Kigen's Anti-Cheat

Hi,

Does KAC support scanning CVARs which the clients hack generates?

Lets take an example, I added sh_wallhack ban 1. This lead to everyone being banned in the server (there were only a few in it), seeing as I know for sure that I do not have SethHack installed then I should not have even been able to respond to this query?


On a side note, is there a change-log for the versions?

Jonzky wrote:Hi,

Does KAC support scanning CVARs which the clients hack generates?

Yes

Jonzky wrote:Lets take an example, I added sh_wallhack ban 1. This lead to everyone being banned in the server (there were only a few in it),
seeing as I know for sure that I do not have SethHack installed then I should not have even been able to respond to this query?


On a side note, is there a change-log for the versions?

Thanks for the reply.

What would the syntax I need to use to add a client-CVAR to the ban list? Lets take the example above, sh_wallhack (The hack itself may have preventative measures to pass the query, but it's an example), infact I assume the CVAR can be checked and if it replies anything but "" then the client must have the hack enabled?

Could you please clarify how I could go about adding such a CVAR.

Also, off-topic again but after I added a restricted command (+fap_menu) later on two people were banned with around a 20 second interval between each. I do not believe that the people know each-other. I would believe it is not a KAC issue but just the banning of the first causing the second to try to disable said menu if it was open. Is there be a chance that a KAC error caused the second to be banned?

CVar: You can add such a check by modifying the plugin. It would seem that I forgot to add the non-exist check to a list of acceptable commands on kac_addcvar.

Command: You can PM me the log and details of what the command is and does. I'll look into it.

Thanks, the command is not the most important issue.

With the CVARs the main hacks/mods that are on Gmod are fairly sophisticated, they have many detours to prevent some of the checks. Before I go and start to modify the plugin does KAC have any checks that would counter-act the detours these hacks have?

Some but not all. Like I said, use COMP_NONEXIST. I'm not sure on the level of sophistication GMod hacks have.

Thanks for the reply again.

I believe this is one of the scripts that SethHack uses to prevent being detected.

//Convars
function GetConVarNumber( cvar )
if( cvar == "sv_cheats" ) then return 0 end
if( cvar == "sv_scriptenforcer" ) then return 1 end
if( cvar == "host_timescale" ) then return 1 end
if( cvar == "sv_allow_voice_from_file" ) then return 0 end
if( cvar == "r_drawothermodels" ) then return 1 end
return oGCVN( cvar )
end

It also has a script to disable the running of ConsoleCommands.


Any clue if KAC would be able to detect such things?

Edit:

After a but more looking into the SH code it seems it generates Convars such as sh_showadmins and saves them in local tables, would they be possible to detect?

Hmm, its possible to detect if a client-side command exists (I did this with LUA Hacks).

Just set it up as a COMP_NONEXIST in the CVar module.

Also, the command KAC uses to query CVars is deep within the engine. GMod LUA script hacks shouldn't be able to interfere with that.