Money hackers - Printable Version

Money hackers - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Money hackers (/showthread.php?tid=601007)

Money hackers - BTOlly - 15.02.2016

I am the owner of a 3c server, I am not a scripter myself neither do I know anything about it. I have a scripter but he's not very skilled, he knows the basics. My server is constantly getting money hackers cheating their way to unlimited cash. I have heard there is a system that stops money cheaters?
A different way to calculate money on? Is there a way to change it so that no one can use moneyhack?
Please help, thank you!

Re: Money hackers - Danzou - 15.02.2016

https://sampforum.blast.hk/showthread.php?tid=71136

Re: Money hackers - Vince - 15.02.2016

Why are you still running a 0.3c server? That version was released literally five years ago. An anti-money cheat system is the second easiest system to create, after an anti-jetpack system. It simply relies on the fact that the player's money is stored in a variable that the server controls rather than in a variable that the client controls. SetPlayerMoney should only be used as a visual update towards the client and GetPlayerMoney should never be used directly unless to detect the actual cheating itself (if GetPlayerMoney > PlayerVar[Money] then cheating) and anything that relies on money should use the internal variable.

Re: Money hackers - BTOlly - 15.02.2016

Quote:

Originally Posted by Vince

Why are you still running a 0.3c server? That version was released literally five years ago. An anti-money cheat system is the second easiest system to create, after an anti-jetpack system. It simply relies on the fact that the player's money is stored in a variable that the server controls rather than in a variable that the client controls. SetPlayerMoney should only be used as a visual update towards the client and GetPlayerMoney should never be used directly unless to detect the actual cheating itself (if GetPlayerMoney > PlayerVar[Money] then cheating) and anything that relies on money should use the internal variable.

Well, we are a community that all together has 8 servers in all SA-MP versions that's why.
For instance we have business, cars and houses that rely on money, do we need to change it so it uses the internal variable? I am no scripter so don't go all complicated

Re: Money hackers - Tamer - 15.02.2016

Quote:

Originally Posted by BTOlly

Get the scripter here then and make him read what Vince said.

Re: Money hackers - AmigaBlizzard - 16.02.2016

It's quite easy to convert a script from using client-side money to server-side money.

Everywhere the script reads

PHP код:



GetPlayerMoney(playerid)

Replace it with

PHP код:



Player_GetMoney(playerid)

Then, everywhere you have

PHP код:



GivePlayerMoney(playerid, amount)

Replace it by

PHP код:



Player_GiveMoney(playerid, amount)

Add this to your script as well:

PHP код:



Player_GiveMoney(playerid, amount)

{

    PlayerMoney[playerid] = PlayerMoney[playerid] + amount;

}

Player_GetMoney(playerid)

{

    return PlayerMoney[playerid];

}

PHP код:



forward MoneyTimer();

public MoneyTimer()

{

    for (new playerid; playerid < MAX_PLAYERS; playerid++)

    {

        If (IsPlayerConnected(playerid)

        {

            ResetPlayerMoney(playerid);

            GivePlayerMoney(playerid, PlayerMoney[playerid]);

        }

    }

}

And add this to OnGameModeInit:

PHP код:



SetTimer("MoneyTimer", 500, true);

And on top of your script, add this:

PHP код:



new PlayerMoney[MAX_PLAYERS];

This will store all money on the server inside the PlayerMoney array, The money-hackers don't have direct access to that array, so it's safe from hacking.

The timer is there to auto-update every player's money on their screen.
Your script can just add the value to your account (PlayerMoney array), the timer does the rest (updating the value on the client's screen every half a second).

Even if they hack money on their client and would be able to freeze the money-readout on their screen, the server will use the value stored in the array.
Even if they could freeze their readout on the client to $1 billion, while the server holds only $100 in the array, they still can't buy that house for $100000.

So it doesn't matter if they hack their client's money-readout, there is no need to GetPlayerMoney somewhere to check if they're hacking and banning them for it.

Re: Money hackers - Tamer - 16.02.2016

Quote:

Originally Posted by AmigaBlizzard

It's quite easy to convert a script from using client-side money to server-side money.

Everywhere the script reads

PHP код:



GetPlayerMoney(playerid)

Replace it with

PHP код:



PlayerMoney[playerid]

Just make a function such as Player_GetMoney and make it return the PlayerMoney variable.

Re: Money hackers - AmigaBlizzard - 16.02.2016

Quote:

Originally Posted by Tamer

Just make a function such as Player_GetMoney and make it return the PlayerMoney variable.

That's also possible:

PHP код:



Player_GetMoney(playerid)

{

    return PlayerMoney[playerid];

}

Code above adjusted to include the function.

Re: Money hackers - Tamer - 16.02.2016

Quote:

Originally Posted by AmigaBlizzard

That's also possible:

PHP код:



Player_GetMoney(playerid)

{

    return PlayerMoney[playerid];

}

Code above adjusted to include the function.

One more point, I said that because using a variable is also tricky but the "playerid" part is also another tricky part.

Because at commands and such, which are specifically for a target player, they can't use "playerid" for the target player. They use "id" or "giveplayerid "targetid" etc. etc.

I just want to point out that he should directly rename GetPlayerMoney to Player_GetMoney without the playerid.

Or he can just use ALS Hooking