[Include] Southclaw's & Pottus's Anti-cheat patches
#1

Anti-cheat patches


Objective:
Southclaw and I have decided to keep a resource of anti-hack patches which can be easily integrated into your script. Every patch will follow some basic guidelines for implementation, as well as a description of the cheat which the patch prevents. Please keep in mind these are not designed to be an anti-cheat system addressing a complete system is really on an individual basis and often directly needs to be integrated into the gamemode it's self instead this patches are meant to build on your anti-cheat system by providing a means of quick implementation.

Guidelines:
- Patches are to be designed to be included BEFORE YSI
- Patches will contain ALS hooking only
- Patches will contain a callback with the following prefix OnAntiCheat ..... () ex OnAntiCheatAutoAim(playerid)
- Patches will have a description outlining the anticheat
- Patches can use y_iterate

__________________________________________________ ________________________________________________

Patches
__________________________________________________ ________________________________________________


Name: Autobullet
Type: Animation / Weapon exploit
Description: Modifies the behavior of walking weapons allowing them to be used like running weapons it also skips the reload animations.
Detection Method: There is a velocity range in which this exploit happens however it is also possible to achieve the same velocity in some circumstances by using the slide-shoot-run bug that is why there is player key checks in place to make sure that does not happen. A player receiving 3 infractions will result in OnAntiCheatAutoBullet() being called.
Callback: public OnAntiCheatAutoBullet(playerid, weaponid)


pawn Code:
// Anti autobullet exploit detection by [uL]Pottus
#define             MAX_AUTOBULLET_INFRACTIONS          3
#define             AUTOBULLET_RESET_DELAY              30

static AutoBulletInfractions[MAX_PLAYERS];
static LastInfractionTime[MAX_PLAYERS];

forward OnAntiCheatAutoBullet(playerid, weaponid);

public OnPlayerWeaponShot(playerid, weaponid, hittype, hitid, Float:fX, Float:fY, Float:fZ)
{
    if(!IsPlayerInAnyVehicle(playerid))
    {
        switch(weaponid)
        {
            case 27, 23, 25, 29, 30, 31, 33, 24, 38:
            {
                if(CheckSpeed(playerid))
                {
                    if(gettime() - LastInfractionTime[playerid] >= AUTOBULLET_RESET_DELAY) AutoBulletInfractions[playerid] = 1;
                    else AutoBulletInfractions[playerid]++;
                    LastInfractionTime[playerid] = gettime();

                    if(AutoBulletInfractions[playerid] == MAX_AUTOBULLET_INFRACTIONS)
                    {
                        AutoBulletInfractions[playerid] = 0;
                        CallLocalFunction("OnAntiCheatAutoBullet", "ii", playerid, weaponid);
                        return 0;
                    }
                }
            }
        }
    }
   
    if (funcidx("ACAutoB_OnPlayerWeaponShot") != -1)
    {
        return CallLocalFunction("ACAutoB_OnPlayerWeaponShot", "iiiifff", playerid, weaponid, hittype, hitid, fX, fY, fZ);
    }
    return 1;
}

#if defined _ALS_OnPlayerWeaponShot
    #undef OnPlayerWeaponShot
#else
    #define _ALS_OnPlayerWeaponShot
#endif
#define OnPlayerWeaponShot ACAutoB_OnPlayerWeaponShot

forward ACAutoB_OnPlayerWeaponShot(playerid, weaponid, hittype, hitid, Float:fX, Float:fY, Float:fZ);

public OnPlayerDisconnect(playerid, reason)
{
    AutoBulletInfractions[playerid] = 0;

    if (funcidx("ACAutoB_OnPlayerDisconnect") != -1)
    {
        return CallLocalFunction("ACAutoB_OnPlayerDisconnect", "ii", playerid, reason);
    }
    return 1;
}

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect ACAutoB_OnPlayerDisconnect

forward ACAutoB_OnPlayerDisconnect(playerid, reason);


static CheckSpeed(playerid)
{
    new Keys,ud,lr;
    GetPlayerKeys(playerid,Keys,ud,lr);

    if(ud == KEY_UP && lr != KEY_LEFT && lr != KEY_RIGHT)
    {
        new Float:Velocity[3];
        GetPlayerVelocity(playerid, Velocity[0], Velocity[1], Velocity[2]);
        Velocity[0] = floatsqroot( (Velocity[0]*Velocity[0])+(Velocity[1]*Velocity[1])+(Velocity[2]*Velocity[2]));
        if(Velocity[0] >= 0.11 && Velocity[0] <= 0.13) return 1;
    }
    return 0;
}
Name: Connection spoofing
Type: Server exploit
Description: It was possible in 0.3x to spoof a connection to a server when a player is already connected, this will result in the players name being changed to the spoofed name unprotected servers could potentially have player accounts overwritten. It is currently unknown if this exploit exists in 0.3z however it assumed that it still could potentially happen in any case this patch provides protection by preventing OnPlayerConnect() from being called to the rest of the script. IMPORTANT Make sure this is placed before any other includes that use OnPlayerConnect!!!!
Detection Method: When a player connects a variable is set that they are connected, if another connection happens on the same ID while they are still connected this is considered a spoof.
Callback: public OnAntiCheatPlayerSpoof(playerid)

Edit - I have confirmed this as still possible.


pawn Code:
// Anti connection spoofing patch by [uL]Pottus

forward OnAntiCheatPlayerSpoof(playerid);

static bool:PlayerConnected[MAX_PLAYERS];
static PlayerNames[MAX_PLAYERS][MAX_PLAYER_NAME];

public OnPlayerConnect(playerid)
{
    // User was already connected cheat detected
    if(PlayerConnected[playerid])
    {
        SetPlayerName(playerid, PlayerNames[playerid]);
        CallLocalFunction("OnAntiCheatPlayerSpoof", "i", playerid);
        return 1;
    }
    else
    {
        GetPlayerName(playerid, PlayerNames[playerid], MAX_PLAYER_NAME);
        PlayerConnected[playerid] = true;
    }

    if (funcidx("AntiSpoof_OnPlayerConnect") != -1)
    {
        return CallLocalFunction("AntiSpoof_OnPlayerConnect", "i", playerid);
    }
    return 1;
}

public OnPlayerDisconnect(playerid, reason)
{
    PlayerConnected[playerid] = false;

    if (funcidx("AntiSpoof_OnPlayerDisconnect") != -1)
    {
        return CallLocalFunction("AntiSpoof_OnPlayerDisconnect", "ii", playerid, reason);
    }
    return 1;
}


#if defined _ALS_OnPlayerConnect
    #undef OnPlayerConnect
#else
    #define _ALS_OnPlayerConnect
#endif
#define OnPlayerConnect AntiSpoof_OnPlayerConnect

forward AntiSpoof_OnPlayerConnect(playerid);

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect AntiSpoof_OnPlayerDisconnect

forward AntiSpoof_OnPlayerDisconnect(playerid, reason);
Name: NPC Connection spoofing
Type: Server exploit
Description: This is very similar to connection spoofing and was an issue in 0.3x it is assumed that it is still possible in the new SAMP version. It will result in faked NPC connections to the server. IMPORTANT Make sure this is placed before any other includes that use OnPlayerConnect!!!!
Detection Method: All real NPC connections can only occur on IP: 127.0.0.1 if the IP is different then it is a spoofed NPC connection
Callback: public OnAntiCheatNPCSpoof(playerid)


pawn Code:
// Anti NPC spoof by [uL]Pottus

forward OnAntiCheatNPCSpoof(playerid);

public OnPlayerConnect(playerid)
{
    if(IsPlayerNPC(playerid))
    {
        new ip[16];
        GetPlayerIp(playerid, ip, sizeof(ip));
        if (!!strcmp(ip, "127.0.0.1"))
        {
            new name[MAX_PLAYER_NAME];
            format(name, sizeof(name), "%i", gettime());
            SetPlayerName(playerid, name);
            CallLocalFunction("OnAntiCheatNPCSpoof", "i", playerid);
            return 1;
        }
    }
    if (funcidx("AntiNPC_OnPlayerConnect") != -1)
    {
        return CallLocalFunction("AntiNPC_OnPlayerConnect", "i", playerid);
    }
    return 1;
}

#if defined _ALS_OnPlayerConnect
    #undef OnPlayerConnect
#else
    #define _ALS_OnPlayerConnect
#endif
#define OnPlayerConnect AntiNPC_OnPlayerConnect

forward AntiNPC_OnPlayerConnect(playerid);
Name: Lag Troll
Type: Vehicle Cheat
Description: This cheat appears to send fake packets to the server in rapid succession by copying the position of the targeted vehicle the result is a lag type effect.
Callback: public OnAntiCheatLagTroll(playerid)


pawn Code:
#define         MAX_VEHICLE_ID_CHANGES          5

static LastVehicleID[MAX_PLAYERS];
static VehicleIDChanges[MAX_PLAYERS];
static VehicleIDChangeTime[MAX_PLAYERS];

forward OnAntiCheatLagTroll(playerid);

public OnPlayerUpdate(playerid)
{
    new vid = GetPlayerVehicleID(playerid);
    if(vid > 0)
    {
        if(vid != LastVehicleID[playerid])
        {
            if(GetTickCount() - VehicleIDChangeTime[playerid] < 5000)
            {
                VehicleIDChanges[playerid]++;
                if(VehicleIDChanges[playerid] > MAX_VEHICLE_ID_CHANGES)
                {
                    CallLocalFunction("OnAntiCheatLagTroll", "i", playerid);
                    return 0;
                }
            }
            else VehicleIDChanges[playerid] = 1;
        }
        LastVehicleID[playerid] = vid;
        VehicleIDChangeTime[playerid] = GetTickCount();
    }

    if (funcidx("AntiLT_OnPlayerUpdate") != -1)
    {
        return CallLocalFunction("AntiLT_OnPlayerUpdate", "i", playerid);
    }
    return 1;
}

#if defined _ALS_OnPlayerUpdate
    #undef OnPlayerUpdate
#else
    #define _ALS_OnPlayerUpdate
#endif
#define OnPlayerUpdate AntiLT_OnPlayerUpdate

forward AntiLT_OnPlayerUpdate(playerid);



Name: Server Freezer - Obsolete download the new SAMP server update
https://sampforum.blast.hk/showthread.php?tid=506214
Reply
#2

Really Nice! Good Job, Southclaw & Pottus!
Gonna use this.
Reply
#3

you should make this a community driven solution on github, with changes encouraged by the community (see fixes.Inc). can make a quick include to patch a bunch of hacks
Reply
#4

Quote:
Originally Posted by Whitetiger
View Post
you should make this a community driven solution on github, with changes encouraged by the community (see fixes.Inc). can make a quick include to patch a bunch of hacks
That is a good idea, but the issue with that is implementation, were not really releasing a full AC system rather patches to integrate into gamemodes. It will be up to the scripter to determine how they want to handle specific events. I still have a lot of patches to put up yet
Reply
#5

Good job both of you
Reply
#6

Nice work guys.
Reply
#7

Nice job!

Never encountered the second one, but that's a strange but effective fix.
Reply
#8

Ah, you were discussing at the IRC about the patches. Nice work!
Reply
#9

Sorry guys, the first one has ALOT of false alarms.

All you have to do to throw the auto bullet thing

is keep firing your weapon and move left and right around constantly and it throws the autobullet detection

Tested with deagle and combat shotgun
Reply
#10

Quote:
Originally Posted by Kar
View Post
Sorry guys, the first one has ALOT of false alarms.

All you have to do to throw the auto bullet thing

is keep firing your weapon and move left and right around constantly and it throws the autobullet detection

Tested with deagle and combat shotgun
Thanks, I'll test it out again and see if I can get it to happen going to comment it out for the time being. Okay now I see how that happens
Reply
#11

Nice , protects against rapid fire?

if so I'm not seeing is blurred, Linux does not help :/

OFF: 666 Posts o_O.
Reply
#12

Good job, keep it up
Reply
#13

Quote:
Originally Posted by ******
View Post
Could I make a request (partially a suggestion). You explicitly mention that this should be included before YSI, and I agree, but there are a few things to be aware of with that:

1) You say you can use y_iterate, but if you include these patches before YSI the "foreach" macro won't yet exist and that code will never be used even if it is included later.

2) y_hooks in YSI 4.0 is awkward to deal with in terms of orderings. Currently y_hooks hooks always come before ALS hooks, even if they appear later in source code, the ordering is changed (or, more accurately, set) at run-time, not compile-time. I have a solution to this that will be released shortly (I am now back home), but the solution requires some co-operation from other library developers that want their code to come before any y_hooks code. "Breaking" an ALS chain is tricky as you need to be able to detect the chain, but this can be done. I want to try and figure out an even better way of specifying ordering, but for now this is the best I have come up with. Instead of your current hooking method use:

pawn Code:
// This function has two purposes - defines 3 states, and declares your ALS prefix.
// You seem to use different prefixes for each callback though, I'm not sure that's a
// good idea and will make detection MUCH harder.
forward @@@_AC();
// The function is never called, but can be found by the "@@@_" prefix.
public @@@_AC() <AC_state : AC_state1> {}
public @@@_AC() <AC_state : AC_state2> {}
public @@@_AC() <AC_state : AC_state3> {}

#define AC_FORWARD%0(%1) \
    forward%0(%1); \
    public%0(%1)<> return 0; \
    public%0(%1)<AC_state : AC_state1> return 0

// Now this is a normal callback.
public OnPlayerDisconnect(playerid, reason)
{
    // And this is the hook, no wrapping of any kind required.
    return AC_OnPlayerDisconnect(playerid, reason);
}

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect(%0) AC_OnPlayerDisconnect(%0) <AC_state : AC_state2>

AC_FORWARD AC_OnPlayerDisconnect(playerid, reason);
Using that, the order hooks are done in becomes:

- State-based hooks.
- y_hooks.
- ALS hooks.
- Public function.

If you need me to explain the issues in more depth, or would like to discuss alternate solutions (I would), feel free to contact me here or on IRC. This is a VERY brief post on the issue, and I wish there was a better way. Note that you also need:

pawn Code:
state AC_state : AC_state2;
Somewhere to make the whole thing work, but you could add that to every callback, I just prefer doing it in OnGameModeInit (etc).

Other than that, nice.
They already did when they first posted: "- Patches are to be designed to be included BEFORE YSI"
Reply
#14

Very usefull. Good job
Reply
#15

Very usefull post if the community contribute on this post, i think it's important with the massive cheat created.

I don't understand the Autobullet, it's for detect shoot player on slide bug?
Reply
#16

I was reviewing the rapid fire cheat Southclaw and I think it needs to be revised because it doesn't take in account c-bugging at all.

@Edit - It's also probably a good idea to run ammo lock checking first since the rapid fire cheats seem to usually lock ammo it would be easier to bust someone this way as a first line of defense.
Reply
#17

Quote:
Originally Posted by [uL]Pottus
View Post
I was reviewing the rapid fire cheat Southclaw and I think it needs to be revised because it doesn't take in account c-bugging at all.

@Edit - It's also probably a good idea to run ammo lock checking first since the rapid fire cheats seem to usually lock ammo it would be easier to bust someone this way as a first line of defense.
Every weapon should have its own shooting max rate if you know what I mean.
Reply
#18

Raise the limit of MessagesRecvPerSecond. Me and my friend got kicked by it because we used miniguns.
Reply
#19

Quote:
Originally Posted by kvann
View Post
Raise the limit of MessagesRecvPerSecond. Me and my friend got kicked by it because we used miniguns.
That check is going to be removed it is obsolete with the new SAMP version.
Reply
#20

Why is this stickied?
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)