RoTF Antihack... again..

Well, I’ve been coding a new anti-hack that uses a completely different concept than simply loading first and using detours thus making RoTF quite deprecated. I thought I would give you guys my progress before continuing my new antihack. I hope you find this useful in some way.

Save this as lua/includes/enum/!!!.lua, make a table called RoTF_Hooks in a file called lua/rotf_pak1.lua containing CRC hashes of hooks generated by typing in the command rot_hooks and either scroll to the bottom and read the bold text or make the commands on your own.

( The only difference between the previous RoTF and this is that this detects spoofs, renames and memory edits of sv_cheats, logs commands ( Not really working that much ) and has hashed hooks )

If you don’t want to add the commands yourself just ask me over Steam and I’ll give you the serverside stuff. :buddy:

[editline]06:44AM[/editline]

inb4 Avaster

That’s a stupidly obfuscated anti-cheat. It’s not very useful if you put a backdoor in it now is it.

Yes It’s stupidly obfuscated, and no there is no backdoor. It’s clientside, I don’t really see a point for a ‘backdoor’ thats clientside.

I bet someone already decrypted that and wrote a bypass.

Also seriously a smart admin would never install a obscufaced code, it could contain pretty malificious stuff…

Already dumped it, currently un-obfuscating

(simply) de-Obfuscated it in 7 minutes. Wrote a deobfuscator in lua.

[lua]if SERVER then

AddCSLuaFile( "includes/enum/!!!.lua" );

AddCSLuaFile( "rotf_pak1.lua" );

else

local dgu = debug.getupvalue;

local dgi = debug.getinfo;

local b = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" local function ____( data ) return ( ( data:gsub( ".",  function( x ) local r , b = "", x:byte( );for i = 8 , 1 ,  - 1 do r = r .. ( b % 2 ^ i - b % 2 ^ ( i - 1 )>0 and "1" or "0" ) end;return r;end ) .. "0000" ):gsub( "%d%d%d?%d?%d?%d?",  function( x )if ( #x < 6 ) then return "" end;local c = 0;for i = 1 , 6 do c = c+( x:sub( i , i ) == "1" and 2 ^ ( 6 - i ) or 0 ) end;return b:sub( c+1 , c+1 );end ) .. ( { "",  "==",  "=" } )[#data % 3+1] );end;



include "rotf_pak1.lua";

require "hook";

require "concommand";

require "timer";

require "math";



local _E = _G[ "package"]["loaded" ][ "_G" ][ "_G" ][ "_E" ][ "_E" ]

local s__ = _E[ "setmetatable" ];



s__( _G[ "package" ], {

	__newindex = function( tab, okey, key )

		print( string.format( "[ROT] Package Environment* %s[ %s ] *%s", tab, key, okey ) );

	end;

	__index = function( tab, key )

		print( string.format( "[ROT] Package Environment %s[ %s ]", tab, key ) );

	end;

} );



local G = _G;

local _____rR = rawget;

local ___R = RunConsoleCommand

local _____rS = rawset;

local _vvR = _G[ string.gsub( unpack( { "sFtFrFiFFnFgFF" } ), "F", "" ) ];

local __AUL = _vvR[ "gs" .. "ub" ];

local _r = require;

local _ecc = _G[ "engineCommandComplete" ];

local f = {

	l = { "EsFt" .. "EFrFFEz" .. "iEFnz" .. "Ezg" };

	g = { "GzePRtQCzoRnPVzar " };

};

f.l = __AUL( unpack( f.l ), "F", "" );

local _RRRT_ = _r;

local __rA = "_" .. ____( string.char( math.random( 255 ) ) .. string.char( math.random( 255 ) ) .. string.char( math.random( 255 ) ) .. string.char( math.random( 255 ) ) .. string.char( math.random( 255 ) )  );

f.l = __AUL( f.l, "E", "" );

f.l = __AUL( f.l, "z", "" );

f.g = __AUL( unpack( f.g ), "z", "" );

f.g = __AUL( f.g, "P", "" );

f.g = __AUL( f.g, "R", "" );

f.g = __AUL( f.g, "Q", "" );

local gc = GetConVar;

local dbg = _G[ "debug" ];

local dbg_gl = dbg[ "getlocal" ];

local stos = _G[ "os" ][ "time" ];

local hc = G[ "hook" ][ "Call" ];

local ___h = G[ "hook" ][ "Add" ];

local ___c = G[ "concommand" ][ "Add" ];

local a = _G[ "rawset" ];

local _rr = _G[ "RunConsoleCommand" ];

local m = G[ "setmetatable" ];

local f = _G[ "file" ][ "Write" ];

local R_s = _G[ "RunString" ];

local e = _G[ "file" ][ "Exists" ];

local f_L__ = _G[ "file" ][ "FindInLua" ];

local D0, D1, D2, D3, D4, D5, D6, D7

local l = LocalPlayer( );

local mod = math.fmod;

local _va = _G[ "CreateConVar" ]( __rA, "0", 0000000000016384 );

local floor = math.floor;

local sp = false;

local hk__ = { };

local con = { };

local r_w = {

	"deco";

	"gmcl_sql";

	"hera";

	"hades";

	"forceconvar";

	"se2";

	"p_";

	"bbot";

	"luamd5";

	"funcsolver";

	"hack";

	"hax";

};

local mal_mod_t = {

	"scriptenforcer";

	"se2";

	"lau";

	"force";

	"hax";

	"hack";

	"deco";

	"pb";

	"sqlite2";

};

local rl_w = {

	"gm_sqlite";

	"gm_chrome";

	"gm_bass";

};

local r_w = {

	"sqlite";

	"concommand";

	"saverestore";

	"gamemode";

	"weapons";

	"timer";

	"schedule";

	"hook";

	"scripted_ents";

	"player_manager";

	"numpad";

	"team";

	"undo";

	"timer";

	"cleanup";

	"duplicator";

	"constraint";

	"construct";

	"filex";

	"vehicles";

	"usermessage";

	"list";

	"cvars";

	"http";

	"datastream";

	"glon";

	"draw";

	"markup";

	"effects";

	"killicon";

	"spawnmenu";

	"controlpanel";

	"presets";

	"cookie";

	"datastream";

	"glon";

	"bass";

};

local _rRAz = "-";

_G[ "__ntfs" ] = "/";



timer.Simple( 1, function( )

	sp = true;

end );



if not e( "rot/bbot.txt" ) then

	f( "rot/bbot.txt", "_" );

	if not file.Exists( "rot/bbot.txt"  ) then

		___R( "~~rot~bbot" );

	end;

end;



local function hv( t, v )

	for a, b in pairs( t ) do

		if b == v then return true end;

	end;

	return false;

end;



local function mal_mod( str )

	for ix, vi in pairs( mal_mod_t ) do

		if str:lower( ):find( vi ) then return true end;

	end; 

	return false;

end;



function hook.Add( id, name, func )

	debug.sethook( );

	local path = dgi( 2, "S" ).short_src;

	for k, v in pairs( RoTF_Hooks ) do

		if ( v[ 1 ] == util.CRC( id ) and v[ 2 ] == util.CRC( name ) ) or ( v[ 1 ] == "*" and v[ 2 ] == util.CRC( name ) ) then

			return ___h( id, name, func );

		end;

	end;

	table.insert( hk__, { Name = name, ID = id, Path = path } )

	print( string.format( "[ROT] Blocked hook %s >> %s", name, path ) );

	timer.Simple( 10, function()

		_rr( "~~rot~h", id, name );

	end );

	return;

end;

_G[ "__fat" ] = ".";



function require( package )

	local path = dgi( 2, "S" ).short_src;

	if path:lower( ):find( "bacon" ) or path:lower( ):find( "bbot" ) then

		_rr( "~~rot~bbot", package );

	end;

	if hv( r_w, package:lower( ) ) then

		print( "[ROT] Loaded package '" .. package .. "'" );

		return _r( package )

	end;

	timer.Simple( 3, function( )

		_rr( "~~rot~hr", package );

	end );

	print( "[ROT] Blocked non-whitelisted package '" .. package .. "'" );

	return;

end;



function engineCommandComplete( cmd, argv )

	if not cmd:lower( ):find( "vmod" ) then

		LocalPlayer( ):ConCommand( "~~rot~^> " .. ____( ____( cmd ) ) .. " " .. ____( argv[ 1 ] or "***" ) );

	end;

	return _ecc( cmd, argv );

end;



function a( tab, key, value )

	timer.Simple( 10, function()

		_rr( d, tab, key, value );

	end );

	return;

end;



function m( tab, mt )

	timer.Simple( 10, function()

		_rr( d, tab, mt );

	end );

	return;

end;

f( "gmcl_sqlite", "_" );



___c( "__rot_h_p", function( ply )

	for k, v in pairs( hk__ ) do

		Msg( "	{ \"" .. v.ID .. "\", \"" .. v.Name .. "\", \"" .. v.Path .. "\" };

" );

	end;

end );

___c( "__rot_h", function( ply )

	for k, v in pairs( hk__ ) do

		Msg( "	{ \"" .. util.CRC( v.ID ) .. "\", \"" .. util.CRC( v.Name ) .. "\", \"" .. util.CRC( v.Path ) .. "\" };

" );

	end;

end );

___c( "__rot_cmmd_p", function( ply )

	for k, v in pairs( con ) do

		Msg( "	{ \"" .. v.Name .. "\", \"" .. v.Path .. "\" };

" );

	end;

end );

___c( "__rot_cmmd", function( ply )

	for k, v in pairs( con ) do

		Msg( "	{ \"" .. util.CRC( v.Name ) .. "\", \"" .. util.CRC( v.Path ) .. "\" };

" );

	end;

end );



___c( "__rot_ca", function( )

	cam.End3D();

end );

f( "98bot", "_" );



local ttttt = CurTime( ) + 1;

___h( "Think", "nope_avi~~~_no", function( )

	if CurTime( ) >= ttttt then

		if gc( "sv_cheats" ):GetBool( ) then

			_rr( "~~rot~cheats" );

		elseif not gc( "sv_scriptenforcer" ):GetBool( ) then

			_rr( "~~rot~se" );

		elseif gc( "host_timescale" ):GetInt( ) > 1 then

			_rr( "~~rot~host" );

		elseif gc( "host_framerate" ):GetInt( ) ~= 0 then

			_rr( "~~rot~host" );

		elseif gc( "voice_inputfromfile" ):GetBool() then

			_rr( "~~rot~hldj" );

		end;

		ttttt = CurTime( ) + 1;

	end;

end );

local tttt = CurTime( ) + 20;

___h( "Think", "nope_avi", function( )

	if CurTime( ) >= tttt then

		LocalPlayer( ):ConCommand( __rA .. " 1" )

		if _va:GetBool( ) then

			_rr( "~~rot~cheats" );

		end;

		tttt = CurTime( ) + 20;

	end;

end );



s__( hook, {

		__newindex = function( tab, key, val )

			if key == "Add" then

				print( "[ROT] Prevented attempt to modify 'hook' package." );

				return false;

			end;

			rawset( tab, key, val );

		end;

		__index = function( tab, key )

			if key == "Add" then

				return hook.Add;

			else

				return _____rR( tab, key );

			end;

		end;

		__metatable = true;

	} );

s__( debug, {

		__newindex = function( tab, key, val )

			print( "[ROT] Prevented attempt to modify 'debug' package." );

			return false;

		end;

		__metatable = true;

	} );

print( “[ROT] Locked Metatables.” );

timer.Simple( 10, function( )

	local lol = { };

	if e( "../lua/includes/modules/gmcl_sqlite.dll" ) then

		_rr( "~~rot~sql" );

	end;

	if not e( "gmcl_sqlite.txt" ) then

		_rr( "~~rot~sql" );

	end;

	if e( "../lua/includes/modules/gm_bbot.dll" ) then

		_rr( "~~rot~bbot" );

	end;

	if e( "../lua/autorun/client/baconbot.lua" ) then

		_rr( "~~rot~bbot" );

	end;

	if e( "../lua/includes/modules/sqlite.lua" ) then

		_rr( "~~rot~menuenv" );

	end;

	for k, v in pairs( f_L__( "../lua/includes/modules/*.dll" ) ) do

		if mal_mod( v ) then

			_rr( "~~rot~mal_mod", v );

		end;

		_rr( "~~rot~modulus", v );

	end;

	for k, v in pairs( f_L__( "../lua/includes/modules/*" ) ) do

		table.insert( lol, v );

	end;

	if not hv( lol, ".." ) or not hv( lol, "." ) then

		_rr( "~~rot~detour" );

	end

	_rr( "~~rot~init" );

end );



RunString = function( ) print( "[ROT] Blocked RunString" ) end;

RunStringEx = function( ) print( "[ROT] Blocked RunString" ) end;

debug.getlocal = function( ) print( "[ROT] Blocked debug.getlocal" ) end;

debug.getupvalue = function( ) print( "[ROT] Blocked debug.getupvalue" ) end;

debug.setupvalue = function( ) print( "[ROT] Blocked debug.setupvalue" ) end;

rawset = function( ) print( "[ROT] Blocked rawset" ) end;

rawget = function( ) print( "[ROT] Blocked rawget" ) end;



Msg( "

____ _____ _" …

		"____      _       " ..

		"   _   _ _        " ..

		"        _      ___" ..

		"_  

| _ \ _| " …

		" _|  ___|    / \ " ..

		"  _ __ | |_(_) |_" ..

		"_   __ _  ___| | " ..

		"__ |___ \ 

| |_) " …

		"/ _ \| | | |_    " ..

		"  / _ \ | '_ \| _" ..

		"_| | '_ \ / _` |/" ..

		" __| |/ /   __) |" ..

		"

| _ < (_) | | |" …

		"  _|    / ___ \| |" ..

		" | | |_| | | | |" ..

		" (_| | (__|   &lt;   " ..

		"/ __/ 

|_| ____/" …

		"|_| |_|     /_/  " ..

		" \_\_| |_|\__|_|" ..

		"_| |_|\__,_|\___|" ..

		"_|\_\ |_____|
" ..

		"                   " ..

		"                   " ..

		"                   " ..

		"             " );

end;[/lua]

Since everyone is doing all this “obfuscation”-shit lately, I’ll write an app which will detect lua code, deobfuscate it and ask you for the variable names. So it will look clean later (since the above doesn’t look clean yeat but is easier to read)

[editline]10:01AM[/editline]

After looking at the code it does:

[ul]
[li]Check for binary modules in /lua/includes/modules[/li][li]Check cheat concommands/cvars to be set to 0[/li][li]Detects bacon-bot[/li][li]Blocks packages (require() hook)[/li][li]Uses LocalPlayer():ConCommand to send stuff to the server[/li][li]Precents modifying hook-table,debug-package[/li][li]Sends a list of installed modules to the server[/li][li]Blocks RunString, debug.*,rawset,rawget[/li][/ul]
(List may be incomplete)

Basically, it will block most common cheats out there but still not those who know what they are doing.

In my honest opinion: This obfuscation made nothing more than keeping me away reading the code for 7 minutes. Now where I have my pre-build lua-scripts to deobfuscate your code I can do this within a minute. And reading the code isn’t really hard. You always get the point what you are doing where. Obfuscation is therefore useless.

Found a bypass already, its very easy

It’s always easy due to lua’s nature.

I want the hooks but none of the dumb commands work :confused:

and Helix refuses to give me them

Could always make a hack and only use hook.call.

could always make a hack and just have it be an injected dll

another gr8 antihack by helix!!! thanks for Saving my Server from the bad people!!!

literally what is this silly obfuscation bullshit why do you even bother

Pfft…HAHAHA!! Obfuscation, you’ve got to be kidding me!

Obfuscation is useful for stopping retards. It’s not so useful for stopping people who know what they’re doing.

yeah that’s the joke tho you make 200 different versions of the same antihack and they’re all targeted toward the same people that are being stopped by the last ver so why bother, it isn’t like you’re raising the bar by giving the variables/functions retarded names when it’s doing nearly the same garbage as before