SA-MP Forums

SA-MP Forums (https://forum.sa-mp.com/index.php)
-   Includes (https://forum.sa-mp.com/forumdisplay.php?f=83)
-   -   [Include] safeDialogs - Complete protection against spoofed dialog data! (https://forum.sa-mp.com/showthread.php?t=627990)

Lordzy 04/02/2017 01:13 PM

safeDialogs - Complete protection against spoofed dialog data!
 
safeDialogs
Complete protection against spoofed dialog data (id, list-item and input-text)
Version - 1.0.3 (use v1.0.2 until a stable version is released)
Last update - 8th of February, 2017
NOTE : I've been inactive since a while. I'll be working on the include after settling few things.

Introduction

safeDialogs detects and prevents players sending falsified dialog responses that includes wrong dialog ID, invalid list-item or fake input-text (list-item string). Faking list-item or item string can lead to many risks of player breaking server security. It can also lead to crashes where listitem used as array index goes out of bounds. However, this include ensures that everything's safe and filtered. This include triggers a callback on player sending spoofed dialog response.
How's this different from others?

I've never seen any anti-cheat or dialog include that provides protection over list items and over sending fake inputtext data for list type dialogs. This topic is what that has inspired me to create such an include to provide complete protection over dialog responses.

Exploit Protection
Spoofed dialog ids Yes
Spoofed dialog list-items Yes
Spoofed dialog list-item inputtext Yes
Filtering user's inputtext Yes
Callbacks and Functions

Callback

pawn Code:
public OnDialogSpoof(playerid, spooftype) {

    return 0; //Return 0 to block spoofed data!
}

Parameters:
playerid - The player who sent spoofed data.
spooftype - Spoof type.

Spoof types:
DIALOG_SPOOFTYPE_DIALOG_ID - If dialog ID is spoofed.
DIALOG_SPOOFTYPE_LIST_ITEM - If dialog listitem is spoofed.
DIALOG_SPOOFTYPE_INPUT_TEXT - If dialog inputtext (for lists) is spoofed.

Enumerator
pawn Code:
enum {

    DIALOG_SPOOFTYPE_DIALOG_ID,
    DIALOG_SPOOFTYPE_LIST_ITEM,
    DIALOG_SPOOFTYPE_INPUT_TEXT
}
Functions - These functions can only be used under OnDialogResponse and OnDialogSpoof. Once any of these callbacks are over, they'll return their default values only.


pawn Code:
native GetPlayerDialog(playerid); //Returns the current dialog ID of player.
native GetPlayerDialogStyle(playerid); //Returns the current dialog style of player. (255 if invalid)
native GetPlayerDialogInfo(playerid, dest[], size = sizeof(dest)); //Stores the dialog info to "dest" array.
native GetPlayerDialogItem(playerid, listitem, dest[], bool:filter = false, size = sizeof(dest)); //Stores the dialog's list-item string to "dest" array. View change-logs (v1.0.3) below to know more.
Important Notes

This include must be included on every scripts that uses dialog features.
This include must be included after a_samp to ensure any other includes using dialog features are also protected. If you're having "fixes.inc" - include this after fixes.inc to avoid the user errors by fixes.inc.
If you're using easyDialogs, yes, this can be integrated along with it. But include safeDialogs before easyDialogs.
If your script is having a list-item of length greater than 256, edit MAX_DIALOG_LISTITEM_LEN. Or simply do this:
pawn Code:
//These defines are optional. If you haven't defined, script will use it's default values.

//Before including safeDialogs
#define MAX_DIALOG_LISTITEM_LEN 300

//You can also define MAX_DIALOG_STRING (not greater than 2048 since that's a limitation on SA-MP)
#define MAX_DIALOG_STRING 2000

#include <a_samp>
#include <safeDialogs>
Usage

Using this include is very easy! A small example is given below.
pawn Code:
#include <a_samp>
#include <safeDialogs>

public OnDialogSpoof(playerid, spooftype) {

    //Player is spoofing dialog!
    Kick(playerid); //Kick the player.
    return 0; //Block the spoofed data by returning 0. Returning other values will accept spoofed data which isn't recommended.
}
Changelogs

safeDialogs - v1.0.3 (optional / minor update):

- Added a static-global array to handle huge strings, thereby freeing more heap space. If you were facing any heap space related warning after including safeDialogs earlier, it should be fixed now.

- Improved list-item filtering. There used to be a confusion for non-hex codes between curly braces in list-item string, no more now though!

- Added new function : GetPlayerDialogItem - It stores the list-item string/data into destination. Using this function, you don't have to rely on inputtext for list-type dialogs to get their string data. In cases of DIALOG_STYLE_TABLIST or DIALOG_STYLE_TABLIST_HEADERS - it stores the complete list-item data.
pawn Code:
GetPlayerDialogItem(playerid, listitem, dest[], bool:filter = false, size = sizeof(dest));

playerid - The player to obtain data from.
listitem - The listitem of which data/string has to be obtained.
dest[] - Array to store string/data.
filter = false - Whether to filter the contents in a list-item. If filter is set to true,
                   it will automatically remove color embedding and make it look like
                   how it's shown to clients / players.
                   If filter is set to false (by default it'
s false), it will show the raw data
                   which may or may not include color embedding, depending on how the
                   code is.
size = sizeof(dest) - The size of destination array.
To know more about this function and how it outputs - http://forum.sa-mp.com/showpost.php?...0&postcount=17

- Fixed functions : Functions from safeDialogs can now be used under OnDialogResponse and OnDialogSpoof.

- Include initialization won't call OnPlayerConnect completely anymore, instead it only resets necessary variables. This also means that "_ALS_" hook errors upon including certain libraries along with safeDialogs, are fixed.
safeDialogs - v1.0.2:

- Fixed false triggers for dialogs using color embedding. Thanks to GoldenLion for reporting!
- Include is now completely stand-alone. It no longer requires script_compatibility include since it had a problem with users using YSI.
safeDialogs - v1.0.1:

- Fixed false triggers for DIALOG_STYLE_TABLIST and DIALOG_STYLE_TABLIST_HEADERS. Thanks to GoldenLion for reporting!
safeDialogs - v1.0:

- Initial release.
Download

Github : https://github.com/Lordzy/safeDialogs
Raw source : https://raw.githubusercontent.com/Lo...afeDialogs.inc

Naruto_Emilio 04/02/2017 02:02 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Exacly what I need, I have been struggling months ago to find something similar, good job mate!

HydraHumza 04/02/2017 02:07 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Awesome lordzy will try and let u know if there will be any issue +rep

GoldenLion 04/02/2017 02:51 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Seems to be nice, but when I tried it a few minutes ago OnDialogSpoof got called for no reason when I used DIALOG_STYLE_TABLIST_HEADERS.

Lordzy 04/02/2017 02:53 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Quote:

Originally Posted by GoldenLion (Post 3839689)
Seems to be nice, but when I tried it a few minutes ago OnDialogSpoof got called for no reason when I used DIALOG_STYLE_TABLIST_HEADERS.

Can you please post the code?

GoldenLion 04/02/2017 03:00 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Quote:

Originally Posted by Lordzy (Post 3839690)
Can you please post the code?

The code doesn't matter, but the spoof type was DIALOG_SPOOFTYPE_INPUT_TEXT. The problem must be that the inputtext at OnDialogResponse for DIALOG_STYLE_TABLIST_HEADERS and DIALOG_STYLE_TABLIST_HEADERS is the text before the first '\t' as far as I know so for example let's say there is "Item1\tItem2\n" in the dialog, but the inputtext at OnPlayerDialogResponse is just "Item1" (or "Item1\t"), not "Item1\tItem2\n" so the include thinks the inputtext is spoofed.

Lordzy 04/02/2017 03:21 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Quote:

Originally Posted by GoldenLion (Post 3839698)
The code doesn't matter, but the spoof type was DIALOG_SPOOFTYPE_INPUT_TEXT. The problem must be that the inputtext at OnDialogResponse for DIALOG_STYLE_TABLIST_HEADERS and DIALOG_STYLE_TABLIST_HEADERS is the text before the first '\t' as far as I know so for example let's say there is "Item1\tItem2\n" in the dialog, but the inputtext at OnPlayerDialogResponse is just "Item1" (or "Item1\t"), not "Item1\tItem2\n" so the include thinks the inputtext is spoofed.

Thanks for reporting, it has been fixed! I suggest everyone to re-download the latest commit.

PrO.GameR 04/02/2017 03:32 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Ah, one of my half-way finished projects. Great to see one released as I never got around finishing mine.

Here's a suggestion for you, thats a huge array sitting somewhere unused until they use dialogs, so use PVars instead.

Private200 04/02/2017 03:37 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Quote:

Originally Posted by Naruto_Emilio (Post 3839649)
Exacly what I need, I have been struggling months ago to find something similar, good job mate!

You should also know that another solution was changing to selectable textdraws.

On topic: I really hope this really works as there have previously been such releases, however, they haven't prevented the user from not modifying the listitem's text.

Swedky 04/02/2017 04:37 PM

Re: safeDialogs - Complete protection against spoofed dialog data!
 
Another amazing release! Good job over there Lordz :)
I'll be looking at the code and tell you if find some bug :P


All times are GMT. The time now is 10:04 PM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.