Introducing Asset Escrow for your resources

frenzy-renegade · November 14, 2021, 4:42pm

You are right in that many projects such as OpenSSL are open source. This however, is not OpenSSL, and doesn’t work the same way. We are advocates of open source, but that doesn’t mean we should open source everything to the point we open source our anticheat.

We are of course not rolling our own encryption. Files are encrypted and signed on our backend, models include some engine-level validation. Content ownership is validated on both the server as client, so client will refuse to connect to a modified server as well.

squizer · November 14, 2021, 6:39pm

If everyone was honest, no code locking would be needed.

magic1982 · November 14, 2021, 8:28pm

I have a question how do you check the author?

If someone release files 4 free without use this function (assets_escrow) ,and an other take this files in your assets_ascrow who isn´t the true author,
what will be happens?

I don´t wanna use free files and be banned!

it´s better to release a DumperBlocker i think and a anticheat that only logs all cheater , leakers ,etc as to say use this system to protect.

i´m from germany and we have a laws witch says every scan(cheatingengine) , leaktools , hacktools and much more are forbidden to use or write this tools . if someone just scan files or ports he should know if the host goes to police he can be jailed 4 this shit. I have posted this on my discord and all users who use hacks are running to Mama

MrDaGree · November 14, 2021, 9:36pm

Is there an API or something that we can use to provide update notifications or will this still rely on outside services?

Clatanii · November 15, 2021, 8:17am

what… Do you literally think sharing how your anti-cheat, encryption system works seems like a very good idea? Seems more like ‘hey, come and work around our systems’.

Aiden_Z · November 15, 2021, 6:07pm

Not sure what you mean by relying on outside services, but there is no API that I can see.

Federal_9999 · November 15, 2021, 8:09pm

Looks like a custom bytecode format rather than a regular encryption, that only fivem’s vm can understand and interpret. It’s basically like ‘compiled lua’ but with some encryption on the instructions. It shouldn’t be too hard to write a decompiler for this, maybe

MrDaGree · November 16, 2021, 1:08am

Outside services such as using another page to “store” the most up to date version number and check it against the installed version on server load

overdose3654 · November 16, 2021, 3:17am

I tried updating one of my scripts and attempted to upload a new one, but I’ve been stuck at submitted its been over 12 hours now. I’ve tried resubmitting multiple times

Here is my fxmanifest.lua contents

description 'HitManJob for FiveM-Made by overdose'

fx_version 'adamant'

games { 'rdr3', 'gta5' }

version '1.0.0'

lua54 'yes'


escrow_ignore {

shared_script 'client/config.lua',
client_script 'client/client.lua',
server_script 'server/server.lua'

}

PPGamingDK · November 16, 2021, 3:17pm

You miss ,

Aiden_Z · November 16, 2021, 4:02pm

What? You reupload the resource on key master to update it. Then the people using it can decide to update or not. If you want to notify people it update through a discord or something and to go redownload it, that’s probably the best way.

overdose3654 · November 16, 2021, 5:07pm

Thanks for the reply I fixed that and am still stuck at submitted

n0mad_b · November 16, 2021, 5:47pm

Hi, I have a few questions :

Is there a way to change the cfx account used by tebex for the asset manager ?
If so what happens to licences already issued ?

I deleted some assets in the “Upload assets” tab and I’d like to remove them from the “Purchased assets” tab as well, is it possible ?

ChatDisabled · November 16, 2021, 10:09pm

the , didn’t matter. You shouldn’t put client_script inside the escrow_ignore {}. Define your client_script 'client/client.main' above like normal and afterwards you do escrow_ignore { 'client/client.lua' } . Should fix your problem afaik.

overdose3654 · November 16, 2021, 10:28pm

Your the goat thank you so much

MrDaGree · November 16, 2021, 10:45pm

I’m not quite sure you understand. I was hoping there was a way to get the currently uploaded version from a fxmanifest variable and compare it on runtime to be able to alert on console for an update in case someone isn’t in a discord to know about an update

Avanae · November 18, 2021, 6:16pm

There is. In server.lua you can do a a version check function and upload a version file to GitHub, not the actual resource obviously and set a timeout for an hour to repeat the check and if at any time you update the version file it will notify in server console. I can help you write one up of you like. I’ve already done it.

MrDaGree · November 18, 2021, 11:10pm

Again Im not sure YOU are understanding… I was wanting to know if there was an API built in to not rely on services such as github… Im more than capable of writing my own code.

Avanae · November 19, 2021, 12:03am

Then no. Perhaps in the future. I really don’t see why that would be an issue since it’s literally no effort to go through github. You can do it from literally anywhere, even discord as long as you upload the fxmanifest with a different version by defining ‘url’ in the FX manifest to link to the uploaded fxmanifest and use

local resource = GetCurrentResourceName()
local url = GetResourceMetadata(resource, 'url', 0)
local version = GetResourceMetadata(resource, 'version', 0)

and do a PerformHttpRequest() to the uploaded fxmanifest.lua and do a version match against the current.

MrDaGree · November 19, 2021, 12:19am

While yes I understand how to do it, I’ve done it before, with Github. I just would rather upload to once place and be done with it and not have to update multiple places the version number