Introduction
Useful Links:
Discord: discord.gg/cC9KZUd
Dan's Gmodstore: www.gmodstore.com/users/dan
Patreon: www.patreon.com/danfmn
Video
Hello and welcome today's tutorial we're going to be learning about networking exploits, we're gonna learn how to abuse networking and how to patch networking exploits in this tutorial we're gonna be using code from part, 17 in part, 18 of mcGarry's, wanna lude thesaurus series.
So if you have not watched that those videos yet I recommend that you go do so now and then come back so let's get into it.
Okay? So in today's tutorial, I'm, basically, just using the same code from the previous tutorials.
The only thing that I'm going to be changing here is I'm only going to be working with weapons.
We did cover entities.
However, in this case, I just want to show bad practice for whenever you have, for example, a weapon shop.
So I'm gonna remove the entities here.
So we just have the weapons.
And then in our server side here this week, this is our normal net dot, receive I believe.
This is a really good example of networking and how to avoid exploits and we're going to just have this in the background.
So we can reference it later, but we actually are going to be rewriting a bad example of networking.
So we can learn from it and abuse it in our client-side code.
Here we have our tutorial shop and basically what's happening here in our list.
Here, whenever we go to purchase something, we are sending an ID, which is associated with an item.
And if we send, for example, one, we know that this is the SKS if we send two then this is the m24.
And if we send three that's the clock, and you can see that we're getting all the item data here by indexing, the ID and I did go into further depth in this on the de toriel.
So I recommend watching that if you have not already and a one more thing inside of my Garry's Mod directory here inside our actual Lua folder, where my Garry's Mod client is running I have a file here called awesome, cheat lua.
And so this is what I'm gonna be using to exploit the net messages.
And in this tutorial, I do have sv allow cs, lewin enabled.
Typically if you have this that you want this disabled, however, people can bypass this in multiple ways.
But just for this tutorial, we are going to have.
It enabled make sure whenever you are running a server to have this disabled.
So no one can run client-side Lua.
But now that we have that enabled we are good to go to run our own client-side Lua.
And then we should be good to go.
So the first thing I want to do is talk about some bad things that I see when people are networking so we're gonna go ahead and redo this here.
So if you see here, we have this item data.
We have the name the description the price, and we have actually a bunch of more information, such as the class name and the item type.
What I'm gonna want to do here is actually send the class name of the item that they're trying to buy cuz that makes sense.
So I'm gonna do neck dot write string and I'm gonna do item data dot classic.
Then we want to send the price of what they're trying to buy, because that makes sense right? We want to charge them appropriate amount.
So we're gonna do item data dot price set aside 32 bits here.
And then additionally, we want to send the player that is trying to buy something so I'm gonna do neck that right entity and it's.
The local player, who's attempting to purchase something which makes sense and then I'm going to go ahead and save this.
Then on the server side here, whenever we receive this net message, what we want to do is obviously charge the player.
The appropriate amount make sure we give the item to the correct player and give them the right item.
So the first thing that we sent was the class name.
So when you local class name, people's net dot, read string, then we sent the price, which will we sent 32 bits.
So we're gonna read 32.
And then the player we sent as well so we're going to read that entity that they sent let me just make sure that we are good here.
Yep, net dot, write entity.
That is the same set up here.
So what we want to do obviously is check to see if they can afford this price, because we don't want to just give him a free item.
So we're gonna do if P, oh, I can't afford price.
Then we're gonna take the price or take that money.
So we're gonna do add money.
We're gonna add the negative of the price.
So we're, basically, subtracting here.
And then we're gonna do peel why give and we're gonna give that class name.
So now if I hop in game now and I, let me reopen this menu here I'm gonna go ahead and purchase the sks.
You can see everything works as expected.
And that is good.
Here also I forgot to save this.
So we do have the previous items there.
But yet everything is working good I.
Have the clock I got the SKS.
My money is going down.
I believe, yes, it is also I was able to buy this again, because we didn't check to see if the player already has the weapon so that's something we're going to want to add in well.
But the main focus here is this m24 it's, $20,000, I, don't want to spend $20,000.
So what I'm gonna do now is take a look at the server's code that I'm on because there are file stealer so that's something to keep in mind, and people can easily get a hold of any client-side files that you have.
And so they can see their net messages, how they're structured.
And what data is being sent to the server.
So if I was to look at this code here that we just wrote, which is a really really bad thing to do.
This is a really it's just so exploitable in so many ways I'm gonna take advantage of it.
So in my code here, I'm gonna go ahead and copy this.
And so this is my cheat, I'm gonna go ahead and take that net message that I found and I saw that they're writing a class name, they're writing the price and the writing a player.
So there's, a few things that we can do here with this.
We can we can give any weapon to any player, and we can give any weapon for free.
So we don't have to charge a single thing, and we can choose pool gets the weapon.
And the reason for this is because we're not actually sending, for example, by ID that as we were doing it in the previous tutorial, we would send an ID, and then we would look up all the data inside this table, however, in our client-side code, we're already looping over that table.
And so we're just sending the values to the server.
And this is bad because the client can manipulate that and I'm gonna show you that now.
So what I'm gonna do here for the right string? I'm gonna go ahead and pick a weapon from the list.
One that's, not even in the shop.
So I, don't, believe, there's, an ak-47 so I want that and I'm gonna go ahead and put that here.
Next I don't want to spend any money.
So I'm gonna go ahead and set this to zero then I actually want to give this to myself.
So I'm gonna keep this as local player.
So I'm going to save this down.
Okay.
So if you look here, I do not have an inky 47.
And now what I'm gonna do is I'm gonna run Lua underscore open script CL, and then we're gonna take our file name here, which is, awesome, cheat, Lua and hit enter.
And now you can see I just got an inky 47 and I did not lose any money.
If I do that again, I'm, not yeah, I am not losing any money for sure and I'm gonna do it with the ak-74 I'm gonna go ahead and give that to myself and take a good look at my money at the bottom left and boom, I got an NK 74 from that code.
And my money did not go down.
So there, this is a serious issue.
So how do we fix this real quick? Actually before we fix it I want to show you an example of how I can give a weapon to another player.
So if I just hop into my console here and I print table player get all you can see we have the first ID here, which is player Y, which is B.
And then in the second ID here, we have player 2, which is the bot so I'm going to go ahead and give this bought an NK 74.
So what I'm gonna do here is I'm gonna take that table that we just printed to play, it I get all and I'm gonna indexed by the second player.
So now if I run this code again, you can now see that he actually got the ak-74.
So this is a serious issue.
So let's talk about how to fix this.
So the first thing that we want to do is actually fix the option to give a weapon to any player.
So to do that, this is actually fairly simple.
If you look here in our function, arguments on this original net dot, receive, we have the Len, and we have the PL y.
So py is actually the player that sent the net message.
So we do not need to write the entity here.
So what I'm gonna do now is when going here and I'm just gonna remove this line.
So we're, no longer writing the entity and then on our receiver, no longer gonna read this entity and we're gonna go into our arguments here and fill them in with the appropriate information.
So now if I save this and I hop back into the shop now, I can go ahead and buy this m24 and everything still works, because we know which player is attempting to send this message.
Okay.
Now to fix this.
What we want to do is get the item data similar to how we did in the previous tutorial.
Because if you look here in our code, originally, we were sending K, which was the current iteration of the loop, which it makes sense.
So if we send one, we know that this is the sks, if we send two, this is the m24.
If we send three, this is the Glock so that's a way to index the information here.
We just want to go ahead and write.
Okay, which like I said, was the current iteration.
So and I thought, right and I believe we did an integer right, int and we'll do K 32.
And we will send that to the server, and then what it's gonna do here I'm gonna remove this bad code now and I'm, just gonna explain why the option above here is better than this.
So first off, we are using PL, I, correct that's.
The right thing we want to do then we have this ID here.
And so this ID is going to be a number between 1 and 3 for the most part because there's only three items in the loop.
One thing you could do is actually check to see if this ID is a number that is not 1 2 or 3.
And if it's not more than likely, this person is sending an ID that is most likely sending an item that is not legit.
So we could actually check here.
And we could say if ID is greater than table dot count tutorial shop, dot, I teams, then we're gonna return meaning the code below it's, not gonna run and we're gonna say, print, py.
Steam ID is potentially attempting to abuse a net message.
And we could say tutorial shop, underscore purchase.
And then we can paste the ID that they're sending here.
So I'm just gonna show you that real quick.
So if I go ahead and go in game now, and we have our new nem messages set up.
You can see this is working here, everything's, fine, good stuff.
Yeti idea.
What what I want to do is actually use this cheat here and using the new method or the new structure here, I'm gonna go ahead and send a number that does not exist.
So I'm gonna go ahead and do net that right, int and I'm gonna say, for example, 4, okay.
And so now if I go in here and I open up that code here, you can see nothing happened in game.
However, if we go into console, we can see steam ID is potentially attempting to use a net message, tutorial shop, underscore purchase.
So, hey, we know that something is not right here.
And so we can utilize information and look at our structure and see if there's anything that is abnormal and then potentially report it.
So, for example, I could maybe kick this player or ban them for potentially abusing, ok.
So now that we have some form of protection here just to check to see if somebody is exploiting, this will not run any code so there's, nothing that we need to really need to worry about.
However, this is just more of a thing to potentially catch any cheaters.
And you can see here if there's no item data.
So for example, if they try to this person sends 5 for whatever reason we also have a method here to check if they are also sending some form of illegitimate ID.
So now we actually have all the data that we need with this item data since we're, looking up the value based on the ID that was sent so there's.
No reason to send the price there's, no reasons in the class name and there's, no reason to send the player that is attempting to purchase something here, because we have all this information stored on the table.
So that's something to keep in mind.
Whenever you are developing some form of networking for your add on another thing that I should mention on just to kind of go over some general topics here, if you are ever working on for example, like a MPC, where you heal a player, a really important thing to do is check to see if the player is actually near the NPC, whenever they are attempting to be healed and use.
So for example, you could write the NPC from the client to the server that there to be healed by you check to see if the NPC is actually a healing NPC.
And then you also check to see if the player is within the correct distance, for example, the player is sending an entity that is not a healing NPC, but it's calling the healing net message.
And then we could say, hey, this guy might be attempting to abuse.
And so then we'll want to ban them, or if they're not within distance, there's, a couple things that could happen there where they could just move away from the NPC, but the menu still open, but we'll just want to return if they're too far away.
So the healing doesn't happen.
Otherwise if we didn't check for the distance, and we didn't check for the correct entity, well, then they can heal themselves.
No matter where they are in the world.
In this case, if we had like an NPC where we're purchasing items from not not only, would we want to send the ID? We like I said, we wanted to check the NPC to where they're purchasing the items from and make sure it's correct and they're within distance.
So there's, a lot of things to keep in mind there's, not a solution for everything.
However, it depends what your structure is what information is necessary.
So the key things to remember send the least amount information as possible one that way you're not sending a useless info.
And that is not needed.
Additionally, what I only send IDs that you can really look up for items or just just just don't trust.
The client is basically the overall message here because the client as shown in this awesome cheat can manipulate the data.
So that's an example of how to abuse the net messages that's, how you can patch them.
You guys have any questions, please feel free to calm them down below also just.
So you guys know this video tutorial was selected based on patreon.
So as you can see here on patreon, we had three people vote and the video that was suggested was networking exploits and how to patch them.
So if you guys are interested in having a say on which video I produced next make sure to check out my patreon link in the description, and you can vote on the next video also, you get access to all the code that is in my tutorials.
So you no longer need to watch them if you're just interested in the code.
So that will be it.
Thank you guys so much for watching I.
Hope, you guys have a wonderful day and take care.