TShock icon indicating copy to clipboard operation
TShock copied to clipboard

Published 20 hours ago verified publisher icon Pryaxis

SSC item smuggling, bruh

Open Walter-o opened this issue 4 years ago • 4 comments

  • TShock version: 4.4.0.0
  • TShock build number (if known): Pre-release 12
  1. Login to an SSC server
  2. Drop an item the moment you join ASAP
  3. Have a friend stand there to pick it up ASAP

0 plugins Server runs on Raspberry pi 2 B+ so can be a bit slow sometimes during saving

Credits to KnightEix and Hyper for finding this

Walter-o avatar Sep 02 '20 18:09 Walter-o

Something to think about when addressing this issue is that this sort of stuff is hard to prevent. You can stop unregistered players from dropping items as soon as a plugin is created for it, but that may not prevent the whole problem. People who patched their client can spawn items while they are in game. Afaik it's possible to make an item tracking plugin to discern counterfeit (e.g. the server remembering all items a player picked up and judging players who have something they never picked up), but it sounds like a nightmare to accomplish.

I believe controlling this is most likely going to be a project never to be completed.

MarauderKnight3 avatar Sep 28 '20 23:09 MarauderKnight3

@MarauderKnight3 It is indeed a nightmare and a bunch of plugins have made a reasonable attempt at doing it but they are either private (Phantasm by me, NoCheat edit by Commaster) or unfinished, abandoned or otherwise underdeveloped (original NoCheat by MarioE)

I would recommend picking up MarioE's anticheat as a base to understand one of the possible approaches and working from there. But yes, this most likely won't be fixed in tshock, it's a much wider issue that we can't afford to bandaid.

bartico6 avatar Sep 29 '20 22:09 bartico6

bruh look, imma keep it real.

SSC off = people can bring any modded / overpowered items without client modifications SSC on = people can bring any modded / overpowered items without client modifications

y'all be trippin if u think i am an anti-cheat developer with 0 tracked issues and ya hella high if u think i boast about being owner of just an (under construction) domain.

but you might be on some yeezy's if you think i'm abandoning this T ship.

No offense to the T-shock open-source developers tho, my respect

Walter-o avatar Oct 06 '20 08:10 Walter-o

Simple prevention can be done by setting LogonDiscardThreshold in ssconfig.json to a few seconds of time (this is in milliseconds) so then tshock will reject items thrown within this time after joining. Only for throwing, not some full-fledged anti-cheat.

Quinci135 avatar Oct 15 '20 03:10 Quinci135