Graal Forums - Gift Script: Trainer Protection System

Graal Forums (https://forums.graalonline.com/forums/index.php)

- NPC Scripting (https://forums.graalonline.com/forums/forumdisplay.php?f=8)

- - Gift Script: Trainer Protection System (https://forums.graalonline.com/forums/showthread.php?t=67570)

Gift Script: Trainer Protection System

Well, seeing as how the folks down at the new Graal hacking site (which I won't mention the name nor the URL) have been releasing their trainers publically, so I figure the Graal developers should make some trainer protection public as well, for every server to be able to use to work on and implement into their own protection systems against players that only wish to cheat in this game and make things hard on the staff and players. I took the liberty of coding this system both in GS1 and GS2, for both the servers that are GS2 enabled and those that are not.

NOTE: I can only post once every 8 hours, so if anything, look back at this post for any edits that I make have for replies to anyones comments. Any notes of improvement and so forth would be appreciated, seeing as how this is something for everyone to be able to derive and hopefully make their servers as trainer-proof as possible

NOTE #2: Special thanks to Liren for helping me debug some checks to make sure that the protection wouldn't call you a hacker if you weren't actually hacking (I.E using trainers).

NOTE #3: This will protect against any and all types of trainers that deal with warping the player from one spot to another, so as long as that spot involves warping the player to a spot inside the current level of that player.

GS1 Version:

PHP Code:


		
			
// NPC made by Gambet

if ( actionserverside ) {

 if ( !strequals( #p(0),triggered ) {

   sendtorc [Trainer Protection] #a is attempting to bypass the triggeraction for the trainer protection NPC!;

 } else {

   sendtorc [Trainer Protection] #a is using a postion-warping trainer!;

   //You can insert auto-jail functions here and before the else statement.

   //Also note that the above sendtorcs may spam RC, so you would want to

   //either add an auto-jail function, auto-ban function, auto-dc function,

   //or simply a check so that it doesn't spam RC multiple times. I'll leave

   //that part up to you since it's very simple, and it really depends on

   //how your server works.

  }

}

//#CLIENTSIDE

if ( created ) {

  timeout = 0.05;

}

if ( playerenters ) {

  setstring this.lastplayerx,#v(playerx);

  setstring this.lastplayery,#v(playery);

  setstring this.playerx,#v(playerx);

  setstring this.playery,#v(playery);

}

if ( timeout ) {

  if ( !strequals( #s(this.playerx),#v(playerx) ) || !strequals( #s(this.playery),#v(playery) ) ) {

    setstring this.lastplayerx,#s(this.playerx);

    setstring this.lastplayery,#s(this.playery);

    setstring this.playerx,#v(playerx);

    setstring this.playery,#v(playery);

  }

  if ( strtofloat( #s(this.lastplayerx) ) + 3 <= strtofloat( #s(this.playerx) ) || strtofloat( #s(this.lastplayery) ) + 3 <= strtofloat( #s(this.playery) ) ) {

    triggeraction 0,0,serverside,WEAPONNAME,triggered;

  }

  timeout = 0.05;

}

GS2 Version:

PHP Code:


		
			
// NPC made by Gambet

function onActionServerSide()

{

 if ( params[0] != triggered ) {

  sendtorc( "[Trainer Protection] " @ player.account @ " is attempting to bypass the triggeraction for the trainer protection NPC!" ); 

 } else {

   sendtorc( "[Trainer Protection] " @ player.account @ " is using a postion-warping trainer!" );

   //You can insert auto-jail functions here and before the else statement.

   //Also note that the above sendtorcs may spam RC, so you would want to

   //either add an auto-jail function, auto-ban function, auto-dc function,

   //or simply a check so that it doesn't spam RC multiple times. I'll leave

   //that part up to you since it's very simple, and it really depends on

   //how your server works.

  }

}

//#CLIENTSIDE

function onCreated()

{

 setTimer(0.05);

}

function onPlayerEnters()

{

  this.lastplayerx = this.playerx;

  this.lastplayery = this.playery;

  this.playerx = player.x;

  this.playery = player.y;

}

function onTimeout()

{

 if ( this.playerx != player.x || this.playery != player.y ) {

  this.lastplayerx = this.playerx;

  this.lastplayery = this.playery;

  this.playerx = player.x;

  this.playery = player.y;

 }

 if ( this.lastplayerx + 3 <= this.playerx || this.lastplayery + 3 <= this.playery ) {

  triggeraction( 0, 0, "serverside", name, "triggered" );

 }

 setTimer(0.05);

}

Feel free to use the above code as you please. The more protection that is implemented to the servers on Graal, the more fun the players can have while playing, without having to worry about hackers and trainer users.

Final NOTE: The above detection system will detect also when staff warp around the level or if any server has any teleporting spells/npcs which allow the player to go from one spot in the level to the next. For the staff warping problem, I would suggest setting up an array containing staff guilds and/or staff accounts in which this system will disregard and won't call them a hacker for warping around. For the special spells/npcs problem, I would suggest editing them to fit this system, so as to not have players get in trouble for trainer using, when in fact they did not.

Enjoy. :)

The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.

Quote:

Originally Posted by Skrobo2

The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.

And if there is a dramatic change in xy coordinates.

Quote:

Originally Posted by Skrobo2

The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.

My system records your current coordinates and your previous coordinates and then goes about comparing them. If you moved more than three tiles from your previous coordinates (since each time you move, you only move +0.5 x/y, so 3 would be a nice number. Of course, you could change the 3 to whatever number you'd like), then it will assume you are using a trainer.

This system would protect against any type of warping trainer, so you don't need to use any mousedown methods for click warpers, since my system will protect against that. I wanted to make a system that would ultimately protect against any type of warping trainer, without the need of creating a bunch of different methods for a mouse warper, then a bunch of different methods for an x/y warper, and so forth. This is more of an all-in-one type of system.

If you restrict the detection based on a keydown method, then that will only protect against the mouse warping trainer, and thus, you would have to add a different system for x/y warping. Really, all you need to do is check to see how many coordinates the player has moved, and if it exceeds your allowed amount, then they would be using a trainer to have moved so far, thus, you could implement auto-jail / auto-ban / auto-dc methods so that they are automatically punished for using such trainers.

Keep in mind, I made this system so that any trainer that is designed to warp you from one spot to another (so as long as the designated spot of warp is inside the current level) would be detected, thus, would protect against any future trainers that do this, and would also protect against any changes in the key-combination that a trainer may have. This is more universal.

Quote:

Originally Posted by Skrobo2

The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.

Some people have the source, and have been modifying the keys to shift key and etc.

Also Sky. You should just log everything dealing with the detections. You will miss a few accounts if you don't. Plus it is proof of the activity. Gets the players to shut up when they lie to you and you have proof.

Thank-you Gambet! ^o^

Quote:

Originally Posted by Chris

Yes, we keep logs on Maloria. But, nonetheless, you wouldn't miss any accounts if you have an automatic punishment system implemented for those that trigger the trainer protection. I released this public system as a basic blueprint, in which you could modify as you'd like to fit your server.

Quote:

Originally Posted by Angel_Light

Thank-you Gambet! ^o^

You're welcome. I hope this will encourage servers to try new things to better their security! :)

EDIT (To Omini's post right below this one): Yes, it's player.account, not #a. Sorry about that, I must have not noticed that I used #a in the GS2 version. Thanks for pointing that out, I edited my first post with a fix.

GS2 version of #a is player.account

PHP Code:


		
			
sendtorc( "[Trainer Protection] " @ " #a is attempting to bypass the triggeraction for the trainer protection NPC!" );

would be

PHP Code:


		
			
sendtorc( "[Trainer Protection] " @player.account@ " is attempting to bypass the triggeraction for the trainer protection NPC!" );

Unless I'm mistaken?

have fun spamming rc with people lagging?

Gambet, I hope you excuse me for correcting you, as I don't mean to be a jackass, but there are several things in your script I would like to inform you on for a stronger detection system in the future.

1. Don't use setstring whatever,#v(playerx); then a strequals() later. In artmoney, a person could easily edit out "setstring" (or better yet, strequals()) with a VERY LITTLE impact in the gameplay. Keep in mind, in Artmoney you can edit any command you want to break it. Therefore, if you edit "strequals" or "setstring" they no longer work. However, if you do variables (this.playerx=player; this.lastplayerx=this.playerx; whatever) then just do assignment checks (this.playerx==this.lastplayerx or whatever) it's much harder to get rid of by highly ordinary measures. In artmoney you can't really edit out "=", which is why. Then again, the whole method fails if they edit "timeout" but imagine other NPCs that would break, hackers would have no fun on the server in such a scenario anyway.

2. Your movement check is flawed. This is addressed in a graal hacker's thread, as well. Look:

NPC Code:

strtofloat( #s(this.lastplayerx) ) + 3 <= strtofloat( #s(this.playerx) )

A: I was on 30 30 (my lastplayerx = 30).
B: I hack and move 10 tiles to the left (my playerx = 20)
C: 30 + 3 <= 20? Certainly not.

This means that, even with your system, people can move up and to the left freely as many tiles as they choose. You're checking it poorly, you COULD use absolute values (I say could because there's an even better method).

Also, forgive me, I'm going to put this in shorthand. I'm not typing out strtofloat(#s()) over and over, or even this, but you'll still understand what I'm typing.

NPC Code:

if (abs(lastplayerx-playerx) >=3)

A: I'm on 30 30 (my lastplayerx = 30)
B: I hack 10 tiles left (my playerx = 20)
C: abs(30-20) >= 3 <-- True. The detection system would pick up on it where yours wouldn't.

For the next matter of business, someone can move 2.999999 tiles right and 2.99999999 tiles down simultaneously and not be picked up, diagonally, they moved ABOUT 3*2^.5 tiles. That is CERTAINLY more than 3 tiles man.

However, to fix this we could use an even BETTER check that takes into account negative distances AND diagonal movements. You would also need only one check instead of two with an || in between or using a for ().

NPC Code:



(((strtofloat(#s(this.lastplayerx))-strtofloat(#s(this.playerx)))^2+(strtofloat(#s(thi  s.lastplayery))-strtofloat(#s(this.playery)))^2)^.5>=3)

A: I am on the 30 30 (lastplayerx = 30)
B: I move 10 tiles left (playerx = 20)
C: Below-

((30-20)^2+(30-30)^2)^.5
Breaks down to:

((10)^2+(0)^2)^.5
Breaks down to:

(100+0)^.5
Breaks down to

100^.5 -> 10

10 is most certainly greater than or equal to 3, therefore it works perfectly.

To test diagonals, you would do this:

A: I am on the 30 30 (lastplayerx = 30)
B: I move 2.5 tiles left (playerx = 27.5) and 2.5 tiles up (playerx = 27.5)
C: Below-

((30-27.5)^2+(30-27.5)^2)^.5
Breaks down to:

((2.5)^2+(2.5)^2)^.5
Breaks down to:

(6.25+6.25)^.5
Breaks down to

13^.5 -> 3.605.... (neverending)

Is 3.605 greater than or equal to 3? YES. They moves 2.5 tiles up and 2.5 tiles right, and your system wouldn't have detected them, but in reality they moved 3.605 tiles diagonally.

Final point:

This is your code slightly enhanced:

NPC Code:



//#CLIENTSIDE

if (created) {

 Assign();

 timeout = 0.05;

}

if (playerenters) {

 Assign();

}

if (timeout) {

 if (((this.lastplayerx-playerx)^2+(this.lastplayery-playery)^2)^.5 >= 3) {

  triggeraction 0,0,serverside,WEAPONNAME,triggered;

 }

 Assign();

 timeout = 0.05;

}

function Assign() {

 if (((this.lastplayerx-playerx)^2+(this.lastplayery-playery)^2)^.5 != 0) {

  this.lastplayerx = playerx;

  this.lastplayery = playery;

 }

}

You didn't need a this.playerx-- playerx works just fine if you do it in the right sequence. You also should have done the pythagorean theorem, and since you are assigning similar code so much I just made it a function. I hope that helps a little.

Ah and I almost forgot, the conversion to GS2 is very simple.

NPC Code:



//#CLIENTSIDE

function onCreated() {

 Assign();

 setTimer(0.05);

}

function onPlayerEnters() {

 Assign();

}

function onTimeOut() {

 if (((this.lastplayerx-player.x)^2+(this.lastplayery-player.y)^2)^.5 >= 3) {

  triggeraction(0,0,"serverside",WEAPONNAME,"trigger  ed");

 }

 Assign();

 setTimer(0.05);

}

function Assign() {

 if (((this.lastplayerx-player.x)^2+(this.lastplayery-player.y)^2)^.5 != 0) {

  this.lastplayerx = player.x;

  this.lastplayery = player.y;

 }

}

I hope that helps anybody.

Quote:

Originally Posted by 100Zero100

Stuff

Yes, I made a simple mistake. Take note that I made this at 2 am, so I was half asleep. I was thinking of movement at the time, not about coordinates in the sense that you could move negative coordinates. I only added protection against positive coordinate movement, thus only positive coordinate movement would be detected. Of course, correcting this problem is far from difficult. You didn't need to break everything down, though I thank you for that may help others, but you just needed to remind me that you could move negative coordinates and I would've noticed what you meant ^^. Anyways, I'll correct my original post shortly.

Well, it doesn't let me edit the original post anymore, but you can view the post above for just about the same update I was going to make, except I was going to use a different calculation method.

:)

Quote:

Originally Posted by 100Zero100

1. Don't use setstring whatever,#v(playerx); then a strequals() later. In artmoney, a person could easily edit out "setstring" (or better yet, strequals()) with a VERY LITTLE impact in the gameplay.

Not anymore with GS2-only servers.