I just googled It. It seems to be a really new one. Oh my fucking god. Garry Newman must have been so retarded to keep every single fucking access in the client dll............
Fougerite Official 1.9.2
- Thread starter mikec
- Start date
Maybe we can detect that and fix it but I think this is getting to an end. As @MasterPeace said, the fun in rust legacy is now on events and not anymore in survival, as it is fucked up by hackers. And events are full of hackers by what I've seen those days, so... I don't know :C
It's not even his fault... Well, at least not for 100%. It's Unity Engine. Code is not secured, you can't "grind" your code to be fully non-readable because it needs to use Unity functions and classes. But guessing on server assembly-csharp he didn't even try to do that. But like I said, you can't expect that any game on Unity will have no cheaters.
That's why when you do your first game in that you should move to other, commercial engine but what will secure players better.
Unity will show your every function, anticheat function in this assembly-csharp.
That's why when you do your first game in that you should move to other, commercial engine but what will secure players better.
Unity will show your every function, anticheat function in this assembly-csharp.
Nope that's not true.
1. UnityEngine's things can be secured. The thing is that he stored my stuffs on the client side. For example the client loads the blueprints via RPC (Shitty uLink) from the server. After that the server doesn't even check that the player is crafting something that he shouldn't. Basically the craftable items are stored on the client after loading which is bullshit.
2. If rust legacy or even experimental would have this: https://www.assetstore.unity3d.com/en/#!/content/10395 just about 70% of the rust client hacks would be gone, and then you would only need to check the assembly dll file size and MD5 hash. (Which they are actually doing at experi atm.)
3. Storing health on Server side, but storing food and radiation on client side. Who the hell does that?
4. There is a class in Legacy that has names like: fawfewwWWEFgwefw5325262WERSWGER
I'm not joking really. This was one of the reasons why they said: "We need to rewrite we don't even know what's doing what."
UnityEngine has nothing to do with these, they were just f*cking lazy ass devs.
Remember that every anticheat / anticrack / antiwhatever system what you downloading means "anti nothing".
Real developers should make his own security. But yes we already know that they know shit about making games.
If you really think that unity games can be secured tell my why all unity games are cracked in one - two days. I just don't believe you, but yes, of course you may talk true. For me - even if you require internet connection (Simcity 2013) you will make your connection / receiving data system public by idiot DLLs system where Unity is storing all your scripts. Then someone can just make his own server basing on your scripts and make it cracked.
Simcity was one of those games who won fight with cheaters by simply requiring internet connection. But they weren't using Unity. After year or something they decided to allow offline play, and kaboom! cracked version showed up
Real developers should make his own security. But yes we already know that they know shit about making games.
If you really think that unity games can be secured tell my why all unity games are cracked in one - two days. I just don't believe you, but yes, of course you may talk true. For me - even if you require internet connection (Simcity 2013) you will make your connection / receiving data system public by idiot DLLs system where Unity is storing all your scripts. Then someone can just make his own server basing on your scripts and make it cracked.
Simcity was one of those games who won fight with cheaters by simply requiring internet connection. But they weren't using Unity. After year or something they decided to allow offline play, and kaboom! cracked version showed up
If you look at the videos you will perfectly realise that all those exploits can be used in Rsut legacy.Remember that every anticheat / anticrack / antiwhatever system what you downloading means "anti nothing".
Real developers should make his own security. But yes we already know that they know shit about making games.
If you really think that unity games can be secured tell my why all unity games are cracked in one - two days. I just don't believe you, but yes, of course you may talk true. For me - even if you require internet connection (Simcity 2013) you will make your connection / receiving data system public by idiot DLLs system where Unity is storing all your scripts. Then someone can just make his own server basing on your scripts and make it cracked.
Simcity was one of those games who won fight with cheaters by simply requiring internet connection. But they weren't using Unity. After year or something they decided to allow offline play, and kaboom! cracked version showed up
In Experimental they moved the storages to the server, and now you can't make hacks like legacy had. CheatEngine is still there if you want to speedhack.
---
The question for your answer "Why does every Unity game crackable" is just simply this:
C#.
Why?
Because C# can be patched easily with a program that can replace specific code in the dll files. (Just look at Fougerite)
If the game would be C++ you would have a harder job.
DreTaX updated Fougerite Official with a new update entry:
Fixes
Fixes
Read the rest of this update entry...
No matter how you call it - C#, DLLs, it's same thing. You just agree with me with that post but I wrote mine other way.
When you have normal engine, and you secure game properly then you have 100%. If you have unity and you secure game then you have 50%. If you use well known secure systems for unity you have 40% or less.
But we would not sit here if it would not be Unity.
Back in FG.
Don't you think that you should start to ban people who want to cheat? IF you detect something like RADS off, ban this shit - I was doing that on my server. Thats how system should work. If I saw player running 1.1x faster than me I was't telling "Hey, turn off your cheats please, they are not allowed here. Or turn on others what are not detectable." - banIP and let them cry.
When you have normal engine, and you secure game properly then you have 100%. If you have unity and you secure game then you have 50%. If you use well known secure systems for unity you have 40% or less.
But we would not sit here if it would not be Unity.
Back in FG.
Don't you think that you should start to ban people who want to cheat? IF you detect something like RADS off, ban this shit - I was doing that on my server. Thats how system should work. If I saw player running 1.1x faster than me I was't telling "Hey, turn off your cheats please, they are not allowed here. Or turn on others what are not detectable." - banIP and let them cry.
Nope. I'm saying that cracking C# is easier than cracking C++.
There is a good C# decompiler that gives back the code nicely. There are also de-obfuscators.
C++: http://stackoverflow.com/questions/205059/is-there-a-c-decompiler
First answer gives It away why cracking C++ makes you struggle.
--
The thing is that the Metabolism hack that increases the target player's radiation is an exploit. When this happens the HurtEvent wants to kill the player because of his very high level of radiation. The thing is that the attacker in this case is Metabolism and not the player who is hacking. So I can't detect It, just to bypass It. Maybe If I decompile the hack I will find some sort of interesting thing that I can catch, but for now this is It.
I already noticed the debugs in the logs:
[5/31/2015 9:12:35 AM] [Debug] [RadiationHack] Someone tried to kill macos with radiation hacks.
I still think that you wrote what I wrote. https://gutsdev.wordpress.com/2013/08/15/investigating-unity-security/
--
Oh so you can't react to it yet. Ok. I just hope you do that in future. FAC is wrong because players just adjusting their cheats to it. Slower speedhack, big jump off, etc. And FAC will not detect flying. But it detects only those what can make false positives (lag -> speed hack).
But if fougerite could detect that someone is blocking RAD, those RPC checkers etc he need to be removed immediately so he will know next time on other server that it will be best to disable cheats first.
--
Oh so you can't react to it yet. Ok. I just hope you do that in future. FAC is wrong because players just adjusting their cheats to it. Slower speedhack, big jump off, etc. And FAC will not detect flying. But it detects only those what can make false positives (lag -> speed hack).
But if fougerite could detect that someone is blocking RAD, those RPC checkers etc he need to be removed immediately so he will know next time on other server that it will be best to disable cheats first.
DreTaX updated Fougerite Official with a new update entry:
Fix
Fix
Read the rest of this update entry...
I adjusted FAC because you guys said. At first it was simple. 2 times in a row running more than maximum, you get banned. Everyone saying "this bans everyone, bla bla bla" because players have 500 ms, which is a real shit no matter what game you play (unless it's chess, domino, or whatever). I adjusted it to follow a series of steps, which nowadays don't detect lagged players, but they hardly detect anyone else.
For example, on equinox we have players coming from South America, and the server is on Europe. They all have 300, 400 and even 500 ms, and we can't do shit to fix that.
And the problem here is that most of the variables are client-sided, which is a very wrong idea and I don't know how the hell someone could allow that to be in the game. This worked until someone saw the code and decided to exploit it. And here we have the radiation/food hack.
For example, on equinox we have players coming from South America, and the server is on Europe. They all have 300, 400 and even 500 ms, and we can't do shit to fix that.
And the problem here is that most of the variables are client-sided, which is a very wrong idea and I don't know how the hell someone could allow that to be in the game. This worked until someone saw the code and decided to exploit it. And here we have the radiation/food hack.
Yes @Snake. I don't say that FAC is bad. I only said that fougerite should react to wrong RAD / Food / RPC options - call it however you want - by banning guys. Try to do that somehow. I know that server side anticheat will never be good for speedhack, flyhack, jumphacks and others.
But if they (cheaters) are that stupid to make RPC errors in console just to have cheats, you need to take advantage of it and somehow find way to react on those errors. Look. We haven't RPC errors 2 months ago (at least not me), so I believe that there is a way to not just bypass, show debug, but ban this cheater like VAC would do.
But if they (cheaters) are that stupid to make RPC errors in console just to have cheats, you need to take advantage of it and somehow find way to react on those errors. Look. We haven't RPC errors 2 months ago (at least not me), so I believe that there is a way to not just bypass, show debug, but ban this cheater like VAC would do.
DreTaX updated Fougerite Official with a new update entry:
Fixes/Additions the long awaited update
Fixes/Additions the long awaited update
Read the rest of this update entry...
DreTaX updated Fougerite Official with a new update entry:
Fix
Fix
Read the rest of this update entry...
DreTaX updated Fougerite Official with a new update entry:
Fixes/Additions
Fixes/Additions
Read the rest of this update entry...
DreTaX updated Fougerite Official with a new update entry:
Fixes
Fixes
Read the rest of this update entry...