SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Filterscripts > Includes

Reply
 
Thread Tools Display Modes
Old 04/02/2017, 01:13 PM   #1
Lordzy
High-roller
 
Lordzy's Avatar
 
Join Date: Mar 2012
Location: NetherRealm
Posts: 2,698
Reputation: 1177
Default safeDialogs - Complete protection against spoofed dialog data!

safeDialogs
Complete protection against spoofed dialog data (id, list-item and input-text)
Version - 1.0.3 (use v1.0.2 until a stable version is released)
Last update - 8th of February, 2017
NOTE : I've been inactive since a while. I'll be working on the include after settling few things.

Introduction

safeDialogs detects and prevents players sending falsified dialog responses that includes wrong dialog ID, invalid list-item or fake input-text (list-item string). Faking list-item or item string can lead to many risks of player breaking server security. It can also lead to crashes where listitem used as array index goes out of bounds. However, this include ensures that everything's safe and filtered. This include triggers a callback on player sending spoofed dialog response.
How's this different from others?

I've never seen any anti-cheat or dialog include that provides protection over list items and over sending fake inputtext data for list type dialogs. This topic is what that has inspired me to create such an include to provide complete protection over dialog responses.

Exploit Protection
Spoofed dialog ids Yes
Spoofed dialog list-items Yes
Spoofed dialog list-item inputtext Yes
Filtering user's inputtext Yes
Callbacks and Functions

Callback

pawn Code:
public OnDialogSpoof(playerid, spooftype) {

    return 0; //Return 0 to block spoofed data!
}

Parameters:
playerid - The player who sent spoofed data.
spooftype - Spoof type.

Spoof types:
DIALOG_SPOOFTYPE_DIALOG_ID - If dialog ID is spoofed.
DIALOG_SPOOFTYPE_LIST_ITEM - If dialog listitem is spoofed.
DIALOG_SPOOFTYPE_INPUT_TEXT - If dialog inputtext (for lists) is spoofed.

Enumerator
pawn Code:
enum {

    DIALOG_SPOOFTYPE_DIALOG_ID,
    DIALOG_SPOOFTYPE_LIST_ITEM,
    DIALOG_SPOOFTYPE_INPUT_TEXT
}
Functions - These functions can only be used under OnDialogResponse and OnDialogSpoof. Once any of these callbacks are over, they'll return their default values only.


pawn Code:
native GetPlayerDialog(playerid); //Returns the current dialog ID of player.
native GetPlayerDialogStyle(playerid); //Returns the current dialog style of player. (255 if invalid)
native GetPlayerDialogInfo(playerid, dest[], size = sizeof(dest)); //Stores the dialog info to "dest" array.
native GetPlayerDialogItem(playerid, listitem, dest[], bool:filter = false, size = sizeof(dest)); //Stores the dialog's list-item string to "dest" array. View change-logs (v1.0.3) below to know more.
Important Notes

This include must be included on every scripts that uses dialog features.
This include must be included after a_samp to ensure any other includes using dialog features are also protected. If you're having "fixes.inc" - include this after fixes.inc to avoid the user errors by fixes.inc.
If you're using easyDialogs, yes, this can be integrated along with it. But include safeDialogs before easyDialogs.
If your script is having a list-item of length greater than 256, edit MAX_DIALOG_LISTITEM_LEN. Or simply do this:
pawn Code:
//These defines are optional. If you haven't defined, script will use it's default values.

//Before including safeDialogs
#define MAX_DIALOG_LISTITEM_LEN 300

//You can also define MAX_DIALOG_STRING (not greater than 2048 since that's a limitation on SA-MP)
#define MAX_DIALOG_STRING 2000

#include <a_samp>
#include <safeDialogs>
Usage

Using this include is very easy! A small example is given below.
pawn Code:
#include <a_samp>
#include <safeDialogs>

public OnDialogSpoof(playerid, spooftype) {

    //Player is spoofing dialog!
    Kick(playerid); //Kick the player.
    return 0; //Block the spoofed data by returning 0. Returning other values will accept spoofed data which isn't recommended.
}
Changelogs

safeDialogs - v1.0.3 (optional / minor update):

- Added a static-global array to handle huge strings, thereby freeing more heap space. If you were facing any heap space related warning after including safeDialogs earlier, it should be fixed now.

- Improved list-item filtering. There used to be a confusion for non-hex codes between curly braces in list-item string, no more now though!

- Added new function : GetPlayerDialogItem - It stores the list-item string/data into destination. Using this function, you don't have to rely on inputtext for list-type dialogs to get their string data. In cases of DIALOG_STYLE_TABLIST or DIALOG_STYLE_TABLIST_HEADERS - it stores the complete list-item data.
pawn Code:
GetPlayerDialogItem(playerid, listitem, dest[], bool:filter = false, size = sizeof(dest));

playerid - The player to obtain data from.
listitem - The listitem of which data/string has to be obtained.
dest[] - Array to store string/data.
filter = false - Whether to filter the contents in a list-item. If filter is set to true,
                   it will automatically remove color embedding and make it look like
                   how it's shown to clients / players.
                   If filter is set to false (by default it'
s false), it will show the raw data
                   which may or may not include color embedding, depending on how the
                   code is.
size = sizeof(dest) - The size of destination array.
To know more about this function and how it outputs - http://forum.sa-mp.com/showpost.php?...0&postcount=17

- Fixed functions : Functions from safeDialogs can now be used under OnDialogResponse and OnDialogSpoof.

- Include initialization won't call OnPlayerConnect completely anymore, instead it only resets necessary variables. This also means that "_ALS_" hook errors upon including certain libraries along with safeDialogs, are fixed.
safeDialogs - v1.0.2:

- Fixed false triggers for dialogs using color embedding. Thanks to GoldenLion for reporting!
- Include is now completely stand-alone. It no longer requires script_compatibility include since it had a problem with users using YSI.
safeDialogs - v1.0.1:

- Fixed false triggers for DIALOG_STYLE_TABLIST and DIALOG_STYLE_TABLIST_HEADERS. Thanks to GoldenLion for reporting!
safeDialogs - v1.0:

- Initial release.
Download

Github : https://github.com/Lordzy/safeDialogs
Raw source : https://raw.githubusercontent.com/Lo...afeDialogs.inc
__________________
Currently inactive - I don't play at any SA-MP servers nor work on anything in PAWN for now. The projects that I've done so far in PAWN, which requires updates will be taking some time.

Last edited by Lordzy; 02/07/2017 at 04:05 PM.
Lordzy is offline   Reply With Quote
Old 04/02/2017, 02:02 PM   #2
Naruto_Emilio
Banned
 
Join Date: Apr 2011
Location: North Africa
Posts: 1,297
Reputation: 365
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Exacly what I need, I have been struggling months ago to find something similar, good job mate!
Naruto_Emilio is offline   Reply With Quote
Old 04/02/2017, 02:07 PM   #3
HydraHumza
Gangsta
 
HydraHumza's Avatar
 
Join Date: Oct 2014
Posts: 626
Reputation: 130
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Awesome lordzy will try and let u know if there will be any issue +rep
__________________
Quote:
Originally Posted by Kalcor View Post
The fact is, I am right. And if you think I'm wrong, you are wrong.
HydraHumza is offline   Reply With Quote
Old 04/02/2017, 02:51 PM   #4
GoldenLion
Gangsta
 
GoldenLion's Avatar
 
Join Date: Sep 2014
Location: Estonia
Posts: 944
Reputation: 142
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Seems to be nice, but when I tried it a few minutes ago OnDialogSpoof got called for no reason when I used DIALOG_STYLE_TABLIST_HEADERS.
GoldenLion is offline   Reply With Quote
Old 04/02/2017, 02:53 PM   #5
Lordzy
High-roller
 
Lordzy's Avatar
 
Join Date: Mar 2012
Location: NetherRealm
Posts: 2,698
Reputation: 1177
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Quote:
Originally Posted by GoldenLion View Post
Seems to be nice, but when I tried it a few minutes ago OnDialogSpoof got called for no reason when I used DIALOG_STYLE_TABLIST_HEADERS.
Can you please post the code?
__________________
Currently inactive - I don't play at any SA-MP servers nor work on anything in PAWN for now. The projects that I've done so far in PAWN, which requires updates will be taking some time.
Lordzy is offline   Reply With Quote
Old 04/02/2017, 03:00 PM   #6
GoldenLion
Gangsta
 
GoldenLion's Avatar
 
Join Date: Sep 2014
Location: Estonia
Posts: 944
Reputation: 142
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Quote:
Originally Posted by Lordzy View Post
Can you please post the code?
The code doesn't matter, but the spoof type was DIALOG_SPOOFTYPE_INPUT_TEXT. The problem must be that the inputtext at OnDialogResponse for DIALOG_STYLE_TABLIST_HEADERS and DIALOG_STYLE_TABLIST_HEADERS is the text before the first '\t' as far as I know so for example let's say there is "Item1\tItem2\n" in the dialog, but the inputtext at OnPlayerDialogResponse is just "Item1" (or "Item1\t"), not "Item1\tItem2\n" so the include thinks the inputtext is spoofed.
GoldenLion is offline   Reply With Quote
Old 04/02/2017, 03:21 PM   #7
Lordzy
High-roller
 
Lordzy's Avatar
 
Join Date: Mar 2012
Location: NetherRealm
Posts: 2,698
Reputation: 1177
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Quote:
Originally Posted by GoldenLion View Post
The code doesn't matter, but the spoof type was DIALOG_SPOOFTYPE_INPUT_TEXT. The problem must be that the inputtext at OnDialogResponse for DIALOG_STYLE_TABLIST_HEADERS and DIALOG_STYLE_TABLIST_HEADERS is the text before the first '\t' as far as I know so for example let's say there is "Item1\tItem2\n" in the dialog, but the inputtext at OnPlayerDialogResponse is just "Item1" (or "Item1\t"), not "Item1\tItem2\n" so the include thinks the inputtext is spoofed.
Thanks for reporting, it has been fixed! I suggest everyone to re-download the latest commit.
__________________
Currently inactive - I don't play at any SA-MP servers nor work on anything in PAWN for now. The projects that I've done so far in PAWN, which requires updates will be taking some time.
Lordzy is offline   Reply With Quote
Old 04/02/2017, 03:32 PM   #8
PrO.GameR
Gangsta
 
PrO.GameR's Avatar
 
Join Date: Oct 2012
Posts: 694
Reputation: 121
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Ah, one of my half-way finished projects. Great to see one released as I never got around finishing mine.

Here's a suggestion for you, thats a huge array sitting somewhere unused until they use dialogs, so use PVars instead.
__________________
Blueberry Prison Roleplay will be back soon!
Follow the forums for more information about opening day.

Forums
PrO.GameR is offline   Reply With Quote
Old 04/02/2017, 03:37 PM   #9
Private200
High-roller
 
Private200's Avatar
 
Join Date: May 2012
Posts: 1,176
Reputation: 211
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Quote:
Originally Posted by Naruto_Emilio View Post
Exacly what I need, I have been struggling months ago to find something similar, good job mate!
You should also know that another solution was changing to selectable textdraws.

On topic: I really hope this really works as there have previously been such releases, however, they haven't prevented the user from not modifying the listitem's text.
Private200 is offline   Reply With Quote
Old 04/02/2017, 04:37 PM   #10
Swedky
Banned
 
Join Date: Jun 2013
Location: Argentina.
Posts: 2,041
Reputation: 827
Default Re: safeDialogs - Complete protection against spoofed dialog data!

Another amazing release! Good job over there Lordz
I'll be looking at the code and tell you if find some bug :P
Swedky is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spoofed Cookie Issue Rick General 14 06/07/2016 03:31 AM
[Tutorial] Protection against '%' dialog vulnerability! Metharon Tutorials 3 06/06/2016 04:21 PM
Not saving complete data XaibBaba Scripting Help 0 10/06/2015 03:48 PM
[Dialog] Listing MySQL data inside a List Dialog vIBIENNYx Scripting Help 11 10/09/2012 11:19 PM
Player Protection. Like Protection when entering checkpoint. and interior. stevestelford Scripting Help 2 08/06/2012 12:03 AM


All times are GMT. The time now is 02:11 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.