[AdamsLT]

False positive? :

Take a car, that can have a paintjob.
Take it to a tune garage, where it can be tuned.
Select paintjob but don't buy it,
press enter (to deny buying the paintjob).
Anti-crasher code: 043 is triggered.

example: take an elegy to the wheel-archangels tune garage in SF.
drive in,
select paintjobs,
select paintjob 1,
now press enter (so that you don't buy it),
code 043 is called.

This happens with every car, that can have a paintjob (didn't test every car but so far every car triggered it, so I bet it's safe to assume so).
This DOESN'T happen if your car already has a paintjob added before trying this bug.

NEX version: v1.9.32

[RogueDrifter]

Quick question: Why are you passing an empty string as ip address whenever ac_kickwithcode is called?

[OstGot]

Quote:

Originally Posted by RogueDrifter Quick question: Why are you passing an empty string as ip address whenever ac_kickwithcode is called?

IP is only passed when the "type" argument in the "ac_KickWithCode" function is 1. Thus, the argument "type" is responsible for what we pass to the kick function: the player id or his IP. IP is passed only in a couple of cases actually, and you can find such cases, for example, in public OnRconLoginAttempt.

[RogueDrifter]

I have another question if you don't mind answering:
What are the describtions of these cheats exactly?
carshot, afkghost, fake npc, attach object crash, connect to one slot, fake spawn

[OstGot]

Quote:

Originally Posted by RogueDrifter I have another question if you don't mind answering: What are the describtions of these cheats exactly? carshot, afkghost, fake npc, attach object crash, connect to one slot, fake spawn

1. Carshot (also its feature is that it can work from the passenger seat in unoccupied vehicle)
2. AFK-Ghost
3. Fake NPC, to be honest, were borrowed from Anti-cheat patches topic, what I regret now actually, because it has false detections, so this anticheat is disabled by default at the moment. See "NPC Connection spoofing" in Anti-cheat patches topic to read the description of this hack.
4. Attach object crasher was part of the kit in La Pirula Project s0b. Judging by the source code of the cheat, this crasher spoofs the object model id in OnPlayerEditAttachedObject and sends the singleplayer clothes object ids (which are cut from samp).
5. Connect to one slot it's just a connection without a prior disconnect, when the player connects already being connected. This is widely used in various cleo, which allows you to change the nickname on the server without relogging and other stuff like that.
6. Fake spawn - spawns you in any time you want, even you non dead at the moment.

[RogueDrifter]

Quote:

Originally Posted by OstGot Carshot (also its feature is that it can work from the passenger seat in unoccupied vehicle) AFK-Ghost Fake NPC, to be honest, were borrowed from Anti-cheat patches topic, what I regret now actually, because it has false detections, so this anticheat is disabled by default at the moment. See "NPC Connection spoofing" in Anti-cheat patches topic to read the description of this hack. Attach object crasher was part of the kit in La Pirula Project s0b. Judging by the source code of the cheat, this crasher spoofs the object model id in OnPlayerEditAttachedObject and sends the singleplayer clothes object ids (which are cut from samp). Connect to one slot it's just a connection without a prior disconnect, when the player connects already being connected. This is widely used in various cleo, which allows you to change the nickname on the server without relogging and other stuff like that. Fake spawn - spawns you in any time you want, even you non dead at the moment.

Nice, thanks for the info!

I think your "Attached object crasher" is never going to work, you do this:

Код:

public OnPlayerEditAttachedObject(playerid, response, index, modelid, boneid, Float:fOffsetX, Float:fOffsetY, Float:fOffsetZ, Float:fRotX, Float:fRotY, Float:fRotZ, Float:fScaleX, Float:fScaleY, Float:fScaleZ)
{
    if(ACInfo[playerid][acKicked]) return 1;
    if(ACInfo[playerid][acACAllow][46] && 384 <= modelid <= 393)
    {
        #if defined DEBUG
            printf("[Nex-AC debug] Object modelid: %d", modelid);
        #endif
        ac_KickWithCode(playerid, "", 0, 46);
        return 1;
    }

The only check done is '384 <= modelid <= 393' but thats just any invalid object, the fact that matite said they were patched here: http://forum.sa-mp.com/showpost.php?...6&postcount=10

Makes your function depreciated since 2015.

Also, your anti cj run checks if skin != 0 (cj) and != 74,

74 doesn't exist, yes that's why u restricted it because its invalid but so is 2509 so is 1000 so is 400 and so on, maybe check for VALID skins instead of invalid ones?

[Uberanwar]

Found some issue:

1. When a car falls through the map, a player nearby will be detected as Teleport Hack (vehicle to player).
2. When SetPlayerPos is being spammed (players entering an entrance repeatedly at once), a player will be detected as Teleport Hack (On Foot).
3. Players using Camera Hack (players uses this, if airbreak/flyhack is detected) is not being detected in this security system.

[OstGot]

Quote:

Originally Posted by RogueDrifter The only check done is '384 <= modelid <= 393' but thats just any invalid object, the fact that matite said they were patched here: http://forum.sa-mp.com/showpost.php?...6&postcount=10

Matite said many things, including this:

Quote:

Originally Posted by Matite As Kalcor mentioned in his announcement thread these exploits are all patched in SA-MP 0.3.7.

However, some of the "fixed" exploits for some reason still continued to work in the latest version (example: bullet crasher. It's still possible to send fake weaponid, hittype and hitid), which is why I have not been very willing to believe this post since. And yeah, once I had already removed some of the protections relying on the fact that they had been fixed, but then I only regretted it and had to return them back. So I think that's the case where it's better just to be safe and I don't plan to remove it for now.

Quote:

Originally Posted by RogueDrifter Also, your anti cj run checks if skin != 0 (cj) and != 74, 74 doesn't exist, yes that's why u restricted it because its invalid but so is 2509 so is 1000 so is 400 and so on, maybe check for VALID skins instead of invalid ones?

But 2509, 1000, 400, etc etc will not apply by the client as when you set invalid skins to player - player still returns his old skin via GetPlayerSkin, while when you set him id 74 - player will return that he have skin 74, that is why it needs an additional check only for that id.

UPD: I rechecked this and it seems GetPlayerSkin returns any invalid skin if it has been applied to a player. However as I answered you in pm I think the check only for id 74 is still actual as 74 is the only one invalid id that belongs to valid ids range, so many guys forget about this exeption in their code and gives access to apply it for players.

Quote:

Originally Posted by Uberanwar 1. When a car falls through the map, a player nearby will be detected as Teleport Hack (vehicle to player). 2. When SetPlayerPos is being spammed (players entering an entrance repeatedly at once), a player will be detected as Teleport Hack (On Foot).

Provide the logs of anticheat at the moments of these kicks.

Quote:

Originally Posted by Uberanwar 3. Players using Camera Hack (players uses this, if airbreak/flyhack is detected) is not being detected in this security system.

Yes, because there is no any protection from camhack at the moment.
But I'll think about adding it in future, thanks.

[Uberanwar]

Quote:

Originally Posted by OstGot Yes, because there is no any protection from camhack at the moment. But I'll think about adding it in future, thanks.

Yes, great idea. Looking forward for it soon!

Quote:

Originally Posted by OstGot Provide the logs of anticheat at the moments of these kicks.

When vehicles falls through custom map and at the same time, player is nearby:

Quote:

[23:19:17] [Nex-AC debug] Distance: 85.293693, old pos diff: 0.328170, pos z: -66.160217, vehicleid: 374, playerid: 1 [23:19:17] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:17] [Nex-AC debug] Distance: 83.387588, old pos diff: 0.502326, pos z: -64.062072, vehicleid: 375, playerid: 1 [23:19:17] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:17] [Nex-AC debug] Distance: 67.791343, old pos diff: 0.075035, pos z: -47.816524, vehicleid: 376, playerid: 1 [23:19:17] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:19] [Nex-AC debug] Distance: 85.535484, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:19] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:19] [Nex-AC debug] Distance: 83.396759, old pos diff: 0.005119, pos z: -64.067192, vehicleid: 375, playerid: 1 [23:19:19] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:20] [Nex-AC debug] Distance: 68.097221, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:20] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:21] [Nex-AC debug] Distance: 85.534774, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:21] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:21] [Nex-AC debug] Distance: 83.438858, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:21] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:22] [Nex-AC debug] Distance: 68.092353, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:22] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:23] [Nex-AC debug] Distance: 85.531684, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:23] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:23] [Nex-AC debug] Distance: 83.431427, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:23] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:25] [Nex-AC debug] Distance: 68.091835, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:25] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:25] [Nex-AC debug] Distance: 85.528129, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:25] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:25] [Nex-AC debug] Distance: 83.430534, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:25] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:27] [Nex-AC debug] Distance: 85.534027, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:27] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:27] [Nex-AC debug] Distance: 68.093154, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:27] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:27] [Nex-AC debug] Distance: 83.428649, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:27] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:29] [Nex-AC debug] Distance: 85.531684, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:29] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:29] [Nex-AC debug] Distance: 83.432556, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:29] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:30] [Nex-AC debug] Distance: 68.096206, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:30] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:31] [Nex-AC debug] Distance: 85.533370, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:31] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:31] [Nex-AC debug] Distance: 83.433944, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:31] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:32] [Nex-AC debug] Distance: 68.096206, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:32] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:33] [Nex-AC debug] Distance: 85.529960, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:33] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:33] [Nex-AC debug] Distance: 83.431388, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:33] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:34] [Nex-AC debug] Distance: 68.089721, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:34] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:35] [Nex-AC debug] Distance: 85.529045, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:35] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:35] [Nex-AC debug] Distance: 83.432304, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:35] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:37] [Nex-AC debug] Distance: 85.530822, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:37] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:37] [Nex-AC debug] Distance: 68.095481, old pos diff: 0.304260, pos z: -48.141845, vehicleid: 376, playerid: 1 [23:19:37] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:38] [Nex-AC debug] Distance: 83.429595, old pos diff: 0.041809, pos z: -64.109001, vehicleid: 375, playerid: 1 [23:19:38] [Security] Suspicious player, ID 1. Reason code: 005 [23:19:39] [Nex-AC debug] Distance: 85.530220, old pos diff: 0.233016, pos z: -66.406753, vehicleid: 374, playerid: 1 [23:19:39] [Security] Suspicious player, ID 1. Reason code: 005

[Uberanwar]

Including YSI with Nex-AC at the same time in my script seems to cause weird issue on player's login upon their connection the server.

[Mokless]

Is it possible to reload the nex-ac_settings.cfg if I did some changes? without restarting the server?

[Uberanwar]

Using Streamer Position Compensation (https://sampforum.blast.hk/showthread.php?tid=601679) with Nex-AC seems to trigger a lot of false positives on Teleport Hack (Onfoot).

Quote:

[16:31:49] [Nex-AC debug] AC interior: -1, acInt (last): 5, newinteriorid: 0, oldinteriorid: 5 [16:31:49] [Security] Suspicious player, ID 1. Reason code: 002 (1) [16:31:49] [Nex-AC debug] AC interior: -1, acInt (last): 0, newinteriorid: 5, oldinteriorid: 0 [16:31:49] [Security] Suspicious player, ID 1. Reason code: 002 (1) [16:32:17] [Nex-AC debug] AC interior: -1, acInt (last): 5, newinteriorid: 0, oldinteriorid: 5 [16:32:17] [Security] Suspicious player, ID 1. Reason code: 002 (1) [16:32:52] [Nex-AC debug] AC interior: -1, acInt (last): 5, newinteriorid: 0, oldinteriorid: 5 [16:32:52] [Security] Suspicious player, ID 0. Reason code: 002 (1) [16:32:52] [Nex-AC debug] AC interior: -1, acInt (last): 0, newinteriorid: 5, oldinteriorid: 0 [16:32:52] [Security] Suspicious player, ID 0. Reason code: 002 (1)

[OstGot]

Quote:

Originally Posted by Mokless Is it possible to reload the nex-ac_settings.cfg if I did some changes? without restarting the server?

No, but you can use EnableAntiCheat (or EnableAntiCheatForPlayer) to enable/disable any anti-cheat in game while the server is working.

Quote:

Originally Posted by Uberanwar Using Streamer Position Compensation (https://sampforum.blast.hk/showthread.php?tid=601679) with Nex-AC seems to trigger a lot of false positives on Teleport Hack (Onfoot).

Include it after the anticheat.

Quote:

Originally Posted by Uberanwar Including YSI with Nex-AC at the same time in my script seems to cause weird issue on player's login upon their connection the server.

What exactly do you have?

[Uberanwar]

Was including y_hooks before Nex-AC.
Regarding the streamer pos comp, I integrated into my gamemode script, yet it still happens often randomly.

[RoboN1X]

I noticed this causes false-positive alert when there is a desync/bugged player in the server while the gamemode is changing... The data that those players have (like weapons, money) triggers it.
Becareful if you guys changing gamemode (like gmx), kick these players instead. I only find this if the server only run gamemode only (no filterscript), maybe it wont happen if you included this into your running filterscript.

[Uberanwar]

Quote:

Originally Posted by RoboN1X I noticed this causes false-positive alert when there is a desync/bugged player in the server while the gamemode is changing... The data that those players have (like weapons, money) triggers it. Becareful if you guys changing gamemode (like gmx), kick these players instead. I only find this if the server only run gamemode only (no filterscript), maybe it wont happen if you included this into your running filterscript.

Which cheat detection exactly that has false positive alert in your scenario?

[OstGot]

Quote:

Originally Posted by Uberanwar Was including y_hooks before Nex-AC.

I was wondering exactly what kind of problem are you having.

Quote:

Originally Posted by Uberanwar Regarding the streamer pos comp, I integrated into my gamemode script, yet it still happens often randomly.

It's hard to say what could be the reason without any code.

[Uberanwar]

What is Full Aiming detection in NEX-AC? Is it Aimbot or something?

[OstGot]

Quote:

Originally Posted by Uberanwar What is Full Aiming detection in NEX-AC? Is it Aimbot or something?

https://*********/xCgwbKkF4nQ?t=30s

And it's also one of s0b functions

[OstGot]

New Version v1.9.36

Fixes:
* Tweaked anti-teleport hack (unoccupied vehicle to yourself)
* Fixed a bug in anti-CJ run with a kick if invalid skins sets to a player
* Minor fixes and improvements

Download: GitHub