scripthook module

[tdsx]

So I threw this together today. A module that saves all clientside/shared scripts and adds a hook that lets you prevent scripts from loading.


It isn't a traditional GMod hook. It loads a file and raw sets some global variables. _SCRIPT is the script itself. _SOURCE is the source of it (a file, RunString, SendLua, etc). This is what my 'hook' file looks like.

Code:

if (_SOURCE == "lua/autorun/client/msg.lua" or _SOURCE == "LuaCmd") then
	return false
end

The global variables are destroyed after they're used. In the right hands, you could theoretically bypass any and every anti-cheat. Probably the most trouble you'll run into are anti-cheats that use net messages or concommands to communicate, in which case, you'll have to fool the server into thinking everything is A-ok by using the same concommands and net messages. If you don't communicate with the server as if the anti-cheat would, the server will know somethings fucky.

Pictures!







Every thing that is attempted to be ran is saved to a folder that is named after the server you are connected to!

Thoughts? Suggestions? Insults from @D3M0L1T10N? They're all welcome! This is going to be released soon

[TheyCallMeDaz]

Wow this is the first thing I've seen released here that I can actually say impresses me, this looks pretty fucking awesome.
This is really cool and something I never even thought about doing (shows how original I am.)

[suchisgood]

Sound really useful to use, Nothing like some extra protection!

[Kona-chan]

I wanted to find anything bad to say againaist this but instread I found the idea of using gLua to interact with RunString actually better than doing your 'blacklist' in C++, since you can just modify it on-the-fly without having to recompile everytime.

+rep

[tdsx]

Thank you all for kind words. I can't wait to progress this

[ehex]

Looks good dude.

It's been a while since i saw someone do a blacklist like that. I also finished my filestealer a few days ago and have a blacklist too ( mine just reads from a txt file and stops files from loading, so its not as cool ).

[TheLegenderyCat]

So I threw this together today. A module that saves all clientside/shared scripts and adds a hook that lets you prevent scripts from loading.


It isn't a traditional GMod hook. It loads a file and raw sets some global variables. _SCRIPT is the script itself. _SOURCE is the source of it (a file, RunString, SendLua, etc). This is what my 'hook' file looks like.

Code:

if (_SOURCE == "lua/autorun/client/msg.lua" or _SOURCE == "LuaCmd") then
	return false
end

The global variables are destroyed after they're used. In the right hands, you could theoretically bypass any and every anti-cheat. Probably the most trouble you'll run into are anti-cheats that use net messages or concommands to communicate, in which case, you'll have to fool the server into thinking everything is A-ok by using the same concommands and net messages. If you don't communicate with the server as if the anti-cheat would, the server will know somethings fucky.

Pictures!







Every thing that is attempted to be ran is saved to a folder that is named after the server you are connected to!

Thoughts? Suggestions? Insults from @D3M0L1T10N? They're all welcome! This is going to be released soon

Kinda reminds of nanohack that Function gave me :/ it got lua dumps the same thing as yours. But this time it blocks stuff from running I guess that pretty new and awesome c:

[tdsx]

Worked something up to bypass LeyAC.

Code:

if (_SOURCE == "LuaCmd" and string.find(_SCRIPT, "if not hellohellohelloimcool")) then
	net.Start("ijustwannahaveyourightbymyside")
		net.WriteString(" ")
	net.SendToServer()

	return false
end

if (_SOURCE != "addons/leyac/lua/_ley_imp.lua") then return end

net.Receive("ijustwannahaveyourightbymyside", function()
	net.Start("ijustwannahaveyourightbymyside")
		net.WriteString(" ")
	net.SendToServer()
end)

hook.Add("InitPostEntity", "LeyAC", function()
	net.Start("ijustwannahaveyourightbymyside")
		net.WriteString("in")
		net.WriteString("hellohellohelloimcool")
	net.SendToServer()

	hook.Remove("InitPostEntity", "LeyAC")
end)

return false

It doesn't completely emulate the actual clientside AC, but that's only because I only did this as a proof of concept. The server can request different things, which I didn't bother to put in. From what I see, though, everything seems normal.



And a TAC bypass just cause it's that fucking easy.

Code:

if (_SOURCE:lower() != "addons/tac/lua/autorun/client/cl_blunderbuss.lua") then return end

timer.Create("TACTimer", math.random(60, 120), 0, function()
	net.Start("ttt_scoreboard")
		net.WriteString("gotit")
	net.SendToServer()
end)

return false

[TheLegenderyCat]

Worked something up to bypass LeyAC.

Code:

if (_SOURCE == "LuaCmd" and string.find(_SCRIPT, "if not hellohellohelloimcool")) then
	net.Start("ijustwannahaveyourightbymyside")
		net.WriteString(" ")
	net.SendToServer()

	return false
end

if (_SOURCE != "addons/leyac/lua/_ley_imp.lua") then return end

net.Receive("ijustwannahaveyourightbymyside", function()
	net.Start("ijustwannahaveyourightbymyside")
		net.WriteString(" ")
	net.SendToServer()
end)

hook.Add("InitPostEntity", "LeyAC", function()
	net.Start("ijustwannahaveyourightbymyside")
		net.WriteString("in")
		net.WriteString("hellohellohelloimcool")
	net.SendToServer()

	hook.Remove("InitPostEntity", "LeyAC")
end)

return false

It doesn't completely emulate the actual clientside AC, but that's only because I only did this as a proof of concept. The server can request different things, which I didn't bother to put in. From what I see, though, everything seems normal.



And a TAC bypass just cause it's that fucking easy.

Code:

if (_SOURCE:lower() != "addons/tac/lua/autorun/client/cl_blunderbuss.lua") then return end

timer.Create("TACTimer", math.random(60, 120), 0, function()
	net.Start("ttt_scoreboard")
		net.WriteString("gotit")
	net.SendToServer()
end)

return false

When are you gonna release this?

[tdsx]

When are you gonna release this?

Today or tomorrow. Probably today. I just want to make sure it's in perfect condition.

[D3M0L1T10N]

u must be high if you are going to release a runstring hook to the public

- - - Updated - - -

The global variables are destroyed after they're used. In the right hands, you could theoretically bypass any and every anti-cheat.

not if the anti cheat is good

[tdsx]

not if the anti cheat is good

if you emulate the AC clientside the server has no way to tell anything is wrong

[D3M0L1T10N]

if you emulate the AC clientside the server has no way to tell anything is wrong

id show you why this wont work on some acs, but then you would fix it so nahhhhh

[Kona-chan]

id show you why this wont work on some acs, but then you would fix it so nahhhhh

crc checks

[TheyCallMeDaz]

u must be high if you are going to release a runstring hook to the public

- - - Updated - - -

The global variables are destroyed after they're used. In the right hands, you could theoretically bypass any and every anti-cheat.

not if the anti cheat is good

^This.

If you're planning to release this, someone will find a way to detect it in just a few moments, I'd recommend that if you plan to release something like this then you should get rid of some amount of security.