SpoofStop

Yes the gay name is intentional. Anyway new steam id spoofing exploit, this is an anti script etcetera etcetera.

Will need a steam client running + This module

[lua]
local SpoofStop = {}

//-----------Settings-------\ //----------------------------------------------------------------------------------
SpoofStop.FullControl = false // If the steam community is down, our script stops functioning. If this is true,
// SpoofStop will shut down the server. If not, it will just give out a warning.
//----------------------------------------------------------------------------------
SpoofStop.Ban = true // Clients that have spoofed Steam IDs get banned. If false, they get kicked.
//----------------------------------------------------------------------------------
SpoofStop.BanTime = 60 * 24 // Clients that have spoofed Steam IDs get a day ban by default.
//----------------------------------------------------------------------------------
SpoofStop.IPAddress = “127.0.0.1” // Enter IP Address of your server here.
SpoofStop.Port = “27015” // Enter port of your server here.
//---------------------------\ //----------------------------------------------------------------------------------

//CREDITS:
//Me
//Teddi Orange
//Chrisaster for his Lua binding

//Do not edit below unless you know what you’re doing.

require(“steamworks”)

if(!steamworks) then print("|=======================================|") // Don’t you just love fancy error messages
print("| WARNING. |")
print("|=======================================|")
print("| Steamworks not found |")
print("| SpoofStop not loaded |")
print("|=======================================|")
return
end

local steamClient = steamworks.ISteamClient(7)

if(!steamClient) then print(“SpoofStop failed to initialize.”) return SpoofStop.Shutdown() end

local pipe = steamClient:CreateSteamPipe()

if(!pipe) then print(“SpoofStop failed to detect Steam running.”) return SpoofStop.Shutdown() end

local suser = steamClient:ConnectToGlobalUser(pipe)
local steamUser = steamClient:GetISteamUser(suser, pipe, 12)
local steamFriends2 = steamClient:GetISteamFriends(suser, pipe, 2)
local steamFriends5 = steamClient:GetISteamFriends(suser, pipe, 5)

if(!steamUser || !steamFriends2 || !steamFriends5) then print(“SpoofStop failed to detect Steam running.”) return SpoofStop.Shutdown() end

hook.Add(“PlayerAuthed”, “SpoofStop_PlayerAuthed”, function(ply, steam, uid)
local accountid = (((tonumber(string.sub(steam, 11)) * 2) + 1) + 76561197960265728)
local sidobj = steamworks.CSteamID()
sidobj:SetAccountID(accountid)

steamFriends2:AddFriend(sidobj)

if(!sidobj:IsValid()) then SpoofStop.Punish(ply, "Invalid SteamID!") return end

local gameInfo = steamFriends5:GetFriendGamePlayed(sidobj)
local appInfo = gameInfo:GetCGameID()

if(appInfo:AppID() != 4000) then
    SpoofStop.Punish(ply, "Not playing Garry's Mod!")
    return
end

if(gameInfo:GetGameIP() != SpoofStop.IPAddress && gameInfo:GetGamePort() != SpoofStop.Port) then 
    SpoofStop.Punish(ply, "Server details don't match!") 
    return 
end

steamFriends2:RemoveFriend(sidobj)

end)

function SpoofStop.Shutdown()
if(SpoofStop.FullControl) then
print("[SpoofStop] Steam community is down or failed to initialize. Shutting down server!")
game.ConsoleCommand(“quit
“)
else
print(”[SpoofStop] Steam community is down or failed to initialize”)
end
return false
end

function SpoofStop.Punish(ply, reason)
if self.SteamDown then return end

reason = "[SpoofStop] "..reason
if(SpoofStop.Ban) then
    ply:Ban(SpoofStop.BanTime, reason)
else
    ply:Kick(reason)
end

end

timer.Create(“SpoofStop_CheckSteam”, 5, 0, function() // Nobody connects within 5 seconds anyway
if(!steamworks:ISteamClient():CreateSteamPipe() && !SpoofStop.SteamDown) then // I am not sure if this works.
SpoofStop.SteamDown = true
return
end

if(SpoofStop.SteamDown) then
    if(steamworks:ISteamClient():CreateSteamPipe()) then
        SpoofStop.SteamDown = false
    end
end

end)
[/lua]
Proof of concept script, can’t test because I don’t have the actual exploit and I cba to go figure it out and make my own. Theory works though.

If anyone can test this, which I doubt they will because they paid for the exploit, please do and post results. Or PM me if you want to stay anonymous.

Feel free to improve upon.

Have you even tested this on a dedicated server? There are so many things wrong, like you can’t add friends on a gameserver account, and that people can be offline (invisible) and still join your server.

Hence the “Will need a steam client running” part. Haven’t accounted for the offline thing yet, did pop into my mind but didn’t bother to do anything with it yet. This code was created over the course of 45 minutes because I was bored and it seemed like an interesting thing to try.

This, most likely will not work. Good try though.

Nice idea, but it won’t work. The information you can retrieve from a user that hasn’t accepted your invite is limited - GetFriendGamePlayed will return nil.

There’s no point in trying to block Serenity. From what I’ve seen of it, it’s impossible. We’ll need to wait Valve time for a patch - basically just keep admins watching your server.

Serenity :eng101:

I don’t even have servers :buddy:

Got forwarded this problem and was bored, so meh.

nevermind