search

citizenfx / fivem

The source code for the Cfx.re modification frameworks, such as FiveM, RedM and LibertyM, as well as FXServer.
https://cfx.re/
3.5k stars 2.07k forks source link

Avoid cheaters - Client resources checksum ? #25

Closed rudzboy closed 3 years ago

rudzboy commented 7 years ago

Hello guys.

Seems that values spoofing with tools like Cheat Engine is possible, but that's theorical, cheating is not part of my habits ;) Anyhow, we encountered obvious cheating on servers (including our own) where ScriptHook usage is disabled like specified in the citmp-server.yml config file.

So I'm asking. Which mecansims are implemented within FiveM to ensure that client resources are not altered ? If so, can the server prevent those altered resources form being used ?

If none are present. How can we successfully avoid these kind of cheating ? How can we detect using the server console output any attempt from a client to cheat ?

If you need any detailed examples of obvious cheat ingam, we are able to discribe them if it can help.

Many thanks

IzioDev commented 7 years ago

Hey rudzboy. Yuu can do it yourself. Just stock all the vars server side, increment them when player ear money for example. And check all xx minuts if the number match for example. If not, put a warn. Elements are occupated in FX server, I think they will have more time after the release of it. Have a nice day :)

blattersturm commented 7 years ago

Given how proactive approaches against cheating and game manipulation don't work (and inconvenience users, as well!), we prefer to take a reactive approach. No direct means of cheating that people use has come to our attention (by being posted in public, or reported to us privately), and guessing behind a means and blindly 'fixing' things is, softly said, counterproductive.

In the short term, FXServer will contain changes to protect client resources, however our data indicates that people are not using this method to cheat on servers.

In addition, the citizen/ folder will be scanned for original files, as we have received reports that people have tampered with this data in order to manipulate game information.

Future releases will contain 'dissection', which will allow servers to check certain attempts to synchronize game state across the network.

What kind of 'cheating' have you encountered so far? Basic invincibility, object spawning and creation, or some other type of cheating?

rudzboy commented 7 years ago

@blattersturm Thanks for your fast and reliable answer.

The kind of cheating you described matches perfectly what we encountered. Mostly, objects and armed pedestrians spawning on precise locations, vehicles that blew up while being driven (some kind of suicide bomber - made me laugh (at first)).

Well, I understand perfecty the reactive approach, especially if there is a lack of reports towards your team. I understand by your answer that client resources modification is not the point here.

Anyway, I am thrilled about the actions you planned regarding security, and I hope it will fix most of unwanted cheating behaviours.

Thanks again and keep up the good work ;)