SA-MP Forums

Go Back   SA-MP Forums > SA-MP > General

Reply
 
Thread Tools Display Modes
Old 25/10/2019, 07:54 PM   #1
OstGot
Gangsta
 
OstGot's Avatar
 
Join Date: Mar 2013
Location: Gomel, Belarus
Posts: 947
Reputation: 333
Default The most major security flaws or urgent patches we need today

Hello, first of all I want to explain why I'm creating this topic and why I think it worth reading and implementing in (probably) any future SA-MP version. I've been developing an open source server-side anticheat for several years and I'm still very interested in this, and (I wanna note this!) I have never been a cheater or developer of client software at all - I was prompted to develop a protection by its complete absence by default in SA-MP at that time.

I create this topic to publicly bring to the attention of the developer some really important problems that I as a developer encounter in the process of writing and updating the anticheat, and the solution to these problems would be appropriate exactly on the side of SA-MP server or client. I see a lot of attention to the adjacent topic here related to the activity of Kye and I hope for his reaction, although I donít see the point in writing in that topic as there is a crowd of uncontrollable people now who even don't understand what they want and many of them just constantly complaining about something, thereby really constructive posts go to the previous pages and can be easily ignored and missed at all.

I also want to say that I understand the situation of the developer (the unwillingness to make any really global changes in such an old multiplayer not at the peak of its popularity) and his policy regarding the clientside and other things that are being so fiercely imposed by those who offer to make a new version. I believe that things like client-side scripts, CEF, voice chat, auto-updates and other have been in MTA for a long time and it has succeeded much more in this stuff so there is no point in starting a game on its field and making a secondary product with literally the same functionality (you are already have MTA, so you're really free to just leave there if all the features you want is already implemented and maintained for years, so think about it before you once again run to offer to implement this in SA-MP in the next thread guys). I also understand very well that any updates will be highly appreciated by the current server owners and players, so it would be nice to start small, correctly prioritizing and suggesting to the developer exactly those changes without which we are having the most problems today.

And on my own behalf, I would like to focus on the most significant security problems and minor shortcomings that could be implemented/solved natively (thereby working more efficiently than having the same code in pawn scripts) or providing the really necessary functionality that we donít have right now even to detect and prevent really dangerous cheats without using plugins like YSF or Pawn.RakNet. IMO the solutions for these flaws would be really first needed more than new abilities as now many servers are forced to spend resources at least on basic protection which just wouldn't allow massive harm to the players or the entire server not speaking about the more insignificant cheats (btw, many other multiplayer projects provide a much better level of protection just having all the necessary internal validation checks, which can not even be called a full-fledged "anticheat", it just have resistance to an invalid data range everywhere, not selectively, as it is in SA-MP, so this will be a large part of the suggestions that will be shared further).

So, the main things which in my opinion should be fixed natively once and for all:
  • Prevent an ability to send invalid position, velocity, roll/direction, angles and other float data in trailer/unoccupied/click map sync and make a min/max valid values limits
  • Prevent invalid vehicle health, facing angles/Z angles (onfoot/in vehicle sync) and aimZ which can be sent as NaN and can lead to crashes and glitches to other streamed players
  • Many minor validity checks for OnPlayerWeaponShot arguments: weaponid, hittype and hitid
  • Validity checks for OnPlayerGiveDamage/OnPlayerTakeDamage arguments: issuerid, damagedid, bodypart, reason id, amount < 0.0
  • Validity checks for camera modes
  • Checks if player trying to change his PLAYER_STATEs in unusual way like PLAYER_STATE_NONE to PLAYER_STATE_ONFOOT or PLAYER_STATE_WASTED to PLAYER_STATE_PASSENGER without even spawning
  • Check player version (GetPlayerVersion) for invalid symbols about the same as it's done with nicknames when the player connects
  • Prevent calling trailer sync if the trailer is invalid or reported "trailer" ID have a driver itself
  • Prevent calling OnUnoccupiedVehicleUpdate from passenger seat if reported passenger_seat isn't equal to the real seat from GetPlayerVehicleSeat
  • Prevent calling OnPlayerWeaponShot on the servers which have lagcomp disabled
  • Prevent calling OnPlayerWeaponShot from vehicles (if player is a driver) as there are only hack reasons to call it from there and such callback can't be called, for example, firing from left/right window from mp5
  • Prevent double connection without disconnect after the previous time
  • Checks if player is trying to send "click" on the textdraw that wasn't shown him
  • Checks if player is trying to send response on the dialog/menu that wasn't shown him
  • Validity checks for OnPlayerEnterVehicle and OnPlayerExitVehicle (vehicleid parameter)
  • Validity checks for vehicleid and seatid in driver & passenger sync (low level)

The main problems that prevent the implementation of effective anticheat algorithms (general mp bugs, flaws):
  • The weapons' ammo is passed and synced with max amount of 32767 and overflows with bigger numbers
  • The weaponid parameter in GetPlayerWeapon passed incorrect when a player is in vehicle as a driver (old bug which probably fixed in 0.3z r3 or r4, but then this fix has missed in newer versions)
  • The player's health and armour of values more than 255 causes wrong results in GetPlayerHealth so there are some problems with anti-health hacks in those cases
  • Trains/tram and carriages don't send unoccupied or trailer sync when player leave it on a high speed so that the train continues to move for some time unoccupied and does it locally for each player, stopping for them in different places
  • There are some troubles with seats in buses (431 and 437 vehicle IDs) when the players (put in one seat by the server) starting to send the minimum previously unoccupied seat and thus they differ with the seat you've set to them
  • Also there are problems with detection whether a player surfing player or global object, sometimes it's make false detections also if player surfing an object being in vehicle as vehicle sync don't have "surfing object" parameter

The main functions that the developers lack for common cheat detection/attacks protection:
  • An option to disable in-game RCon separately and also adding some arguments with playerid who is trying to in-game login in OnRconLoginAttempt (or create another public like OnInGameRconLoginAttempt)
  • Some new arguments for OnTrailerUpdate with the new position and speed like this has done in OnUnoccupiedVehicleUpdate
  • Ability to desync such callbacks as OnVehiclePaintjob with prevention of new paintjob changing, OnVehicleDeath with resetting spawn after death timer, OnEnterExitModShop with prevention of syncing new interior for all other players in the same vehicle (passengers) and OnPlayerGiveDamage with prevention of syncing any damage
  • New natives to get the aim Z angle, animation flags, full onfoot rotation and onfoot surfing offsets, train speed, last synced vehicle and trailer IDs
  • Ability to get the local server IP to be able to check if the NPC that just connected is from the same location
  • Some new per-player functions maybe, which would be useful to resync cheaters...

Yeah, it seems that this is a fairly large list of only important issues which I remembered now, but nevertheless they are small enough separately, so fixing or deciding even part of this by Kalcor in default SA-MP server code we can already achieve some success and it'll make life easier for server developers.


And a little offtop of course about merging 0.3.DL and 0.3.7 branches:
I think that despite the fact 0.3.DL's main purpose is artwork module, the DL branch also has some tweaks and fixes which could be merged into the main version. So it worth releasing 0.3.9 or whatever it could be named but with all the previous changes from 0.3.7 and 0.3.DL just having the artwork disabled by default. I think this will be a good compromise.
__________________
aka Nexius
Don't want to always check for updates of my scripts?
Include it the last, after all others
Nexius's Update Checker

Last edited by OstGot; 25/10/2019 at 10:21 PM.
OstGot is online now   Reply With Quote
Old 25/10/2019, 07:59 PM   #2
Kroc
Banned
 
Join Date: Oct 2019
Posts: 13
Reputation: 0
Default Re: The most major security flaws or urgent patches we need today

I totally agree with you.
Kroc is offline   Reply With Quote
Old 25/10/2019, 07:59 PM   #3
anayks
Banned
 
Join Date: Oct 2019
Posts: 21
Reputation: 0
Default Re: The most major security flaws or urgent patches we need today

Plus
anayks is offline   Reply With Quote
Old 25/10/2019, 09:26 PM   #4
Romzes24
Big Clucker
 
Join Date: Oct 2011
Posts: 64
Reputation: 0
Default Re: The most major security flaws or urgent patches we need today

This is a very useful topic, in it all I wanted to say. If this list really comes out in version 0.3.9, it will be very cool and will help fix some cheats and long-standing problems.
Romzes24 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dialog by-pass [Could possibly break down security upon 'script flaws'] SickAttack Client Support 12 05/07/2015 12:42 AM
Any flaws in this? and/or better ways to do it. iTorran Scripting Help 0 27/09/2012 04:54 PM
E-Mail Adress or another way to report a major security issue Seoson Server Support 4 08/01/2012 09:06 PM
My Samp server have worked fine last noght today it won't help me please urgent woxie Server Support 8 05/07/2011 10:34 PM
Major Crash - Need Help! (Urgent) sidhu123 Client Support 1 23/03/2010 07:00 PM


All times are GMT. The time now is 09:09 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.