Graal Forums  

Go Back   Graal Forums > Development Forums > NPC Scripting
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 07-24-2006, 08:45 AM
Gambet Gambet is offline
Registered User
Join Date: Oct 2003
Posts: 2,712
Gambet is on a distinguished road
Gift Script: Trainer Protection System

Well, seeing as how the folks down at the new Graal hacking site (which I won't mention the name nor the URL) have been releasing their trainers publically, so I figure the Graal developers should make some trainer protection public as well, for every server to be able to use to work on and implement into their own protection systems against players that only wish to cheat in this game and make things hard on the staff and players. I took the liberty of coding this system both in GS1 and GS2, for both the servers that are GS2 enabled and those that are not.

NOTE: I can only post once every 8 hours, so if anything, look back at this post for any edits that I make have for replies to anyones comments. Any notes of improvement and so forth would be appreciated, seeing as how this is something for everyone to be able to derive and hopefully make their servers as trainer-proof as possible

NOTE #2: Special thanks to Liren for helping me debug some checks to make sure that the protection wouldn't call you a hacker if you weren't actually hacking (I.E using trainers).

NOTE #3: This will protect against any and all types of trainers that deal with warping the player from one spot to another, so as long as that spot involves warping the player to a spot inside the current level of that player.




GS1 Version:


PHP Code:
// NPC made by Gambet
if ( actionserverside ) {
 if ( !
strequals#p(0),triggered ) {
   
sendtorc [Trainer Protection#a is attempting to bypass the triggeraction for the trainer protection NPC!;
 
} else {
   
sendtorc [Trainer Protection#a is using a postion-warping trainer!;
   //You can insert auto-jail functions here and before the else statement.
   //Also note that the above sendtorcs may spam RC, so you would want to
   //either add an auto-jail function, auto-ban function, auto-dc function,
   //or simply a check so that it doesn't spam RC multiple times. I'll leave
   //that part up to you since it's very simple, and it really depends on
   //how your server works.
  
}
}
//#CLIENTSIDE
if ( created ) {
  
timeout 0.05;
}
if ( 
playerenters ) {
  
setstring this.lastplayerx,#v(playerx);
  
setstring this.lastplayery,#v(playery);
  
setstring this.playerx,#v(playerx);
  
setstring this.playery,#v(playery);
}
if ( 
timeout ) {
  if ( !
strequals#s(this.playerx),#v(playerx) ) || !strequals( #s(this.playery),#v(playery) ) ) {
    
setstring this.lastplayerx,#s(this.playerx);
    
setstring this.lastplayery,#s(this.playery);
    
setstring this.playerx,#v(playerx);
    
setstring this.playery,#v(playery);
  
}
  if ( 
strtofloat#s(this.lastplayerx) ) + 3 <= strtofloat( #s(this.playerx) ) || strtofloat( #s(this.lastplayery) ) + 3 <= strtofloat( #s(this.playery) ) ) {
    
triggeraction 0,0,serverside,WEAPONNAME,triggered;
  }
  
timeout 0.05;



GS2 Version:


PHP Code:
// NPC made by Gambet
function onActionServerSide()
{
 if ( 
params[0] != triggered ) {
  
sendtorc"[Trainer Protection] " player.account " is attempting to bypass the triggeraction for the trainer protection NPC!" ); 
 } else {
   
sendtorc"[Trainer Protection] " player.account " is using a postion-warping trainer!" );
   
//You can insert auto-jail functions here and before the else statement.
   //Also note that the above sendtorcs may spam RC, so you would want to
   //either add an auto-jail function, auto-ban function, auto-dc function,
   //or simply a check so that it doesn't spam RC multiple times. I'll leave
   //that part up to you since it's very simple, and it really depends on
   //how your server works.
  
}
}
//#CLIENTSIDE
function onCreated()
{
 
setTimer(0.05);
}
function 
onPlayerEnters()
{
  
this.lastplayerx this.playerx;
  
this.lastplayery this.playery;
  
this.playerx player.x;
  
this.playery player.y;
}
function 
onTimeout()
{
 if ( 
this.playerx != player.|| this.playery != player.) {
  
this.lastplayerx this.playerx;
  
this.lastplayery this.playery;
  
this.playerx player.x;
  
this.playery player.y;
 }
 if ( 
this.lastplayerx <= this.playerx || this.lastplayery <= this.playery ) {
  
triggeraction00"serverside"name"triggered" );
 }
 
setTimer(0.05);



Feel free to use the above code as you please. The more protection that is implemented to the servers on Graal, the more fun the players can have while playing, without having to worry about hackers and trainer users.


Final NOTE: The above detection system will detect also when staff warp around the level or if any server has any teleporting spells/npcs which allow the player to go from one spot in the level to the next. For the staff warping problem, I would suggest setting up an array containing staff guilds and/or staff accounts in which this system will disregard and won't call them a hacker for warping around. For the special spells/npcs problem, I would suggest editing them to fit this system, so as to not have players get in trouble for trainer using, when in fact they did not.


Enjoy.

Last edited by Gambet; 07-25-2006 at 05:19 AM..
Reply With Quote
  #2  
Old 07-24-2006, 10:05 AM
Skrobo2 Skrobo2 is offline
In the real world ogod.
Skrobo2's Avatar
Join Date: Dec 2005
Location: Refugio, Texas
Posts: 435
Skrobo2 is on a distinguished road
The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.
__________________


Quote:
Originally Posted by Darlene159 View Post
I would rather have dead forums.
Reply With Quote
  #3  
Old 07-24-2006, 01:58 PM
Chris Chris is offline
:pluffy:
Chris's Avatar
Join Date: Jan 2005
Location: im n ur comp, takn up pixelz
Posts: 1,867
Chris is on a distinguished road
Quote:
Originally Posted by Skrobo2
The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.
And if there is a dramatic change in xy coordinates.
__________________
Reply With Quote
  #4  
Old 07-24-2006, 05:47 PM
Gambet Gambet is offline
Registered User
Join Date: Oct 2003
Posts: 2,712
Gambet is on a distinguished road
Quote:
Originally Posted by Skrobo2
The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.
My system records your current coordinates and your previous coordinates and then goes about comparing them. If you moved more than three tiles from your previous coordinates (since each time you move, you only move +0.5 x/y, so 3 would be a nice number. Of course, you could change the 3 to whatever number you'd like), then it will assume you are using a trainer.

This system would protect against any type of warping trainer, so you don't need to use any mousedown methods for click warpers, since my system will protect against that. I wanted to make a system that would ultimately protect against any type of warping trainer, without the need of creating a bunch of different methods for a mouse warper, then a bunch of different methods for an x/y warper, and so forth. This is more of an all-in-one type of system.

If you restrict the detection based on a keydown method, then that will only protect against the mouse warping trainer, and thus, you would have to add a different system for x/y warping. Really, all you need to do is check to see how many coordinates the player has moved, and if it exceeds your allowed amount, then they would be using a trainer to have moved so far, thus, you could implement auto-jail / auto-ban / auto-dc methods so that they are automatically punished for using such trainers.


Keep in mind, I made this system so that any trainer that is designed to warp you from one spot to another (so as long as the designated spot of warp is inside the current level) would be detected, thus, would protect against any future trainers that do this, and would also protect against any changes in the key-combination that a trainer may have. This is more universal.
Reply With Quote
  #5  
Old 07-24-2006, 07:06 PM
ZeLpH_MyStiK ZeLpH_MyStiK is offline
Scripter
ZeLpH_MyStiK's Avatar
Join Date: May 2003
Location: NYC
Posts: 553
ZeLpH_MyStiK is on a distinguished road
Send a message via MSN to ZeLpH_MyStiK Send a message via Yahoo to ZeLpH_MyStiK
Quote:
Originally Posted by Skrobo2
The trainer has the player hold down the control key before clicking. You could do a check to see if that key is pressed so it's not as easy to set off.
Some people have the source, and have been modifying the keys to shift key and etc.
__________________
Reply With Quote
  #6  
Old 07-24-2006, 07:17 PM
Chris Chris is offline
:pluffy:
Chris's Avatar
Join Date: Jan 2005
Location: im n ur comp, takn up pixelz
Posts: 1,867
Chris is on a distinguished road
Also Sky. You should just log everything dealing with the detections. You will miss a few accounts if you don't. Plus it is proof of the activity. Gets the players to shut up when they lie to you and you have proof.
__________________
Reply With Quote
  #7  
Old 07-25-2006, 03:55 AM
Angel_Light Angel_Light is offline
Varia Developer
Angel_Light's Avatar
Join Date: Nov 2005
Location: Knoxville, TN
Posts: 1,684
Angel_Light is on a distinguished road
Send a message via AIM to Angel_Light Send a message via MSN to Angel_Light
Thank-you Gambet! ^o^
__________________
Deep into the Darkness peering...
Reply With Quote
  #8  
Old 07-25-2006, 04:41 AM
Gambet Gambet is offline
Registered User
Join Date: Oct 2003
Posts: 2,712
Gambet is on a distinguished road
Quote:
Originally Posted by Chris
Also Sky. You should just log everything dealing with the detections. You will miss a few accounts if you don't. Plus it is proof of the activity. Gets the players to shut up when they lie to you and you have proof.


Yes, we keep logs on Maloria. But, nonetheless, you wouldn't miss any accounts if you have an automatic punishment system implemented for those that trigger the trainer protection. I released this public system as a basic blueprint, in which you could modify as you'd like to fit your server.

Quote:
Originally Posted by Angel_Light
Thank-you Gambet! ^o^
You're welcome. I hope this will encourage servers to try new things to better their security!


EDIT (To Omini's post right below this one): Yes, it's player.account, not #a. Sorry about that, I must have not noticed that I used #a in the GS2 version. Thanks for pointing that out, I edited my first post with a fix.

Last edited by Gambet; 07-25-2006 at 05:20 AM..
Reply With Quote
  #9  
Old 07-25-2006, 04:45 AM
Omini Omini is offline
Millenium Owner
Join Date: Feb 2006
Location: N.Ireland
Posts: 293
Omini is on a distinguished road
Send a message via AIM to Omini Send a message via MSN to Omini Send a message via Yahoo to Omini
GS2 version of #a is player.account

PHP Code:
sendtorc"[Trainer Protection] " " #a is attempting to bypass the triggeraction for the trainer protection NPC!" ); 
would be

PHP Code:
sendtorc"[Trainer Protection] " @player.account" is attempting to bypass the triggeraction for the trainer protection NPC!" ); 
Unless I'm mistaken?
__________________



Reply With Quote
  #10  
Old 07-25-2006, 07:23 PM
Divided Divided is offline
Registered User
Join Date: Jun 2006
Location: Chesapeake,Virginia
Posts: 28
Divided is on a distinguished road
Send a message via AIM to Divided
have fun spamming rc with people lagging?
Reply With Quote
  #11  
Old 07-25-2006, 07:52 PM
KuJi KuJi is offline
Banned
Join Date: Apr 2004
Location: Staten Island, New York
Posts: 2,202
KuJi will become famous soon enough
Send a message via ICQ to KuJi Send a message via AIM to KuJi Send a message via MSN to KuJi Send a message via Yahoo to KuJi
warpto 30 30

BANNT
Reply With Quote
  #12  
Old 07-25-2006, 11:07 PM
100Zero100 100Zero100 is offline
Registered User
Join Date: Jul 2006
Posts: 31
100Zero100 is on a distinguished road
Gambet, I hope you excuse me for correcting you, as I don't mean to be a jackass, but there are several things in your script I would like to inform you on for a stronger detection system in the future.

1. Don't use setstring whatever,#v(playerx); then a strequals() later. In artmoney, a person could easily edit out "setstring" (or better yet, strequals()) with a VERY LITTLE impact in the gameplay. Keep in mind, in Artmoney you can edit any command you want to break it. Therefore, if you edit "strequals" or "setstring" they no longer work. However, if you do variables (this.playerx=player; this.lastplayerx=this.playerx; whatever) then just do assignment checks (this.playerx==this.lastplayerx or whatever) it's much harder to get rid of by highly ordinary measures. In artmoney you can't really edit out "=", which is why. Then again, the whole method fails if they edit "timeout" but imagine other NPCs that would break, hackers would have no fun on the server in such a scenario anyway.

2. Your movement check is flawed. This is addressed in a graal hacker's thread, as well. Look:

NPC Code:
strtofloat( #s(this.lastplayerx) ) + 3 <= strtofloat( #s(this.playerx) )



A: I was on 30 30 (my lastplayerx = 30).
B: I hack and move 10 tiles to the left (my playerx = 20)
C: 30 + 3 <= 20? Certainly not.

This means that, even with your system, people can move up and to the left freely as many tiles as they choose. You're checking it poorly, you COULD use absolute values (I say could because there's an even better method).

Also, forgive me, I'm going to put this in shorthand. I'm not typing out strtofloat(#s()) over and over, or even this, but you'll still understand what I'm typing.

NPC Code:
if (abs(lastplayerx-playerx) >=3)



A: I'm on 30 30 (my lastplayerx = 30)
B: I hack 10 tiles left (my playerx = 20)
C: abs(30-20) >= 3 <-- True. The detection system would pick up on it where yours wouldn't.

For the next matter of business, someone can move 2.999999 tiles right and 2.99999999 tiles down simultaneously and not be picked up, diagonally, they moved ABOUT 3*2^.5 tiles. That is CERTAINLY more than 3 tiles man.

However, to fix this we could use an even BETTER check that takes into account negative distances AND diagonal movements. You would also need only one check instead of two with an || in between or using a for ().

NPC Code:

(((strtofloat(#s(this.lastplayerx))-strtofloat(#s(this.playerx)))^2+(strtofloat(#s(thi s.lastplayery))-strtofloat(#s(this.playery)))^2)^.5>=3)



A: I am on the 30 30 (lastplayerx = 30)
B: I move 10 tiles left (playerx = 20)
C: Below-

((30-20)^2+(30-30)^2)^.5
Breaks down to:

((10)^2+(0)^2)^.5
Breaks down to:

(100+0)^.5
Breaks down to

100^.5 -> 10

10 is most certainly greater than or equal to 3, therefore it works perfectly.

To test diagonals, you would do this:

A: I am on the 30 30 (lastplayerx = 30)
B: I move 2.5 tiles left (playerx = 27.5) and 2.5 tiles up (playerx = 27.5)
C: Below-

((30-27.5)^2+(30-27.5)^2)^.5
Breaks down to:

((2.5)^2+(2.5)^2)^.5
Breaks down to:

(6.25+6.25)^.5
Breaks down to

13^.5 -> 3.605.... (neverending)

Is 3.605 greater than or equal to 3? YES. They moves 2.5 tiles up and 2.5 tiles right, and your system wouldn't have detected them, but in reality they moved 3.605 tiles diagonally.

Final point:

This is your code slightly enhanced:

NPC Code:

//#CLIENTSIDE
if (created) {
Assign();
timeout = 0.05;
}
if (playerenters) {
Assign();
}
if (timeout) {
if (((this.lastplayerx-playerx)^2+(this.lastplayery-playery)^2)^.5 >= 3) {
triggeraction 0,0,serverside,WEAPONNAME,triggered;
}
Assign();
timeout = 0.05;
}
function Assign() {
if (((this.lastplayerx-playerx)^2+(this.lastplayery-playery)^2)^.5 != 0) {
this.lastplayerx = playerx;
this.lastplayery = playery;
}
}



You didn't need a this.playerx-- playerx works just fine if you do it in the right sequence. You also should have done the pythagorean theorem, and since you are assigning similar code so much I just made it a function. I hope that helps a little.

Ah and I almost forgot, the conversion to GS2 is very simple.

NPC Code:

//#CLIENTSIDE
function onCreated() {
Assign();
setTimer(0.05);
}
function onPlayerEnters() {
Assign();
}
function onTimeOut() {
if (((this.lastplayerx-player.x)^2+(this.lastplayery-player.y)^2)^.5 >= 3) {
triggeraction(0,0,"serverside",WEAPONNAME,"trigger ed");
}
Assign();
setTimer(0.05);
}
function Assign() {
if (((this.lastplayerx-player.x)^2+(this.lastplayery-player.y)^2)^.5 != 0) {
this.lastplayerx = player.x;
this.lastplayery = player.y;
}
}



I hope that helps anybody.

Last edited by 100Zero100; 07-25-2006 at 11:20 PM..
Reply With Quote
  #13  
Old 07-26-2006, 01:28 AM
Gambet Gambet is offline
Registered User
Join Date: Oct 2003
Posts: 2,712
Gambet is on a distinguished road
Quote:
Originally Posted by 100Zero100
Stuff

Yes, I made a simple mistake. Take note that I made this at 2 am, so I was half asleep. I was thinking of movement at the time, not about coordinates in the sense that you could move negative coordinates. I only added protection against positive coordinate movement, thus only positive coordinate movement would be detected. Of course, correcting this problem is far from difficult. You didn't need to break everything down, though I thank you for that may help others, but you just needed to remind me that you could move negative coordinates and I would've noticed what you meant . Anyways, I'll correct my original post shortly.


Well, it doesn't let me edit the original post anymore, but you can view the post above for just about the same update I was going to make, except I was going to use a different calculation method.


Last edited by Gambet; 07-26-2006 at 01:56 AM..
Reply With Quote
  #14  
Old 07-26-2006, 01:59 AM
killerogue killerogue is offline
Registered Omega
killerogue's Avatar
Join Date: Apr 2006
Location: United States
Posts: 1,920
killerogue is on a distinguished road
Send a message via AIM to killerogue Send a message via MSN to killerogue
Isn't that NaS?
__________________


REMEMBER, IF YOU REP ME, LEAVE A NAME!

Quote:
Originally Posted by haunter View Post
Graal admins don't die. They go to hell and regroup.
Quote:
Originally Posted by Inverness View Post
Without scripters, your graphics and levels wouldn't do anything but sit there and look pretty.
Reply With Quote
  #15  
Old 07-26-2006, 03:05 AM
Rick Rick is offline
PipBoy Extraordinaire!
Rick's Avatar
Join Date: Jul 2004
Location: Long Beach, California.
Posts: 831
Rick is on a distinguished road
Quote:
Originally Posted by 100Zero100
1. Don't use setstring whatever,#v(playerx); then a strequals() later. In artmoney, a person could easily edit out "setstring" (or better yet, strequals()) with a VERY LITTLE impact in the gameplay.
Not anymore with GS2-only servers.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 11:44 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.