Add player max sync speed parameter and enhance puresync validation#4988
Open
QueryOfficial wants to merge 1 commit into
Open
Add player max sync speed parameter and enhance puresync validation#4988QueryOfficial wants to merge 1 commit into
QueryOfficial wants to merge 1 commit into
Conversation
- Introduced a new configuration parameter `<player_max_sync_speed>` to limit the maximum believable speed for on-foot players, mitigating sync-manipulation cheats. - Updated `CPlayer` and `CSimPlayer` classes to track last accepted puresync positions and related data for anti-cheat measures. - Enhanced puresync packet handling to reject invalid coordinates and ensure proper validation against the new speed limit. - Refactored related methods to maintain consistency in puresync state across player actions and network packets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds server-side on-foot puresync sync-manipulation guard — forged position/velocity is dropped before server state updates or relay to other clients.
mtaserver.confsetting:<player_max_sync_speed>(default360km/h,0disables)CPlayer/CSimPlayertrack last accepted puresync baseline (position, tick, vehicle contact-relative coords)CPlayerPuresyncPacket+CSimPlayerPuresyncPacket(main + sim thread, before apply/relay)Server/mods/deathmatch/README.sync-manipulation-guard.mdNo client or netcode protocol changes.
Motivation
Sync-manipulation cheats forge outgoing on-foot puresync while staying on foot locally. The server used to accept and relay that sync; remote clients then simulated impossible movement and launched nearby vehicles/players.
This fix rejects forged packets at the server read stage on both main and sim threads. Threshold-based (max believable on-foot speed), not full GTA physics — balances protection vs. jetpack, knockback, ping, and vehicle surf.
Test plan
Build this branch, use 2 clients (attacker on foot + victim in a nearby vehicle), private test server, default
<player_max_sync_speed>360</player_max_sync_speed>.Repro script — mirrors the documented exploit; requires a client that can forge outgoing puresync (
api.sync.*= cheat/test hook):Expected results
Checklist