[QUOTE=Hentie;34113847]Why don't VAC bans work for detouring vtables in CLuaInterface, CLuaShared, and CLuaCallback?
:([/QUOTE]
A. Vac doesn't detect (propper)vtable hooks.
B. Nobody ever got banned other then a handful of people on outdated bacon-bot
Is there any way of getting the hash of a table? Wondering if you could compare the hash of _R and _G, since nothing should be modifying those outside of what the server says.
[QUOTE=Amokov;34124733]Is there any way of getting the hash of a table? Wondering if you could compare the hash of _R and _G, since nothing should be modifying those outside of what the server says.[/QUOTE]
I posted a sample couple pages back: [url]http://pastie.org/private/wdmjvr4ubespggynuo5rbw[/url]
But you can't really use _R for other than detecting detours. _R is used by the C API to store references, which garry's Lua interface uses a lot. If you check _R in enum, it should be the same for all clients. After that the hash is pretty much random.
_R also stores the lua callstack; so if code has run before you, generally the number is different.
huh. I have an idea /beardstrokecuriousface
What about inline-hooking hook.Add(...) at the end of gamemode initialisation and checking if you are hooking HUDPaint or similar? From what I seen so far, most of wallhacks work that way. Other thing could be hooking player.GetAll() and checking if you are passing some magic parameter or not.
Any opinions?
[QUOTE=sebi99;34205525]What about inline-hooking hook.Add(...) at the end of gamemode initialisation and checking if you are hooking HUDPaint or similar? From what I seen so far, most of wallhacks work that way. Other thing could be hooking player.GetAll() and checking if you are passing some magic parameter or not.
Any opinions?[/QUOTE]
[b][url=http://wiki.garrysmod.com/?title=Hook.GetTable]Hook.GetTable [img]http://wiki.garrysmod.com/favicon.ico[/img][/url][/b]
Some very popular server's use this method.
[QUOTE=Aide;34205828][b][url=http://wiki.garrysmod.com/?title=Hook.GetTable]Hook.GetTable [img]http://wiki.garrysmod.com/favicon.ico[/img][/url][/b]
Some very popular server's use this method.[/QUOTE]
Some time ago i thought of this method but did not think it was possible, But this is great :D Thanks :)
[QUOTE=dingusnin;34206194]Some time ago i thought of this method but did not think it was possible, But this is great :D Thanks :)[/QUOTE]
However easily spoofed. I like the idea of the hook.Add and the special addition of say a boolean or a special string? Would be better in hook.Call though would it not?
[QUOTE=frosty802;34206726]easily spoofed[/QUOTE]
I doubt this statement. Even if you spoof your leaving a trail.
[QUOTE=frosty802;34206726]However easily spoofed. I like the idea of the hook.Add and the special addition of say a boolean or a special string? Would be better in hook.Call though would it not?[/QUOTE]
That's the method I'm using for the cheat detection I had posted back on page 1.
If anyone is spoofing hook.Add(), hook.Call, hook.GetTable, then they need to send a randomly generated string that is only available as a local on the anticheat's thread.
I also created my own hook.Add and hook.Call function and frequently check the references between my hook.Call and the global one to see if it was overwritten.
[editline]14th January 2012[/editline]
btw what's the point of checking for hook function spoofs and having hook.GetTable blacklist/whitelists?
you can spoof the filename of whatever lua string you want to run and then do a hook.Add and overwrite another addon that uses the same hook and hook name.
[QUOTE=Hentie;34206767]That's the method I'm using for the cheat detection I had posted back on page 1.
If anyone is spoofing hook.Add(), hook.Call, hook.GetTable, then they need to send a randomly generated string that is only available as a local on the anticheat's thread.
I also created my own hook.Add and hook.Call function and frequently check the references between my hook.Call and the global one to see if it was overwritten.
[editline]14th January 2012[/editline]
btw what's the point of checking for hook function spoofs and having hook.GetTable blacklist/whitelists?
you can spoof the filename of whatever lua string you want to run and then do a hook.Add and overwrite another addon that uses the same hook and hook name.[/QUOTE]
[lua]local pn = vgui.Create( "DPanel" )
pn:SetPos( 0, 0 )
pn:SetSize( ScrW(), ScrH() )
function pn:Paint()
// Do ESP here
end
function pn:Think()
// Do aimbot here
end
[/lua]
You can also just detour the gamemode functions.
[QUOTE=DarKSunrise;34206936]You can also just detour the gamemode functions.[/QUOTE]
I think HeX detects that now. I released my hack a few pages back and I said the same thing.
No matter how anything is drawn, it needs players' entities first.
What about making player.GetAll() and find functions return fake players or do not return anything and begin every file that uses it with:
[code]player.GetAll = hehe.oldGetAll;[/code][img]http://www.facepunch.com/fp/ratings/funny2.png[/img]
Not really portable solution but who cares.
[QUOTE=sebi99;34210336]No matter how anything is drawn, it needs players' entities first.
What about making player.GetAll() and find functions return fake players or do not return anything and begin every file that uses it with:
[code]player.GetAll = hehe.oldGetAll;[/code][img]http://www.facepunch.com/fp/ratings/funny2.png[/img]
Not really portable solution but who cares.[/QUOTE]
[lua]
local getall = player.GetAll
[/lua]
What if someone did that in their cheat? Which ran before your anti-cheat?
[QUOTE=Bawbag;34062559]Wouldn't work on the latest version of the anticheat that he hasn't put on the servers yet. (The version on the server is from March)[/QUOTE]
You know that Seth just DDoSes any servers that detect sethhack, right?
Your efforts to have a fun and clean server are useless. Even if Seth were to just go away after fucking up Garry's Mod, he'd be replaced within 2 days. Then Stan would sell Devnull on that cheat's forums and it would be the same.
[QUOTE=sebi99;34210336]No matter how anything is drawn, it needs players' entities first.
What about making player.GetAll() and find functions return fake players or do not return anything and begin every file that uses it with:
[code]player.GetAll = hehe.oldGetAll;[/code][img]http://www.facepunch.com/fp/ratings/funny2.png[/img]
Not really portable solution but who cares.[/QUOTE]
[lua]local plist = ents.FindByClass( "player" )[/lua]
[QUOTE=JustSoFaded;34113463]He hooks CLuaInterface::FindAndRunScript(), and checks if the file being run is the first one inside of enum, then lua_Load's his code.[/QUOTE]
Still acting like you know what you're talking about..
Children never learn.
[QUOTE=ethile_2;34210475]You know that Seth just DDoSes any servers that detect sethhack, right?
Your efforts to have a fun and clean server are useless. Even if Seth were to just go away after fucking up Garry's Mod, he'd be replaced within 2 days. Then Stan would sell Devnull on that cheat's forums and it would be the same.[/QUOTE]
You can avoid that if you're clever about it, you can save the SteamIDs rather than use them there and then, sure they can hack on your server for an hour, but if they have SethHack there's a high chance they aren't going to play by the rules anyway, so you can ban them for something else. Or you can wait till after they've left, then ban their ID from a list of random reasons, but even then they can't actually find out that reason without asking you.
You can also subtly break your gamemode for them. Make it so if they've got SethHack it just draws a big grey box in the corner of their screen instead of the HUD and spams them with errors, make it so if they use a menu, it glitches (literally just make your code error, Derma does some funny things when you do it wrong), and maybe gets stuck on their screen. If the errors they get are legit they'll just think it's a server with a shit Lua scripter and leave.
[QUOTE=thomasfn;34210587][lua]local plist = ents.FindByClass( "player" )[/lua][/QUOTE]You can hook that too.
[QUOTE=Drakehawke;34210453][lua]
local getall = player.GetAll
[/lua]
What if someone did that in their cheat? Which ran before your anti-cheat?[/QUOTE]
You can run it from file called "!.lua" in the enums folder, as [url=http://www.facepunch.com/threads/1143700?p=34211472&viewfull=1#post34211472]thomasfn proposed[/url].
[QUOTE=sebi99;34210925]Hook it in gamemode cl_init (Is it always ran as first file?)[/QUOTE]
its one of the last
[QUOTE=sebi99;34210925]You can hook that too.
Hook it in gamemode cl_init (Is it always ran as first file?)[/QUOTE]
My point is, there will always be a way which you missed to bypass these things.
[lua]for _, ent in pairs( ents.GetAll() ) do if (ent:IsPlayer()) then ... end end[/lua]
I can think of a few other ways to get player listings too.
[editline]14th January 2012[/editline]
Also, the first file that can ever be run is a file called "!.lua" in the enums folder.
[QUOTE=thomasfn;34211472]Also, the first file that can ever be run is a file called "!.lua" in the enums folder.[/QUOTE]
Good to know, thanks.
[QUOTE=thomasfn;34211472]My point is, there will always be a way which you missed to bypass these things.[/QUOTE]
Sure you are right but if you block most of those you can think of most of cheats will be blocked and only those written bespoke to given security mechanism will work.
Why are most anti-cheats client-side? Wouldn't it make more sense to put everything you possible can server-side and limit what the client can see/do?
Not really meant to detect cheats, more to prevent common features:
Ie: The server send entitys to a client only when said client can see said entity, server sided recoil and dynamic spread, never send other ip addresses to clients, disallow name changing by storing the name when a player first joins and returning that value when _R.Player:Nick() is called, ect., ect.
[QUOTE=marvincmarvin;34211671]Why are most anti-cheats client-side? Wouldn't it make more sense to put everything you possible can server-side and limit what the client can see/do?
Not really meant to detect cheats, more to prevent common features:
Ie: The server send entitys to a client only when said client can see said entity, server sided recoil and dynamic spread[/QUOTE]
It's alredy like that, [url]https://developer.valvesoftware.com/wiki/PVS[/url] - This explains what is sent to client, everything that is in [url=https://developer.valvesoftware.com/wiki/Visleaf]visleaves[/url] that are visible. (It doesn't check exactly what you see or not)
Weapon tracers also are server-side so you can not override spread but you can counteract recoil as it is something constant with every shot. There isn't much you can do about it. AFAIK others' IP addresses aren't broadcasted but if I'm wrong then it's not something you can change with lua.
[QUOTE=marvincmarvin;34211671]Why are most anti-cheats client-side? Wouldn't it make more sense to put everything you possible can server-side and limit what the client can see/do?
Not really meant to detect cheats, more to prevent common features:
Ie: The server send entitys to a client only when said client can see said entity, server sided recoil and dynamic spread, never send other ip addresses to clients, disallow name changing by storing the name when a player first joins and returning that value when _R.Player:Nick() is called, ect., ect.[/QUOTE]
The server already does optimise networking in terms of only sending visible entities. The problem with this, is visibility is determined by how well the map is optimised and many maps aren't that well optimised.
Recoil and dynamic spread is performed serverside, but what exactly what direction a bullet travels in can be calculated clientside - this is possible for prediction reasons.
As far as I know, the server doesn't send IP addresses to clients - at least, not in Gmod Beta.
Name changing isn't really all that much of a cheat, all it does is increase the workload of an admin.
[editline]14th January 2012[/editline]
:ninja:
You could possible use a trace server side and detect whether or not two players can see each-other then somehow using an extremely hacky module filter the entitys the client cannot see.
Why not use [b][url=http://wiki.garrysmod.com/?title=Entity.FireBullets]Entity.FireBullets [img]http://wiki.garrysmod.com/favicon.ico[/img][/url][/b] for each weapon, and use sin, cos and math.random to generate a end position that simulates recoil and spread making it near impossible to predict.
[QUOTE=marvincmarvin;34211980]You could possible use a trace server side and detect whether or not two players can see each-other then somehow using an extremely hacky module filter the entities the client cannot see.[/QUOTE]
This could be possibly done for players, sending 8 traces (to every corner of bounding box) or more (say to every attachment node) but what if player stood behind a wall with small hole in it (in which case you should of course update his position), you would have to send way too many traces to check if player really can see other player.
[QUOTE=marvincmarvin;34211980]Why not use [b][url=http://wiki.garrysmod.com/?title=Entity.FireBullets]Entity.FireBullets [img]http://wiki.garrysmod.com/favicon.ico[/img][/url][/b] for each weapon, and use sin, cos and math.random to generate a end position that simulates recoil and spread making it near impossible to predict.[/QUOTE]
--
Client for sure predicts recoil and you couldn't make it really-random because if you would you would have to wait for server until you receive recoil.
You could use some pseudo-random but this could be re-generated by aimbot.
A thing worth thinking about is sending random seed form server to client that would be used for recoil and such and implement simple PRNG (like linear congruential generator).
The problem with this is that again, you could hook umsg handler, intercept seed and then generate same values.
You just had a huge contradiction in that post. Clientside prediction of bullet spread uses a pseudorandom generated from the seed received in CUserCMD.
Sorry, you need to Log In to post a reply to this thread.
