Most hackers these days can literally do ANYTHING these days. From slapping people around to banning everyone on the server.
[QUOTE=angelbill5914;42081821]Most hackers these days can literally do ANYTHING these days. From slapping people around to banning everyone on the server.[/QUOTE]
No, they can't do everything. They can only do the things that we let them to. That's why we have anticheats, and when that fails, admins.
You obviously didn't get attacked by hackers. It doesnt matter if you have an AntiCheat on, they are bypassing the security of your files by hijacking in the info that get sends from server to client. They can easily turn off your AC and then ruin your whole server.
Also Admins do not help at all in this situation. No matter how much you ban them, as soon as thy connect to the server they can crash it down and then ban each admin on. Every server is vulnerable.
How could they connect if they are banned?
[QUOTE=Noi;42062935]what are server admins for?[/QUOTE]
to ban you for not agreeing with them
[QUOTE=XenoCrab;42083752]to ban you for not agreeing with them[/QUOTE]
^
LOL
That happens only on severs with 12 year old admins.
or you as an admin
It's your responsibility to ban hackers from your server, unless you have a good Anti Cheat to detect and ban hackers.
There's already a (pubic, paid) hack that bypasses VAC, etc. It doesn't use LUA either, so I guess we're going to be filled with hackers again.
[QUOTE=Brojo;42087893]There's already a (pubic, paid) hack that bypasses VAC, etc.[/QUOTE]
Or does it? :wink:
VAC in GMod is quite misunderstood.
[QUOTE=Brojo;42087893]There's already a (pubic, paid) hack that bypasses VAC, etc. It doesn't use LUA either, so I guess we're going to be filled with hackers again.[/QUOTE]
It wouldn't matter if the bypass isn't lua, the hackers are going to be running lua anyways. Good admins are and always will be the best, anticheats will always be a cat and mouse game.
[QUOTE=Pandaman09;42088762]It wouldn't matter if the bypass isn't lua, the hackers are going to be running lua anyways. Good admins are and always will be the best, anticheats will always be a cat and mouse game.[/QUOTE]
Yep, I agree.
[QUOTE=da space core;42059607]If it exists, it can be hacked. Please give me one exception.[/QUOTE]
My standalone computer
(Unnetworked completely, loaded with no OS or memory)
[QUOTE=Brojo;42087893]There's already a (pubic, paid) hack that bypasses VAC, etc. It doesn't use LUA either, so I guess we're going to be filled with hackers again.[/QUOTE]
a pubic hack?
[QUOTE=Milkshaker;42089256]My standalone computer
(Unnetworked completely, loaded with no OS or memory)[/QUOTE]
the pentagon a few years ago had their own networks (which was disconnected physically from the internet) hacked anyways. there is no safety from hacking.
if there is a public hack, it wont last long. the bigger they come, the harder they fall. just look at what happened to sethhack.
[QUOTE=Pandaman09;42088762]It wouldn't matter if the bypass isn't lua, the hackers are going to be running lua anyways. [/QUOTE]
Couldn't they just use the engine function's signatures to create a hack without needing to interact with lua at all?
[QUOTE=angelbill5914;42083358]You obviously didn't get attacked by hackers. It doesnt matter if you have an AntiCheat on, they are bypassing the security of your files by hijacking in the info that get sends from server to client. They can easily turn off your AC and then ruin your whole server.
Also Admins do not help at all in this situation. No matter how much you ban them, as soon as thy connect to the server they can crash it down and then ban each admin on. Every server is vulnerable.[/QUOTE]
Any well coded anticheat will have checks on the server to find out if the client has loaded the anti cheat. I think what you are talking about is DataPacket injection (I don't know if you can still do that in Gmod13...)
It is clear you don't actually know what you are talking about...
[QUOTE=bliptec;42089931]Couldn't they just use the engine function's signatures to create a hack without needing to interact with lua at all?[/QUOTE]
I have been writing a hack in full c++ (challenge, hasn't really been done, can be used in multiple games, etc), and can confirm that you don't [I]need[/I] to interact with lua for the hack to work, but you probably will. For mostly everything I have done, I have been fine using only engine functions. You can get player info, bone positions, bounding boxes, etc from the engine fairly easily. The challenge comes when you want to access information that is only accessible through lua. Take, for instance, a lua entity's class name, or a weapon's spread. These values are stored in lua, and require you to interact with the lua stack in order to retrieve them. I am not experienced with manipulating the lua stack, so I pretty much just plain call functions like Entity() and GetClass() without any sort of roundabout way, like copying the functions to a separate, hidden global table. This interaction with lua could make a hack detectable by an anticheat, but to date no one has managed to catch me. I'm currently working on an overlay system, so soon not even screenshots will be able to detect me.
[editline]5th September 2013[/editline]
[QUOTE=dingusnin;42090046]Any well coded anticheat will have checks on the server to find out if the client has loaded the anti cheat. I think what you are talking about is DataPacket injection (I don't know if you can still do that in Gmod13...)
It is clear you don't actually know what you are talking about...[/QUOTE]
Lua anticheats rely on two things; load priority and secret detection methods. Loading before server scripts is easy if you know anything about how garry loads lua scripts, and actually is something I had to design out in the part of my hack that replicated the autorun folder. Once a cheater gets load priority, he can copy functions, hook functions, and do pretty much anything he wants to pull a veil over the anticheat's senses. The only thing it can then rely on are secret methods that the cheat writer wouldn't think to look for (which wouldn't stay secret for long considering how easy it is to dump clientside lua using the same method).
[editline]5th September 2013[/editline]
[QUOTE=Brojo;42087893]There's already a (pubic, paid) hack that bypasses VAC, etc. It doesn't use LUA either, so I guess we're going to be filled with hackers again.[/QUOTE]
There is no need to bypass VAC. I can't confirm directly what it does and doesn't do in gmod, but I know for a fact I have done things that would have been detected in CSS or TF2 that haven't resulted in a VAC ban.
Also, as far as I'm aware, I'm the only one with a non-lua cheat (I know of one other person who is going to embark on that road, but that person's cheat probably won't be suitable for release in many months). There are a number of things that are different in gmod that would prevent a would-be cheater from being able to just study darkstorm's source or something and try to write a full c++ cheat for gmod, so I highly doubt there will be a threat of a public c++ cheat coming anytime soon.
[QUOTE=bliptec;42089931]Couldn't they just use the engine function's signatures to create a hack without needing to interact with lua at all?[/QUOTE]
Because people who use public hacks know how to do that, most cheats involve some sort of enabling method, which can easily be detected.
[QUOTE=tie3re;42084429]^
LOL
That happens only on severs with 12 year old admins.[/QUOTE]
because every fucking admin happens to be 12 years old
[QUOTE=BRS;42094451]because every fucking admin happens to be 12 years old[/QUOTE]
Not me. But I have no ban powers, so I end up being useless anyways.
[QUOTE=SashaWolf;42090269]Also, as far as I'm aware, I'm the only one with a non-lua cheat (I know of one other person who is going to embark on that road, but that person's cheat probably won't be suitable for release in many months). There are a number of things that are different in gmod that would prevent a would-be cheater from being able to just study darkstorm's source or something and try to write a full c++ cheat for gmod, so I highly doubt there will be a threat of a public c++ cheat coming anytime soon.[/QUOTE]
LuaStoned's SourceHook has been multi-game for over a year (including GMod iirc) without lua
[media]http://www.youtube.com/watch?v=NUx8OFW8nLg[/media]
There will always be cheaters in every game you run across. Good admins and detection system can slow them down however.
I've been catching cheaters on HG's servers and adding them to the KAC Global Banlist.
Actually if you change some simple things around you can make it so it sends the reports to your own server or even a random one so api.garrysmod does not receive it at all. Garry needs to learn ASM and find out his own XOR.
Does Kigen's AntiCheat work on GMOD or does it need some modifications?
Whenever there is a mismatch between client-sided LUA on the hackers machine and what the server intends to run it gets sent to Garry.
Since GMod is filled with scripts and whatnot, the only way for Garry to ban hackers (cheating script kiddies is a nicer fit term) is to review certain patterns collected from GMod users and notes sent to him about hackers on various servers. Once he reviews the problem, he can make the executive decision to ban certain users that have exploited a server's client sided functionality.
However, I would like to point out that if you properly write a gamemode or addon, it would be unhackable. The key is to not trust the client-sided lua code with certain things. This is where the key difference between init.lua and cl_init.lua comes in...
[editline]9th September 2013[/editline]
This is strictly for lua hackers, ofc
[QUOTE=angelbill5914;42120621]Does Kigen's AntiCheat work on GMOD or does it need some modifications?[/QUOTE]
The public version of KAC does not support GMod anymore since SourceMod removed their support.
Regardless, I have developed some anti-cheat capabilities on GMod. And have been adding people caught to the global banlist. I plan to release something so people can use the global banlist for now until I release a more comprehensive solution.
Can't hackers just hijack the database and unban everyone?
[QUOTE=angelbill5914;42137967]Can't hackers just hijack the database and unban everyone?[/QUOTE]
No. They can't do that with the KAC global banlist. The global banlist is far removed from their control. Even if they gain complete control of your server. The only thing they can do is try to interfere with the plugin on your server. But that wouldn't affect the global banlist or any other server using it.
[QUOTE=SashaWolf;42090269]
Also, as far as I'm aware, I'm the only one with a non-lua cheat (I know of one other person who is going to embark on that road, but that person's cheat probably won't be suitable for release in many months). There are a number of things that are different in gmod that would prevent a would-be cheater from being able to just study darkstorm's source or something and try to write a full c++ cheat for gmod, so I highly doubt there will be a threat of a public c++ cheat coming anytime soon.[/QUOTE]
No you're not. I'm not going to name the hacking website but it's one of the major ones. You use their loader to inject the hack if you have a subscription to it. - It's already for sale, has been for weeks.
[url]http://i44.tinypic.com/28wcgzl.jpg[/url]
Sorry, you need to Log In to post a reply to this thread.
