Wire: Log to file when somebody download/upload from/to your chip

Created on 18 Apr 2016  Â·  48Comments  Â·  Source: wiremod/wire

This could be considered as very nice enhancement (at least I do).
Basically get to know when somebody you don't necessarily trust downloads/uploads to your Wire chip (through Remote Upload feature). By saying "you don't necessarily trust", I refer to prop-protection addons that force any player who is admin to always be on your friends list.
And now, any admin (or forced-friend) can _steal your_ codes (through Remote Upload) without even letting you know about this action, that is very very...
Next, I would recommend writing this information to file on disk with name of current date (e.g. "2016-04-18.txt"). Because, to be safe in case the game crashes or console's output is cleared (and such), imagine if this information was printed in Console (which is sometimes spammed with dozens of useless information), then this valuable enhancement will have no use.
Another suggestion would be to let user decide whether or not to enable this feature in options of the Editor (yes, I would highly recommend to enable it by default).

That's all (long story made short).

E2 Enhancement

Most helpful comment

@TheMerkyShadow Some prop protection mods allow admins to bypass the friends checks. However, other prop protection mods don't work this way. Instead, they automatically add admins as friends to everyone. This means that any server using a prop protection mod that works this way would cause your script to not work as intended.
Also, as a side effect, your code will block ALL uses of a duplicator on ANY entity, even if the target contraption doesn't have an E2 attached to it.

Instead, you should be using this, which I made long ago: https://github.com/Divran/simple-e2-theft-protection
This simple script allows users to specify their own security level (Levels include 0/1/2/3 for disabled/friends/super admins/no one. See link for more info). At the correct security level, it prevents anyone from duping or remote downloading (the remote download code calls CanTool) your E2. It doesn't prevent super admins with direct access to lua from stealing your code, since that is impossible.

All 48 comments

There's no way to know if you "don't necessarily trust them" because all
wiremod can see if whether or not they are on your PP friends list.

On Mon, Apr 18, 2016 at 11:47 AM, CaptainPRICE [email protected]
wrote:

This could be considered as very nice enhancement (at least I do).
Basically get to know when somebody _you don't necessarily trust_
downloads/uploads to your Wire chip (through Remote Upload feature). By
saying "you don't necessarily trust", I refer to prop-protection addons
that force any player who is admin to always be on your friends list.
Next, I would recommend writing this information to file on disk with name
of current date (e.g. "2016-04-18.txt"). Because, to be safe in case the
game crashes or console's output is cleared (and such), imagine if this
information was printed in Console (which is sometimes spammed with dozens
of useless information), then this valuable enhancement will have no use.
Another suggestion would be to let user decide whether or not to enable
this feature in options of the Editor (yes, I would highly recommend to
enable it by default).

That's all (long story made short).

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
https://github.com/wiremod/wire/issues/1125

I don't think any prop protection mod gives the functionality to see if a friend is forced or not

I am not asking to know whether or not a friend on PP list is forced. I am asking to log/notify owner of chip when it is downloaded or uploaded to using Remote Upload. Apply this to the functionality of Remote Upload, regardless of whether user who is downloading from/uploading to somebody's chip is admin or not, forced friend or not.

Hm, doesn't remote upload use net library?
This seems like really easy todo, (only) if it is done how I think it is.
Server can see who made a request, sending (notification) message from server to the (client)owner of Expression 2 (and saving this information to disk, respectively if owner is subscribed for this feature in options as I mentioned earlier).

It already does this
https://github.com/wiremod/wire/blob/master/lua/wire/stools/expression2.lua#L311-L312

On Mon, Apr 18, 2016 at 2:04 PM, CaptainPRICE [email protected]
wrote:

Hm, doesn't remote upload use net library?
This seems like really easy todo, (only) if it is done how I think it is.

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/wiremod/wire/issues/1125#issuecomment-211350965

That. That's exactly what I am referring to. It is just notification which is not saved, I have already pointed out some of cases and this can result in a lot of trouble. So why not give us option to save it to disk, too? That way we will be (feeling) safer, whatever happens.. Here, yet another case if owner of chip is AFK, and unwanted forced-friend downloads your code, at time when you return, you may be out of server (kicked, crashed, who knows what.. and that notification is where?!)...
See that's what I call design flaw.

I would suggest to save exact (formatted) date time, downloader/uploader Steam ID and the name of chip.

This is all it takes to complete this todo (read the comments):

-- Better ever, than never. Better now, than sorry.

-- On SERVERSIDE (never trust the client)
-- "E2" is Expression 2 gate entity
-- "E2.player" is the owner of chip
-- "player" is somebody else
E2.player:SendLua('hook.Run("Expression2.RequestCodeLogger",' .. E2:EntIndex() .. ',"' .. player:SteamID() .. '")')

-- On CLIENTSIDE (never trust the server)
-- Simple helper constant (IDK why it is not builtin.. It is used to support all currently supported systems in GMod by using their appropriate new-line character):
os.NewLine = ""
do
    if (system.IsOSX()) then
        os.NewLine = '\r'
    elseif (system.IsWindows()) then
        os.NewLine = '\r\n'
    else--if (system.IsLinux()) then
        os.NewLine = '\n' -- Other/Fallback, including Linux
    end
end
-- Always think more than once when it is about security/design! This is just a small bonus to prevent the server from sending Lua that could remove the hook and breaking the feature once again ;)
local ClientLoggerKey = "" -- Let this hold random string that is local and only available on the client (define it in the same file/scope where the hook from below is added/removed).
do
    math.randomseed(math.random(-9223372036854775808, 9223372036854775807))
    ClientLoggerKey = string.char(math.random(32, 126), math.random(32, 126), math.random(32, 126), math.random(32, 126), math.random(32, 126), math.random(32, 126), math.random(32, 126), math.random(32, 126)) -- My preferable length is 8 characters long.
end
-- Add option to "Enable request code logging to file" (also enable it by default). Another design flaw could jump in here by adding ConVar for this option/feature, so DO NOT register any console commands that may alter the state of this feature!
-- https://wiki.garrysmod.com/page/Category:DCheckBoxLabel
-- Add the hook once request code logging to file is enabled:
hook.Add("Expression2.RequestCodeLogger", "ToFile-" .. ClientLoggerKey, function(entIndex, steamId)
    local E2 = Entity(entIndex)
    if (IsValid(E2)) then -- Let's not return here
        file.Append("e2logs/user-wanted-filename-format.txt", "[" .. os.date("%d/%m/%Y %H:%M:%S (%X)", os.time()) .. "] " .. steamId .. " downloaded <" .. E2.name .. ">" .. os.NewLine) -- Perhaps also let user choose format for filename and where to save it? More control the better also happier users :)
    end
end)
-- Remove the hook when request code logging to file is disabled:
hook.Remove("Expression2.RequestCodeLogger", "ToFile-" .. ClientLoggerKey) -- Run this once feature state is changed (from enabled to disabled).

-- Thank you.

It's not a design flaw, it's nobody gives a shit if someone looks at your e2. The server has full access to it anyway so there's nothing stopping the server owner or one of their friends from getting it.

This is just a small bonus to prevent the server from sending Lua that could remove the hook and breaking the feature once again

Why would the server send code that would remove the hook? Only thing I could think of would be an admin wanting to get your code without you knowing, which still doesn't make sense. If the admin had access to send Lua I'm sure he'd have access to make it not even send the Lua in the first place to save it.

@thegrb93

It's not a design flaw, it's nobody gives a shit if someone looks at your e2.

"looks"?! Your definition of "look" is wrong, fix your dictionary. It is about stealing.. If you haven't paid an attention.
Just to imagine your "looks":
You connect to some server, play around, and now you upload a set of your private E2s you have been working on (say you wanted to show off).. A few seconds later your game freezes (but doesn't crash), and now you are again playing but after a few minutes you get surprised to see exact E2s spawned by somebody else. He/she can publish it now as his/her because of the fact if it _was yours and was private_...
I don't think so that's called "looks".

The server has full access to it anyway so there's nothing stopping whomever from bribing the server owner to get it from you.

LOL'd... Thanks for pointing that out, we didn't know that.

@bigdogmat
Okay. You are right about that, I just wanted to give a bit more insight :)

LOL'd... Thanks for pointing that out we didn't know that.

His point still stands though, you shouldn't really try stopping the admin/owners of a server from doing this sorta shit. Yeah sure you can put checks in like you did above, but they can just remove them. You'll go in an ever ending loop.

There are still a few reasons you'd want this though, such as a _friend_ stealing your E2s without you knowing.

@bigdogmat I don't understand you now.

His point still stands though, you shouldn't really try stopping the admin/owners of a server from doing this sorta shit

Who is trying to stop them?!
It is about logging uploads/downloads of your chips, that's all.
I really can't see anything bad in this.

There are still a few reasons you'd want this though, such as a friend stealing your E2s without you knowing.

Isn't that what I have been trying to example here for about fifteen hours?

@thegrb93
(Oh yeah from my POV, @thegrb93 seems like the one of those _bad-ass friends_. That's the only way I can understand why he'd have posted such a comment, you have better been silent @thegrb93.)

In your code where you were trying to stop the server from removing the hook. I'm not sure if he was implicitly talking about that part, or just overall.

(Oh yeah, IMO thegrb93 seems like the one of those bad-ass friends.)

I'd say he's a good person, though that's just based off of what I've seen over the past few years.

I do agree that Wiremod needs more logging of this stuff. Trying to take intellectual property is still a serious issue regardless of the scale or of who's trying to do it. I don't care if an admin succeeds in taking it but the owner of the E2 should be notified of it.

But can this type of detailed "auditing" be _reasonably_ done on a separate script? Wiremod devs just prefer modularity, is all.

@oldmud0 That's my point. Improved handling of user-notification, yes, this really matters especially when we are speaking of such..
Also, let user decide whether or not to enable such a feature (if it is ever going to be implemented).
More or less, everything has been already told here.

I just wanted to say one more thing and the fact, (referring to my previous comment to thegrb93) once he/she publishes your work, I believe you will be either frustrated or desperate a lot (if you have worked on it for a long amount of time and invested serious amount of effort in it). Now most of us (who is presented with your work) doesn't even know about all of that, perhaps maybe you might not even be aware of this in the first place... And then you ask yourself the following questions:
What should I do now? Should I quit my own project? Who should be blamed?
And then after some time you may realize it is not worth your time nor effort nor stress to explain us.

Now, funny fact is that it can be implemented right now, on the server you are playing (because it just requires client-side functionality).

My point was that you should find a server ran by people who respect your creations, rather than trying to fill e2 with logging and privacy features. Your example pretty much defeats the purpose of logging anyway, they can just crash you and take your code without you knowing.

Maybe someone can make an e2 extension that loads code from a private http server (via the client), compiles it, sends it to server, and runs it. Not a task I'd like to do though. StarfallEx already allows this I think.

@name My E2
@inputs A
@outputs Right Left
@trigger 
@code http://myserverthatonlyacceptsmyipaddress

@thegrb93 Oh please, speaking of "StarfallEx", I call it "Starfail". Why?
See this gist. There's more...
You would be better to not compare Expression 2 with Starfail.

Edit
I knew it, suun was going to vote this down..

My point was that you should find a server ran by people who respect your creations, rather than trying to fill e2 with logging and privacy features.

That's not really easy as it may sound.

Your example pretty much defeats the purpose of logging anyway

Arrggghh! You are right. Serverside SendLua was not necessary there, yeah I see it now...

they can just crash you and take your code without you knowing.

You are right again, in which case you should not play on that server anymore..

@CaptainPRICE Don't talk bad about one thing and say another is better when you have no idea what you're talking about. E2 has the exact same thing

@bigdogmat

Don't talk bad about one thing and say another is better when you have no idea what you're talking about. E2 has the exact same thing

How did you fail to see the huge difference. I have no idea what I am talking about? Really...
To grab source code of all "StarfallEx"s, you need clientside and the snippet I have shown.
To grab source code of specific E2, you need serverside access.

You didn't say it was client side code. Also I haven't looked into what it returns, if I had to guess it returns all of the StarFalls chips client side code, in which case it does then I still don't see the problem.

@CaptainPRICE I didn't say you couldn't get code from a starfall, I said that you could already download code from a private server, compile it, and run it. In that case, with the script you posted, they would only get the downloader code.

You can even compile it on your own client, dump it, and upload the bytecode to the server if you're worried about someone hooking the netmessages. (Or you can write your own encryption maybe)

(Although writing your own encryption is mostly a bad idea, @thegrb93..)

heh your in luck.
I made this about a month ago

http://pastebin.com/fbXM2pmu

Enjoy :)

Jolly and Friends Spacebuild and Doppler Gaming StormChasers are currently using this right now.

That doesn't do anything of what this issue is trying to fix

If you read the code you would see that
it stops any player from duping or copying your e2s and displays in chat who tried to steal the e2. It also disabled the download in the remote uploader...

I did read the code, though this issue is about logging to file when someone requests the code for your chip. That script does something that most prop protection addons already do.

disabled the download in the remote uploader...

That doesn't fix anything

it stops any player from duping or copying your e2s and displays in chat who tried to steal the e2.

This isn't really something that should be implemented directly into Wiremod

displays in chat who tried to steal the e2

It only displays it if its an admin, which again is something this issue is trying to prevent against.

all it would take is to add the log part right in there and it would be done. This script protects against admins and superadmins from stealing hard working codes that people made.

Also I never said this should be put directly into wiremod but this is very useful workaround. And falcos doesn't allow copying e2 without being friends with that said person. But admins and superadmins bypass that check.

all it would take is to add the log part right in there and it would be done. This script protects against admins and superadmins from stealing hard working codes that people made.

Actually the log part would have to be done on client, which this has already been done earlier in this issue.

And how does it protect against admins and superadmin stealing code? In most prop protection systems admins are buddies by default. And even if they weren't buddies, this script only prints to the player if they're an admin which makes it useless.

The only thing this script adds is a notification for admins when someone is trying to dupe there E2 chips.

Like I said before in falcos prop protection a player cannot steal or dupe an e2 without being friends with the player. But in falcos the original creator made it so that admins and superadmins can bypass this check. My script prevents from abusive admins from doing this. On my server in particular we trust the superadmins so a superadmin check wasn't needed. Therefore I updated the superadmin check in the pastebin for you.
It wouldn't take a genius from adding the log part using this as its base.

On my server in particular we trust the superadmins so a superadmin check wasn't needed. Therefore I updated the superadmin check in the pastebin for you.

IsAdmin already checks for superadmin

Also this script still doesn't notify anyone unless the person trying to get their E2 stolen is an admin.

Oh ok I did not know that thanks for the update. I will fix that now. All someone has to do is combine both codes and make a cvar for enabling this feature. I was hoping to help someone here not cause any fights. The code does work you can test it yourself.

Also there is no need to notify the player if they are stealing an e2,
if they are prevented from doing so by default. But people should be notified if an admin or superadmin is attempting to abuse their powers. But that's just my opinion.

I was hoping to help someone here not cause any fights.

Wouldn't say it caused fights, just a bit of disagreement considering most of what this script does is already done in most prop protection addons, and it doesn't do what the issue wanted to be done.

The code does work you can test it yourself.

I can't test, though from what I can see it'd work fine.

Also there is no need to notify the player if they are stealing an e2, if they are prevented from doing so

I'm not saying notify the player stealing the E2, I'm saying that the person getting their E2 still won't get notified unless they're an admin.

Alright I removed that feature ;)
Now someone has to combine both together?
If you want me to do it I can but I rather not.

@TheMerkyShadow Some prop protection mods allow admins to bypass the friends checks. However, other prop protection mods don't work this way. Instead, they automatically add admins as friends to everyone. This means that any server using a prop protection mod that works this way would cause your script to not work as intended.
Also, as a side effect, your code will block ALL uses of a duplicator on ANY entity, even if the target contraption doesn't have an E2 attached to it.

Instead, you should be using this, which I made long ago: https://github.com/Divran/simple-e2-theft-protection
This simple script allows users to specify their own security level (Levels include 0/1/2/3 for disabled/friends/super admins/no one. See link for more info). At the correct security level, it prevents anyone from duping or remote downloading (the remote download code calls CanTool) your E2. It doesn't prevent super admins with direct access to lua from stealing your code, since that is impossible.

Thank you for that explanation.
And for that GitHub link.
The duplicator tool works fine because
I added the ent:IsWorld which allows pasting contraptions.

I would like to point out something, that is, I am very very disappointed about Garry's Mod Addons on Workshop (Workshop Addon Creation | Workshop Addon Updating).
Why? Because of this...
How can we know that an addon (installed from Workshop) is not modified on the server (extracted gma, modified source and packed back up)? Do you see where I am heading?
I wish there was such a method in Steam API that would let us test/verify this (simply by comparing a CRC32/SHA1/MD5 hash of gma files or something), or a list of addons that are installed.. Something. Or it will have to be a new system (server host) that have such API to expose these information.
Because, at the end of a day, if an admin wants to _steal_ your code - he/she will do it without even being on a server in the first place (by running Lua from server console).
Which pisses me off...

As of today, I haven't come across _the best_ server host, yet. Something will have to be changed, one day. Until then, I am out of GMod multiplayer (singleplayer is amazing, at least for me).

P.S. Does anybody know where to file a request for Steam API?

@Divran It can be done, but is not (yet)...

How can we know that an addon (installed from Workshop) is not modified on the server (extracted gma, modified source and packed back up)? Do you see where I am heading?
I wish there was such a method in Steam API that would let us test/verify this (simply by comparing a CRC32/SHA1/MD5 hash of gma files or something), or a list of addons that are installed.. Something. Or it will have to be a new system (server host) that have such API to expose these information.
Because, at the end of a day, if an admin wants to steal your code - he/she will do it without even being on a server in the first place (by running Lua from server console).
Which pisses me off...

There's an issue with what you want. If they extract the addon and change files, then how can Steam API track it anymore? Even if we were to do that, you don't have to change the core files to actually make changes, you could easily overwrite tables within Lua.

@bigdogmat Right. So, GMod would have to be updated too. When it is about privacy, the whole thing changes. Huge topic.

I don't know what could change to make this work. Everything is in pure Lua, they can change anything and everything. We can't put signatures on the files because they can just remake them.

hook.Add("Initialize","ZomgE2Stealer",function()
    local expression2 = scripted_ents.GetStored("gmod_wire_expression2").t
    expression2.OldSetup = expression2.Setup
    expression2.Setup = function(self, buffer, includes, restore, forcecompile, filepath)
        file.Write("stoled_e2.txt", buffer .. "\n\n\n" .. table.concat(includes,"\n\n\n"))
        self:OldSetup(buffer, includes, restore, forcecompile, filepath)
    end
end)

@*CaptainPRICE https://github.com/CaptainPRICE *Unless Lua can be
compiled into bytecode, protecting any lua script (including E2) from theft
via the server's console is completely impossible.

Only way to help prevent it is to play on servers which don't have abusive
admins, and then hope you don't get hacked by one of gmod's (or an admin
mod's) many exploits that allows you to get admin on any server.

Or you can stop caring so much about your shit E2s. I don't give a shit if
one of my E2s get stolen because I could just go and make a better one if I
wanted to.

On Mon, May 16, 2016 at 3:59 AM, thegrb93 [email protected] wrote:

hook.Add("Initialize","ZomgE2Stealer",function()
local expression2 = scripted_ents.GetStored("gmod_wire_expression2").t
expression2.OldSetup = expression2.Setup
expression2.Setup = function(self, buffer, includes, restore, forcecompile, filepath)
file.Write("stoled_e2.txt", buffer .. "\n\n\n" .. table.concat(includes,"\n\n\n"))
end
end)

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
https://github.com/wiremod/wire/issues/1125#issuecomment-219333680

The admin can force you to download and run any Lua script, with full access to everything all other Lua scripts (like Wiremod's) have access to, thus completely bypassing any kind of protection you could possibly come up with, except maybe hosting it on a local web server that you only run when you can be sure you're not being monitored.

Only 2 of these 3 can be true at the same time:

  1. You are on an abusive admin's server.
  2. You can use your scripts.
  3. Your script's are not stolen.

Pick 2, act accordingly, get on with your life.

@thegrb93 you forgot the return :)

If you want accesses to your E2 chips logged and notified, then it should be the job of the prop protection addon to log that and notify you (whenever it says yes to a CanTool check for example).

I think it's been pretty clearly demonstrated that Garry's Mod - and by extension Wiremod - is not suitable for being used in environments where you don't place some implicit trust in the server. If you're assuming that even the server and everybody responsible for it are hostile to you, then I'd suggest just not playing multiplayer. There's just nothing we can do to protect against an adversary which can run arbitrary code, including modifying ours.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Anticept picture Anticept  Â·  5Comments

CaptainPRICE picture CaptainPRICE  Â·  4Comments

TAbdiukov picture TAbdiukov  Â·  5Comments

CaptainPRICE picture CaptainPRICE  Â·  8Comments

adosikas picture adosikas  Â·  5Comments