prevent players deleting buildings.pbo etc

[cm. 10]

Ok so i've read up quite a bit on this but i'm still having problems with people deleting buildings.pbo and the rest.

so far I have tried:

v2 sigs with regular check + adding all the buildings, structure, trees etc to the "addOns" section of the mission file + turning on checkfiles on the server (I know this is depreciated but I was getting desperate). None of them seem to work and people can still join without the files.

wtf am I doing wrong?

cheers

[gossamersolid 155]

Now this is more of a workaround, but I've seen a solution via the client initialization process in missions (depends on how your mission does it), but it checks if a CfgPatches entry exists (a pbo) and if not, boots them to the lobby.

It's one of these commands (I think):

https://community.bistudio.com/wiki/configName

https://community.bistudio.com/wiki/configFile

EDIT: Just for curiosity's sake, could you post your addons array?

[.kju 3242]

post your server.cfg and basic.cfg/arma2oa.cfg plus params line please

[cm. 10]

server.cfg:

// JOINING RULES
maxPlayers = 50;
kickDuplicate = 1;					// Each ArmA version has its own ID. If kickDuplicate is set to 1, a player will be kicked when he joins a server where another player with the same ID is playing.
verifySignatures = 2;					// Verifies .pbos against .bisign files. Valid values 0 (disabled), 1 (prefer v2 sigs but accept v1 too) and 2 (only v2 sigs are allowed). 
equalModRequired = 0;					// Outdated. If set to 1, player has to use exactly the same -mod= startup parameter as the server.
requiredBuild = 99153;					// Require clients joining to have at least build 12345 of game, preventing obsolete clients to connect


// VOTING
voteMissionPlayers = 1;					// Tells the server how many people must connect so that it displays the mission selection screen.
voteThreshold = 1;					// 33% or more players need to vote for something, for example an admin or a new map, to become effective


// INGAME SETTINGS
disableVoN = 0;						// If set to 1, Voice over Net will not be available
vonCodecQuality = 15;					// Quality from 1 to 10
persistent = 1;						// If 1, missions still run on even after the last player disconnected.
timeStampFormat = "short";				// Set the timestamp format used on each report line in server-side RPT file. Possible values are "none" (default),"short","full".
BattlEye = 1;                                           // Server to use BattlEye system


// SCRIPTING ISSUES
onUserConnected = "";					//
onUserDisconnected = "";				//
doubleIdDetected = "";					//
//regularCheck = "";                    //  Server checks files from time to time by hashing them and comparing the hash to the hash values of the clients. Causes heavy I/O, uncomment to disable feature


// SIGNATURE VERIFICATION
onUnsignedData = "kick (_this select 0)";		// unsigned data detected
onHackedData = 	"kick (_this select 0)"; 	//"kick (_this select 0)";			// tampering of the signature detected
onDifferentData = "";					// data with a valid signature, but different version than the one present on server detected


// MISSIONS CYCLE (see below)
class Missions
{
class DayZ {
	template = dayz_301.Chernarus;
	difficulty = "veteran";    // change this for other difficulty settings, regular, expert is valid
};
};

// =======================
// JOINING RULES
//checkFiles[] = {
//"AddOns\buildings.pbo";
//"AddOns\buildings2.pbo";
//"AddOns\buildings2_Ind_CementWorks.pbo";
//"AddOns\plants2_Bush.pbo";
//"AddOns\plants2_Clutter.pbo";
//"AddOns\plants2_misc.pbo";
//"AddOns\plants2_Plant.pbo";
//"Expansion\AddOns\plants_e.pbo"
//};
// =======================

arma2.cfg

MinBandwidth=500000;
MaxBandwidth=1250000;
MaxMsgSend=1024;
MaxSizeGuaranteed=512;
MaxSizeNonguaranteed=68;
MinErrorToSend=0.0099999998;
MaxCustomFileSize=500000;
Windowed=0;
adapter=-1;
3D_Performance=1;
Resolution_Bpp=32;
serverLongitude=133;
serverLatitude=-27;
serverLongitudeAuto=133;
serverLatitudeAuto=-27;

startup parameters:

-mod=Expansion;ca;@bliss;@DayZ -name=SERVER -cfg=C:\SERVERS\ANZ3\PROFILE\arma2.cfg -config=C:\SERVERS\ANZ3\PROFILE\server.cfg -profiles=C:\SERVERS\ANZ3\PROFILE -port=2502 -noSound -bepath=C:\SERVERS\ANZ3\PROFILE\BattlEye

cheers

[.kju 3242]

cheers

this might be your problem

onDifferentData = "";

Disable it and try to repro it yourself. Second or third hand reports wont help unfortunately.

BI needs a clear and working repro for this topic.

[cm. 10]

Ok I tried it and people can still join...

[.kju 3242]

Join yes. The question if and when they will be kicked for missing data

[cm. 10]

that's what I meant, they are still able to play. What message am I looking for when people get kicked for missing pbos (which they don't at the moment)? Are these messages logged anywhere?

[.kju 3242]

As said you need to reproduce it yourself. If you dont know how it works or if it works at all,

and what it does, you cannot make a real judgement.

I am not saying that it might not be possible at all, but you need to learn more about it.

Everybody with it not seemingly working I helped with, got it working in the end;

except for one guy who said loading (a lot of) addons on the server made it no longer work (without it did).

However unfortunately he was not longer will to put more effort into it, to provide BI with the required information.

[cm. 10]

What are you trying to say :s?

All i know is that people are joining without certain files (i have others testing for me). Turning on regular check is meant to remove this problem but it doesn't seem to make a difference...

[.kju 3242]

Remove the files yourself, connect and see how long you can stay, and what the server console says and you get as client.

[cm. 10]

This is ridiculous, people are still able to walk through buildings - nothing works to prevent it.

Getting really sick of trying to admin this game with such simple POS exploits like this and the retardedly small amount of admin tools.

[Jastreb 69]

Holy smokes this is bad news. We need immediate attention on this one...

[.kju 3242]

It is stopped on other people's servers.

So it is you to find out whats different on your servers or see if you can replicate on other peoples' servers.

As a minimum you can report the issue properly with exact repro steps to allow others and BI confirm it.

But your behavior so far helps no one.

[Jastreb 69]

Ill try to repro that one, and will update this post in next few minutes.

Edit:

Just tried by removing Arma2\Addons\buildings.pbo and leaving its bisigns in place, and my game crashed on loading mission on dedicated server. Client rpt is full with missing parameters for buildings. Ill give it another try but I think its pretty much not possible to do, and I dont even have "checkfiles=" as you do.

Mission was Civil War chernarus.

Edited January 5, 2013 by _MaSSive

[.kju 3242]

It is possible, but when the signature system is fully active, it gets detected and players kicked/banned from the server.

[Jastreb 69]

I think kju is right. I was able to play on dedi with signature verification off but the thing is clients would in most cases crash on Chernarus and Utes since this pbo is used for these islands and rpt spam would cause in most cases clients to crash. On Takistan and most non BI island they wont crash, but if signature verification is on they might be able to join, but for a short while. On first check they will be kicked or banned, which depends on how do you have it configured. Ill try to turn on signature verification now and will use security measures same as OP does, and will update post here.

Edit:

Bad news. With verifySignatures=1; or 2 I was able to play without Arma2\Addons\buildings.pbo its just that on Chernarus game will crash cause of rpt spam of missing entries for buildings.

Ill try now with checkfiles on and will add buidlings.pbo on the list.

Edit1:

Ok I was not able to repro it fully since my game is crashing in most cases cause of rpt spam ( missing buildings.pbo entries ) but here is what you need to do to make it work.

Use verifySignatures=2; // using 1 is not working with this

Use checkFiles[] = { "AddOns\buildings.pbo", "AddOns\buildings2.pbo", "Expansion\AddOns\plants_e.pbo" }; // etc..any addons you want to add to this list for check, and dont use ";" to separate array entries cause its invalid...use "," to separate it.

Use onDifferentData="kick (_this select 0)"; // or just disable it completely..I used this entry in my server.cfg

Test it. In my case when I added entries in server.cfg like above I crashed on mission load, and before that system warned about modified data file.

@kju

Please post a fully working config example which would prevent this exploit, so I can be sure about the steps Ive taken. Thanks.

Edited January 5, 2013 by _MaSSive

[Cowboy Pilot 10]

If you use checkfiles[] = ""; instead of = "{}"; or what you supplied should check all files.

Sent from my DROIDX

[Jastreb 69]

Well biki does say that this check is outdated, so I'm not sure if it makes any difference anymore.

And I dont see it documented either []=""; or = "{}";

It only has this

checkfiles[]={"dta\bin.pbo","a10\config.bin"};

and thats what I used.

http://community.bistudio.com/wiki/server.cfg

[cm. 10]

Tried all those,

This is the new server.cfg:

// JOINING RULES
maxPlayers = 50;
kickDuplicate = 1;					// Each ArmA version has its own ID. If kickDuplicate is set to 1, a player will be kicked when he joins a server where another player with the same ID is playing.
verifySignatures = 2;					// Verifies .pbos against .bisign files. Valid values 0 (disabled), 1 (prefer v2 sigs but accept v1 too) and 2 (only v2 sigs are allowed). 
equalModRequired = 0;					// Outdated. If set to 1, player has to use exactly the same -mod= startup parameter as the server.
requiredBuild = 100296;					// Require clients joining to have at least build 12345 of game, preventing obsolete clients to connect


// VOTING
voteMissionPlayers = 1;					// Tells the server how many people must connect so that it displays the mission selection screen.
voteThreshold = 1;					// 33% or more players need to vote for something, for example an admin or a new map, to become effective


// INGAME SETTINGS
disableVoN = 0;						// If set to 1, Voice over Net will not be available
vonCodecQuality = 15;					// Quality from 1 to 10
persistent = 1;						// If 1, missions still run on even after the last player disconnected.
timeStampFormat = "short";				// Set the timestamp format used on each report line in server-side RPT file. Possible values are "none" (default),"short","full".
BattlEye = 1;                                           // Server to use BattlEye system


// SCRIPTING ISSUES
onUserConnected = "";					//
onUserDisconnected = "";				//
doubleIdDetected = "";					//
regularCheck = "";                    //  Server checks files from time to time by hashing them and comparing the hash to the hash values of the clients. Causes heavy I/O, uncomment to disable feature

// SIGNATURE VERIFICATION
onUnsignedData = "kick (_this select 0)";		// unsigned data detected
onHackedData = 	"kick (_this select 0)"; 	//"kick (_this select 0)";			// tampering of the signature detected
onDifferentData = "kick (_this select 0)";					// data with a valid signature, but different version than the one present on server detected


// MISSIONS CYCLE (see below)
class Missions
{
class DayZ {
	template = dayz_301.Chernarus;
	difficulty = "veteran";    // change this for other difficulty settings, regular, expert is valid
};
};

// =======================
// JOINING RULES
checkFiles[] = {"AddOns\buildings.pbo","AddOns\buildings2.pbo","AddOns\buildings2_Ind_CementWorks.pbo","AddOns\plants2_Bush.pbo","AddOns\plants2_Clutter.pbo","AddOns\plants2_misc.pbo","AddOns\plants2_Plant.pbo","Add0ns\structures.pbo","Expansion\AddOns\plants_e.pbo"};
// =======================

[.kju 3242]

I get kicked from our server when I remove addons on the client.

Tested with

• A2\addons\plants_XXX.pbo
  
• A2\addons\buildings.pbo
  
• OA\Expansion\addons\plants_e.pbo
  
• OA\Expansion\addons\structures_e.pbo
  

The server console will show this:

 9:54:26 Player kju getSkillD.de: Wrong signature for file ca\structures_e\wall\wall_l\wall_l_2m5_gate_ep1.p3d
9:54:26 Player kju getSkillD.de disconnected.
9:54:26 BattlEye Server: Player #0 kju getSkillD.de disconnected

10:51:35 Player kju getSkillD.de: Wrong signature for file ca\plants2\bush\b_corylus2s.p3d
10:51:35 Player kju getSkillD.de disconnected.
10:51:35 BattlEye Server: Player #0 kju getSkillD.de disconnected

The clients sees:

You were kicked off..

(unless you have another on screen error shown that moment)

basic.cfg

language="English";

adapter=-1;

3D_Performance=93750;

Resolution_Bpp=32;

Windowed=0;

MaxCustomFileSize=0;

serverLongitude=2147483647;

serverLatitude=2147483647;

serverLongitudeAuto=2147483647;

serverLatitudeAuto=2147483647;

server.cfg

passwordAdmin = "1";

password = "match";//match

hostname = "getSkillD A&S ProMode battleground (AAS PvP server)";

maxPlayers = 32;

motd[] =

{

"Welcome to the training!",

"",

"We are part of the AAS Network: www.advanceandsecure.com",

"You are welcome to join #getSkillD on irc at QuakeNet."

};

motdInterval = 5;

voteThreshold = 0.33;

voteMissionPlayers = 0.33;

checkfiles[] = {};

equalModRequired = 0;

verifySignatures = 2;//2

BattlEye = 1;

onUnsignedData = "kick (_this select 0)";

onHackedData = "kick (_this select 0)";

onDifferentData = "kick (_this select 0)";

regularcheck = "";//"{}";

disableVoN = 1;

vonCodecQuality = 8;

logFile = "aas_server_console.log";

timeStampFormat = "full";

reportingIP = "arma2oapc.master.gamespy.com";//"<>";

persistent = 1;

You are welcome to test yourself on our server as well and see if you can play without getting booted.

Note:

1) The mission must make use of the addons/data to get kicked. Playing on Utes/Chernarus without OA addons doesnt matter.

2) The kick is not always instant. It can happen during briefing or while ingame.

Depending on the server load and other factors the kick take some time (seconds to few minutes worst case).

PS: Remove the very wrong checkfiles[] statement. Read the BIKI and BI forums posts..

http://community.bistudio.com/wiki/server.cfg#Server_Options

Edited January 20, 2013 by .kju [PvPscene]