• Help protect the server from Script hook cl
    11 replies, posted
Please explain to me how to protect the server from people, the server hook, I do not really understand the Lua scripts and for this I ask for help from those who know) Sorry for writing errors from Google Translite
Translite, that's a new one sv_allowcslua 0 would be my best guess at what youre asking for
Will not help Since there is a Hook.dll Through inject
then you have someone in your team or someone access to your server files. Doing a DLL inject in the server just as a normal player would mean they actually hack your server. And no one takes that effort for a gmod server...
I have no backdoor, etc This is the leak of the gmod lua game itself
quite a bad excuse. if gmod would have a exploit that simple to use, by just injecting a DLL in a server, gmod would be in ALOT of trouble. You should consider that you have a backdoor installed, or someone in your team thats leaking access
Nope, people can actually steal all clientside stuff from the server using scripthook. You download client stuff and using this programm can encrypt contain of theese files. You can steal the HUD, menus, etc. This guy is asking for protection methods from his server is being scripthooked (and yes, they are exists)
you do know that when you join a sever you PURPOSFULLY download the Hud files, menus etc, everything thats clientside? and you can easily look into these files
i dont know a whole lot about this so im probably wrong with some things, but heres some stuff: when you join a server, any "shared" or "client" file is automatically downloaded to the client so they can run it. these files stay in the lua cache, though encrypted, of every player. however, theres a very basic, very open program that decrypts these files, allowing you to see them for what they are. here's where i start getting unsure about stuff: injectors can be used by certain malicious people to run lua and find files. logically, its much easier to do this if the person has access to the login. as far as i know, this doesnt just happen, so "This is the leak of the gmod lua game itself" is just false.
As far as I know, by default this files are encrypted and you just "can't easily look into theese files", you still need to encrypt them. And if I remember right, in the latest gmod update devs are changed encryption for clientside files (and I guess now someone find method how to encrypt this files again) I don't know for sure, but you can even create your own encryption method (ip - octothorp.team:27017, not tested) or clear client cache on player loaded (ip - nxserv.us:27015, not tested too).
They did change the algorithm in one of the most recent updates. I haven't seen anyone who has figured it out yet but i can't imagine it will be long before they do.
It's not rocket science. Before the update the first 4/5(cant remember) bytes were garbage and could be thrown away, the rest was just an LZMA archive. The new format just makes it so instead of the first 4/5 bytes getting thrown away, the first 32 bytes get thrown away. Then you can just extract it as an LZMA like normal
Sorry, you need to Log In to post a reply to this thread.