Init()
t:Insert(_G)
t:Insert(_R)
end
while #t > 1 then
if t[_G] != _G then Print("Injection detected") end
if t[_R] != _R then Print("Injection detected") end
end
[/code]
on the client, And use the net lib to tell a the server when the ocnditions are met in the while loop, Would it work (This is on a SE2 server) ... And are there any other _ Tables i should know about?
afaik you can't compare tables with ==/!= etc
[QUOTE=Drakehawke;34080288]afaik you can't compare tables with ==/!= etc[/QUOTE]
Only works if you're using references, but in that case they would always be equal.
Would something like this work?
[lua]
function crc_func(func)
if !debug.getinfo(func) then return "" end
local info=debug.getinfo(func)
return table.Concat(info)
end
function crc_tbl(tbl,done)
done=done or {}
local ret = ""
for k,v in pairs(tbl) do
if type(v)=="table" then
if !done[v] then
ret=ret..crc_table(v,done)
end
elseif type(v)=="function" then
ret=ret..crc_func(v)
else
ret=ret..tostring(v)
end
end
return util.CRC(ret)
end
[/lua]
[B]Edit:[/B]
[lua]
local old = {
_R = table.Copy(_R),
hook = table.Copy(hook),
concommand = table.Copy(concommand)
// and so on..
}
hook.Add("InitPostEntity", "{name here}", function()
for k,v in pairs(old) do
if _G[k] and (crc_tbl(_G[k]~=crc_tbl(v)) then
// do stuff
end
end
end)
[/lua]
But i am referencing them, In init . i am storing a copy in t and comparing them...
[QUOTE=dingusnin;34081712]But i am referencing them, In init . i am storing a copy in t and comparing them...[/QUOTE]
You're storing the reference in t.
[editline]6th January 2012[/editline]
Tables are always references.
Another fool joins the long line of idiots that cheat.....
[url]http://www.facepunch.com/threads/1153494?p=34090620&viewfull=1#post34090620[/url]
[url]http://www.youtube.com/watch?feature=player_detailpage&v=5mneoXHOXZU#t=190s[/url]
[url]http://steamcommunity.com/id/Pzula[/url]
STEAM_0:1:39802727
[QUOTE=Noi;34093214]Don't detect presence of hack only by scanning for changes. It's possible to make debug.getinfo/whatever faker that will fool your anticheat perfectly. And I know what i'm talking about.
———————————————————————————
Alkalisk, who gives a fuck?[/QUOTE]
It is possible to spoof data to fool any client-side anti-cheat, but I should stop talking because you know what you are talking about
[QUOTE=Noi;34093214]Don't detect presence of hack only by scanning for changes. It's possible to make debug.getinfo/whatever faker that will fool your anticheat perfectly. And I know what i'm talking about.[/QUOTE]
Welcome to last year.
[QUOTE=Alkalisk;34093115]Another fool joins the long line of idiots that cheat.....
[url]http://www.facepunch.com/threads/1153494?p=34090620&viewfull=1#post34090620[/url]
[url]http://www.youtube.com/watch?feature=player_detailpage&v=5mneoXHOXZU#t=190s[/url]
[url]http://steamcommunity.com/id/Pzula[/url]
STEAM_0:1:39802727[/QUOTE]
How is it a benefit you're posting ONE person to ban on this thread, I mean seriously, there's hundreds maybe even thousands of hackers out there.
[QUOTE=dingusnin;34080086]Hi, If i were todo
[code]
local t = {}
function Init()
t:Insert(_G)
t:Insert(_R)
end
while #t > 1 then
if t[_G] != _G then Print("Injection detected") end
if t[_R] != _R then Print("Injection detected") end
end
[/code]
on the client, And use the net lib to tell a the server when the ocnditions are met in the while loop, Would it work (This is on a SE2 server) ... And are there any other _ Tables i should know about?[/QUOTE]
In the case you could compare tables like that they would be completely the same, by the time your code is ran SethHack for example or my personal cheat has already injected, possibly changing _G or _R (My cheat doesn't change either, SethHack might I'm not sure), so inserting _G into another table and then comparing would be nothing but essentially doing if( _G == _G ).
[editline]7th January 2012[/editline]
[QUOTE=dingusnin;34081712]But i am referencing them, In init . i am storing a copy in t and comparing them...[/QUOTE]
It's already been changed by the time you save it.
If you use enum does it not run before it's being changed?
But, just a thought, could you not generate a list of things that are allowed in _G and then check their _G to see if it contains anything not in the whitelist?
Yeah, typically cheats inject right before the first file in enum.
Got another one for ya.
Name: bluff xd
Steam ID: STEAM_0:1:33749817
IP Address: 174.116.204.224
What they did: Sethacks allowing him to play as other people, and attempting to RDM while abusing that ability.
Copy/pasted directly from Hypergamer.net's admin forum. Will add more as they come. I've seen some familiar names on that list, including a certain HGN Sgarner... Will be dealing with him. [b]*warms banhammer*[/b]
Shut up with all the, "HERE'S ANOTHER HACKER," BS. No one cares. This thread is for creating anti-cheats and no one worthwhile is going to care to look through the thread to copy+paste random STEAMID's from random untrustworthy idiots who don't even have proof. Seriously.
I might as well do this:
[b]Found a new hacker![/b]
Name: Spades_Neil
Steam ID: STEAM_0:0:30501208
What they did: They hacked on my server and your server and his server! Ban him!
Exactly this thread isn't to post who you caught hacking, it's to post methods so we can all catch hackers together.
[QUOTE=wauterboi;34107851]Shut up with all the, "HERE'S ANOTHER HACKER," BS. No one cares. This thread is for creating anti-cheats and no one worthwhile is going to care to look through the thread to copy+paste random STEAMID's from random untrustworthy idiots who don't even have proof. Seriously.
I might as well do this:
[b]Found a new hacker![/b]
Name: Spades_Neil
Steam ID: STEAM_0:0:30501208
What they did: They hacked on my server and your server and his server! Ban him![/QUOTE]
Thanks, added to the list :v:
Well a method I'm trailing is lock on detection through using the functions for setting eye positions or mouse positions or w/e. Also some trigger detection that way.
[QUOTE=JustSoFaded;34094522]In the case you could compare tables like that they would be completely the same, by the time your code is ran SethHack for example or my personal cheat has already injected, possibly changing _G or _R (My cheat doesn't change either, SethHack might I'm not sure), so inserting _G into another table and then comparing would be nothing but essentially doing if( _G == _G ).
[editline]7th January 2012[/editline]
It's already been changed by the time you save it.[/QUOTE]
Thanks, I did not think about that, But i was not aiming for Detection of sethhack or other cheats along those lines. The community i am in had a problem with a hacker injecting code (I have fixed it now ) By using a 1 line command hidden in his code, That executed RunString .... I was hoping i could catch when he injects , Knowing he NEEDs to be on the server to inject it....
Well injection cheats I see mostly modify a random file inside the datapack before it gets executed.
Garry should do file hash checks or something I dunno if that would work not sure.
[QUOTE=frosty802;34110766]Well injection cheats I see mostly modify a random file inside the datapack before it gets executed.
Garry should do file hash checks or something I dunno if that would work not sure.[/QUOTE]
Where have you ever seen that? I haven't seen that happen (ever)
[QUOTE=frosty802;34110766]Well injection cheats I see mostly modify a random file inside the datapack before it gets executed.
Garry should do file hash checks or something I dunno if that would work not sure.[/QUOTE]
They hook in ILuaCallback::onRunScript and add contents to the first file run. it isn't datapack injection
[QUOTE=OldFusion;34110996]They hook in ILuaCallback::onRunScript and add contents to the first file run. it isn't datapack injection[/QUOTE]
I'm prity sure SH goes by modifying a random file in the datapack but then I'm no expert xD
A person used this way to bypass my anti-cheat, but which obviously picked up the file not running but
ILuaCallback::CanRunScript I believe
and checked for ac.lua
[editline]9th January 2012[/editline]
[QUOTE=frosty802;34111194]I'm prity sure SH goes by modifying a random file in the datapack but then I'm no expert xD[/QUOTE]
If SH did that, then you'd be able to find the Lua code in the datapack, I don't think Seth wants people to read his code. So you're obviously wrong.
[QUOTE=Ruzza;34111262]A person used this way to bypass my anti-cheat, but which obviously picked up the file not running but
ILuaCallback::CanRunScript I believe
and checked for ac.lua[/QUOTE]
Why am I not surprised you wrote a bad anti-cheat Gfoose. You should have checked to make sure your file was run.
[QUOTE=Bawbag;34112784]Why am I not surprised you wrote a bad anti-cheat Gfoose. You should have checked to make sure your file was run.[/QUOTE]
Be nice.
[QUOTE=Bawbag;34112784]Why am I not surprised you wrote a bad anti-cheat Gfoose. You should have checked to make sure your file was run.[/QUOTE]
[B]which obviously picked up the file not running[/B]
Read closer next time
[QUOTE=frosty802;34111194]I'm prity sure SH goes by modifying a random file in the datapack but then I'm no expert xD[/QUOTE]
He hooks CLuaInterface::FindAndRunScript(), and checks if the file being run is the first one inside of enum, then lua_Load's his code.
Why don't VAC bans work for detouring vtables in CLuaInterface, CLuaShared, and CLuaCallback?
:(
Because LUA is "external" to what VAC supports. VAC really only detects tampering with the engine itself I think people correct me if I'm wrong.
Sorry, you need to Log In to post a reply to this thread.
