SA-MP Forums

SA-MP Forums (https://forum.sa-mp.com/index.php)
-   Includes (https://forum.sa-mp.com/forumdisplay.php?f=83)
-   -   [Include] Southclaw's & Pottus's Anti-cheat patches (https://forum.sa-mp.com/showthread.php?t=504244)

Pottus 03/04/2014 12:54 AM

Southclaw's & Pottus's Anti-cheat patches
 
Anti-cheat patches


Objective:
Southclaw and I have decided to keep a resource of anti-hack patches which can be easily integrated into your script. Every patch will follow some basic guidelines for implementation, as well as a description of the cheat which the patch prevents. Please keep in mind these are not designed to be an anti-cheat system addressing a complete system is really on an individual basis and often directly needs to be integrated into the gamemode it's self instead this patches are meant to build on your anti-cheat system by providing a means of quick implementation.

Guidelines:
- Patches are to be designed to be included BEFORE YSI
- Patches will contain ALS hooking only
- Patches will contain a callback with the following prefix OnAntiCheat ..... () ex OnAntiCheatAutoAim(playerid)
- Patches will have a description outlining the anticheat
- Patches can use y_iterate

__________________________________________________ ________________________________________________

Patches
__________________________________________________ ________________________________________________


Name: Autobullet
Type: Animation / Weapon exploit
Description: Modifies the behavior of walking weapons allowing them to be used like running weapons it also skips the reload animations.
Detection Method: There is a velocity range in which this exploit happens however it is also possible to achieve the same velocity in some circumstances by using the slide-shoot-run bug that is why there is player key checks in place to make sure that does not happen. A player receiving 3 infractions will result in OnAntiCheatAutoBullet() being called.
Callback: public OnAntiCheatAutoBullet(playerid, weaponid)


pawn Code:
// Anti autobullet exploit detection by [uL]Pottus
#define             MAX_AUTOBULLET_INFRACTIONS          3
#define             AUTOBULLET_RESET_DELAY              30

static AutoBulletInfractions[MAX_PLAYERS];
static LastInfractionTime[MAX_PLAYERS];

forward OnAntiCheatAutoBullet(playerid, weaponid);

public OnPlayerWeaponShot(playerid, weaponid, hittype, hitid, Float:fX, Float:fY, Float:fZ)
{
    if(!IsPlayerInAnyVehicle(playerid))
    {
        switch(weaponid)
        {
            case 27, 23, 25, 29, 30, 31, 33, 24, 38:
            {
                if(CheckSpeed(playerid))
                {
                    if(gettime() - LastInfractionTime[playerid] >= AUTOBULLET_RESET_DELAY) AutoBulletInfractions[playerid] = 1;
                    else AutoBulletInfractions[playerid]++;
                    LastInfractionTime[playerid] = gettime();

                    if(AutoBulletInfractions[playerid] == MAX_AUTOBULLET_INFRACTIONS)
                    {
                        AutoBulletInfractions[playerid] = 0;
                        CallLocalFunction("OnAntiCheatAutoBullet", "ii", playerid, weaponid);
                        return 0;
                    }
                }
            }
        }
    }
   
    if (funcidx("ACAutoB_OnPlayerWeaponShot") != -1)
    {
        return CallLocalFunction("ACAutoB_OnPlayerWeaponShot", "iiiifff", playerid, weaponid, hittype, hitid, fX, fY, fZ);
    }
    return 1;
}

#if defined _ALS_OnPlayerWeaponShot
    #undef OnPlayerWeaponShot
#else
    #define _ALS_OnPlayerWeaponShot
#endif
#define OnPlayerWeaponShot ACAutoB_OnPlayerWeaponShot

forward ACAutoB_OnPlayerWeaponShot(playerid, weaponid, hittype, hitid, Float:fX, Float:fY, Float:fZ);

public OnPlayerDisconnect(playerid, reason)
{
    AutoBulletInfractions[playerid] = 0;

    if (funcidx("ACAutoB_OnPlayerDisconnect") != -1)
    {
        return CallLocalFunction("ACAutoB_OnPlayerDisconnect", "ii", playerid, reason);
    }
    return 1;
}

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect ACAutoB_OnPlayerDisconnect

forward ACAutoB_OnPlayerDisconnect(playerid, reason);


static CheckSpeed(playerid)
{
    new Keys,ud,lr;
    GetPlayerKeys(playerid,Keys,ud,lr);

    if(ud == KEY_UP && lr != KEY_LEFT && lr != KEY_RIGHT)
    {
        new Float:Velocity[3];
        GetPlayerVelocity(playerid, Velocity[0], Velocity[1], Velocity[2]);
        Velocity[0] = floatsqroot( (Velocity[0]*Velocity[0])+(Velocity[1]*Velocity[1])+(Velocity[2]*Velocity[2]));
        if(Velocity[0] >= 0.11 && Velocity[0] <= 0.13) return 1;
    }
    return 0;
}

Name: Connection spoofing
Type: Server exploit
Description: It was possible in 0.3x to spoof a connection to a server when a player is already connected, this will result in the players name being changed to the spoofed name unprotected servers could potentially have player accounts overwritten. It is currently unknown if this exploit exists in 0.3z however it assumed that it still could potentially happen in any case this patch provides protection by preventing OnPlayerConnect() from being called to the rest of the script. IMPORTANT Make sure this is placed before any other includes that use OnPlayerConnect!!!!
Detection Method: When a player connects a variable is set that they are connected, if another connection happens on the same ID while they are still connected this is considered a spoof.
Callback: public OnAntiCheatPlayerSpoof(playerid)

Edit - I have confirmed this as still possible.


pawn Code:
// Anti connection spoofing patch by [uL]Pottus

forward OnAntiCheatPlayerSpoof(playerid);

static bool:PlayerConnected[MAX_PLAYERS];
static PlayerNames[MAX_PLAYERS][MAX_PLAYER_NAME];

public OnPlayerConnect(playerid)
{
    // User was already connected cheat detected
    if(PlayerConnected[playerid])
    {
        SetPlayerName(playerid, PlayerNames[playerid]);
        CallLocalFunction("OnAntiCheatPlayerSpoof", "i", playerid);
        return 1;
    }
    else
    {
        GetPlayerName(playerid, PlayerNames[playerid], MAX_PLAYER_NAME);
        PlayerConnected[playerid] = true;
    }

    if (funcidx("AntiSpoof_OnPlayerConnect") != -1)
    {
        return CallLocalFunction("AntiSpoof_OnPlayerConnect", "i", playerid);
    }
    return 1;
}

public OnPlayerDisconnect(playerid, reason)
{
    PlayerConnected[playerid] = false;

    if (funcidx("AntiSpoof_OnPlayerDisconnect") != -1)
    {
        return CallLocalFunction("AntiSpoof_OnPlayerDisconnect", "ii", playerid, reason);
    }
    return 1;
}


#if defined _ALS_OnPlayerConnect
    #undef OnPlayerConnect
#else
    #define _ALS_OnPlayerConnect
#endif
#define OnPlayerConnect AntiSpoof_OnPlayerConnect

forward AntiSpoof_OnPlayerConnect(playerid);

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect AntiSpoof_OnPlayerDisconnect

forward AntiSpoof_OnPlayerDisconnect(playerid, reason);

Name: NPC Connection spoofing
Type: Server exploit
Description: This is very similar to connection spoofing and was an issue in 0.3x it is assumed that it is still possible in the new SAMP version. It will result in faked NPC connections to the server. IMPORTANT Make sure this is placed before any other includes that use OnPlayerConnect!!!!
Detection Method: All real NPC connections can only occur on IP: 127.0.0.1 if the IP is different then it is a spoofed NPC connection
Callback: public OnAntiCheatNPCSpoof(playerid)


pawn Code:
// Anti NPC spoof by [uL]Pottus

forward OnAntiCheatNPCSpoof(playerid);

public OnPlayerConnect(playerid)
{
    if(IsPlayerNPC(playerid))
    {
        new ip[16];
        GetPlayerIp(playerid, ip, sizeof(ip));
        if (!!strcmp(ip, "127.0.0.1"))
        {
            new name[MAX_PLAYER_NAME];
            format(name, sizeof(name), "%i", gettime());
            SetPlayerName(playerid, name);
            CallLocalFunction("OnAntiCheatNPCSpoof", "i", playerid);
            return 1;
        }
    }
    if (funcidx("AntiNPC_OnPlayerConnect") != -1)
    {
        return CallLocalFunction("AntiNPC_OnPlayerConnect", "i", playerid);
    }
    return 1;
}

#if defined _ALS_OnPlayerConnect
    #undef OnPlayerConnect
#else
    #define _ALS_OnPlayerConnect
#endif
#define OnPlayerConnect AntiNPC_OnPlayerConnect

forward AntiNPC_OnPlayerConnect(playerid);

Name: Lag Troll
Type: Vehicle Cheat
Description: This cheat appears to send fake packets to the server in rapid succession by copying the position of the targeted vehicle the result is a lag type effect.
Callback: public OnAntiCheatLagTroll(playerid)


pawn Code:
#define         MAX_VEHICLE_ID_CHANGES          5

static LastVehicleID[MAX_PLAYERS];
static VehicleIDChanges[MAX_PLAYERS];
static VehicleIDChangeTime[MAX_PLAYERS];

forward OnAntiCheatLagTroll(playerid);

public OnPlayerUpdate(playerid)
{
    new vid = GetPlayerVehicleID(playerid);
    if(vid > 0)
    {
        if(vid != LastVehicleID[playerid])
        {
            if(GetTickCount() - VehicleIDChangeTime[playerid] < 5000)
            {
                VehicleIDChanges[playerid]++;
                if(VehicleIDChanges[playerid] > MAX_VEHICLE_ID_CHANGES)
                {
                    CallLocalFunction("OnAntiCheatLagTroll", "i", playerid);
                    return 0;
                }
            }
            else VehicleIDChanges[playerid] = 1;
        }
        LastVehicleID[playerid] = vid;
        VehicleIDChangeTime[playerid] = GetTickCount();
    }

    if (funcidx("AntiLT_OnPlayerUpdate") != -1)
    {
        return CallLocalFunction("AntiLT_OnPlayerUpdate", "i", playerid);
    }
    return 1;
}

#if defined _ALS_OnPlayerUpdate
    #undef OnPlayerUpdate
#else
    #define _ALS_OnPlayerUpdate
#endif
#define OnPlayerUpdate AntiLT_OnPlayerUpdate

forward AntiLT_OnPlayerUpdate(playerid);




Name: Server Freezer - Obsolete download the new SAMP server update
http://forum.sa-mp.com/showthread.php?t=506214

RenovanZ 03/04/2014 02:36 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Really Nice! Good Job, Southclaw & Pottus!
Gonna use this.

Whitetiger 03/04/2014 02:42 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
you should make this a community driven solution on github, with changes encouraged by the community (see fixes.Inc). can make a quick include to patch a bunch of hacks

Pottus 03/04/2014 02:57 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Quote:

Originally Posted by Whitetiger (Post 2977081)
you should make this a community driven solution on github, with changes encouraged by the community (see fixes.Inc). can make a quick include to patch a bunch of hacks

That is a good idea, but the issue with that is implementation, were not really releasing a full AC system rather patches to integrate into gamemodes. It will be up to the scripter to determine how they want to handle specific events. I still have a lot of patches to put up yet :)

awsomedude 03/04/2014 04:50 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Good job both of you

Niko_boy 03/04/2014 04:54 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Nice work guys.

Lorenc_ 03/04/2014 07:07 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Nice job!

Never encountered the second one, but that's a strange but effective fix.

iZN 03/04/2014 09:12 AM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Ah, you were discussing at the IRC about the patches. Nice work!

Kar 03/04/2014 01:36 PM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Sorry guys, the first one has ALOT of false alarms.

All you have to do to throw the auto bullet thing

is keep firing your weapon and move left and right around constantly and it throws the autobullet detection

Tested with deagle and combat shotgun

Pottus 03/04/2014 02:03 PM

Re: Southclaw's & Pottus's Anti-cheat patches
 
Quote:

Originally Posted by Kar (Post 2977366)
Sorry guys, the first one has ALOT of false alarms.

All you have to do to throw the auto bullet thing

is keep firing your weapon and move left and right around constantly and it throws the autobullet detection

Tested with deagle and combat shotgun

Thanks, I'll test it out again and see if I can get it to happen going to comment it out for the time being. Okay now I see how that happens :)


All times are GMT. The time now is 04:27 AM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.