Encrypting cheat files to bypass

[khalidahmedshalabi]

you can use http://www.axantum.com/axcrypt/ to encrypt AHK scripts and use them for example.

Note: Not tested by me yet, but some people claim that it works.

[Whitetigerswt]

who cares about AHK scripts?

[khalidahmedshalabi]

Not only those. The one who reported this (the Italian guy named Argo) claimed that he could slide with a lot of hacks by this method.

[Whitetigerswt]

Then the slides should be fixed themselves. I think it might be a lot easier to fix slides if we hack the raknet of SA-MP and make it use TCP instead of UDP. It'll be slower, but more reliable. I think all sliding issues are caused by network packets getting dropped by the UDP protocol. but that is untested, and just my personal theory lol

On Wed, Feb 17, 2016 at 2:20 PM, Khalid notifications@github.com wrote:

Not only them. The one who reported this (the Italian guy named Argo) claimed that he could slide with a lot of hacks by this method.

— Reply to this email directly or view it on GitHub https://github.com/Whitetigerswt/SAMP_AC_v2/issues/135#issuecomment-185360460 .

[khalidahmedshalabi]

No no there are no sliding issues in game. I meant to say that he could use other hacks by encrypting them.

[Whitetigerswt]

Yes, because this evades blacklisting. That's why I've added quite a few memory hacks that'll prevent cheats even if their signature is changed. Not all, but some. (Basically one for all the hacks that were popular a year or so ago)

[khalidahmedshalabi]

I see. So do you think it should be updated?

[Whitetigerswt]

I mean this is kind of what #64 is supposed to address. Encrypted files are difficult to detect though for sure. There may not be a solution at the moment. At least not one that I can think of off the top of my head.

[khalidahmedshalabi]

Let this be here https://msdn.microsoft.com/en-us/library/windows/desktop/aa364051(v=vs.85).aspx Might think of a solution later.

[oscar-broman]

For macros, what about making a keyboard input hook and looking at KBDLLHOOKSTRUCT.flags?

[khalidahmedshalabi]

You wanted to say this there https://github.com/Whitetigerswt/SAMP_AC_v2/issues/140 right?

[Whitetigerswt]

Is that even able to distinguish between actual keyboard inputs and SendInput? Probably not, but you could test it. In addition, there's nothing that I'm aware of that you can do to a properly made hardware macro.

I feel like the simplest way is what I've done already. Limit sprint speed and try to minimize litefoot.

[oscar-broman]

What about an analysis for patterns? If you see the same pattern with the exact same timing, it's obviously a macro. I'm saying timing down to the millisecond.

[Whitetigerswt]

That's a good strategy, as long as it's not done on the server. but how would it work in practice? How many keys should be the max number of keys in a pattern? Usually, when people press a macro key they're pressing other buttons and mouse keys too, so how would you ignore the auxiliary information to check for patterns? In addition autohotkey is its own scripting language, and I can see some random keys thrown in the middle of a macro just to throw off pattern detection.

[oscar-broman]

Well, perhaps we'd need to first find out what the keys are bound to (by looking at the GTA:SA config), and after that look for certain macros we know people will use.

Sprinting macros, especially, would be really easy to detect. The same key in the exact same rate for more than 5 seconds? No human can do that.

[Whitetigerswt]

Indeed, but why check for sprinting macros when speed is limited already?

I get your point though and you could be onto something.

[khalidahmedshalabi]

Cause he doesn't like the speed limit like most of people.

The same key in the exact same rate for more than 5 seconds? No human can do that.

I think there will sadly be (if there aren't already) macros specially designed to bypass that.

The only good alternative solution to speed limit, in my opinion, is to replace GTA sprinting with our own (client-sided sprinting system), which is what I tried to do here #140 but things didn't work as I expected. Maybe I did something wrong, I can try again in the future, but that's not priority now. Whoever is going to work on AC needs to know that security and cheat detection issues are the most important issues now. https://github.com/Whitetigerswt/SAMP_AC_v2/milestone/7

[Whitetigerswt]

Going back to the topic at hand, there's no real way to detect if a file is encrypted that I'm aware of, but I haven't researched it at all. How do you propose doing that?

[khalidahmedshalabi]

I don't know yet. The best thing to do for now is to focus on adding more memory hooks.