[LSDC] Anti-cheat, security, anti-explosion, blacklist

Anti-cheat, security, anti-explosion, blacklist

First let me introduce myself, I have been the founder of Garry’s Mod server for years and have started my FiveM server recently.
I never create a script but I understand all the meaning and I know how to tinker with it.
If I create this topic it is to gather hours of research on protection and to share my work as well as my explanations.

1. TriggerEvent

To get started, read the two biggest topics that deal with the subject.


What you should remember from these two topics is that all your scripts use “TriggerEvent”.
The TriggerEvent are simply function calls.

In your scripts it can be in different forms : TriggerEvent, RegisterServerEvent, AddEventHandler, TriggerClientEvent


For example, the revive function of the ambulance job:

-- server/main.lua
RegisterServerEvent('esx_ambulancejob:revive')
AddEventHandler('esx_ambulancejob:revive', function(target)
	local _source = source
	local xPlayer = ESX.GetPlayerFromId(_source)

	xPlayer.addMoney(Config.ReviveReward)
	TriggerClientEvent('esx_ambulancejob:revive', target)
end)

The script records the ServerEvent : "esx_ambulancejob:revive"
When it is used, it uses the function which is declared on the customer side;

-- client/main.lua
RegisterNetEvent('esx_ambulancejob:revive')
AddEventHandler('esx_ambulancejob:revive', function()

	local playerPed = GetPlayerPed(-1)
	local coords	= GetEntityCoords(playerPed)
	TriggerServerEvent('esx_ambulancejob:setDeathStatus', 0)

	Citizen.CreateThread(function()

	DoScreenFadeOut(800)

	while not IsScreenFadedOut() do
		Citizen.Wait(0)
	end

	ESX.SetPlayerData('lastPosition', {
		x = coords.x,
		y = coords.y,
		z = coords.z
	})

	TriggerServerEvent('esx:updateLastPosition', {
		x = coords.x,
		y = coords.y,
		z = coords.z
	})

	RespawnPed(playerPed, {
		x = coords.x,
		y = coords.y,
		z = coords.z
	})

	StopScreenEffect('DeathFailOut')

	DoScreenFadeIn(800)

	end)

end)

A TriggerEvent is always composed this way:
script_name:function

It is present in all scripts that use it.

The question to ask now is, how to protect all your events?
Namely, most anti-cheats offer kick / ban functions for TriggerEvent blacklists.
Find the one that suits you best.

What you should do:


  • Recover the list of all your Events
  1. To retrieve the list of all your Events, I advise you to use Sublime Text.
    Start by recovering the file “resources” from your server.
    (duplicate it to have a working copy)

  2. Drag your file “resources” on the app Sublime Text to open it with.

  3. Right click on the file and click on"Find in folder…"

  4. In the field “Find:” write : Event

  5. Press enter or the button “Find

  6. You are now in front of the list of all the events of your server.
    It’s time to roll up your sleeves and write your future blacklist!

  7. Create a new file.lua with the name you want.
    Write your blacklist in this form :

        --[[ ---
	-- [esx]
	]]------
	
	-- esx_accessories
	"esx_accessories:pay", -- ls_???????_dc_accessories:pay
	"esx_accessories:save", -- ls_???????_dc_accessories:save
	"esx_accessories:get", -- ls_???????_dc_accessories:get
	"esx_accessories:checkMoney", -- ls_???????_dc_accessories:checkMoney
	
	-- esx_addonaccount
	"esx_addonaccount:getAccount", -- ls_???????_dc_addonaccount:getAccount
	...

Trick : To write an optimized and clean blacklist, you will need a little more time.
Open all the files of your server one by one to find the Event located on the server side
This will allow you to classify your blacklist in the order of your files present on the server.
A blacklist found on the internet will not be 100% reliable.


  • Rename the name of all your Events
  1. To quickly rename all your Events we will use Sublime Text once again.

  2. Before replacing, I will explain to you what you need to rename and how to rename it so that you can more easily secure your Events.
    (if someone finds the name of your Event they can use them)

  3. What are you going to change?
    As I said previously your Events are noted : "script_name:function"

For scripts ESX which are composed like this : "esx_script_name:function"
We will replace "esx_script_name:" to "SECU_script_name:"

For scripts NO-ESX which are composed like this : "script_name:function"
We will replace "script_name:" to "SECU_script_name:"

  1. Create your secure event key.
    As you have understood, in your future server each Event will include the name "SECU_"

To secure this name, we will include a code in it.
Example: "SE_G4DJ67R_CU_"

In the event that your key has been revealed, you just have to replace the code in all the files.

Exemple :
Find: SE_G4DJ67R_CU_
Replace: SE_LK3G6S2_CU_

  1. How to replace quickly?
    To perform a quick replacement you will use your Event list.
    A list of events classified by script will be more efficient and without risk of error.

Replace each "esx_script_name:" or "script_name:" by the new.

Example : Find: "esx_accessories:" Replace: "SE_LK3G6S2_CU_accessories:"

  1. Do this with all your "script_name:"

  2. Check if there are any errors.

It happened during replacement that the name is put twice in a row in the event.
Example : SE_LK3G6S2_CU_SE_LK3G6S2_CU_accessories:

In this case make a replacement like this:
Find: "SE_LK3G6S2_CU_SE_LK3G6S2_CU_" Replace: "SE_LK3G6S2_CU_"


Trick : Once you’ve renamed all of your TriggerEvent names, make sure your server is up and running. If everything is working correctly, all you have to do is activate your blacklist of old Event name. No need to block script events that you don’t have, it’s a waste of time. If you don’t have an anti-cheat, the simple fact of renaming all your Events will prevent the cheaters from using your server’s functions, so you are also protected, but they are not punished.


2. Anti-Explosion

Here’s a snippet that blocks all explosions on your server !
You will need Onesync to be able to use this function.

  • Create a new folder (script)
    Create two lua files : __resource.lua and server.lua
-- folder/__resource.lua
resource_manifest_version '44febabe-d386-4d18-afbe-5e627f4af937'

server_scripts {
    'server.lua'
}
-- folder/server.lua
local BlockedExplosions = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38}

AddEventHandler(
  "explosionEvent",
  function(sender, ev)
    for _, v in ipairs(BlockedExplosions) do
      if ev.explosionType == v then
        CancelEvent()
		
		--Revive--
		Wait(2000)
		TriggerClientEvent(‘esx_ambulancejob:revive’, sender) -- look for your `esx_script_name:`
		local xPlayers = ESX.GetPlayers()

		for i=1, #xPlayers, 1 do
		local xPlayer = ESX.GetPlayerFromId(xPlayers[i])
		TriggerClientEvent(‘esx_ambulancejob:revive’, xPlayer) -- look for your `esx_script_name:`
		end
		--Fin Revive--
		
        return
      end
    end
  end
)

  • Put the start folder on your server.cfg

If you want to know the list of all the explosion events here they are:
https://runtime.fivem.net/doc/natives/?_0xE3AD2BDBAEE269AC

3. Snippet

Here are the snippets that I use and that I think are essential
https://github.com/ElChapoLSDC/Snippets

4. Blacklist

Here is my own blacklist which is therefore based on my scripts, the vehicles I do not use, the mod menu items and other anti-cheat add-ons that work quite well.

These are designed for chocohax anti-cheat but can be used by anyone else.
https://github.com/ElChapoLSDC/Blacklists


Thanks for reading !


Please translate to english

Listed and removed Discord and Server Ad. They are not to be outside of #server-development:server-bazaar!

Renaming triggers doesn’t do much, people will just server dump and find them in 2 minutes.