Need help on Anti-Cheat

Hey Guys, i need some help on my anticheat.

The problem is is that it isn’t banning, no Lua errors or such. I replaced the ban function with the darkrp notify function and that gave me a message, when i had unsynched cvars.

config.lua



----------------------------------------
-- Config                             --
----------------------------------------
-- "true" means yes, "false" means no.


local BanOnDetect = true -- Ban when detected?
local CrashOnDetected = true -- Crash Client when detected?
local whitelist = false -- Use Whitelist, can be used to prevent admin banning.
local BanTime = 0 -- 0 means permanent, everything else is measured in minutes.
local KickOnDetect = false -- Kick when detected? If this is enabled, disable BanOnDetect.

----------------------------------------
-- Banning sytem. Set 1 to true only. --
----------------------------------------

local UlxBan = true -- Use ULX Bans
local NormalBan = false -- Use the normal, built in Ban function.

--------------------------------------------------
-- Whitelist - Enter SteamID's not to ban here. --
--------------------------------------------------

-- NOTE!: If you want to add more SteamIDs it should look like this:
-- 	whitel = {
--		"STEAM_0:1:13123123" = true,
--		"STEAM_0:1:13123123" = true,
--		"STEAM_0:1:13123123" = true
--  }

-- In other words, the last SteamID shouldn't contain a comma.
	

if (whitelist) then
	whitel = {
		"STEAM_0:1",
		"STEAM_0:1"
	}
end


print("Razor AntiCheat Config loaded")


core.lua



include("config.lua")

-- Don't edit anything here, unless you know what you're doing.

-- Ban function --

local function ondetected(p, reason)
	if (whitelist) then
		if (table.HasValue(whitelist, p:SteamID())) then return end
	end
	if (BanOnDetect) then
		if (UlxBan) then
			RunConsoleCommand("ulx", "banid", p:SteamID(), BanTime, reason)
		end
		if (NormalBan) then
			p:Ban(BanTime, reason)
		end
	end
	if (CrashOnDetected) then
		p:SendLua("cam.End3D()")
	end
	if !(BanOnDetect) and (KickOnDetect) then
		p:Kick(reason)
	end
end

-- Check Convars

local function check()
	-- Check sv_cheats
	for k,p in pairs(player.GetAll()) do
		if p:GetInfo("sv_cheats") != GetConVarNumber("sv_cheats") then
			ondetected(p, "Recieved unsynched CVar: sv_cheats")
		end
	end
	-- Check sv_allowcslua
	for k,p in pairs(player.GetAll()) do
		if p:GetInfo("sv_allowcslua") != GetConVarNumber("sv_allowcslua") then
			ondetected(p, "Recieved unsynched CVar: sv_allowcslua")
		end
	end
	-- Check host_framerate
	for k,p in pairs(player.GetAll()) do
		if p:GetInfo("host_framerate") != GetConVarNumber("host_framerate") then
			ondetected(p, "Recieved unsynched CVar: host_framerate")
		end
	end
	-- Check host_timescale
	for k,p in pairs(player.GetAll()) do
		if p:GetInfo("host_timescale") != GetConVarNumber("host_timescale") then
			ondetected(p, "Recieved unsynched CVar: host_timescale")
		end
	end
	-- Check r_drawothermodels
	for k,p in pairs(player.GetAll()) do
		if p:GetInfo("r_drawothermodels") != GetConVarNumber("r_drawothermodels") then
			ondetected(p, "Recieved unsynched CVar: r_drawothermodels")
		end
	end
end

local function checktimer()
	timer.Simple(10, function()
		local first = false
		check()
		checktimer()
		print("Running ConVarCheck")
	end)
end

checktimer()


print("Razor Anti-Cheat loaded!")


This is funny.
Use QAC.

Yeah awesome, “special” people are allowed to cheat. That makes me want to play on servers that use this sooo much.

Maybe you should fix the design of your anti cheat before trying to code it.

wat. I don’t even have to worry about my Lua haxs is getting detected.
Serious I made a sv_allowcslua and sv_cheats bypasser that doesn’t change it values.
My fucking bypasser bypassed your anti cheat wtf…

Ladies and gentleman, I give you: Two hours ago.

http://puu.sh/8JK0K.png

top notch anticheat here watch out guys

I’m fairly certain this would eliminate the majority of mpgh skids.

I fail to see how insulting OP for trying with his knowledge warrants anything even though the code isnt the best.

A few things OP:

Localize everything client-side. Do not let them over-write it.

User GetConVarString, not Number. Number returns inaccuracies sometimes.

Dont run a timer to check, use cvar.AddChangeCallBack()

dont use SH, just use sv_ and cl_.

depending on how sophisticated you want this to be, this will suffice, though, RunConsoleCommand(=“string”>“ulx”,

what is this even. =“string” ?

The way that FP parses code messes up sometimes. Somtimes you will see ‘Keyword’=> operators everywhere. Just pretend it’s not there.

Facepunch syntax highlighter shitting itself.

public bypasses posted, at this point qac is made to get rid of skids, not actual cheaters

Anyway, thank you for your ac.

You’re using locals in another scope, so they won’t exist in core.lua, try:

[lua]
BanOnDetect = true – Ban when detected?
CrashOnDetected = true – Crash Client when detected?
whitelist = false – Use Whitelist, can be used to prevent admin banning.
BanTime = 0 – 0 means permanent, everything else is measured in minutes.
KickOnDetect = false – Kick when detected? If this is enabled, disable BanOnDetect.
[/lua]

And I don’t even know where to begin with this area, including how you aren’t getting any errors:

[lua]
=“keyword”>if (BanOnDetect) then
if (UlxBan) then
RunConsoleCommand(=“string”>“ulx”, “banid”, p:SteamID(), BanTime, reason)
end
if (NormalBan) then
p:Ban(BanTime, reason)
end
end
[/lua]

Did you mean?

[lua]
if (BanOnDetect) then
if (UlxBan) then
RunConsoleCommand(“string”, “ulx”, “banid”, p:SteamID(), BanTime, reason)
end
if (NormalBan) then
p:Ban(BanTime, reason)
end
end
[/lua]

Seems as though you got this pretty useless anti-cheat from somewhere else.

That



= "string">


is just Facepunch’s code parser being broken. His code he pasted is exactly yours if you leave out the 1st parameter in your console command and ignore the parser errors.

There is no clientside part in his code, why would he fully prevent overwrites on the client ?
That doesn’t help fighting cheaters at all and will break a lot of code and gamemodes, since overwrites are often the only way to achieve stuff.
Why would he use cvar.AddChangeCallback to determine when to run the check ?
It would be pretty stupid.
Only running the check when a convar like sv_cheats changes it’s value seems pretty dumb to me.
His code isn’t shared. At all. No AddCSLuaFile is involved in the code he posted, and it doesn’t sent the client anything except something that makes him crash at the detect function via SendLua.
If you haven’t understood it yet, his hole script is serverside.

And now op, let me explain to you why it isn’t banning anyone.
It isn’t banning because ply:GetInfo is pretty limited thus you aren’t even getting any detections.
It only works for convars registered with FCVAR_USERINFO.




] lua_run print(player.GetAll()[1]:GetInfo("sv_cheats"))
> print(player.GetAll()[1]:GetInfo("sv_cheats"))...

] lua_run print(player.GetAll()[1]:GetInfo("sv_allowcslua"))
> print(player.GetAll()[1]:GetInfo("sv_allowcslua"))...

] lua_run print(player.GetAll()[1]:GetInfo("sv_cheats"))
> print(player.GetAll()[1]:GetInfo("sv_cheats"))...

] lua_run print(player.GetAll()[1]:GetInfo("sv_cheatsa"))
> print(player.GetAll()[1]:GetInfo("sv_cheatsa"))...

] name
"name" = "Leystryku" ( def. "unnamed" )
 archive server_can_execute
 - Current user name
] lua_run print(player.GetAll()[1]:GetInfo("name"))
> print(player.GetAll()[1]:GetInfo("name"))...
Leystryku



And try to refrain from using the RCC method to run ulx’s commands, the functions were made for a reason, so go on with a good example and use them like you should, instead of using RCC like most others.
Your idea with the serverside convar value getting is good though, but you need a module for that.
I remember bluekirby once made one, and sourcenet had the ability too.
Don’t worry about people using FCVAR_SERVER_CAN_NOT_QUERY since his module will tell you if someone does that, and if someone does that he’s trying to hide it thus he’s cheater.

edit: found it for you, http://forum.facepunch.com/showthread.php?t=1311304&highlight=

I recommend you using the method Leystryku posted, because that’s pretty much how SMAC (“top” fully-serverside sourcemod anticheat) does it.

You may also take a look at other open-source anticheats’ serverside parts sources for more info.

true means yes, false means no, okay…

the table is whitel, whitelist is the bool