Anti-Hack: Freezeplayer

[fowlplay4]

Due to the recent leak of a trainer from Team WSU, servers might need to invest some time in anti-trainer measures if they haven't already.

Tested and works perfectly without any changes to gameplay.

Edit: This snippet should be altered/installed into your main systems so if a trainer user decides alter their freezeplayer code it will result in crippled gameplay.

PHP Code:

//#CLIENTSIDE
function onCreated() {
  setTimer(1);
}

function onTimeout() {
  // To avoid altering gameplay
  if (player.freezetime > 0) return setTimer(1);
  // Freeze the Player
  freezeplayer(1);
  if (player.freezetime != 1) hackDetected();
  // Unfreeze Player
  freezeplayer(0);
  // Continue Loop
  setTimer(1);
}

function hackDetected() {
  // you decide the rest...
} 


Other features of this latest trainer include warping to a specific X, Y, warping into a wall, can disable freezeplayer, enables turn while slashing, instant classic bomb explosion, wall running hack, sword delay hack.

Sounds like we got the work cut out for us!

[Tigairius]

By releasing the script it will be extremely easy for hackers to disable the detection now. I recommend just removing it from the forums and installing it/giving it to a few servers. Otherwise, nice.

[fowlplay4]

I am pretty confident in this snippet but it should be altered and morphed into common gameplay elements perhaps as a check and if a player fails the check it would report to RC and cripple gameplay elements.

If freezeplayer returned true the script could be simplified to just..

PHP Code:

if (!freezeplayer(0)) hackDetected(); 


[Thallen]

Those darn shockers.

[Twinny]

I almost feel sorry for the idiots who buy those trainers (yes, you have to pay)....paying so they can lose their account. Woo!

[[email protected]]

Or you could use this:

PHP Code:

function onActionServerside() {
  echo("[Hacker System]" SPC player.account SPC "is using the freezeplayer hack!");
}
//#CLIENTSIDE
    function onCreated() {
      setTimer(1);
    }
    
    function onTimeout() {
      if (player.freezetime > 0) return setTimer(1);
      freezeplayer(1);
      if (player.freezetime != 1) hackDetected();
      freezeplayer(0);
      setTimer(1);
    }
function hackDetected() {
  triggerserver("weapon", this.name, "reportglitch", "");
} 


[fowlplay4]

Quote:

Originally Posted by [email protected]

Or you could use this:

Add PHP Tags around the code, and you're pretty much posting what should go without saying.

[[email protected]]

Hey, it works.

[cbk1994]

Quote:

Originally Posted by [email protected]

Or you could use this:

PHP Code:

function onActionServerside() {
  echo("[Hacker System]" SPC player.account SPC "is using the freezeplayer hack!");
}
//#CLIENTSIDE
    function onCreated() {
      setTimer(1);
    }
    
    function onTimeout() {
      if (player.freezetime > 0) return setTimer(1);
      freezeplayer(1);
      if (player.freezetime != 1) hackDetected();
      freezeplayer(0);
      setTimer(1);
    }
function hackDetected() {
  triggerserver("weapon", this.name, "reportglitch", "");
} 


I'd suggest adding logging as well.

[[email protected]]

I agree.

[Gambet]

This actually works quite well (will probably implement this on Zone). Not sure how this could be bypassed since when you freeze a player a freezeplayer address is added to them, and if they altered the freezeplayer address to say something other than 'freezeplayer,' then the client wouldn't recognize it and wouldn't actually freeze the player, thus triggering that the player is not frozen even though they should be and causing the system to detect them using a trainer.

EDIT: Also, if they try altering the freezetime address, then the system would still detect it, so there isn't really any address name-changing that can be done that wouldn't be detected. If they tried just changing the value of freezeplayer instead of changing the address of the name, then that still wouldn't work because the system would know that the player isn't being frozen for the amount of time specified (in this case 1 second), so basically, this leaves them without any options. All servers should look into implementing something similar to fit their systems and also add protection against the other features of the trainers.

Logically simple but affective at what it does, nice work.

[fowlplay4]

You could even modify it a little to include random hack checking as well..

PHP Code:

// Detection Code
temp.seed = random(1, 3);
freezeplayer(temp.seed);
if (player.freezetime != temp.seed || !(temp.seed in |1,3|)) hackDetected();
// Other Code..
// 


The only way I believe they could get around it is by disabling the code itself, which is why I recommend implementing inside your weapon scripts, so if it fails it cripples your systems for hackers, I seriously doubt WSU being able to do this, they've made nothing but crappy trainers and macros lately.

But for whatever reason, I have had it show up false positives. But that may be related to my implementation in my weapon scripts, but typically if it's spamming on RC, they're up to no good.

[Gambet]

Quote:

Originally Posted by fowlplay4

You could even modify it a little to include random hack checking as well..

PHP Code:

temp.seed = random(1, 3);
freezeplayer(temp.seed);
if (player.freezetime != temp.seed || !(temp.seed in |1,3|)) hackDetected(); 


Why would you need to?

[fowlplay4]

Quote:

Originally Posted by Gambet

Why would you need to?

Two birds one stone, plus RPG Servers like Zodiac rely on the random function for variance.

[BlueMelon]

Is this for detection of the change of speed? like what does it detect..