AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   SourceMod Anti-Cheat (https://forums.alliedmods.net/forumdisplay.php?f=133)
-   -   SMAC by-pass hack? (https://forums.alliedmods.net/showthread.php?t=293984)

WebNoob 02-16-2017 15:52

SMAC by-pass hack?
 
Just had the following play on our server:

http://steamcommunity.com/id/suckmygoddamnpenis/

For some reason, we were not able to ban him, and he was using the name " SourceMod Anit-Cheat bypass".

I was able to go and ban him manually via web, but this was really strange.

EDIT: I should also note that his Steam ID was being repoted by the system as:

"STEAM_ID_STOP_IGNORING_RETVALS"

WebNoob 02-16-2017 16:15

Re: SMAC by-pass hack?
 
Added:

Saw this in the SM log after we kicked him from the server (again, we were unable to ban):

L 02/16/2017 - 15:47:15: [basecommands.smx] "XXXXXX<105><[U:1:XXXXXXX]><>" kicked "SourceMod Anit-Cheat bypass<103><STEAM_ID_PENDING><>" (reason "")

Note: These are all VAC-secured servers, etc....so somehow he is able to join/block his Steam ID from appearing in the system? (If so, why doesn't the system prevent him from joining a VAC server to begin with?)

DarkDeviL 02-16-2017 16:16

Re: SMAC by-pass hack?
 
Quote:

Originally Posted by WebNoob (Post 2495959)
EDIT: I should also note that his Steam ID was being repoted by the system as:

"STEAM_ID_STOP_IGNORING_RETVALS"

You are using plugins that aren't doing their "Steam ID" checks properly. In other words, plugins created by lazy people.

Searching for the string that you posted above (either Google or forum search) should give you a better perspective on that issue.

WebNoob 02-16-2017 16:39

Re: SMAC by-pass hack?
 
Quote:

Originally Posted by arne1288 (Post 2495970)
You are using plugins that aren't doing their "Steam ID" checks properly. In other words, plugins created by lazy people.

Searching for the string that you posted above (either Google or forum search) should give you a better perspective on that issue.

So, I guess that includes Sourcebans 1.4.11 - since that plugin is the one we use to ban, and it would not ban that player (?)

DarkDeviL 02-16-2017 18:48

Re: SMAC by-pass hack?
 
Quote:

Originally Posted by WebNoob (Post 2495974)
So, I guess that includes Sourcebans 1.4.11 - since that plugin is the one we use to ban, and it would not ban that player (?)

It is quite old, so without looking into if that had the right things or not - it might also be doing it.

The plugin causing the output of the place where you see "STEAM_ID_STOP_IGNORING_RETVALS" is falling into the category above.


In previous SM versions, you could do like:

Code:

GetClientAuthString(client, steamID, sizeof(steamID));
and in newer:

Code:

GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID))
Both GetClientAuthString and GetClientAuthId have been returning the "true" boolean for a long while to indicate it retrieved a valid Steam ID, and the "false" boolean to indicate that it didn't retrieve a proper Steam ID.

It has been quite common for not just a few - but many "lazy" people to do code like:

Code:

[...]
GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID));
[...]
PrintToChat(client, "Hi %N. Your Steam ID is: %s", steamID);

This basically means you are requesting some data, you don't really care what you get in return, and then try to use it for your purpose anyway.

If you do that, you might end up on seeing "STEAM_ID_STOP_IGNORING_RETVALS" as Steam ID on recent versions of SourceMod.

You should do like:

Code:

[...]
if (GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID))) {
    [...]
    PrintToChat(client, "Hi %N. Your Steam ID is: %s", steamID);
}

This way you will only do things with the Steam ID if GetClientAuthId returns "true: I have a valid Steam ID".

SourceBans 1.4.11 does seem to use the old way, however, the latest code on GitHub seem to be using a mix of checking the return value and not checking the return value around the code.

beetlejuice 03-08-2017 12:40

Re: SMAC by-pass hack?
 
New guy

"STEAM_ID_STOP_IGNORING_RETVALS"

http://steamcommunity.com/id/poon_destroyer/

I dont think it is him at all, just using someone elses steam_id

Btw hacker had connect bot too, autoreconnecting and also coming from different countries at same time.

This is a new hack i guess and should be looked into.

sneaK 03-08-2017 12:51

Re: SMAC by-pass hack?
 
Quote:

Originally Posted by beetlejuice (Post 2501849)
New guy

"STEAM_ID_STOP_IGNORING_RETVALS"

http://steamcommunity.com/id/poon_destroyer/

I dont think it is him at all, just using someone elses steam_id

Btw hacker had connect bot too, autoreconnecting and also coming from different countries at same time.

This is a new hack i guess and should be looked into.

Ensure you are running the latest available version of SM, and its base plugins (important). Shouldn't have this issue on a legitimate Steam-connected game server.

beetlejuice 03-08-2017 14:19

Re: SMAC by-pass hack?
 
smac_validate_auth "0"

^^ I had this set to 0

And i run classic Steam servers , not non-steam.

I changed it to smac_validate_auth "1" now and lets see.

But he was coming from different countries too and yelling on my admins "you cant do shit you faggots, i rule here"

PS. I never had this happen before and my mods retreive steam_id properly...i checked.

pubhero 03-13-2017 15:35

Re: SMAC by-pass hack?
 
Hi.
What game? And what part from the SMAC bypassed that player?
If CS:S and autotrigger bypass, the solution are very easy.
If you running a normal server (not surf, not zombie) you can setting these values in your server.cfg and the speedhack, bunny hop will be ended. :D
If he try using that shit, you will see. Thats all.

sv_enablebunnyhopping 0
sv_airaccelerate 1
sv_max_usercmd_future_ticks 1

bobotov 09-27-2017 21:22

Re: SMAC by-pass hack?
 
Aww man. I really hate to bump threads like this, but since it's on the first page, I may as well.

I was that guy in the OP, /id/suckmygoddamnpenis/

It's really simple, really. Set your steam to offline mode and join a community server via connect [ip here] in console

No one can ban you, and I'm pretty sure the server I was on was neonheights.

This exploit has apparently been around for 4 years? It works on tf2, but not on csgo.


All times are GMT -4. The time now is 23:29.

Powered by vBulletin®
Copyright ©2000 - 2019, vBulletin Solutions, Inc.