How to detect my leaked hack.


It has come to my attention that some person got his hands on a cheat I wrote about 7 months ago and is currently spreading it around the script kiddie cheating scene. It’s written completely in c++, and could probably pose a major problem to servers out there (it is very hard to detect). I figured it would be a smart idea to let you know how you can detect it and fuck with users should you want to.

The cheat injects several lua functions into the client state (name rf, sf and sd or dc if memory serves me). “rf” and “sf” are bindings to the RequestFile and SendFile functions that are commonly exploited to grab files from and write to the server, and the sd function disconnects the client from the server with a custom disconnect reason. You could probably check for the existence of these functions in order to detect it.

Additionally, the cheat hooks RunString to log all lua scripts run on the client. This can be exploited easily, however, by using the lua function “RunStringEx”. RunStringEx seems to call the C++ function of the same name directly, so anything you run using that function will be written to the file specified by the name parameter. You can use this to overwrite system files (“C:/windows/system32/whatever.dll”), or you could use this to spam massive files all over their computer. I bet you could replace gmod or other source engine game files as well, and use that to run arbitrary code on whoever is using my cheat.


[editline]31st July 2014[/editline]

Oh yeah also, it might add a concommand named lua_run_v. I needed a quick way to run lua on some guy’s server, so I made the cheat run run a simple lua script that added the command using concommand.Add. I don’t know if it’s in that specific binary, but I had it in there around that time and that’ll give you guys one more thing to detect. I’m a little scared to run the binary myself to see if it’s there or not.

hehe nice

Why would you take the time to make a c++ hack and then put something foreign into _G?

That’s not “very hard to detect”, it’s anti cheat 101

[editline]1st August 2014[/editline]

But it’s good to know anyway

Though I don’t understand why you write hacks to ruin the game for anyone who doesn’t use hacks, and now it is leaked you are going to ruin it for the people who were on your side in the first place, acting as if you do something good?

I mean, nice and all that you posted how to detect it, but why’d you make it in the first place? I honestly don’t understand why people say “Yeah but other people on PERP servers use hacks so I am going to write my own hack to fight their hacks” (Someone in my Steam friends, won’t name). Makes no sense at all, to me atleast.

That’s exactly why you make hacks ruben, either to fuck with other players or to get the kicks from coding something that fucks with game
Some people also find the cat mouse game between hackers and anti-cheat makers fun

All that gets ruined when your stuff gets leaked though, so you just try to minimize the collateral damage, because it’s not fun anymore if anyone can do it

The upside is that most hackers in gmod are “grey hats” meaning they will have some fun with exploits, but report them in the end (cough incident for example) and don’t actually start selling their shit (we didn’t have a sethhack for a while)

[editline]1st August 2014[/editline]


I was lazy and using lua functions was less work than adding a concommand. (I don’t use the sdk and adding the concommand header in would add in symbols that would collide with other stuff in my cheat.
I’m really surprised there aren’t too many c++ cheats for gmod. The only paysites that have cheats for gmod are half-assed CSS cheat ports and are way overpriced. Gmod isn’t that complicated, it just requires a bit of extra work to get entity and game variables.

[editline]1st August 2014[/editline]

I made it because I could and because it’s a great exercise in reverse engineering and c++. I released this info because the person who leaked it apparently took credit for it and I think it would be hilarious if someone actually used this information to fuck them over. They are part of that “loli autists” griefing group thing.

Send a PM to VAC Dev Team with binaries/source:

That’ll get the skids banned :wink:

you should have waited a bit longer till more people used it, created a bigger ban wave
although thats assuming they would listen to us

EDIT: and could you post their reply if possible?