• AntiSerenity - Fixed up for GMod 13.
    29 replies, posted
  • Avatar of James
  • Hello all. I am here today to present to you a new fixed and improved version of AntiSerenity. I would first of all like to give credit to Python1320 for his work on GXML, which made all of this possible. To Zeh Matt, who made the gm_glsock module, and permitted me to follow redirects when doing a http query. and to the creators of ArbitraryPrecision, and the original creator of AntiSerenity. Without further ado, let's get on with the presentation. [U][I]What is serenity?[/I][/U] [QUOTE]Serenity is a common hack that is used to change a users SteamID. This allows the user to go onto servers from which they have been banned. Seeing as almost every Lua script that needs to save some information about the player, uses it's SteamID, this is a major flaw.[/QUOTE] [U][I]Firstly, how was this broken in the first place?[/I][/U] Since the creation of this, steamcommunity.com now redirects to a users profile, if he has a custom URL. for example, if I were to access the page of a user with a custom URL, I wouldn't get anything because the current HTTP module does not support redirection. To fix this, I have used the HTTP2 module ( slightly modified ) with the gm_glsocks module ( both by Zeh Matt ). And the automatic IP retriever was broken, but that was a quick fix. [U][I]Secondly, what did you add?[/I][/U] I added the use of GXML ( by Python1320 ). This permitted me to make it slightly faster. It also let me add support for VAC. We all know that VAC is "enabled" in GMod, but even if you are vac'ed , you can still play. This module adds an opt-in function that will ban a player if he or she is already vac banned. I do want to add on this subject though, not all vac banned players are cheaters, which is why I made it opt-in. [U][I]In other words you used other peoples modules to get credit?[/I][/U] Not at all. I claim credit only for what I did. As for everything else, they original creators are credited for that. [U][I]Hamburgers[/I][/U] The download links can be found here, along with some basic documentation. I warn you, the code is messy. [url]https://sites.google.com/site/jamesaddons/libraries/anti-serenity[/url] I would love to have some feed back, if there are any features you guys think I should add/change. Anything that can be obtained from a steam users profile can be used (example : [url]http://steamcommunity.com/profiles/76561198006055559/?xml=1[/url] )
  • Avatar of James
  • I've given a short explanation on the page where the download link is. I will put it in the OP though. And to reply to your first statement : I started work on this when a player joined my server under a diffrent steamID. I don't know whether it is main stream or not, but I think it's still a precaution we can take.
  • Avatar of Phoenixf129
  • [QUOTE=James xX;36323335]I've given a short explanation on the page where the download link is. I will put it in the OP though. And to reply to your first statement : I started work on this when a player joined my server under a diffrent steamID. I don't know whether it is main stream or not, but I think it's still a precaution we can take.[/QUOTE] Okay. For Devs, you might want to add an extra arg to CheckPlayer(ply), so they can return information to say... their own function. I would most probably use this to detect and pass information back to my anti-cheat, which has a centralised Detection parser.
  • Avatar of James
  • So do you mean I should create some enumerations and return those when a certain argument is true, or just return the XML data?
  • Avatar of Phoenixf129
  • [QUOTE=James xX;36323434]So do you mean I should create some enumerations and return those when a certain argument is true, or just return the XML data?[/QUOTE] Returning enumerations would be better than XML data IMHO. [editline]14th June 2012[/editline] My Server hangs right after: [img]https://purifiedrp.com/snaps/i/steve-byDxjQYv.png[/img] NOT GMod 13 server, gm_glsock crashes?
  • Avatar of James
  • Done. I'll update op soon [lua] Enums = { Success = -1, VacBanned = 1, NoProfile = 2, PrivateProfile = 3, Offline = 4, NotInGame = 5, NotInGMod = 6, NotInServer = 7, Dupe = 8, Malformed = 9 } [/lua] These what you needed? [editline]14th June 2012[/editline] [QUOTE=Phoenixf129;36323457]Returning enumerations would be better than XML data IMHO. [editline]14th June 2012[/editline] My Server hangs right after: [img]https://purifiedrp.com/snaps/i/steve-byDxjQYv.png[/img] NOT GMod 13 server, gm_glsock crashes?[/QUOTE] the gm_glsocks I provided is built for GM13
  • Avatar of Phoenixf129
  • Forget it, I downloaded the one for GMod12, from Mat's thread, and it works like a charm. [editline]damn[/editline] You broke my automerge :v:
  • Avatar of Chewgum
  • How many times did that player join your server with another steamid? What if the player had the same name on another steam account?
  • Avatar of Phoenixf129
  • [lua] [lua\includes\modules\http2.lua:76] attempt to call method 'Destroy' (a nil value) [@lua\includes\modules\antiserenity.lua:219] Tried to use a NULL entity! [/lua] [lua]Msg("Verifying " .. ply:Nick() .. "'s SteamID... Failed! (Profile Private)\n")[/lua] is MY line 219. Caused when the player disconnects as they spawn, normally Buffer Overflow, or RSO. (I have a check running on PlayerInitialSpawn) Two errors for you.
  • Avatar of James
  • [QUOTE=Phoenixf129;36327087][lua] [lua\includes\modules\http2.lua:76] attempt to call method 'Destroy' (a nil value) [@lua\includes\modules\antiserenity.lua:219] Tried to use a NULL entity! [/lua] [lua]Msg("Verifying " .. ply:Nick() .. "'s SteamID... Failed! (Profile Private)\n")[/lua] is MY line 219. Caused when the player disconnects as they spawn, normally Buffer Overflow, or RSO. (I have a check running on PlayerInitialSpawn) Two errors for you.[/QUOTE] Thank you. I will add an IsValid check at the start of the callback. For the error in HTTP2 though, I will have to look into a bit further -- Edit Updated. The errors shouldn't happen anymore normally. I haven't had the time to test this though.
  • Avatar of James
  • [QUOTE=Map in a box;36327728]this is rather intrusive[/QUOTE] Could you elaborate on that please? I don't quite get what you mean.
  • People have to make their profile public if they don't want to, if they get kicked for something like that they will probably just leave and find another server.
  • Avatar of SeveredSkull
  • [QUOTE=Map in a box;36328020]People have to make their profile private if they don't want to, if they get kicked for something like that they will probably just leave and find another server.[/QUOTE] Isn't that the whole fucking point of having a PUBLIC profile? It is Publicly viewable by anyone. This is not intrusive...
  • Avatar of James
  • [QUOTE=Map in a box;36328020]People have to make their profile public if they don't want to, if they get kicked for something like that they will probably just leave and find another server.[/QUOTE] This library pivots around a steam user's profile. If a user can't make his profile public, he could he hiding something? And on this note, it only kicks them, not bans them like the rest of the exceptions. This gives the user a chance to make his or her profile public. If they can't, it might be because they are using someone else's profile, and thus someone else's steam ID. Isn't that what this library is blocking? The point I am trying to get through though, is that if a player wants to play multiplayer, he should at least make his information public.
  • Avatar of lorde banana
  • wait so what's the point in creating an addon to kick people for exploits that were fixed in like September
  • Avatar of SeveredSkull
  • [QUOTE=Map in a box;36328535]It was a typo and if you had common sense you could notice it. Edited. Also, reread my post.[/QUOTE] Then learn to write clear, grammatically correct sentences. If you had common sense you could do this, and then people wont think you have the IQ of 2. Goes both ways dipshit. :v: [highlight](User was banned for this post ("Flaming" - PLing))[/highlight]
  • Avatar of James
  • [QUOTE=Banana Lord.;36331643]wait so what's the point in creating an addon to kick people for exploits that were fixed in like September[/QUOTE] [QUOTE=AzuiSleet;36330370]Serenity never existed.[/QUOTE] If that's what you believe, you have my permission to not use this, if that is what you are looking for by posting that. I posted this because the other day a user joined my server under many different steamIDs. now if he was a rich kid with 20 accounts or if he was actually using a steamID changer, I don't know. The point is, that wasn't a chance I was willing to take. I want to make it clear to everyone doubting what happened : I am imposing on no one this library. People who think it is worth it, they can use it at no cost. To the people who don't think it's worth it, I just don't see what you are doing lurking in this thread.
  • Avatar of lorde banana
  • [QUOTE=James xX;36338125]If that's what you believe, you have my permission to not use this, if that is what you are looking for by posting that. I posted this because the other day a user joined my server under many different steamIDs. now if he was a rich kid with 20 accounts or if he was actually using a steamID changer, I don't know. The point is, that wasn't a chance I was willing to take. I want to make it clear to everyone doubting what happened : I am imposing on no one this library. People who think it is worth it, they can use it at no cost. To the people who don't think it's worth it, I just don't see what you are doing lurking in this thread.[/QUOTE] I was just confused as the exploits were patched a week after they popped up (maybe sooner) - I didn't see a point in you releasing + maintaining something when they have been fixed, the guy most likely had an alt or maybe your ban script didn't work or something.
  • Banana, not only has James made an excellent library, but has also made a cool example. This may also be used to kick vac banned players for example.
  • Scripts that kick you based off your vac ban history on your profile is pretty dumb. I'm vac banned from all hl1 games, does that mean I shouldn't be allowed to play any source games? No, because that's not how vac bans work.
  • Avatar of slayer3032
  • [QUOTE=AzuiSleet;36330370]Serenity never existed.[/QUOTE] how ever you were the mastermind behind tranquility!!!! you are the single pperson responsible for releasing this plauge upon the gmod community and all of the transgressions done with this hacker tool against every server owner in garrysmod. you are a sick man and i have proof!!!!!!!!!! here is a photo which i have got from a friend who double back hacked into the tranquility database [img]https://dl.dropbox.com/u/5601782/Screenshot%20from%202012-06-15%2018%3A43%3A17.png[/img]
  • People using Serenity have to be the most annoying pricks in the world. Luckily i haven't run into any in the past year and a half though.
  • [QUOTE=BlackAwps;36344839]Scripts that kick you based off your vac ban history on your profile is pretty dumb. I'm vac banned from all hl1 games, does that mean I shouldn't be allowed to play any source games? No, because that's not how vac bans work.[/QUOTE] >.< It was an example. And i was not implying the source engine should work like this. I was just making a point of one of its many uses.
  • Avatar of lorde banana
  • [QUOTE=UnkownAlias;36351879]>.< It was an example. And i was not implying the source engine should work like this. I was just making a point of one of its many uses.[/QUOTE] wat how many alts do you have?
  • Avatar of Gran PC
  • I promise you Serenity/Tranquility were patched ages ago, with the PlayerAuthed hook. I've tried them and they don't work unless you're running a non-Steam server - are you?