Jump to content

Money Hack


TiTawN

Recommended Posts

  • MTA Anti-Cheat Team

The script security principle that others explained to you (never trust the client) apply at all times. But a working Lua injector is extremely unlikely and rare, just as there isn't one at the moment.

And the reason im saying this is because it indicates that in your case, this situation at hand, there is a scripting bug somewhere in your code. Something that lets players 'boost' (stat pad) their money or enter the amount they want through some manipulation.. that should move your focus towards reviewing all of your resources which can potentially set player's money, or other generalized vulnerabilities such as resources that act as a 'non real' Lua injector on player's demand.. such as a resource that has a file in its directory that can be loaded with loadstring, where the contents can be added into. That's a very stupid mistake that nullifies the scripting security level of a server, but it does happen regularly, also as a backdoor - always be careful who you trust to send you resources to use.

Also keep an eye on admin and admin runcode logs, to see if your admins/scripters aren't setting their own (or a friended player's) money somehow. @TiTawN

  • Like 1
Link to comment

Hi, I've finally discovered the problem. Thanks to @IIYAMA for giving me log code.
The problem was that he(the user that made his money upper than 99,999,999) was using takePlayerMoney to make his money less than 0$ and by making it minus(-), it's go on and on to make it plus(+) and when it get to <<plus>>, the money will start as a number that is more than 99,999,999... ❤️

2 hours ago, Dutchman101 said:

The script security principle that others explained to you (never trust the client) apply at all times. But a working Lua injector is extremely unlikely and rare, just as there isn't one at the moment.

And the reason im saying this is because it indicates that in your case, this situation at hand, there is a scripting bug somewhere in your code. Something that lets players 'boost' (stat pad) their money or enter the amount they want through some manipulation.. that should move your focus towards reviewing all of your resources which can potentially set player's money, or other generalized vulnerabilities such as resources that act as a 'non real' Lua injector on player's demand.. such as a resource that has a file in its directory that can be loaded with loadstring, where the contents can be added into. That's a very stupid mistake that nullifies the scripting security level of a server, but it does happen regularly, also as a backdoor - always be careful who you trust to send you resources to use.

Also keep an eye on admin and admin runcode logs, to see if your admins/scripters aren't setting their own (or a friended player's) money somehow. @TiTawN

Thanks for the info ?

  • Like 3
Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...