Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: what is Stufftextdetection ? and how its Works

  1. #11

    Default

    tbh this is kinda pointless, all you have to do is figure out where the screenshot function is called and reverse it to avoid detection and checking and setting cvars is useless because anybody with access to the engine functions could easily re-register any cvar and set the value by memory avoiding any detection.

  2. #12
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Clint, I'm sure you know this so I'll just be brief. This method isn't fail proof, and we realize that, however tell me how many dedicated "hackers" does the MOHAA community currently have? We all know the last thing you released, and that's fine, but there are people struggling to figure out how corruption even works. I'm pretty sure they're a far distance away from figuring out how to circumvent the stufftext method. Especially since
    1. MOHAA is closed source
    2. It would require more than basic c++ knowledge
    3. Our method checks cvars before they are executed. This is something that is serverside, and I just don't see how a client can intercept a serverside request that doesn't get passed to the client. Assuming the algorithm gets cracked, then yes it can be bypassed, but so far I think that this has a much higher success rate than a failure rate. Do you disagree?

  3. #13

    Default

    Yes, the last update to corruption uses some examples of setting the cvars through memory rather then sending the command to the console... the command will NOT return a value of 1 in the console because its set by the memory... for example I register the cvar cg_forcemodel again now I have the address and can do whatever to it instead of hex editing or some sort.... so instead of sending a command through the console "cg_forcemodels 1" making it more exposed i just set it through the memory thats why i called it brute forcemodels Im not trying to downplay the patch but understanding this stuff is pretty basic I mean im not out to attack your patch but I do take pride in learning to reverse engineering and learning to program in C/C++ because of MOHAA. The whole point is you want see the command sent through the console and also the cvar will return a value of no greater than or less than 0 if checked by the server... but its okay though cause its effective i think the effectiveness is always half the battle
    Last edited by clint; December 18th, 2010 at 08:56 PM.

  4. #14
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Hmm, I see what you're saying. One thing though, I realize that this is all parsed through the client so the server doesn't really know, but what if the patch did random checks to an array of clientside cvars (hypothetically speaking), the value in memory (0 or 1) would be returned to the server, and even if it's bypassed by parsing the information through console how could it be spoofed if sending the information in memory (unless offcourse, as I mentioned above, someone figured out how the algorithm worked to get this information).

    Anywho, despite our current differences, you come off just like how I used to be. I was the exact same way. Everything I know about MOHAA is based off just playing around with the engine and doing different things. Some were POC's others were just trial based tests. Anywho, I would like to hear your reply. I'm just a bit curious if maybe you could test against the patch and come back with some constructive feedback

  5. #15
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    We're not sending it through console. And we don't use CVars to check against stufftext bypass.

  6. #16

    Default

    Quote Originally Posted by Razo[R]apiD View Post
    We're not sending it through console. And we don't use CVars to check against stufftext bypass.
    Well the whole point for using stufftext is to send commands to the client... so anything you do is client side on the clients part... but i kinda figure out what u guys were using it for i guess forced screenshots... I mean why protect against it? My method works i tested it today my point really is you dont need to bypass stufftext just the cvars that u want to hack.

    for example i set cg_forcemodel to 1 in memory i go to the console and try to turn it off from the console (I type cg_forcemodel 0 ) nothing happens wonder way forcemodels are still enforced and the value in the console reads "0"
    Last edited by clint; December 20th, 2010 at 03:53 PM.

  7. #17
    Über Prodigy & Developer Razo[R]apiD's Avatar
    Join Date
    May 2010
    Location
    Poland, Lublin
    Posts
    3,257

    Default

    I know what you're doing. Registering CVar with CVar_Get function. Getting it's pointer and changing values. No, we weren't using it for forced screenshots. Modders were for more than 4 years already. It's not pointless because there are other hacks that makes use of stufftext bypass and are using it.

    I think stufftext isn't sent through console and will also check that.

    And your CVars can be forced in a different way, which I won't explain here Maybe it's not very useful or has it's limitations but it's doable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •