Bounty for finding security flaws and working cheats in MTA

[ccw]

Help MTA by finding security flaws and working cheats so we can fix them.

Vulnerabilities from resources:

* €100 - Run arbitrary x86 code in MTA
* €50 - Ability to run a compiled script that has not been compiled at https://luac.multitheftauto.com/ (or otherwise authorized by MTA)
* €50 - Read directories outside of MTA install directory
* €Ask - Other vulnerability you may have found

Client cheats:

* €30 - Working cheat engine variant
* €30 - Other working cheats
* €15 - Exploiting (previously unknown) bugs or glitches
* €5 - Using a program to gain unfair advantage

MTA web sites:

* €50 - Serious security breach
* €30 - Small security breach
* €15 - XSS with exploit potential
* €5 - XSS without exploit potential
* €Ask - Other vulnerability you may have found

Terms:

1) Game vulnerability/cheat must work on latest 1.5 nightly, with all AC detections enabled.
2) Submit your vulnerability/cheat by creating a topic in the Private Bugs board.
3) Only the first person to submit any particular vulnerability/cheat will get the bounty.
4) We reserve the right to change terms in case of abuse or other similar reasons.
5) We only accept PayPal for bounty payments.

P.S.

The undetectable MTA cheats from BoxyHaxSamp (multihack nbvf, Aim bot, Change Serial) are all scams, so please don't bother reporting them.

 

If you are wondering why MTA pays security researchers/ethical hackers:

Note: the MTA AC team uses "method" in 1 breath with "vulnerability" and "technique"

MTA has a security-oriented anti cheat that doesn't work by signatures of individual cheats, but patches the underlying method (then considered a vulnerability) used to get cheating functionality. It's complicated to explain and would be an essay, but we summarized it in the below spoiler. Open it to read, especially if you plan to try and hack MTA for the bug bounty program

Spoiler

There's a rat race between MTA AC and cheat developers, and at most times MTA is a long way ahead of hackers (they don't know how many things we patched, from many years of collecting bug bounty reports and our own research). So basically, they run out of methods that they can possibly use to create cheats, and they will constantly need to find new ones because this "proper" anti-cheat concept, which most of the gaming industry doesn't use, means that once patched, a method or vulnerability can never be used again. We don't fight symptoms (like other AC would make a signature of the cheat file) but we fight the cause.

Experienced cheat developers that come to MTA (basically the "OGs" from cheating communities or forums) will even be surprised how many things that they know from the back of their head would work in most other games, won't work in MTA (because of us being ahead in the method patching rat race). Furthermore, they expect that since most anti-cheats detect the cheats on a file or signature level, and rely on causing ban waves, that they can just take an old hack source and update it (or rewrite it using the same techniques), and that it would be undetected and work.. no it won't, because the method is probably patched.

If you don't fully comprehend what "method patching" is, then think of it as "Security by design".. most cheaters would think of bypassing the AC at this stage of failing to use plenty of methods, but with security by design this won't really work out as they expect. But in fact, it's looking why a cheat is able to achieve cheating functionality, and then prevent that from working to begin with.

The main factors behind MTA AC's strength that we don't need to conceal: the security approach (method patching described above), strong heuristics of abnormal activity so in the unlikely scenario you got an undetected cheat, you'll leave traces.. and a lot of general protections as well (for example against memory modification, debugging and hooking). The heuristics also mean that we are able to ban a lot of cheat developers, after they obviously failed in their attempts many times (MTA AC will still know something isn't right, and they often do things like arbitrary memory modification and therefore unique enough, not from a known cheat, to determine it's custom and therefore probably a cheat dev). So, if you want to participate in the bug bounty program (set out for it rather than submitting something you already found) and intend to go "full berserk" on the anti-cheat (and expect that your activity will therefore mimick a malicious cheat developer), then please let us known in advance so that we can go easier on you in case you get banned. But the fact you got banned means you failed in your quest (because you had no bypass and got detected, like cheat devs would) and therefore were unable to find a vulnerability or method in a practical and realistic situation (with the anti cheat present to catch you), so the amount of times we can unban you is limited and depends on the type of exploit hunting you're doing, and how we picture you (it's on our discretion, and please do follow our instructions).

If you didn't let us know in advance (and got detected), then we will probably have to treat you like any other cheat developer/cheater, because obviously any such person with bad intentions can pretend they did it only to help MTA AC improve, in order to get unbanned or not dealt with severely.

 

Footnotes:

- This piece (the entire spoiler) was written by Dutchman101

- ccw is the real OG (in writing such a good anti-cheat), but the amount of free time he has for 'keeping up' with the hackers, and continue patching things, is constantly changing. He has made the AC into his life work, after being disgusted by how other GTA multiplayer mods are infested by cheaters ruining the game. Most of the times there are only working MTA hacks once or twice a year, and they get patched really quickly (in less than 2 days). But due to the differences in manpower, at times it can take longer, or the things that take more effort to patch (due to their advanced nature) may linger around for a period of time until we get to them. Me (Dutchman101) alone, I am not as skilled as ccw, who is the lead anti-cheat developer, so there might be periods of less effective coverage for a certain type of cheats until we patch it for good. This situation may also delay bounties being paid out.

We will always strive to do the neccesary, keep minimizing these periods of less activity in anti-cheat development (so as to make it harder for the cheat developers to 'catch up' and get the head start we still have over them), and even if it ever dwindles, like it's starting to do mid-2020, we will keep doing our best to cause actual cheaters, so far admittedly a very uncommon sight on MTA, to get banned and facepalm.

 

[Mellnik]

Oh woah! I'll get my Ollydbg out even tho I would contribute without wanting a reward.

[Disinterpreter]

Good idea!

[adamix]

Too late for me... i have been done two versions of my MTA:SA Hook early...

[Mega9]

Oh my rainbow!

[bartekdvd]

What is the bounty for server crasher working on all versions (1.3 & 1.4)? If it is below €50 I'm not really interested in (JK ).

[Easterdie]

Can I claim for payment of old found working and now closed software? XDDDDDDDDD

[ccw]

Just in case anybody doesn't know, PM means Personal Message

[Kenix]

Good idea Chris! I guess it will help.

[Markeloff]

Aren't you encouraging coders to create their hacks for MTA with this way?

[ixjf]

That's the whole point. It's common for big companies to pay people to find security flaws in their software so that they can fix them.

[Woovie]

Aren't you encouraging coders to create their hacks for MTA with this way?

If they can make a hack that bypasses our anti-cheat and is willing to give it to us, sure. He can probably make more money selling it to idiots though.

[manve1]

Aren't you encouraging coders to create their hacks for MTA with this way?

If they can make a hack that bypasses our anti-cheat and is willing to give it to us, sure. He can probably make more money selling it to idiots though.

Yeh, but if idiots use it then it will be easier to detect as well as someone would share it or sell it to mta and get his money back.

[Markeloff]

Aren't you encouraging coders to create their hacks for MTA with this way?

If they can make a hack that bypasses our anti-cheat and is willing to give it to us, sure. He can probably make more money selling it to idiots though.

They (he) will give you the cheat for sure to get the prize then sell million of copies to idiots. He will benefit from scamming them, however he will not be able to cheat as you will find ways to block the way he used to bypass your security.

[Anubhav]

Thats a big issue. If you keep making hacks and keep giving here, whoever does that shouldn't get the bounty. Because how can he keep finding hacks so fast? He can only make them and get the money. They'll be pretty rich by this and as Markeloff told.

[manve1]

If you can find tons of different ways on making hacks, you will get as much money for as much as you've made.

That's a good way for hackers to try out their skill as well.

[xXMADEXx]

Thats a big issue. If you keep making hacks and keep giving here, whoever does that shouldn't get the bounty. Because how can he keep finding hacks so fast? He can only make them and get the money. They'll be pretty rich by this and as Markeloff told.

They're paying to make the hacks so they can make the anti-cheat system flawless, I'm sure they'd almost love it if someone kept making hacks and giving them to the developers.

[manve1]

Either way the hack will get detected, it's just a choice of speeding the process up and earning some money.

[ByeByeMTA]

Thanks to ccw for give me bounty (21.25$)

Please close the topic.

[Blast3r]

Thanks to ccw for give me bounty (21.25$)

Please close the topic.

Why would he close the topic when there's a possibility of even more flaws being around and more bounty to give away for them?

[ByeByeMTA]

Thanks to ccw for give me bounty (21.25$)

Please close the topic.

Why would he close the topic when there's a possibility of even more flaws being around and more bounty to give away for them?

3) Only the first person to submit any particular vulnerability/cheat will get the bounty.

[ixjf]

Notice "any particular" in the sentence. It means only the first person who finds a particular vulnerability/cheat gets the bounty. If two users submit the same, only the first will get it.

[Tut]

Welcome to the forums @PigHeaD.

For reporting MTA cheaters, please send a forum PM to Dutchman/ccw, as outlined in the Global Ban thread.
For submitting cheats and malicious files, please create a thread in the Private Bugtracker.

[Mahdiii41767]

Serial:BEEC914FDA74699D4CBACF91DD3A07E4

Banned By mta reson:serial tampering

[Vinyard]

44 minutes ago, Mahdiii41767 said:

Serial:BEEC914FDA74699D4CBACF91DD3A07E4

Banned By mta reson:serial tampering

Hi, welcome to the forums!

If you'd like to appeal your ban, you will have to create a topic in the Ban appeals section. This topic is not the right place to do it.