$able 2 Posted March 2, 2012 (edited) Let's kick off March with two new features added in BE Server v1.131 and BE Client v1.151: 1. New script detection/logging that is fully customizable by server admins You can now easily set up your BE Server to scan clients for certain strings that are used in script attacks on your server, for example "createVehicle", "serverCommand", "setVehicleInit" or anything else that could potentially be exploited on your server. All you need to do to enable this is create a file called "scripts.txt" in your BE working directory (in the game's application data / profiles / BEpath folder, not the install folder - where bans.txt is placed as well) with per-line entries formatted as follows: [type] [string to search for] The following types exist: 1 - Log detections to "scripts.log" 2 - Log detections to server console 4 - Kick for detections ("Script Restriction #X") When logging detections, the BE Server logs an extract of 100 characters of the script being executed showing the detected string. You can combine types by adding them, so e.g. 3 causes positive detections to be logged both to scripts.log and server console, 5 causes detections to be logged to scripts.log and kicked for at the same time, 7 combines all methods, etc.. See the following random scripts.txt example (please do not use the list below unless You know what's command for/why): 1 createVehicle 1 setVehicleInit 3 serverCommand 4 godmode 3 Bo_Mk82 3 #shutdown 7 disableUserInput true Important update: http://forums.bistudio.com/showthread.php?131759-New-BattlEye-features-for-server-admins&p=2192402&viewfull=1#post2192402 2. Messaging players via RCon RCon admins can now directly send in-game messages to players using the new "say" command: say [player #] [message] If player # is -1, the message is sent to all players. Otherwise the message is sent privately to the specific player. Note that player # is the one shown when entering "players", not the one used by the game itself. Also, keep in mind that only in-game players can be messaged, not those that are still in the lobby. Example: say 11 hey mate, how are you doing today? I hope you like these new features. Feedback of any sort, as always, is welcome. :) Edited July 27, 2012 by $able Share this post Link to post Share on other sites
nuxil 2 Posted March 2, 2012 This is just too Awesome! Great work there $able Share this post Link to post Share on other sites
nomad_man 10 Posted March 2, 2012 (edited) SWEEET. Good job! Except now they will try to bypass knowing how it worked Edited March 2, 2012 by nomad_man Share this post Link to post Share on other sites
.kju 3245 Posted March 2, 2012 Awesome job :bounce3: Share this post Link to post Share on other sites
Dwarden 1125 Posted March 2, 2012 i will stick this topic soon after it gets some attention, for now i leave it unstickied as it's easier to spot (irony) Share this post Link to post Share on other sites
mousetrap 10 Posted March 2, 2012 Hi I am getting kicked from my Dedicated server used this from 1st post What did I mess up ? See the following scripts.txt example: Code: 1 createVehicle 1 setVehicleInit 3 serverCommand 4 godmode 7 Bo_Mk82 6 #shutdown Logged in successfullyRCon admin #0 (X.13x.10x.x53:x35x2) logged in Important new script detection feature added to BattlEye! See here for more info rmation: http://forums.bistudio.com/showthread.php?131759-New-BattlEye-features- for-server-admins Script Log: #0 MYname (165029dcxac8bce37299531x76) - "(serverCommandAva ilable "#shutdown") || !isMultiplayer" Script Log: #0 MYname (165029dcxac8bce37299531x76) - "(serverCommandAva ilable "#shutdown") || !isMultiplayer" Player #0 MYname (165029dc6562ac8bce37299531x76) has been kicked by BattlE ye: Script Restriction #11 Share this post Link to post Share on other sites
sickboy 13 Posted March 2, 2012 Really great, thanks (yet again) $able! Share this post Link to post Share on other sites
maddogx 13 Posted March 2, 2012 Wow, good stuff. Thanks $able! :) Share this post Link to post Share on other sites
xeno 234 Posted March 2, 2012 (edited) HiI am getting kicked from my Dedicated server used this from 1st post What did I mess up ? You haven't messed up anything, the code is from a FSM in Domination which checks if an user is logged in as admin and then adds extra admin tools (like spectating and admin dialog). Meh, am not happy with this. Many missions use those commands on the client side and it just shows the heart of the problem. There should be some kind of trusted environment where execution of all scripting commands is possible, for example from mission scripts/folders as you can't manipulate MP missions. Xeno Edited March 2, 2012 by Xeno Share this post Link to post Share on other sites
.kju 3245 Posted March 2, 2012 I guess $able cannot determine if the code is from the mission or an addon/runtime code, can you $able? Share this post Link to post Share on other sites
[kh]jman 49 Posted March 2, 2012 There appears to be a character limit on the say command which is quite low. If the text is too high it disconnects BERcon. Share this post Link to post Share on other sites
$able 2 Posted March 2, 2012 HiI am getting kicked from my Dedicated server used this from 1st post What did I mess up ? See the following scripts.txt example: Code: 1 createVehicle 1 setVehicleInit 3 serverCommand 4 godmode 7 Bo_Mk82 6 #shutdown That was only an example. It doesn't mean you should use it (especially with kicking). Share this post Link to post Share on other sites
nuxil 2 Posted March 2, 2012 Meh, am not happy with this. How can you be unhappy.. its not something thats forced down your throat.. its a option free to have enabled :) this can be usefull for server runing other missions than Domi ;) Share this post Link to post Share on other sites
$able 2 Posted March 2, 2012 You haven't messed up anything, the code is from a FSM in Domination which checks if an user is logged in as admin and then adds extra admin tools (like spectating and admin dialog).Meh, am not happy with this. Many missions use those commands on the client side and it just shows the heart of the problem. There should be some kind of trusted environment where execution of all scripting commands is possible, for example from mission scripts/folders as you can't manipulate MP missions. Xeno There won't ever be a trusted environment, because you can directly change existing scripts or inject code in memory without even dealing with PBOs or the signature check system (there are hacks that do exactly that). If there are problems, just scan for more specific strings (for example, you can even add a space after "serverCommand" so "serverCommandAvailable" isn't picked up) or disable kicking. There is a reason this is fully customizable. Share this post Link to post Share on other sites
xeno 234 Posted March 2, 2012 (edited) How can you be unhappy.. its not something thats forced down your throat.. its a option free to have enabled :)this can be usefull for server runing other missions than Domi ;) Read again what I wrote. It's the wrong approach to the problem and not related to Domina, Warfare or whatever mission. There won't ever be a trusted environment, because you can directly change existing scripts or inject code in memory without even dealing with PBOs or the signature check system (there are hacks that do exactly that). I'm aware about that for a long time already :) The question remains, why is it so easy to inject code ? If there are problems, just scan for more specific strings (for example, you can even add a space after "serverCommand" so "serverCommandAvailable" isn't picked up) or disable kicking. There is a reason this is fully customizable. Then please change your example above or add a better explanation because otherwise we will see lots of players getting kicked in the next time because some server admins simply take what they find as example without even thinking about it or knowing what's going to happen. Xeno Edited March 2, 2012 by Xeno Share this post Link to post Share on other sites
nuxil 2 Posted March 2, 2012 sorry. i misread. but you should know. there is no such thing as a trusted enviourment. even that would be exploited. btw. wasnt the command #servercommand Kick etc etc disabled/ignored is patch 1.56 or later by bis,i may be wrong. if thats the case. no need to look for thouse commands. Share this post Link to post Share on other sites
Dwarden 1125 Posted March 2, 2012 this is optional tool for administrators, not much different from CVAR checkings in PunkBuster ... hence if You wise enough all You need is logging and analyze the result post mortem and then ban the BEGUID of clear offenders only if you have mission and locked content environment t then You can use kick on the commands which You know aren't needed for missions You run Share this post Link to post Share on other sites
tonic-_- 53 Posted March 2, 2012 Like Dwarden said, it's optional. I myself would much rather log common things such as 'Bo_mk82' or something that is widely used in missions and then for the other stuff that we obviously won't be using in our missions like 'Loki' or 'Gerk Menu' just simply kick for it. Share this post Link to post Share on other sites
kylania 568 Posted March 2, 2012 Just because it's "optional" doesn't mean it shouldn't be improved or clarified. Share this post Link to post Share on other sites
Dwarden 1125 Posted March 2, 2012 (edited) @kylania... which i didn't denied ... i simply stated facts ... i will not go into things like why games can't be secure enough because if they were, you would not find computer capable to run that game (ever seen cpu/ram overhead on secured memory allocator for example?) some things aren't possible as you not making security software (which btw. become obsolete within 30days after release) so while trusted environment sounds magically simple ... it isn't ofcourse we will try to make things better and safer ... Edited March 2, 2012 by Dwarden Share this post Link to post Share on other sites
$able 2 Posted March 2, 2012 I'm aware about that for a long time already :)The question remains, why is it so easy to inject code ? Your demand for a trusted environment didn't exactly sound like you were aware of that. ;) Any code running on a computer can be modified, that's a basic rule. BE can detect certain methods, but there are limits and so there will always be others that are undetected. There simply won't ever be a way to completely prevent the injection of script code. Given that, it at least seems like a good idea to directly detect the scripts being executed. Share this post Link to post Share on other sites
GregRUS 10 Posted March 3, 2012 Nice feature.. but all this I saw in network traffic dump... now its just more comfortable.. The only way I 100% catch the hackers on my little server is own DLL that required to join server and acting like a PBSS - just sending screenshots to server ftp... BTW.. battleye even doesn't detect this inject... and adding this feature to BE will be awesome protection! Share this post Link to post Share on other sites
$able 2 Posted March 3, 2012 Nice feature.. but all this I saw in network traffic dump... now its just more comfortable..The only way I 100% catch the hackers on my little server is own DLL that required to join server and acting like a PBSS - just sending screenshots to server ftp... BTW.. battleye even doesn't detect this inject... and adding this feature to BE will be awesome protection! Wrong, you don't see everything in the network traffic. Mainly you only see script code that is to be executed remotely and public variable values in it (as strings). And yes, BE is currently detecting all public hacks. As I said though, there are many different ways to inject script code into the game, so it's impossible to detect all those phantom private hacks out there. Share this post Link to post Share on other sites
tonic-_- 53 Posted March 3, 2012 I have noticed that this is strictly only to script based code, it's really a shame because it would be nice if this could work on Dialogs as well. If the attacker is using scripts to 'fill' their dialog options it works fine but if not then it's really a cat and mouse game. Share this post Link to post Share on other sites