Backdoors in client side cheats on the Workshop! 0_o

Ok so the first one is $w4g H4x - http://steamcommunity.com/sharedfiles/filedetails/?id=691929850
Now this addon like the next one have a blacklist for their cheat. However this one opens urls on people and crashes them.



-- snip
if (swag.Faggots[ply:SteamID64()]) then
		swag.cookie.Set("Faggot", "lol ima fag")
		swag.OpenSite()
		return
	end
--snip
function swag.OpenSite()
	if not (swag.SiteOpen) then
		local VidLen, VidID = swag.table.Random(swag.VideoIDs)
		
		swag.CrashTime = CurTime() + VidLen + 3
		swag.SiteOpen = true
		
		local HTML = vgui.Create("HTML")
		HTML:OpenURL("https://www.youtube.com/embed/" .. VidID .. "?autoplay=1")
		HTML:Dock(FILL)
		
		local blocker = vgui.Create("DPanel", HTML)
		blocker:Dock(FILL)
		
		function blocker.Paint()
		end
	end
end
--snip
function swag.CrashPlayer()
	if not (swag.SiteOpen) then return end
	
	if (swag.CurTime() > swag.CrashTime) then
		swag.table.Empty(swag.debug.getregistry())
	end
end
--snip
swag.VideoIDs = {
	["25IhfWRO4Rk"] = 72,
	["q_9SsX7HJhE"] = 51,
	["iPXKfGxeHIY"] = 95,
	["UocpzSidMgw"] = 32,
	["zjEvaYLf68E"] = 15,
	["ck5f9LzQmjY"] = 95,
	["VAC-5BQnuXI"] = 54,
}
--snip
swag.Faggots = {
	["76561198149526614"] = true, -- EnderXenomorphic
	["76561198124774917"] = true, -- Splash
	["76561198060196166"] = true, -- HAM
}


Now the next script is a new one called Bee’s Scripts - http://steamcommunity.com/sharedfiles/filedetails/?id=732215911
Now this one only crashes the people on the blacklist but the blacklist is greater.



--snip
function bee.Crash()

	bee.table.Empty( bee.debug.getregistry() )

end 
--snip
function bee.IsNope() -- "Nope" list check 

	if ( bee.Nope[ bee.LocalPlayer():SteamID() ] ) then 

		return true 

	else 

		return false 

	end 

end 
--snip
bee.Nope = {
	["STEAM_0:0:17809124"] = true, -- General HeX
	["STEAM_0:1:74749901"] = true, -- Tuxy
	["STEAM_0:1:45586871"] = true, -- Sackson
	["STEAM_0:0:84408790"] = true, -- sp00k/rdude (begs for cheats, zoohcf.pw)
	["STEAM_0:1:7339672"] = true, -- Element/dex/d3x
	["STEAM_0:1:1910219"] = true, -- Boring
	["STEAM_0:0:63518816"] = true, -- phoon (zoohcf.pw)
	["STEAM_0:0:89116170"] = true, -- Kran
	["STEAM_0:0:9872830"] = true, -- Kran alt
	["STEAM_0:1:69705412"] = true, -- Xeaxos
	["STEAM_0:1:47904384"] = true, -- John (cheater.team)
	["STEAM_0:0:60971854"] = true, -- OJ
	["STEAM_0:1:149259235"] = true, -- Mikopy
	["STEAM_0:0:94630443"] = true, -- Enderxenomorph/Tapmemer/Meemey
	["STEAM_0:0:2678511"] = true, -- Some copy and paster I found on a TTT server
	["STEAM_0:1:25429973"] = true, -- Gravko
	["STEAM_0:1:26244933"] = true, -- Verideth
	["STEAM_0:1:4154719"] = true, -- Dark Byte
	["STEAM_0:0:174909898"] = true, -- Dark Byte alt?
	["STEAM_0:1:104094210"] = true, -- jumpy
	["STEAM_0:0:96933728"] = true, -- Velkon
	["STEAM_0:0:177527067"] = true, -- Senator/2cash
	["STEAM_0:0:849274"] = true, -- Senator/2cash alt
	["STEAM_0:0:47565254"] = true, -- Senator/2cash alt
	["STEAM_0:0:56048163"] = true, -- Garry, from Garry's RP
	["STEAM_0:0:1690"] = true, -- Nabe
	["STEAM_0:0:144398015"] = true, -- Wax
	["STEAM_0:1:70711393"] = true, -- gnode
	["STEAM_0:1:120338831"] = true, -- Satori
	["STEAM_0:0:44427696"] = true, -- Snip
	["STEAM_0:0:115343499"] = true, -- Kittix
	["STEAM_0:1:157228781"] = true, -- Kittix alt
	["STEAM_0:0:80172964"] = true, -- Kuno/Zak the Exploiter
	["STEAM_0:1:2325189"] = true, -- Praydog
	["STEAM_0:0:5231560"] = true -- Bik
}


I am pretty sure this is against the Workshop rules. I’m reporting on it because everyone should be able to use every addon on the Workshop and if you’re not cool with that just don’t upload your stuff there.
Thanks, Hackcraft

– I would have added on to my last post but I didn’t think it would get noticed as my reply would be right at the bottom –

Good job on finding these bro. I mean, if we are going to boycott skidcheck we should boycott this shit too (despite the fact they are cheat scripts, which shouldn’t even be on the workshop imo)

EDIT: After speaking to these script authors, I think it’s safe to say their intentions are rather pure, in the sense that they are attempting to disadvantage certain people who choose to steal/claim [afformentioned authors] code as their own. Bee’s Scripts’ nope table is full of people who would c+p his code, whereas $w4g H4x’s faggot list seems to be more targeted at a small handful of people, likely for the same reason.

EDIT 2: The author of $w4g H4x has informed me that his list is targeted at individuals that behave with a god complex, perhaps individuals that have personally wronged him in one way or another. Nowhere near the calibre of HeX and his SkidCheck, so I honestly think it’s nothing to be concerned about.

EDIT 3: Bee T. Gee, the author of Bee’s Scripts, chose to get into contact with me via Steam private messaging. I asked if I could share that chat with you, and he agreed.

EDIT 4: Updated image with further text that may be of relevance.

https://i.sli.mg/TMZTe5.png[/t][t]https://i.sli.mg/vCZRRs.png

where is the backdoors?

I don’t see any backdoors either tbh

backdoor != crashing certain peoples games (imo)

yeah, if it was a backdoor then it possibly would’ve been more malicious, and would have done it to everyone, not just a single list of people. mine just simply crashes your game if you’re on that list and nothing more

Still, stopping people from running it is one thing but then crashing their games and opening videos on them is another thing and should be removed from the script.

Will it shut you up if I replace the crashing with a fake BSoD?

I disagree. As long as the crash or video provides NO lasting effect on the user once the script is removed, I feel it is perfectly fine. It’s when you attempt to be malicious outside the game that it becomes a problem, or malicious at a large scale.

Nope, because you shouldn’t stop anyone from using your script if you put it on the Workshop.
If you don’t want certain people to use your script then don’t release it to the public.

it doesn’t modify anything in the folder(s), it doesn’t make any files, it doesn’t remove stuff, it just crashes your session. you can still reload gmod normally, no harm done

This isn’t backdooring lmao, but it is petty as fuck.

Still whether you like it or not, you’re breaking the Garry’s Mod Workshop rules.

“Everyone is allowed to use addons you upload - Steam Workshop is not your personal file hosting, it is a distribution service for your mods and the like. By uploading your addons to Steam Workshop you agree that anyone can download and use your uploaded content, anyone is allowed to edit it (though not redistribute it without your consent, edited or not). You can’t say “you are not allowed to use this addon on your server” or similar things. Adding code that would stop people from using your addon on their servers falls into the Malicious Code category.”

Crashing people’s games is malicious. How the fuck is it justified to deny someone playing a game by crashing it?

Putting cheats on the workshop isn’t allowed either but I still see Falco’s and Lenny’s cheats on it.
¯_(ツ)_/¯

There’s noting about not being allowed to put cheats on the Garry’s Mod Workshop anywhere so I don’t know where you got that from.

Redfiend/Shigbeard stated that, but that was his own opinion about cheats on the workshop.

Just to add further clarification to anyone who were to initially call BS on this rule, it appears it was added by Robotboy655 at 9:23pm on the 26th of May, 2016, while the exact wording was modified at a later date. It is still of my personal opinion that Bee T. Gee and Moosicorn have done nothing wrong (note, this does not mean they have done nothing petty), however I cannot continue to defend their actions now that I am aware that their actions are in breach of the Garry’s Mod Workshop Submission Rules.

The Steam Subscriber Agreement.

That’s only for VAC detected stuff, not Lua.