Skip to content
/ salty_tokenizer Public

Add security tokens to FiveM server events through obfuscated client events.

License

GPL-3.0 license
61 stars 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SaltyGrandpa/salty_tokenizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
client.lua
client.lua
 
 
config.lua
config.lua
 
 
fxmanifest.lua
fxmanifest.lua
 
 
init.lua
init.lua
 
 
package.json
package.json
 
 
server.lua
server.lua
 
 
uuid.js
uuid.js
 
 

Repository files navigation

salty_tokenizer

Add security tokens to FiveM server events that are accessible from the client in order to prevent against Lua injections (and similar cheats).

Features

  • A unique security token is generated for each resource on each server restart.
  • Tokens are sent through listeners that are obfuscated per client and unique every time the player joins.
  • Tokens can only be requested by the client once. This prevents a cheater from attempting to retrieve the token at a later time.
  • Players that trigger a server event without a valid security token are kicked from the game.

Installation

  • Install yarn (Can be found in /resources/[system]/[builders]/yarn)
  • Configure salty_tokenizer using the config.lua file.
  • Add ensure salty_tokenizer to your server config.
  • Restart your server.

Usage

The security token is stored in a variable named securityToken on the client side in each resource. In order to retreive the security token for a given resource, you must include the init.lua script in your resource's __resource.lua or fxmanifest.lua file. The init.lua script must be included as both a server and client script:

server_script '@salty_tokenizer/init.lua'
client_script '@salty_tokenizer/init.lua'

Note: If you implemented salty_tokenizer prior to the init.lua script being released, it will continue to function normally and no changed need to be made.

Client

Once the token is received, it can be passed along with a server event to be validated on the server-side:

TriggerServerEvent('anticheat-testing:testEvent', securityToken)

It's recommended to make sure that the client has the token to prevent false positives, like so:

Citizen.CreateThread(function()
	while securityToken == nil do
		Citizen.Wait(100)
	end
	TriggerServerEvent('anticheat-testing:testEvent', securityToken)
end)

Server

In order to protect a server event, a simple if statement must be added.

RegisterNetEvent('anticheat-testing:testEvent')
AddEventHandler('anticheat-testing:testEvent', function(token)
	local _source = source
	if not exports['salty_tokenizer']:secureServerEvent(GetCurrentResourceName(), _source, token) then
		return false
	end
	print("Authenticated")
end)

About

Add security tokens to FiveM server events through obfuscated client events.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

61 stars

Watchers

5 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages