Jump to content
Sign in to follow this  
nuxil

The ultimate thread about Arma 3 anti-cheat discussion

Which one do you want.  

251 members have voted

  1. 1. Which one do you want.

    • Battleye
      142
    • Punkbuster
      37
    • Vac
      59
    • Others
      12


Recommended Posts

Of course the skript kiddies are going to vote for Battleye, as using BE for the anti-cheat has given them free reign on the ARMA 2 game and it's mods and missions.

trying some thread necromancy ? ... over 1 year old thread this one is ...

anyway BE is effective way more than PB and VAC (ask several high profile cheat authors why they stopped selling/making A2: OA cheats for DayZ mod) ...

the reasons why it looks less effective are mixture of insafe engine design, insafe mission/mod scripts, insafe script commands and framework in engine, and several other factors

if all of the mod/mission authors wrote missions to avoid exploitation, used

(authors)uniquprefix_(variable/function)name_randomsuffix (

yes variable/function name changes each time you start server, ofcourse you need to have all uses of these variables or calls etc. to utilize the dynamic name)

if all of the server admins used properly set servers with BE filters and other security

then there would be even less 'script kiddies' :)

Share this post


Link to post
Share on other sites

Please NO Punkbuster! Just continue on Battleye.

I don't mind VAC too. Since if you got a VAC ban on TF 2 by example you also cannot play Arma III.

Share this post


Link to post
Share on other sites
I don't mind VAC too. Since if you got a VAC ban on TF 2 by example you also cannot play Arma III.

That's not how VAC works, being VAC banned in TF2 will not stop you from playing other games.

Share this post


Link to post
Share on other sites

Most people don't understand that it's really not BE's fault that hackers can do such crazy things. The engine itself is inherently insecure.

Even if BE could stop all malicious scripts such as lock keyboard, spawn vehicles, teleport people around, make them do stuff being transmitted to other people by blacklist it couldn't stop things like god mode, unlimited ammo and such because that's never transmitted over the wire (well, client-side execution of scripts ARE transmitted to the server but it can be prevented).

The only hope left at that point is actually detecting the hack itself which is hit or miss and plenty of people will leak through.

It's just the way the engine works, to save resources on the server, or for some reason unknown to me, most of the game is client-side and includes a built-in remote execution exploit for scripts (by design choice) which can only be filtered by the server through blacklisting or whitelisting.

The only thing that would prevent hacks to the scale we're used to seeing is a core rewrite of ARMA which we are apparently not going to see in this iteration of the ARMA series.

As for Dwarden saying VAC can't detect kernel-level hacks... neither can BattlEye. Currently, very few anti-cheats are capable of this because they operate in user-land.

Share this post


Link to post
Share on other sites
I enjoy the game, but can not encourage others and have actually discouraged others from spending any money on this game. 99% of online games have been ruined because of hackers! Battle Eye is a pathetic joke, will ARMA 3 be any different?

name single A2: OA undetected cheat please (pm me the name(s)) ... oh and don't bother to come up with exploits via in-safe scripting ...

Share this post


Link to post
Share on other sites
name single A2: OA undetected cheat please (pm me the name(s)) ... oh and don't bother to come up with exploits via in-safe scripting ...

Dwarden, that is disingenuous. Why would anyone here know how to get an undetected hack?

They do exist though, clearly. If you can't believe it, maybe try actually spending some time playing ARMA2...

Share this post


Link to post
Share on other sites
As for Dwarden saying VAC can't detect kernel-level hacks... neither can BattlEye. Currently, very few anti-cheats are capable of this because they operate in user-land.

if you think so ...:rolleyes:

---------- Post added at 19:03 ---------- Previous post was at 19:01 ----------

Dwarden, that is disingenuous. Why would anyone here know how to get an undetected hack?

They do exist though, clearly. If you can't believe it, maybe try actually spending some time playing ARMA2...

from public reachable paid or free it's none ...

but if you think i'm wrong just prove it to me ...

again remote exec exploits and scripting holes abuse in mission/mods aren't 3rd party 'cheats' (and can be mitigated by safe mission/mod scripting design and BE server side filters)

Edited by Dwarden

Share this post


Link to post
Share on other sites

They do exist though, clearly. If you can't believe it, maybe try actually spending some time playing ARMA2...

Hacks do exist, but that doesen't mean they're undetected.

Share this post


Link to post
Share on other sites
if you think so ...:rolleyes:

I know so. You can't detect kernel-mode drivers with user-mode modules. It's a permissions issue.

If every user-mode module was able to access kernel memory space you'd have a lot of inherent security problems in your operating system.

User-mode executables cannot access kernel-mode memory. It's how windows is designed.

Nothing short of a critical windows security exploit being used or your own driver to combat it would solve that problem.

I'd like you to provide some evidence to the contrary.

from public reachable paid or free it's none ...

but if you think i'm wrong just prove it to me ...

again remote exec exploits and scripting holes abuse in mission/mods aren't 3rd party 'cheats' (and can be mitigated by safe mission/mod scripting design and BE server side filters)

And if it isn't public? Then what happens?

I could also go on to explain how the script reporting from client to server works with battleye, since I do know, but I won't because I'm not irresponsible.

I know all scripts sent to the server to be executed on other clients can be filtered and banned, that's always been the case.

However, for example:

(vehicle player) addEventHandler ["handleDamage", {false}];

Executed on the client-side isn't detectable. Sure, the BattlEye client sends that data to the server, but the client doesn't have to send that data to the server. If you just don't send it, there's no problem.

That's because the client controls if the client dies, you aren't required to send it to the server but for detection.

I'm not here to be hostile or get into an argument, the problem is that BattlEye can't realistically fix all the flaws in ARMA's engine. It's like trying to plug a sinking boat with paper towels.

That isn't to say the game is bad, it's a lot of fun. It's my favorite game.

However, it doesn't matter what anti-cheat software is protecting it, unless the ability to exploit these vulnerabilities is patched.

It's also true that some mod developers inadvertently include insecure code, and I agree it's their fault, but being that there is ways to execute malicious code even without those exploits existing... I don't think it's the primary issue.

Share this post


Link to post
Share on other sites

your answer proves you know nothing about actual BE state ... may I ask when you last analyzed BE? :p

about the BE filters read something here

http://forums.bistudio.com/showthread.php?138736-Introducing-Server-side-Event-Logging-Blocking

or check DayZ mod PoC filters : http://dayzmod.com/forum/index.php?/topic/119953-battleye-server-side-filters-update/

it's easy to dismiss everything if you sadly don't understand the measures taken of functionalities already implemented ...

and of course if you have working proof of concept of code which BattlEye server side filters can't catch then I would like to see it ...

Share this post


Link to post
Share on other sites

sure ;) you know my Skype ... <<<<<

Share this post


Link to post
Share on other sites
sure ;) you know my Skype ... <<<<<

Thehehee, the irony... :don 11:

Just kidding! ;)

Share this post


Link to post
Share on other sites

Just want to say that i love the possibilities BattlEye have given me as a server admin in Arma2.

The remote admin possibilites - the ingame chat without actually being in the server - the multi admin from BEC/nuxil -

the guid banning. Really found out now that im running a server without Battleye.

Also lots of tools like battlewarden based on BattlEye data.

Remarkable effort from $able - BattlEye FTW.

Edited by [HUD]Dorph

Share this post


Link to post
Share on other sites

At the moment this User [2] is hacking around the servers, he states himself as god... Is it possible to find out hes GUID as player or do i have to be server admin?

Share this post


Link to post
Share on other sites

Why would hackers care about getting banned when you can just download the game (including this alpha) from torrent sites and yes you apparently can play online with it. Dwarden seems to defend his choices purely because it would probably be way too hard to implement the other anti-cheat features for reasons I don't know. Same with the server browser.

Share this post


Link to post
Share on other sites
Why would hackers care about getting banned when you can just download the game (including this alpha) from torrent sites and yes you apparently can play online with it. Dwarden seems to defend his choices purely because it would probably be way too hard to implement the other anti-cheat features for reasons I don't know. Same with the server browser.

You can't. Maybe the SP missions, but not MP

Share this post


Link to post
Share on other sites

That's sick, today I've met so many hackers from every server i visit, impossible to enjoy anymore :P, they should enable Battle Eye even if game is Alpha :/

Share this post


Link to post
Share on other sites
At the moment this User [2] is hacking around the servers, he states himself as god... Is it possible to find out hes GUID as player or do i have to be server admin?

There are no such thing as a guid untill BattlEye is on.

You can though get his normal id from the server.log, or write #userlist ingame as a player.

Share this post


Link to post
Share on other sites

realize A3Alpha atm. has no protection, so trying complain or use it as argument is moot ... as the project progress this will be resolved too

Share this post


Link to post
Share on other sites
realize A3Alpha atm. has no protection, so trying complain or use it as argument is moot ... as the project progress this will be resolved too

Any news about when the Anti-Hack will arrive for testing? :)

I've been in the skies a couple of times today, to say the least. :p

Share this post


Link to post
Share on other sites

Yeah i know its alpha but we pay to play it and test it. We should at least be able to do so without being turned into birds, or aimbotted.

Share this post


Link to post
Share on other sites
realize A3Alpha atm. has no protection, so trying complain or use it as argument is moot ... as the project progress this will be resolved too

call it what you want but this is a very high priority. If the hacking is allowed to continue you will have no players left to test MP (or at least on public servers).

At the end of the day the game has been released on steam, even as an "alpha" there is an expectation that needs to be met. If this is allowed to snowball out of control the player & media focus of the alpha will shift from the excellent features and improvements to the insane amount of hacking - I can guarantee it.

not to mention the countless new players who's first online arma 3 experiences will be frustrating at best - this will be their first impression of the game....

Edited by cm.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×