Raised This Month: $78 Target: $400
 19% 

SMAC by-pass hack?


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
WebNoob
Senior Member
Join Date: Jul 2008
Old 02-16-2017 , 15:52   SMAC by-pass hack?
Reply With Quote #1

Just had the following play on our server:

http://steamcommunity.com/id/suckmygoddamnpenis/

For some reason, we were not able to ban him, and he was using the name " SourceMod Anit-Cheat bypass".

I was able to go and ban him manually via web, but this was really strange.

EDIT: I should also note that his Steam ID was being repoted by the system as:

"STEAM_ID_STOP_IGNORING_RETVALS"

Last edited by WebNoob; 02-16-2017 at 15:57.
WebNoob is offline
WebNoob
Senior Member
Join Date: Jul 2008
Old 02-16-2017 , 16:15   Re: SMAC by-pass hack?
Reply With Quote #2

Added:

Saw this in the SM log after we kicked him from the server (again, we were unable to ban):

L 02/16/2017 - 15:47:15: [basecommands.smx] "XXXXXX<105><[U:1:XXXXXXX]><>" kicked "SourceMod Anit-Cheat bypass<103><STEAM_ID_PENDING><>" (reason "")

Note: These are all VAC-secured servers, etc....so somehow he is able to join/block his Steam ID from appearing in the system? (If so, why doesn't the system prevent him from joining a VAC server to begin with?)

Last edited by WebNoob; 02-16-2017 at 16:16.
WebNoob is offline
arne1288
SourceMod Moderator
Join Date: Apr 2012
Old 02-16-2017 , 16:16   Re: SMAC by-pass hack?
Reply With Quote #3

Quote:
Originally Posted by WebNoob View Post
EDIT: I should also note that his Steam ID was being repoted by the system as:

"STEAM_ID_STOP_IGNORING_RETVALS"
You are using plugins that aren't doing their "Steam ID" checks properly. In other words, plugins created by lazy people.

Searching for the string that you posted above (either Google or forum search) should give you a better perspective on that issue.
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread]
arne1288 is offline
WebNoob
Senior Member
Join Date: Jul 2008
Old 02-16-2017 , 16:39   Re: SMAC by-pass hack?
Reply With Quote #4

Quote:
Originally Posted by arne1288 View Post
You are using plugins that aren't doing their "Steam ID" checks properly. In other words, plugins created by lazy people.

Searching for the string that you posted above (either Google or forum search) should give you a better perspective on that issue.
So, I guess that includes Sourcebans 1.4.11 - since that plugin is the one we use to ban, and it would not ban that player (?)
WebNoob is offline
arne1288
SourceMod Moderator
Join Date: Apr 2012
Old 02-16-2017 , 18:48   Re: SMAC by-pass hack?
Reply With Quote #5

Quote:
Originally Posted by WebNoob View Post
So, I guess that includes Sourcebans 1.4.11 - since that plugin is the one we use to ban, and it would not ban that player (?)
It is quite old, so without looking into if that had the right things or not - it might also be doing it.

The plugin causing the output of the place where you see "STEAM_ID_STOP_IGNORING_RETVALS" is falling into the category above.


In previous SM versions, you could do like:

Code:
GetClientAuthString(client, steamID, sizeof(steamID));
and in newer:

Code:
GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID))
Both GetClientAuthString and GetClientAuthId have been returning the "true" boolean for a long while to indicate it retrieved a valid Steam ID, and the "false" boolean to indicate that it didn't retrieve a proper Steam ID.

It has been quite common for not just a few - but many "lazy" people to do code like:

Code:
[...]
GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID));
[...]
PrintToChat(client, "Hi %N. Your Steam ID is: %s", steamID);
This basically means you are requesting some data, you don't really care what you get in return, and then try to use it for your purpose anyway.

If you do that, you might end up on seeing "STEAM_ID_STOP_IGNORING_RETVALS" as Steam ID on recent versions of SourceMod.

You should do like:

Code:
[...]
if (GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID))) {
    [...]
    PrintToChat(client, "Hi %N. Your Steam ID is: %s", steamID);
}
This way you will only do things with the Steam ID if GetClientAuthId returns "true: I have a valid Steam ID".

SourceBans 1.4.11 does seem to use the old way, however, the latest code on GitHub seem to be using a mix of checking the return value and not checking the return value around the code.
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread]
arne1288 is offline
beetlejuice
Member
Join Date: Oct 2016
Old 03-08-2017 , 12:40   Re: SMAC by-pass hack?
Reply With Quote #6

New guy

"STEAM_ID_STOP_IGNORING_RETVALS"

http://steamcommunity.com/id/poon_destroyer/

I dont think it is him at all, just using someone elses steam_id

Btw hacker had connect bot too, autoreconnecting and also coming from different countries at same time.

This is a new hack i guess and should be looked into.
beetlejuice is offline
sneaK
SourceMod Moderator
Join Date: Feb 2015
Location: USA
Old 03-08-2017 , 12:51   Re: SMAC by-pass hack?
Reply With Quote #7

Quote:
Originally Posted by beetlejuice View Post
New guy

"STEAM_ID_STOP_IGNORING_RETVALS"

http://steamcommunity.com/id/poon_destroyer/

I dont think it is him at all, just using someone elses steam_id

Btw hacker had connect bot too, autoreconnecting and also coming from different countries at same time.

This is a new hack i guess and should be looked into.
Ensure you are running the latest available version of SM, and its base plugins (important). Shouldn't have this issue on a legitimate Steam-connected game server.
__________________

Last edited by sneaK; 03-08-2017 at 12:51.
sneaK is offline
beetlejuice
Member
Join Date: Oct 2016
Old 03-08-2017 , 14:19   Re: SMAC by-pass hack?
Reply With Quote #8

smac_validate_auth "0"

^^ I had this set to 0

And i run classic Steam servers , not non-steam.

I changed it to smac_validate_auth "1" now and lets see.

But he was coming from different countries too and yelling on my admins "you cant do shit you faggots, i rule here"

PS. I never had this happen before and my mods retreive steam_id properly...i checked.

Last edited by beetlejuice; 03-08-2017 at 14:21. Reason: PS
beetlejuice is offline
pubhero
Veteran Member
Join Date: Aug 2012
Location: Central Europe
Old 03-13-2017 , 15:35   Re: SMAC by-pass hack?
Reply With Quote #9

Hi.
What game? And what part from the SMAC bypassed that player?
If CS:S and autotrigger bypass, the solution are very easy.
If you running a normal server (not surf, not zombie) you can setting these values in your server.cfg and the speedhack, bunny hop will be ended.
If he try using that shit, you will see. Thats all.

sv_enablebunnyhopping 0
sv_airaccelerate 1
sv_max_usercmd_future_ticks 1
pubhero is offline
bobotov
Member
Join Date: Aug 2014
Old 09-27-2017 , 21:22   Re: SMAC by-pass hack?
Reply With Quote #10

Aww man. I really hate to bump threads like this, but since it's on the first page, I may as well.

I was that guy in the OP, /id/suckmygoddamnpenis/

It's really simple, really. Set your steam to offline mode and join a community server via connect [ip here] in console

No one can ban you, and I'm pretty sure the server I was on was neonheights.

This exploit has apparently been around for 4 years? It works on tf2, but not on csgo.

Last edited by bobotov; 09-27-2017 at 21:23.
bobotov is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:29.


Powered by vBulletin®
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Theme made by Freecode