[Mainly GarrysMod] Steam Id Cloner/Changer ?

(This is mainly towards GarrysMod) Hello I am wondering if it was possible to somehow clone your steam id to another one upon the server requesting your id? I know that you can use a C++, C#, Visual Studio to force server variables for example is: Sv_allowcslua or Host_timescale. Here is a piece of code is visual studio as a example that forces sv_allowcslua.


Public Class Form1

    Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click

        Dim bypass As String = TextBox1.Text

        Try

            WriteInteger("hl2", &H1DC58648, bypass) ' hl2 = the process name and 1DC58648 = the sv_allowcslua value for the current update I am using
        Catch ex As Exception

        End Try


    End Sub

Screenshot of program: http://prntscr.com/1aiyy5

If you are able to force things like that is it possible in any way to trick the server or clone your steam id to something that is isn’t?

Sorry if I seen like a complete idiot asking but I am very curious.

Btw im not asking how to do this or what the code is to do this, just is it possible to change or clone your steam id? I made the code above quickly for a example not to give away “cheats” its just an example.

Uh… I don’t think cheating is that supported around here, sorry.

Also that code is terrible, why would you use VB to cheat? :v:

Its not for cheating, i just quickly typed it up for an example. As i am just wondering if it is possible? Not asking how to or what the code is. simply is it possible?

You just quickly typed it up? With the memory address for the sv_allowcslua cvar value, too?

Not for cheating? Please tell me any practical use spoofing your steam ID has.

The reason I used the sv_allowcslua value is because you can go in single player toggle it on and off a couple time and get the value in about 1-2 minutes. And Steam Subscriber States:

And the question of “Is it possible to spoof a steamid?” Doesn’t seem to create a unfair environment or classify as cheats. And please remember this is simply just a is it possible?

No one would spoof a steamid for any reason other than cheating. Or lying about who you are.

People, people im just asking a question of my curiosity if you would like to point me to steam or another forum to ask the question please do. This is just a QUESTION come on im just wondering if its possible… Simple yes or no would greatly be appreciated.

Jesus, using static addresses for forcing allowcslua has to be the worst possible way I have ever seen bypassing lua restrictions done.

As for your original question, there was a program that did this called Serenity. According to Voided in the original thread talking about it (It’s not hard to find, but I cba to link it) the vulnerability was in the auth packet that is sent to the server. Serenity allegedly worked by replacing the auth packet with packets stolen from players as they joined entered malicious servers that logged the auth packets and uploaded them to a database that the Serenity client would then use to spoof steamids. No one except the creator claimed that this vulnerability was patched, so me an Oubliette tried finding the function used to send said packets and try to spoof them that way. We were able to find the function that sends the packets by using both a certain string and the leaked 2007 sdk, but as of me last trying, I have not been able to get the vulnerability to work. I didn’t do too thorough of a job, so anyone reading this with a bit of reversing skill, try finding the function that the engine uses to get a player’s userID (the function in the leaked SDK appeared to send that). Alternately, I think you could hook the function in INetChannel that sends netmessages and look for data that contains it. If anyone wants to try doing it again with me, feel free to PM me.

I should also add that people might seem like they are doing SteamID spoofing when they rejoin your server after they get banned. Usually, they just have alternate accounts.

Also, to the guy below me, you clearly do not know what you are talking about. Garry’s Vac does not automatically ban for things that Vac in games like CSS does. In garrysmod, it seems to only ban certain blacklisted files.

Yes it is possible. No don’t do it because it’s VAC bannable.

Thank you SashaWolf. As that answers my question thats all I needed. Have a good day Sasha.

[editline]17th June 2013[/editline]

Thank you as well for answering my question.