[Tool/Web/Other] bAnticheat [C# Client]
#1


bAnticheat

HOW DOES IT WORK?

If a server is protected by bAnticheat, a player will only be able to play on it if it has the anticheat client opened in his computer. When a player connects to the server, he will need to input a code that was on the client for authentication purposes. That code will automatically be copied to the player clipboard. After connected, if the player closes the client, uses cheats, or whatever, it will be kicked by the server.

When a player is banned, it's banned through hardware id, meaning it will only be able to join the server if it changes the hardware on the PC. This method can be improved.


SCHEMA CONFIGURATION

The first step is to understand the schema that the anticheat uses. When a player connects the anticheat to the server, the server will return a URL that will hold the schema. In this version, it's possible to detect altered game files (via checksum), forbidden files, forbidden directories and forbidden process. This is a simple scheme that I created so you can understand better:

PHP Code:
{
  
"gtaRunning"true,
  
"sampRunning"true,
  
"monitorProcessesConstantly"true,
  
"validationFiles": [
    {
      
"path""gta_sa.exe",
      
"hash""a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26",
      
"action""PREVENT_CONNECT"
    
},
    {
      
"path""newton.dll",
      
"hash""5a62625396abcd729d37c969de60b6ff72c36fe8bda4f1ad96a5b97f2e96040b",
      
"action""PREVENT_CONNECT"
    
},
    {
      
"path""data/weapon.dat",
      
"hash""033b3db45a00464fd95cb28870c97b45b0712f0ac53f3e8c586c88aaa0a420f8",
      
"action""PREVENT_CONNECT"
    
}
  ],
  
"forbiddenFiles": [
    {
      
"path""vorbisHooked.dll",
      
"action""PREVENT_CONNECT"
    
}
  ],
  
"forbiddenDirectories": [
    {
      
"path""modloader",
      
"action""PREVENT_CONNECT"
    
}
  ],
  
"forbiddenProcesses": [
    {
      
"name""cheatengine",
      
"action""PREVENT_CONNECT"
    
},
    {
      
"name""samphack",
      
"action""NONE"
    
}
  ]

This is a JSON object that holds the instructions that the anticheat will understand and execute. Gonna explain every field:

gtaRunning - if true, the AC will be constantly monitoring if GTA is running and also if the running GTA instance is the same that was analysed by the anticheat. This will previne that a player can have multiple installs of GTA, one with cheats and the other one without, and will be always forced to use the clean install. Not having the GTA running or not having the GTA running from the "oficial" location, will result in a kick.

sampRunning - if true, the AC will be constantly monitoring if SAMP is running. It probably can be useful for someone, or in future versions.

monitorProcessesConstantly - if true, the AC will be constantly monitoring the running processes in the player computer. If it founds a forbidden one, he will be kicked.

validationFiles - array of files. The AC will compare the checksums of the player files with the checksum you enter in the schema. If the checksums are different, the AC will execute the action defined for that specific file. At this time, there is only one action avaliable, that is PREVENT_CONNECT, that will prevent the AC to connect to the server. In future versions will be more.

forbiddenFiles - array of files. The AC will verify if any of the forbidden files exist in the GTA directory. If it does, the action for that specific file will be executed.

forbiddenDirectories - array of directories. The AC will verify if any of the forbidden directory exist in the GTA directory. If it does, the action for that specific file will be executed.

forbiddenProcesses - array of processes. The AC will check if any forbidden process is being executed. If it does, the action for that specific process will be executed.

For those who are not familiarized with JSON, you can use this site to try to visualize it better:
https://jsoneditoronline.org

Site to check files checksum (sha256):
https://md5file.com/calculator


CONFIGURE FILTERSCRIPT

First, you will need to create a folder named bac inside the filterscripts. In that folder, create an empty file named uids.txt.

Change the define SECURITY_CODE to the client checksum (compile the client, go to the site above and get the sha256 checksum), if you done any code changes in the client project.

Change the define SCHEMA_URL to the schema created by you. You will need to host it in some place, I recommend pastebin (raw).

Compile.

HOW TO CONNECT THE ANTICHEAT

Open the client, enter the server IP and click connect. If you have done everything right, you will now see the message: Validated. Waiting for player to join. You will also see a 5 digit code near the button. That code will need to be introduced in the server. (Just CTRL+V, it's already in your clipboard)


PRINTSCREENS

Interface


Altered file alert


Banned player


Introduce the join code


If you try to enter without the Anticheat


DEPENDENCIES

strlib
zcmd
sscanf
socket [0.1b] with fixes

ADMIN COMMANDS

/bacban - permanently bans a player
/bacinfo - displays some information about a player

DOWNLOADS

CLIENT
SOURCE (CLIENT + FILTERSCRIPT)
REPOSITORY


Reply
#2

Wooow, nice job
Reply
#3

There should be a way to know which processes/files are looked for (for the player) before actually joining.
For example, when the scheme is downloaded and illegal files/processes are found already, there should be a warning to the user before reporting it to the server. That gives them a chance to remove it before getting banned for a harmless vorbisFileHooked.dll or similar. You could make this exclusive to file modifications as those are more likely to happen accidently, as some people use ENB or FPS fixes or an installation with SP mods, vehicle models, etc.
If they ignore that warning and proceed to join the server anyway, it's their fault for ignoring it.

Also, process names are useless.
Reply
#4

Quote:
Originally Posted by NaS
View Post
There should be a way to know which processes/files are looked for (for the player) before actually joining.
For example, when the scheme is downloaded and illegal files/processes are found already, there should be a warning to the user before reporting it to the server. That gives them a chance to remove it before getting banned for a harmless vorbisFileHooked.dll or similar. You could make this exclusive to file modifications as those are more likely to happen accidently, as some people use ENB or FPS fixes or an installation with SP mods, vehicle models, etc.
If they ignore that warning and proceed to join the server anyway, it's their fault for ignoring it.

Also, process names are useless.
Quote:
Originally Posted by NaS
View Post
There should be a way to know which processes/files are looked for (for the player) before actually joining.
Do you mean show to the player a list of files/directories/processes that will be scanned?


Quote:
Originally Posted by NaS
View Post
For example, when the scheme is downloaded and illegal files/processes are found already, there should be a warning to the user before reporting it to the server. That gives them a chance to remove it before getting banned for a harmless vorbisFileHooked.dll or similar. You could make this exclusive to file modifications as those are more likely to happen accidently, as some people use ENB or FPS fixes or an installation with SP mods, vehicle models, etc.
If they ignore that warning and proceed to join the server anyway, it's their fault for ignoring it.
That's exactly what it does. It connects to the server, scans the files and shows a message in case a file is forbidden/modified. If they connect to the server, it will simply say that the anticheat is not connected.

I don't know which files are "bad" or not, I'm not really in the world of SAMP cheating. The server owner is responsible for that. I'm sure that there are mods and other stuff that don't hurt the gameplay.


Quote:
Originally Posted by NaS
View Post
Also, process names are useless.
Well, it's better than nothing. You say this because it's easy to change a process name, right? The only think I can think of to prevent this is calculate the checksum of every running process and try to find a forbidden one, the only problem is the load I would be putting on the system.
Reply
#5

Client doesn't started?
Reply
#6

Hi, is this software good for deployment? any update?
Reply
#7

Hi, is it possible to also have a C# server-side part working with SampSharp?
Reply
#8

Wow, thanks it's great.
Reply
#9

This is an excellent concept, but its unfortunate this will result in banning of ALL mods. Especially those essential .asi based fixes (anticrasher.asi, mousefix.asi, MixSets.asi, fastload.asi). All of those ASI plugins have nothing to do with cheating & actually improve the gameplay experience. Mousefix.asi especially, as for me it fixes some major mouse bugs within GTA SA itself. Not being able to use it would render the whole server unplayable.

In my opinion, completely banning the ASI loader & modloader entirely becomes more harmful than helpful. My suggestion is to add a more in-depth filter, allowing the ASI loader to work; but whitelisting specific ASI plugin hashes. Like a list of known & verified ASI plugins that only improve experience & have zero benefit for cheating.
Reply
#10

Some server are using this AC, But they're claiming that they create this AC
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)