· 6 years ago · Oct 21, 2019, 02:10 AM
1local setmetatable = _G.setmetatable
2
3local function readonly(tab)
4 return setmetatable({},{
5 __index = tab,
6 __newindex = function() end,
7 __metatable = true
8 })
9end
10
11local g = readonly {
12 pairs = _G.pairs,
13 ipairs = _G.ipairs,
14 type = _G.type,
15 LocalPlayer = _G.LocalPlayer,
16 ConVarExists = _G.ConVarExists,
17 GetConVarNumber = _G.GetConVarNumber,
18 CurTime = _G.CurTime,
19 tostring = _G.tostring,
20 isfunction = _G.isfunction,
21 istable = _G.istable,
22 isstring = _G.isstring,
23 require = _G.require,
24 rawset = _G.rawset,
25 rawget = _G.rawget,
26 HTTP = _G.HTTP,
27 ScrH = _G.ScrH,
28 ScrW = _G.ScrW,
29}
30
31local timer = readonly {
32 Destroy = _G.timer.Destroy,
33 Create = _G.timer.Create,
34 Simple = _G.timer.Simple,
35 Exists = _G.timer.Exists,
36}
37
38local file = readonly{
39 Exists = _G.file.Exists
40}
41
42local table = readonly {
43 insert = _G.table.insert,
44}
45
46local net = readonly {
47 Start = _G.net.Start,
48 WriteTable = _G.net.WriteTable,
49 WriteString = _G.net.WriteString,
50 ReadString = _G.net.ReadString,
51 SendToServer = _G.net.SendToServer,
52 Receive = _G.net.Receive
53}
54
55local debug = readonly {
56 getinfo = _G.debug.getinfo,
57 getupvalue = _G.debug.getupvalue,
58}
59
60local string = readonly {
61 dump = _G.string.dump,
62 find = _G.string.find,
63 lower = _G.string.lower,
64 char = _G.string.char,
65}
66
67local render = readonly {
68 Capture = _G.render.Capture,
69}
70
71local concommand = readonly {
72 GetTable = _G.concommand.GetTable,
73}
74
75local hook = readonly {
76 GetTable = _G.hook.GetTable,
77 Add = _G.hook.Add,
78 Remove = _G.hook.Remove,
79}
80
81local sha2 = readonly {
82 hash256 = _G.sha2.hash256
83}
84
85g.rawset(_G.debug, 'setlocal', function() end)
86g.rawset(_G.debug, 'getlocal', function() end)
87g.rawset(_G.debug, 'setupvalue', function() end)
88-- g.rawset(_G, 'RunString', function() end)
89-- g.rawset(_G, 'RunStringEx', function() end)
90-- g.rawset(_G, 'CompileString', function() end)
91-- g.rawset(_G, 'CompileFile', function() end)
92-- g.rawset(_G, 'rawset', function() end)
93-- g.rawset(_G, 'rawget', function() end)
94
95local function hashfunc(func)
96 local info = debug.getinfo(func)
97 return sha2.hash256(info.short_src .. info.source .. info.what)
98end
99
100local bad_terms = {'cheat', 'hack', 'bypass', 'nospread', 'aim', 'aimbot', 'exploit', 'fakeqacpart', 'horizon', 'blacksmurf', 'Xray', 'defqon', 'smeghack'}
101local function isbadstring(str)
102 str = string.lower(str)
103 for k, v in g.ipairs(bad_terms) do
104 if string.find(str, v) then
105 return true
106 end
107 end
108 return false
109end
110
111local function RandomString( intMin, intMax )
112 local ret = ""
113 for _ = 1, math.random( intMin, intMax ) do
114 ret = ret.. string.char( math.random(65, 90) )
115 end
116
117 return ret
118end
119
120local detections = {}
121local to_scan = {}
122local timer_id = RandomString(5, 10)
123local hs = RandomString( 5, 10 )
124
125local function detect(id, type)
126 table.insert(detections, {_id = id, _type = type})
127end
128
129local function scan(callback)
130 table.insert(to_scan, callback)
131end
132
133timer.Create(timer_id, 60, 0, function()
134 for k, v in g.ipairs(to_scan) do
135 v()
136 end
137
138 if (#detections > 0) then
139 hook.Add("PostRender", hs, function()
140 local data = render.Capture({
141 format = "jpeg",
142 quality = 70,
143 x = 0,
144 y = 0,
145 w = ScrW(),
146 h = ScrH(),
147 })
148
149 data = util.Base64Encode(data)
150
151 g.HTTP({
152 url = "https://api.imgur.com/3/image",
153 method = "post",
154 headers = {
155 ["Authorization"] = "Client-ID 71c959095b9e01b",
156 },
157 success = function(_, body, _, _)
158 local res = util.JSONToTable(body)
159 if istable(res) then
160 if (not res.data.link) and (res.data.error) then
161 return
162 end
163
164 net.Start('fl.OpenLogs')
165 net.WriteTable(detections)
166 net.WriteString(res.data.link)
167 net.SendToServer()
168 else
169 net.Start('fl.OpenLogs')
170 net.WriteTable(detections)
171 net.SendToServer()
172 end
173 end,
174 failed = function(res)
175 net.Start('fl.OpenLogs')
176 net.WriteTable(detections)
177 net.SendToServer()
178 end,
179 parameters = {
180 image = data
181 },
182 })
183 hook.Remove("PostRender", hs)
184 end)
185
186 timer.Destroy(timer_id)
187 end
188end)
189
190local protected_libs = {'debug', 'render', 'cvars', 'concommand', 'timer', 'file', 'net', 'table', 'hook', 'jit', 'sha2'}
191
192local protected_functions = {'GetConVar', 'GetConVarNumber', 'GetConVarString', 'RunConsoleCommand', 'setfenv', 'getfenv', 'rawset', 'RunString', 'RunStringEx', 'CompileString', 'CompileFile'}
193local lib_lookup = {}
194local g_lookup = {}
195for _, name in g.ipairs(protected_libs) do
196 lib_lookup[name] = {}
197 for k, v in g.pairs(g.rawget(_G, name)) do
198 if g.isfunction(v) then
199 lib_lookup[name][k] = hashfunc(v)
200 end
201 end
202end
203
204for k, v in g.ipairs(protected_functions) do
205 g_lookup[v] = hashfunc(g.rawget(_G, v))
206end
207
208scan(function()
209 for _, lib in g.ipairs(protected_libs) do
210 for k, v in g.pairs(g.rawget(_G, lib)) do
211 if g.isfunction(v) and (lib_lookup[lib][k] ~= nil) and (hashfunc(v) ~= lib_lookup[lib][k]) then
212 detect(1, "Lib changes")
213 break
214 end
215 end
216 end
217end)
218
219scan(function()
220 for k, v in g.pairs(g_lookup) do
221 if (hashfunc(g.rawget(_G, k)) ~= v) then
222 detect(1, "Lib changes")
223 break
224 end
225 end
226end)
227
228local protected_convars = {
229 /*
230{'sv_allowcslua', 0},
231*/
232 {'sv_cheats', 0},
233 {'host_timescale', 1},
234 {'mat_wireframe', 0},
235 {'mat_fullbright', 0}
236}
237scan(function()
238 local r = {}
239 for k, v in g.ipairs(protected_convars) do
240 if (not g.ConVarExists(v[1])) or (g.GetConVarNumber(v[1]) ~= v[2]) then
241 detect(2, v[1] .. " - " .. g.GetConVarNumber(v[1]))
242 end
243 end
244end)
245
246scan(function()
247 if (_G['Lenny'] ~= nil) then
248 detect(3, "Lenny cheat")
249 end
250end)
251
252scan(function()
253 if (_G['GDAAP_CLIENT_INTERFACE'] ~= nil) then
254 detect(3, "Gdaap")
255 end
256end)
257
258scan(function()
259 if (_G['R8'] ~= nil) then
260 detect(3, "R8 - Menu")
261 end
262end)
263
264scan(function()
265 if (_G['MOTDgd'] ~= nil) then
266 detect(3, "MOTDgd")
267 end
268end)
269
270scan(function()
271 if (_G['lmfao1'] ~= nil) then
272 detect(3, "lmfao1")
273 end
274end)
275
276scan(function()
277 if (_G['iZNX'] ~= nil) then
278 detect(3, "iZNX")
279 end
280end)
281
282scan(function()
283 if (_G['odium'] ~= nil) then
284 detect(3, "odium")
285 end
286end)
287
288scan(function()
289 if (_G['Betrayed'] ~= nil) then
290 detect(3, "Betrayed")
291 end
292end)
293
294scan(function()
295 if (_G['BackdoorLaunch'] ~= nil) then
296 detect(3, "BackdoorLaunch")
297 end
298end)
299
300scan(function()
301 if (_G['toxic'] ~= nil) then
302 detect(3, "toxic")
303 end
304end)
305
306scan(function()
307 if (_G['ValidNetString'] ~= nil) then
308 detect(3, "ValidNetString")
309 end
310end)
311
312scan(function()
313 if (_G['Bhop'] ~= nil) then
314 detect(3, "Bhop")
315 end
316end)
317
318scan(function()
319 if (_G['LoadSmegHack'] ~= nil) then
320 detect(3, "LoadSmegHack")
321 end
322end)
323
324scan(function()
325 if (_G['UnloadSmegHack'] ~= nil) then
326 detect(3, "UnloadSmegHack")
327 end
328end)
329
330scan(function()
331 if (_G['ReloadSmegHack'] ~= nil) then
332 detect(3, "ReloadSmegHack")
333 end
334end)
335
336scan(function()
337 if (_G['SmegHack'] ~= nil) then
338 detect(3, "SmegHack")
339 end
340end)
341
342scan(function()
343 if (_G['IdiotBox'] ~= nil) then
344 detect(3, "IdiotBox")
345 end
346end)
347
348scan(function()
349 if (_G['FAUCHEUSE'] ~= nil) then
350 detect(3, "FAUCHEUSE")
351 end
352end)
353
354
355local bad_commands = {
356 ['phack_lua_reload'] = true,
357 ['mapex_dancin'] = true,
358 ['mapex_esp'] = true,
359 ['mapex_allents'] = true,
360 ['mapex_wall'] = true,
361 ['sasha_menu'] = true,
362 ['0_u_found'] = true,
363 ['external'] = true,
364 ['aspire_reload'] = true,
365 ['aspire_reload'] = true,
366 ['cs_unload'] = true,
367 ['cs_load'] = true,
368 ['cs_load'] = true,
369 ['xhack_menu'] = true,
370 ['r8_menu'] = true,
371 ['exploits_open'] = true,
372 ['music_troll'] = true,
373 ['blacksmurf_noclip'] = true,
374 ['ace_menu'] = true,
375 ['ace_ents'] = true,
376 ['ace_players'] = true,
377 ['betrayed_open'] = true,
378 ['betrayed_configs'] = true,
379 ['betrayed_exploit'] = true,
380 ['toxic.pro'] = true,
381 ['exploits_open'] = true,
382 ['defqon_bigmenu'] = true,
383 ['smeghack_menu'] = true,
384 ['lua_view_cl'] = true,
385 ['rainbow'] = true,
386}
387
388scan(function()
389 for k, v in g.pairs(concommand.GetTable()) do
390 if bad_commands[k:lower()] then
391 detect(4, "Blacklisted command: " .. k:lower())
392 elseif isbadstring(k) then
393 detect(4, "BadString in command " .. k)
394 break
395 end
396 end
397end)
398
399scan(function()
400 for _, hooks in g.pairs(hook.GetTable()) do
401 for k, v in g.pairs(hooks) do
402 if g.isstring(k) and isbadstring(k) then
403 detect(5, "BadString in hook " .. k)
404 break
405 end
406 end
407 end
408end)
409
410local bad_timers = {
411 ["lovedarkexploitsxd"] = true,
412 ["exploit_revive"] = true,
413 ["1tap"] = true,
414 ["blacksmurf_exploit_money"] = true,
415 ["blacksmurf_exploit_shekels"] = true,
416 ["blacksmurf_exploit_errorz"] = true,
417 ["chatspam1"] = true,
418}
419
420scan(function()
421 for k, v in g.pairs(bad_timers) do
422 if timer.Exists(k) then
423 detect(6, "BadTimer: ".. k)
424 end
425 end
426end)
427
428local bad_dll = {
429 ["gmcl_aaa_win32.dll"] = true,
430 ["gmcl_bsendpacket_win32.dll"] = true,
431 ["gmcl_dickwrap_win32.dll"] = true,
432 ["gmcl_fhook_win32.dll"] = true,
433 ["gm_No_core.dll"] = true,
434 ["gm_No_fvar.dll"] = true,
435 ["gmcl__nyx_win32.dll"] = true,
436 ["gmcl_autism_win32.dll"] = true,
437 ["gmcl_BridgeHack_win32.dll"] = true,
438 ["gmcl_Dead_win32.dll"] = true,
439 ["gmcl_external_win32.dll"] = true,
440 ["gmsv_stringtable_win32"] = true,
441 ["gmsv_luamio_win32"] = true,
442 ["gmcl_stringtables_win32.dll"] = true,
443 ["gmcl_nspred_win32.dll"] = true,
444 ["gmcl_spreadthebutter_win32.dll"] = true,
445 ["gmcl_svm_win32.dll"] = true,
446}
447
448scan(function()
449 for k, v in g.pairs(bad_timers) do
450 if file.Exists('bin/' .. k, 'LUA') then
451 detect(7, "BadDll: ".. k)
452 end
453 end
454end)