20.06.2018, 13:53
So...
I've been using client-side anticheat for detecting cheats, folder detection and process scanning..
However, in the time being people finally figured out how to bypass anticheat, and i wouldn't even bother to fix it, but yeah, its me and i like everything to be near-perfect on my server... So they bypassed in 2 ways:
Implementing cheats via gamemodding, importing cheat in .img, which i think i can fix with checking hashes?
The thing which is harder to fix is lets say sandbox, because sandbox somehow blocks specific processes? Also they can spoof processes, for example if i download aimbot.exe, i can rename it to to chrome.exe and you simply can't figure out if its cheat or a real program, i've setup logs for all players who are FORCED to use anticheat ( it .logs and i can simply check for suspicious cheats)
------------------------------------------------------------------- [17.06.2018. 19:35:40] Process List - Player: <Name> -------------------------------------------------------------------
[ ] taskhost.exe -> C:\Windows\system32\taskhost.exe
[ ] dwm.exe -> C:\Windows\system32\Dwm.exe
[ ] explorer.exe -> C:\Windows\Explorer.EXE
[ ] taskeng.exe -> C:\Windows\system32\taskeng.exe
[ ] avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[ ] teamviewer.exe -> C:\Program Files\TeamViewer\TeamViewer.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] launcher.exe -> D:\GTA - San Andreas\Launcher.exe
[ ] gta_sa.exe -> D:\GTA - San Andreas\gta_sa.exe
[ ] observer.exe -> D:\GTA - San Andreas\Observer.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
The weird thing is that for example i'm using legit windows licensed and it scans ALL my processes, while some windows 7/8 cracked trash is for some reason not detecting cheats even tho i've setup to check process names and kill if it contains forbidden words.
Now, i've read about some memory addresses, how you can intercept some packets and with RAKNET, and i would realy like some help with it.
I'll even quote some post from (SAMPCAC) anticheat reading memory, which is really complicated for me and i have no idea what it is saying
Now, i would really like some explanation for this and i'm paying very nice money for some awesome solution.
To be honest, i don't know why i'm even trying to perfect a game this old, but i own a large server and people expect from me the best i guess, but i'm out of solutions definitely..
PS: If you are wondering why i'm not using sampcac, flagged as viruses, trojan, etc.. can't bother to explain players why i'm forcing banned morons to use virus.
Sorry for spelling mistakes.
Anyway, big thanks to jlalt and bigeti, for awesome support they have been giving me all these time.
I've been using client-side anticheat for detecting cheats, folder detection and process scanning..
However, in the time being people finally figured out how to bypass anticheat, and i wouldn't even bother to fix it, but yeah, its me and i like everything to be near-perfect on my server... So they bypassed in 2 ways:
Implementing cheats via gamemodding, importing cheat in .img, which i think i can fix with checking hashes?
The thing which is harder to fix is lets say sandbox, because sandbox somehow blocks specific processes? Also they can spoof processes, for example if i download aimbot.exe, i can rename it to to chrome.exe and you simply can't figure out if its cheat or a real program, i've setup logs for all players who are FORCED to use anticheat ( it .logs and i can simply check for suspicious cheats)
------------------------------------------------------------------- [17.06.2018. 19:35:40] Process List - Player: <Name> -------------------------------------------------------------------
[ ] taskhost.exe -> C:\Windows\system32\taskhost.exe
[ ] dwm.exe -> C:\Windows\system32\Dwm.exe
[ ] explorer.exe -> C:\Windows\Explorer.EXE
[ ] taskeng.exe -> C:\Windows\system32\taskeng.exe
[ ] avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[ ] teamviewer.exe -> C:\Program Files\TeamViewer\TeamViewer.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] launcher.exe -> D:\GTA - San Andreas\Launcher.exe
[ ] gta_sa.exe -> D:\GTA - San Andreas\gta_sa.exe
[ ] observer.exe -> D:\GTA - San Andreas\Observer.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
[ ] chrome.exe -> C:\Program Files\******\Chrome\Application\chrome.exe
The weird thing is that for example i'm using legit windows licensed and it scans ALL my processes, while some windows 7/8 cracked trash is for some reason not detecting cheats even tho i've setup to check process names and kill if it contains forbidden words.
Now, i've read about some memory addresses, how you can intercept some packets and with RAKNET, and i would realy like some help with it.
I'll even quote some post from (SAMPCAC) anticheat reading memory, which is really complicated for me and i have no idea what it is saying
Quote:
|
I haven't spent much time REing this anticheat but here is what I know. SAMPCAC has their own server plugin, and a client .asi. The client uses RakClient's interface to communicate with the server. Specifically, SAMPCAC is using RakClientInterface::RPC to send data. As of SAMPCAC v0.9.0, these are the RPC ids I've found associated with telling the server you're cheating. Code: 181 183 184 155 You can of course block these from being sent, but the problem with this is that after a while, you'll get kicked. The kick has no message, you are just simply kicked. I haven't looked into it much, but here is what is happening. They place several JMP hooks on areas they need information from, such as when the game stores the camera address (used for aimbot). I ASSUME that inside these hooks, they compare the registers to their own stored value, when its not equal, they send an RPC to the server that you're cheating. For the record, I've tried placing hooks before theirs, overwriting it, noping it. This works for some things, but I had trouble making it work for aimbot (mostly because they placed 13+ hooks just to prevent aimbot). You can get around the aimbot (in a nooby way) though. For ESP, just draw your own. SAMPCAC is using VMProtect 3, and I haven't bothered trying to unpack it. It makes reversing it that much more of a PITA. It is honestly a unstable POS anticheat, and if you are extremely devoted, you can just spoof the anticheat's existence by replicating their RPC calls. You just need to reverse their server plugin and see what it expects. (Their first RPC sends '0xCAC' lol) |
To be honest, i don't know why i'm even trying to perfect a game this old, but i own a large server and people expect from me the best i guess, but i'm out of solutions definitely..
PS: If you are wondering why i'm not using sampcac, flagged as viruses, trojan, etc.. can't bother to explain players why i'm forcing banned morons to use virus.
Sorry for spelling mistakes.
Anyway, big thanks to jlalt and bigeti, for awesome support they have been giving me all these time.
