Resource scrambler - Randomize all custom resource events [Anti lua-injector]

Special thanks to @Blumlaut for helping me debugging it out


Releases : https://github.com/indilo53/fxserver-resource-scrambler/releases

fxserver-resource-scrambler

Replaces all your registered server and client events with random generated ones, to prevent script-kiddies from triggering sensitive events using lua injectors.
The best advice in general is to never trust the client and make appropriate changes to your resources

Usage

  1. Do NOT forget to backup all your resources before using this script
  2. Download the latest zip and extract it releases
  3. Place all your resources in the resources directory
  4. Run the executable and let it do its work.
  5. Put back the generated; modified resources inside scrambled-resources back in your server resources directory, and enjoy!

I don’t know if it will work for everyone, this is just an experiment. Please report issues you’re having, and provide helpful information so that I can debug this - providing a copy of the script that is breaking the application is also helpful.

index-win was built using pkg, if you feel bad running a .exe just do an npm install and run node ..


Event tables can be found in scrambled-resources/scrambler-events.json

You can listen for the event scrambler:injectionDetected server-side to catch malicious users (don’t forget to start scrambler-vac in server.cfg).

AddEventHandler('scrambler:injectionDetected', function(name, source, isServerEvent)

  local eventType = 'client'
  
  if isServerEvent then
    eventType = 'server'
  end

  print('Player id [' .. source .. '] attempted to use ' .. eventType .. ' event [' .. name .. ']')
 
end)

You need to keep a copy of the original source code, when you make any change to the source : re-scramble all your original resources at once

Do not forget to include fivem base resources and mysql-async if you use it

31 Likes

Can we please get the source code for index-win.exe?

on the github : index.js

@d0p3t it was built with https://github.com/zeit/pkg

Alright. I just wanted to make sure. Would be great to include that in the repository as it was confusing as to how it was built. Executables are scary.

Anyway, the file is clean
https://www.virustotal.com/#/file-analysis/ZDQ3MWI0ZDg4ZWJkYjAxMjQzMjA2MmJjNWNjZDY3ZWI6MTUyNTYxNzY0OA==

Alright, I am doing it right now

thank you ! for this resource

Np :slight_smile: It works for you ?

Fantastic resource mate, have tried it and it went smoothly, however won’t load into the server now. I’ll keep working on it and post back to you.

1 Like

i put in policejob and check whats come out and it change some triggers to like
ESX.TriggerServerCallback(‘ed5a804d-6f0f-4f52-a4da-8cf6b3243cd3’, function(data

I you change only one resource it will not work correctly if these events are used by others resources but the result you posted is the expected program output.

when only policejob it change only policejob events
but when i put also esx_skin
it change also events in policejob about skin
so it work good

1 Like

thanks you big boss <3 your favorite little rabbit :sweat_smile:

1 Like

Please post some feedback and test lua injector with it so I can improve it

1 Like

Most people who have these are banned.

Thats a load of bull scott :stuck_out_tongue:

Good point, I think someone made an unbanner where it resets your license.

For me it’s work i try to trigger event by lua injector and nothing happened. Good work :smiley: All resources of course work normally.

Fivem could always go to hwid banning or mac adress banning to get rid of them but it would be more work for them

Yeah its really easy for hwid checks in c++ and c# and such but yeah. with hwid they would have to reinstall windows unless they use true hwid then they would have to change motherboards to come back or some how change serial of motherboard and other components