Gani Cheat Security

ffcmike · #1 03-06-2011, 02:54 AM

Some server staff may or may not be aware of a particular exploit that the knowledge of which seems to have been spreading quite recently, all it involves is the modification of a servers gani within your offline folders to work as a type 2/movie gani, the effect this has it that the location the player is displayed is somehow synced with the true player x/y variable, even I didn't believe it when it was explained to me at first as it defies my understanding of how ganis work, I guess it does by some form of quirk.

The example that I am referring to was the modification of the grab gani, which would first move the player back and forth in all directions, then repeat this diagonally allowing the user to simply move once in their intended position.

As it happens this problem is fixed within the V6 client, but I've seen it done a couple of times throughout the last week so decided to try and prevent it by script, it turned out to be quite simple so I've turned it into a self-contained weapon script (as Classic has a pretty complex security system that I have this tied into) for general use:

PHP Code:


			
function onActionServerSide(temp.ani){
  temp.message = "Player " @ player.account @ " was caught Gani modifying (" @ temp.ani @ ").";
  sendtorc("/disconnect " @ player.account @ " " @ char(34) @ "Security has detected and logged a suspected Gani exploit from your client." @ char(34));
  this.logHack(temp.message);
}

function logHack(temp.message){
  sendtorc(temp.message);
  savelog2("log_security.txt", temp.message);
}

//#CLIENTSIDE
function onCreated(){
  //List of exceptions incase a server actually does use a movie gani on the player, otherwise remove
  this.exceptions = {
    "moviegani1",
    "moviegani2",
  };
  this.setTimer(1); //Doesn't necessarily have to be every second, also shouldn't be called immediately as logging back in could re-trigger it.
}

function onTimeout(){
  if(player.ani.movie){
    //Remove if no exceptions
    if(this.exceptions.index(player.ani.name) == -1){
      triggerserver("gui", this.name, player.ani.name);
      return;
    }
  }
  this.setTimer(1);
}

Ofcourse in the event of a server actually using a movie gani on the player that could mean modifying that gani would go un-detected, something like this however could have the added checks of player.x and y changing compared to the old value to atleast log the possibility.

fowlplay4 · #2 03-07-2011, 11:38 PM

Stupid movie ganis, thanks for the heads up.

xAndrewx · #3 03-07-2011, 11:41 PM

haha- i did this on era iphone ages ago o-o

Didn't know it effected all Graal- there is a new feature in Graal Client (releasing shortly) which disables it.

Nice add though

Tigairius · #4 03-08-2011, 03:43 AM

Well, it's possible to keep a list of all movie ganis on the server in the levels/ganis/ folder. Then use the onLevelFileUpdated(filename) event to detect if a new gani is uploaded and then check if it's also a movie gani and add it to the list. In this case, you'd be able to keep track of all the movie ganis without having to edit any script. You can use a serverr.flag to get the exceptions list on the script and it would work nicely I think.

cbk1994 · #5 03-08-2011, 10:24 AM

Couldn't you just edit a legitimate movie GANI (in the exception list) on your client to abuse the glitch?

Twinny · #6 03-08-2011, 11:26 AM

Quote:

Originally Posted by cbk1994

Couldn't you just edit a legitimate movie GANI (in the exception list) on your client to abuse the glitch?

Could keep an MD5 hash of the gani contents on the server. Every once and a while, check and make sure the clients gani file matches.

ffcmike · #7 03-08-2011, 11:45 AM

Quote:

Originally Posted by cbk1994

Couldn't you just edit a legitimate movie GANI (in the exception list) on your client to abuse the glitch?

I already explained there is this possibility below the code snippet, another possible solution I had in mind was similar to what Twinny is suggesting in the form of actually storing certain readable data of the real gani within the exceptions array to check for a match in the event of a movie gani being set.

cbk1994 · #8 03-08-2011, 11:46 AM

Quote:

Originally Posted by ffcmike

I already explained there is this possibility below the code snippet, another possible solution I had in mind was similar to what Twinny is suggesting in the form of actually storing certain readable data of the real gani within the exceptions array to check for a match in the event of a movie gani being set.

My bad, I missed that part. Storing MD5 hashes might work, I've already experimented with that (though never used it widely) for detecting resized/edited images and it worked pretty well.

Crow · #9 03-08-2011, 05:46 PM

Quote:

Originally Posted by cbk1994

My bad, I missed that part. Storing MD5 hashes might work, I've already experimented with that (though never used it widely) for detecting resized/edited images and it worked pretty well.

I believe that repeated file size checks and calls to fileUpdate() will suffice for modified images.

salesman · #10 03-08-2011, 08:05 PM

Quote:

Originally Posted by cbk1994

Couldn't you just edit a legitimate movie GANI (in the exception list) on your client to abuse the glitch?

I was going to say the same thing, but unless players can say '/somemoviegani' or something, then I doubt existing movie ganis would be that big of a deal.

The problem comes from ganis that players are able to use at will, no?