Dropped ChocoHax 1.8.5

Dropped

nit34byte

Chocolate CEO
Staff member
Administrator
Jun 20, 2021
929
129
1,390
localhost
www.lynxcollective.ltd
ChocoHax 1.8.5 has been released

Changelog:
  • Screenshots taken by administrators/console are now being checked automatically for any suspicious activity (Mod Menus) to automatically ban the player.
  • Adding support for txAdmin's adminAuth event to automatically bypass permissions check for txAdmin administrators. (You will get a notification in the console if you are authenticated as txAdmin administrator) (Requires txAdmin (v6.0.1) or above)
  • Patch for client-sided logs where the Discord image was not being sent or sent as text. [TESTED] but... I don't know what caused the problem, and I don't know if it's fixed or not. "Works on my machine" meme is real...
  • Added boolean config option [CHOCOLOG_HIDEIP] to hide the player's IP address from the Discord Logs.
  • Added boolean config option [CHOCOLOG_HIDEIDENTIFIERS] to hide player's identifiers from the Discord Logs.
  • Updated all the features to the new Discord Webhook API.
  • Optimized Discord Webhook API and censured the webhook URL in the logs in case of rate limiting (ERROR 429) or any other error.
    If you're getting this error, it means that you're sending too many requests to the Discord API. You can either wait for a while or disable the Discord Logs.
    If you are using the same webhook URL for multiple things, it could be the reason for the error. Try using a different webhook URL for each feature. If creating a new webhook URL is not the solution, it could be a problem with your Firewall, Internet connection, or your IP is banned by Discord's API.
  • Added boolean config option [WEAPONSPROTECTION_ANTIONEHIT] to prevent cheaters or players from killing other players with one hit and/or modifying the damage of the weapons. P.S. This option is not recommended to be enabled if using a custom damage script!!! (Default: false)
  • Added boolean config option [WEAPONSPROTECTION_ANTITAZEALL]
  • Added boolean config option [WEAPONSPROTECTION_ANTIKILLALL]
  • Added boolean config option [WEAPONSPROTECTION_MAXKILLDISTANCE] to prevent cheaters from shooting players from a long distance. (Default: 0) (Recommended: above 100, test before using on a live server!!)
  • Added distance check for projectiles too, using the same config option [WEAPONSPROTECTION_MAXKILLDISTANCE]
  • Added [CHATPROTECTION_BLACKLISTEDWORDS] detection to detect words that are split by spaces or other characters. e.g., bad word: f u c k or f.u.c.k or f uck [NOT TESTED]
  • Optimized client-sided detection to prevent false positives on connection or for potato PCs.
  • Patch for [CLIENT_ANTINOCLIP] to prevent players from being banned while on a boat or over the water. [NOT TESTED]
  • Removing [CLIENT_ANTILUASCRIPTS] and [CLIENT_ANTIEXTERNAL] as they are outdated and not working anymore.
  • Added [CLIENT_ANTIBLACKLISTEDWEAPONS] detections weapon name (if available) instead of hash to the logs.
  • Added Safety Notice when using resources like runcode that can be used to execute malicious code, to hide the notice remove the unsafe resource from the server or ignore the notice. I have it installed but it's stopped: NO. That's not a solution, backdoors can start it in any moment and use it without you even noticing it.
  • Found and fixed the problem with [WEAPONSPROTECTION] where some weapons were not being detected even if they were blacklisted.
  • Updated [WEAPONSPROTECTION], [EXPLOSIONSPROTECTION], and [FXPARTICLESPROTECTION] logs and added more details.
  • Added [WEAPONSPROTECTION_DISCORD_KILLLOGGER] to log kills between players with more details and a link to a map that shows the player's position on detection. (It's RECOMMENDED to use a separate webhook URL for this feature as it can be spammy)
  • Fixed Emojis not showing correctly in the Discord Logs.
  • Updated [STEAMTRUSTFACTOR] and added new features and [CHOCOHAX.STEAMTRUSTFACTOR] / [STEAMTRUSTFACTORBYPASS] permissions. Check the config page for more details.
  • Updated [CHATPROTECTION] and changed all booleans to customizable punishment for each kind of detection. Users asked me to have kick as punishment for links but not for bad words, so now you can customize it as you want.
  • Removed [CLIENTPROTECTION_ANTIRESOURCERESTART] and replaced it with a different feature that will prevent resources from being restarted by the client. You can restart resources; they will get whitelisted for 1 minute without any notice/warning... It's still not recommended to do it, but if you really need to restart a resource, you can do it without any problems.
  • Added Player Position link to a map that shows the player's position on detection.
  • Added Weapons and Entities link to a website with details of the weapon/entity on detection.
Last moment edit:

  • Added eventsProtection_antiallplayers, eventsProtection_antijailevents to the config for server owners that want to disable that specific detection
    P.S. THIS is not a new feature! it was already in use on ChocoHax 1.6.1.2 and is classified as stable so keep it enabled unless you know what you are doing
  • Added more exploit detections and eventsProtection_antiesxexploits, this is able to detect a lot of exploits that are available on older versions of ESX, It's recommended to keep it enabled even if you are NOT using ESX because it can catch some exploits that are not ESX related
  • Added eventsProtection_antimoneyexploit, a new detection method for money exploits, as always it's recommended to keep it enabled even if you are NOT using ESX because cheaters will always try anything... (They are clueless... sad...)


Now .... Let's take a look to ChocoHax Exports
Some of you already asked me about it, i couldn't add it before because i was busy with other stuff, but now it's here!
ChocoHax Exports allow you or your developer to use ChocoHax functions in your scripts, this is useful if you want to develop a plugin or just want to use ChocoHax features on one of your script.
In the attached file you will find an example of resource using ChocoHax Exports.

Example:
code_language.lua:
local _SDK = exports["chocohaxResourceName"]:sdk_public()

_SDK._P("moduleName","s","Hello, This is a text with %s and %s", "formatting", _SDK._PC.red("colors"))
_SDK._P("moduleName","w","You can also use %s text from the locale file", _SDK._L("example"))

_SDK._P("moduleName","i", "Your language is %s, if not available 'en' will be used" , _SDK._C("settings_language", "en"))
_SDK._P("moduleName","e", "This is an error message")

local email = _SDK._sys.email
local debugmode = _SDK._sys.debugmode
local uuid = _SDK._sys.uuid
local version = _SDK._sys.version
local operatingsystem = _SDK._sys.operatingsystem
local username = _SDK._sys.username
local datacenter = _SDK._sys.datacenter
_SDK._P("moduleName","i", "Email: %s", email)

RegisterCommand("kickme", function(source, args, rawCommand)
    _SDK._PLAYERSDATA.sendPlayerAlert(source, "Hi!!", "You're about to be kicked", "warning")

    _SDK.logPlayer(source,{
        module = "moduleName",
        reason = "Kicked himself",
        extra = "If you want...",
        permission = "none",
        img = false,
        punishment = "kick"
    })
end)

-- now let's try the same but with a ban and a permission check, in that case 'clientBypass'

RegisterCommand("banme", function(source, args, rawCommand)
    _SDK._PLAYERSDATA.sendPlayerAlert(source, "Hi!!", "You're about to be banned but let's check if you're an admin", "warning")

    local canBypass = _SDK.perms.hasperms(source, "clientBypass")

    if canBypass then
        _SDK._PLAYERSDATA.sendPlayerAlert(source, "Hi!!", "You're an admin, you can't be banned", "warning")
        _SDK._P("moduleName","w", "Player %s tried to ban himself but he's an admin", GetPlayerName(source))
        return
    end

    _SDK.logPlayer(source,{
        module = "moduleName",
        reason = "Banned himself",
        extra = "If you want...",
        permission = "none",
        img = false,
        punishment = "ban"
    })
end)

RegisterCommand("whoiam", function(source, args, rawCommand)
    local identifiers = GetPlayerIdentifiers(source)
    local formattedIdentifiers = _SDK._PLAYERSDATA.exportIdentifiers(identifiers)
 
    local name = GetPlayerName(source)

    _SDK._PLAYERSDATA.sendPlayerAlert(source, "Hi, " .. name, "Your Steam HEX is " .. formattedIdentifiers.steam, "warning")
 

end)
 

Attachments

  • choco_exports.zip
    2.8 KB · Views: 46

nit34byte

Chocolate CEO
Staff member
Administrator
Jun 20, 2021
929
129
1,390
localhost
www.lynxcollective.ltd
Patch 2.0

Events Hider: H
ide Trigger Server Events from dumpers such as Eulen's Triggers Dumper
  • Perform a backup of the resources you want to protect.
  • Resource must be clean, started and not obfuscated.
  • Resource must have server sided events and not using tokenized events.
  • This tool will edit the file and can be reverted by using the unprotect button
  • Hidden events can still be dumped using other methods and don't consider this as a 100% protection.
  • If your resource is not listed here it's normal, it means is not compatible with this tool.
  • Do NOT edit/restart protected files, unprotect and stop ChocoHax before editing or restarting the resource.

We do not take any responsibility for any damage caused by this tool there is low chance of this happening but it's still possible.

image.png
image.png


Some bug fixes: nil checks errors