Please help community fighting with cheaters

[WillDxx]

For last 10 years, Garrysmod community had one big problem.. cheaters. It's not a big deal on all gamemodes, but such unfair adventages shouldn't be allowed.

In Past community Dev's were playing game with cheaters by finding explotis, methods to fight with unfair players. You, as garrysmod developers should help us with that fight. Now, after a lot of updates, our hands are tied and it's nearly impossible to detect most cheats. We can only catch players using cheats written in lua but everything else is beyond our capabilities. Cheaters using cheats written in C, binary modules are nearly undetectable. Don't get me wrong, I don't want you to block binary modules, they are great way for expanding gmod features. Please, provide us with feature to check clients or make it as your job to fight with them.

If it still isn't enough for you: Did you know that Gmod cheats are sold on external websites? Known example: https://citizenhack.me

Do something about it, It maybe isn't the most important feature but why should we give some players unfair adventages.

And finally I want to point a problem for another day: "hackers" which have been using Lua/C methods to crash or steal data on community servers. I know that not everything what I said was 100% correct but you get what i wanted to tell, maybe more experienced members will make their stand.

Thanks for supporting our awesome game for such a long time but please, help us keep it alive.

[meepen]

You can detect almost all cheats with ingenuity, and as long as games exist there will be cheats. The developers can't keep up and most likely won't because of Garry's stance on this game being a sandbox game.

On Tue, Jun 11, 2019, 3:47 PM WillDxx notifications@github.com wrote:

For last 10 years, Garrysmod community had one big problem.. cheaters. It's not a big deal on all gamemodes, but such unfair adventages shouldn't be allowed.

In Past community Dev's were playing game with cheaters by finding explotis, methods to fight with unfair players. You, as garrysmod developers should help us with that fight. Now, after a lot of updates, our hands are tied and it's nearly impossible to detect most cheats. We can only catch players using cheats written in lua but everything else is beyond our capabilities. Cheaters using cheats written in C, binary modules are nearly undetectable. Don't get me wrong, I don't want you to block binary modules, they are great way for expanding gmod features. Please, provide us with feature to check clients or make it as your job to fight with them.

If it still isn't enough for you: Did you know that Gmod cheats are sold on external websites? Known example: https://citizenhack.me

Do something about it, It maybe isn't the most important feature but why should we give some players unfair adventages.

And finally I want to point a problem for another day: "hackers" which have been using Lua/C methods to crash or steal data on community servers. I know that not everything what I said was 100% correct but you get what i wanted to tell, maybe more experienced members will make their stand.

Thanks for supporting our awesome game for such a long time but please, help us keep it alive.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Facepunch/garrysmod-requests/issues/1351?email_source=notifications&email_token=ABPGKSIW3UFUW7ZZTCGILR3PZ76NVA5CNFSM4HXCZGK2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GY4ZMKQ, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPGKSJIRFSXQAFNMUCQNXTPZ76NVANCNFSM4HXCZGKQ .

[michak89]

Yes, almost every lua cheat can be easily detected. However ingenuity won't help You much with injected hax, try first. It's possible to calculate many things like % of headshots if hitboxes are correctly set. Cac had a lot of ideas like that. Anyway !cac died, hac was also good rip.

Players and coders can do shit about c hax, only game developers can help and should do it. I found similar request from 2015 - it was closed without any explanation, why can't they use vac? I know that blacklisting bad modules is hard work but I can't see any better way to make game safe.

If binary module is in lua/bin - we can see it, read, check, ban user etc. Please do something about injecting binaries 👍

[meepen]

You can definitely fight c cheats with Lua.

On Tue, Jun 11, 2019, 6:00 PM michak89 notifications@github.com wrote:

Yes, almost every lua cheat can be easily detected. However ingenuity won't help You much with injected hax, try first. It's possible to calculate many things like % of headshots if hitboxes are correctly set. Cac had a lot of ideas like that. Anyway !cac died, hac was also good rip.

Players and coders can do sheet about c hax only game dev can help and should do it. I found similar request from 2015 - it was closed without any explanation, why can't they use vac? I know that blacklisting bad modules is hard work but I can't see any better way to make game safe.

If binary module is in lua/bin - we can see it, read, check, ban user etc. Please do something about injecting binaries 👍

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Facepunch/garrysmod-requests/issues/1351?email_source=notifications&email_token=ABPGKSICEDZPOZC2JF5J2YTP2AN7JA5CNFSM4HXCZGK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXOUC4Q#issuecomment-501039474, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPGKSNOYN22KBAPBJA2IHDP2AN7JANCNFSM4HXCZGKQ .

[michak89]

As I said You can calculate many things. Try to calculate wallhack, gl Any examples of c hax detection in lua? :D I mean hack detection, not cheating detection. I think they don't know how big the problem is.

General Hex had over 100 000 banned cheaters 4 years ago and he had one server.

[meepen]

Wall hacking could be prevented better if there were more support for pvs stuff in lua, such as hooks we could enable for pvs like we have for custom collisions. I can't provide any help with detecting other types of cheating but you just need to think about what cheats do that normal players can't. VAC would be nice but vac also takes a ton of work for the developers to implement to detect cheats, it's not a light switch which will ban all cheaters. Enabling vac also runs the risk of banning innocent people that just want to run modules, if any cheats use public code.

On Tue, Jun 11, 2019, 6:03 PM michak89 notifications@github.com wrote:

As I said You can calculate many things. Try to calculate wallhack, gl Any examples of c hax detection in lua? :D I mean hack detection, not cheating detection.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Facepunch/garrysmod-requests/issues/1351?email_source=notifications&email_token=ABPGKSN4JLPTORUISSXQVQDP2AOMBA5CNFSM4HXCZGK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXOUKZQ#issuecomment-501040486, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPGKSLW4UEYUJH7WWE5MLDP2AOMBANCNFSM4HXCZGKQ .

[thegrb93]

Either way, this is a useless+duplicate+old issue

[michak89]

@thegrb93, useless for? Fair players? Server owners? Community? Useless for Facepunch, no extra cash on building ac system, this is sad. I'm sure They won't do anything - normal. But You can't say it's useless. Vac is great and hard to manage, tools for server owners and coders that could help with injections would be magnificent.

" old issue ", and still fresh

[WillDxx]

You can't say that something is useless without giving arguments, that's not how disscusion works. Duplicate? Maybe but previous ones still didn't get answers. Old issuse? So why still nothing changed in the case, old but not outdated. VAC isn't that easy to implement and I think we don't need that. We just need feature to fight with them. Either Gmod Devs should give us oportunity or make it on their own.

[thegrb93]

The only chance you 'might' get your cause considered is if you know exactly what feature is needed and can prove that no issues can arise from its addition.

[VaasKahnGrim]

is there any way to see what modules are loaded into the games process without having it see outside of the game process or be able to do anything other than simply get info about it?

Like for example, see all files loaded into the game process, their file size, and the file path. But not necessarily see the contents or interact with said files? I can imagine making a whitelist for client side files with this you could maybe determine if somebody were to have possibly injected some C++ cheats(assuming you could tell if the dll is loaded into the game)

If something like that were possible it would be potentially useful I'd think. Maybe a way to perform a crc check to make sure that its not simple a renamed file pretending to be something its not.

[thegrb93]

Nope. That's why external processes such as easy-anticheat have to be running separately.

[michak89]

This idea is half good and half bad, cheater can override any function and fake clean process, also crc check in C - any function.

Yes, we need to detect injections. Other cheats are detectable.

[VaasKahnGrim]

Any way to prevent injections in the first place? Preferably without also killing the include function clientside. Maybe a means of retrieving a list of functions that exist in C++ along with the CRC michak89 mentioned.

You could have a pre-built list containing all C++ functions that should exist and be able to verify then with a CRC check. and if say the list returns a function that shouldn't exist it could simply boot the player from the server. maybe saying something like "Mismatch CFunction Table, remove any loaded C++ modules and rejoin."

The only issue I could think is maybe doing alot of CRC checks like this would probably take time and probably delay load time for players joining. that or if you need to scan again later it might be a bit intensive going through every C function in the game and verifying it.

So probably not the best idea but it is still an IDEA atleast. The Injection Detection/Prevention might be a better choice tho. I have no other ideas to share tho unfortunately.

[michak89]

"The Injection Detection/Prevention" what about prevention? Can process look for significant changes in itself and shutdown if found? I don't have answer to this one but making injections impossible would be a great option too.

I'm sure the idea is here (or will be) and we can handle this problem together. It will change Gmod forever.

External proccess monitoring hl2 is a way, but its code needs to be very secure and secret, impossible to override or modify.

What about loading modules by lua require(), it also makes changes in a process and can triger such detection system, false positive.

Some servers loads modules on client, of course pre installed in lua/bin folder. (gspeak etc)

[thegrb93]

Not to mention, anyone injecting a dll can just override any new lua function the devs add.

[michak89]

Yeah, without injecting we can detect all cheats by file.Read(), forced convars, functions crcs and @meepen 's ingenuity. Not to mention, the point is to keep C code secure, lua easy peasy.

Simple solution to mentioned false positive is to deactivate whole system when server says it is unnecessary. (or allows client to load some modules) But now we have another problem, how to send this information in secure way. Cheater could simply turn off protection by simulating such information about deactivated ac on secured servers :I :cactus:

This is getting harder. I'm working on some detections, found many C haxx, its truly imposible. Binds for menus like insert button are in Cpp, cant detect them. Lua functions aren't modified, nothing here. 0 new concommands. Screenshots and screengrabs cant capture controll menus and steam overlay but can capture some wallhacks. (few cheats has menus in steam overlay browser lol)

Tried to silently record demo on client and use it like overwatch - good idea, but time wasting process of watching demos... minus infinity for this one. Player/cheater can allways delete .dem files and sending them to server via net or http isn't very comfortable.

Now its time for lua video recorder...

[GrandpaTroll]

Tried to silently record demo on client and use it like overwatch - good idea, but time wasting process of watching demos... minus infinity for this one. Player/cheater can allways delete .dem files and sending them to server via net or http isn't very comfortable.

The one rule you should always do is NEVER TRUST THE CLIENT.

Anyways just get an anticheat that detect lua cheats while have admins to use their brains (sometimes unreliable) to detect c++ cheats.

[michak89]

There is one way. Serverside demo, overwatch feature. And lua functions to controll it (start/stop). Server owner could decide if he wants to protect server and write simple reporting system. Dont't get me wrong, I'm not talking about feature that would allow players to watch demos like in cs:go. Just simple serverside recording to .dem files.

Months of thinking and boom - solution.

[VaasKahnGrim]

that solution probably won't work well. I can imagine it having alot of CPU usage on the server pretty easily.

the only real way I can think to catch cheaters effectivly is to use somethin with C++ clientside(which won't happen since facepunch is paranoid with security) or simply designing your gamemode files in a way where cheating is irrelevent in most cases(aimbot is pointless if your not supposed to be shooting other players or if your shooting somebody who's logically not visible, aka don't let players do damage for people behind walls and stuff)

[michak89]

Notice how cpu usage changes while recording clientside demo, and if you pause it and fly around You will also notice that whole map is recorded with even voicechat ((not only your point of view) I cant see a difference on my old intel core i3). I think it depends on demo tickrate.. Anyway, Your idea of something I tried to project very long time with no effect is still just an idea.

And about that "the only real way I can think to catch cheaters effectivly is to use somethin with C++ clientside" this is not 100% possible as we discovered in previous posts. Why do You think cs:go overwatch exist if magic code could catch them all. Valve invented it for a reason, a good reason. It does not affect a client and we allways can see him on a demo.

Overwatch solution it perfect:

• use it if You want
• use it when You want
• use it from lua
• client does not know when it is active
• write some automation if you want
• everything is now possible

Edit: SourceTv has ability to record serverside demos: https://developer.valvesoftware.com/wiki/SourceTV

But we need SourceTv first: https://github.com/Facepunch/garrysmod-issues/issues/1934 https://github.com/Facepunch/garrysmod-requests/issues/1271

[VaasKahnGrim]

overwatch is a thing because valve doesn't want the drama that comes from having a intrusive anti-cheat in their product and they make hell of bank of cheaters who get a new account and get their skins back with cash. its more profitable for them and doesn't hurt their image.

However imo the only effective anticheat is an intrusive one.

Tho it would be nice having SourceTV as an option too even if not used for anti-cheats and catching cheaters

[michak89]

I can't imagine any intrusive anticheat working with require(). This feature would only be avaliable for coders and server owners, small % of people. They won't waste months to invent such thing :/

Let's ask for something real, like SourceTv support. I fully agree with You, it's a great thing :tv:

[thegrb93]

You realize you won't see any cheats with sourcetv, right? The only hint you'll get is their view jerking around, which you can do already by spectating the player.

[michak89]

Man, I know what the demo is 👍
If You are able to spectate all players 24/7 - good luck. See what's the point of overwatch.

[VaasKahnGrim]

I mean overwatch would be useful for something competetive like TTT or something like that. tho personally I like the idea of using source TV for other things than cheat detection(mainly because why are people going to bother cheating on a roleplay server)

[thegrb93]

IIrc, people use cheats to sniff out the money printers and other goodies

[VaasKahnGrim]

yea but money printers are only in things like DarkRP and maybe Prison RP :p I've not seen a starwarsrp server or millrp server use them. but even then those things can usually be heard through walls so kinda a useless sniffer imo

[michak89]

Custom made printers usually kill such cheats, you can log every income and income sources. I'm not sure but it was a thing years ago. DarkRp creators has sv_allowcslua set to 1 in their gamemode by default and still only small % of server owners knows about it. DarkRp was not created for security, money cheats are mostly lua cheats, all lua cheats are easy to detect. (99,99% of them)

Vac would be the best but let's ask for something real :/

[Kefta]

This can be closed, this isn't really a specific feature request.