with this post I want to present myATMRobbery. An ATM robbery script I’ve wrote a while ago for my own server.
Features:
You can set up as many ATMs as you want with individual
→ Cooldown Timers (An ATM in Paleto Bay could have a longer cooldown, as an ATM in the city)
Those timers are synced between players
→ Maximum Loot (An ATM in the city f.e. could give more money, than an ATM at Sandy Shores)
The robbery is a process: If you stay longer at the ATM, you’ll receive more money. But you also increase the risk to be catched by the police
Cop Notifications when a Robbery is started and aborted.
Alarm sound, which is synced between all players
Full Translation file with English and German translation by default.
As always the script is completely free to edit!
Showcase:
Cop Dispatch:
Config
Config = {}
Translation = {}
Config.Locale = 'en'
Config.CopsRequiredToSell = 2
Config.useBlips = true -- should there be Blips for the ATM Locations
Config.showMarker = true -- Should a red marker be displayed
Config.showInfobar = true -- Hint text: Press G to...
Config.RequireLockpickItem = false
Config.LockpickItem = 'lockpick'
-- Animation examples:
-- WORLD_HUMAN_HAMMERING
-- WORLD_HUMAN_WELDING
Config.AnimationStyle = "WORLD_HUMAN_WELDING"
-- Timeout in minutes
Config.Atms = {
{x = 146.06, y = -1034.82, z = 29.34, timeout = 10, money = {min = 3600, max = 9000}},
{x = -303.48263549805, y = -831.02526855469, z = 32.08687210083, timeout = 10, money = {min = 4000, max = 8000}},
{x = -56.362201690674, y = -1752.3922119141, z = 29.421005249023, timeout = 10, money = {min = 2600, max = 4000}},
{x = -821.26617431641, y = -1082.509765625, z = 11.132418632507, timeout = 10, money = {min = 3200, max = 7000}},
{x = -2073.240234375, y = -317.16448974609, z = 13.315970420837, timeout = 10, money = {min = 3600, max = 69000}},
{x = 1172.6140136719, y = 2701.9362792969, z = 38.174629211426, timeout = 10, money = {min = 3800, max = 8200}},
{x = -1091.0859375, y = 2708.2854003906, z = 18.970090866089, timeout = 10, money = {min = 3900, max = 7800}},
{x = 2559.6220703125, y = 351.03356933594, z = 108.6215133667, timeout = 10, money = {min = 4100, max = 7000}},
}
Config.AlarmTime = 15 -- in seconds (how long should the alarm stay activated)
Config.Step3Time = 15 -- How long should it take before the player gets the first money (break the case)
Config.IntervalCount = 6
Config.IntervalTime = 17.5 -- in seconds
RegisterServerEvent('myATMRobbery:pay')
AddEventHandler('myATMRobbery:pay', function(amount)
local xPlayer = ESX.GetPlayerFromId(source)
if amount > 0 then
xPlayer.addMoney(amount)
end
end)
Any script kiddy that dumps the cache and sees the client trigger that event with the amount can give themselves infinite money. Best bet is to move the ATM list into a server sided config file.
yeah, ideally he should move the payout amounts server side, remove the amount argument from the event.
Set up a key,value table with the players server id (source) as the key. Then for the value set it to os.time(). Then any time the event is triggered, he can get the current os.time and check it against the last time that source triggered the event. if less than X time has passed, then prevent them from gaining money as they’re triggering the event to quickly. Any time they are allowed to get the money, update the table with the current os.time for that money.
Doing all that should fix the issue. Clients would no longer be able to inject 9999999999 money… They’d also not be able to just do something like:
for i=1, 100 do
TriggerServerEvent('myATMRobbery:pay')
end
As the time check would prevent them the first time it’s triggered. If you wanted to go one step further, if you’re running one sync, you could also get there coords server side, and check the distance from the atms to make sure they’re not triggering the event from the middle of the ocean.
I never had trouble with such injects on my server, since we logged all payments at all and had autobans for uncommon transactions. But I guess I got the problem.
Basically the change is pretty easy, but I guess it will always leave corner cases for cheaters to give themself money.
I’ll think about this! Thanks for your input.
Best regards,
Luis
If you’re selling a respource, then it’s your responsibility to make sure the script is secure. Just because you have an anticheat, doesn’t mean someone elses server does. I’ve already fixed it for the server I’m helping develop.
Created a second table for the source and the os.time() of there last robbery. Then any time they trigger that event, check your lastRobbery table to see if the key exists for that atm. If it does then get the current os time and check the diffence between the last robbery time and the new time. If it’s been enough time, then allow them to rob.
of course I do such changes, and I already finished my first tets version with those yesterday. This version is now in testing for a couple of days, to be sure that this change is really effective against exploits like this.
I optimized it in a bit different way, but the result should be the same.
Perfect Wasn’t trying to be an ass, was just stating if you want to sell a resource, then you should make sure it is secure. Luckily enough the server that bought your resource had me check it out before installing it and I spotted that issue. Last thing you need is someone to purchase the resource, and then end up with someone exploiting the issue.