Radioman 6 Posted April 16, 2013 Considering the major security flaws this mandatory library imposes, and a few other more frustrating points of pointless event handlers automatically imposed, I'd like to disable the BIS function library from my mission. How would I go about this? I'm aware that you can assign null values to function names, but I want the whole thing gone. Any ideas? Thanks. Share this post Link to post Share on other sites
sickboy 13 Posted April 16, 2013 You can try disabling it but it wouldn't change anything regarding security, as the security issues are in the underlying engine design (deliberate to some extent) and available commands. What would help more is getting BattlEye ready for ARMA 3, and defining what remote calls are allowed and which aren't. Share this post Link to post Share on other sites
Radioman 6 Posted April 16, 2013 You can try disabling it but it wouldn't change anything regarding security, as the security issues are in the underlying engine design (deliberate to some extent) and available commands.What would help more is getting BattlEye ready for ARMA 3, and defining what remote calls are allowed and which aren't. I'm aware of the inherent insecurities in the Arma engine, but giving BIS_fnc_mp out to EVERYONE to enable them to execute code on all clients, including after JIP, is just equal to feeding the trolls. As far as I know, you can only execute code remotely on other clients, only if there's a pathway to do so. ie, a public variable event handler, that call compiles the value, or something along those lines, so that code can be injected and exploited. I'm just trying to get my mission to be as secure as possible, and to have BIS enforce their function library in A3, vs A2's module requirement, is quite annoying. And another point, is that I believe the BIS function library automatically imposes a 'handleDamage' event handler on all players, which, is causing issues for me because I then cannot have my own, as theirs is returning last and causing the damage to go through. etc. I'd just like to get rid of it, as it's more harm than good in my mission. Share this post Link to post Share on other sites
moricky 211 Posted April 16, 2013 Please note the functions library is now no longer just a module, but a high-level scripted system. Disabling it completely would break some user interface menus, particle effects or missions. Any scripted solution you'd invent could be still easily bypassed by hackers. As Sickboy mentioned, waiting for a proper anti-cheat system is the best course of action right now. EDIT: As for event handler issue, simply add a small delay before adding your handler to ensure it's added last. We're aware of the problem, a fix is planned in the future. Share this post Link to post Share on other sites
.kju 3245 Posted April 16, 2013 BIS_fnc_mp = dummyFunction; publicVariable "BIS_fnc_mp"; Share this post Link to post Share on other sites
Radioman 6 Posted April 16, 2013 Please note the functions library is now no longer just a module, but a high-level scripted system. Disabling it completely would break some user interface menus, particle effects or missions.Any scripted solution you'd invent could be still easily bypassed by hackers. As Sickboy mentioned, waiting for a proper anti-cheat system is the best course of action right now. EDIT: As for event handler issue, simply add a small delay before adding your handler to ensure it's added last. We're aware of the problem, a fix is planned in the future. In regards to this, do you mean just put a sleep before it, wherever it's initiated? Because, when is the BIS EH initiated? So that I know for sure that I've put mine ahead of it. Currently, mine is added within the init.sqf, which has no sleeps or delays, sans a waitUntil {!isNull player}; Is there a list anywhere, of the functions that do such things like start actions without being asked to? I'm trying to streamline as much as possible, and cut out any unneeded threads, to get the most performance in my mission. If it's a hefty list, then I'd wager that they're the reason for the lesser performance in A3, due to a major pile-up of threads in the scheduler. Just a guess though. Thanks for your responses and keeping constructive. If you could also give me some examples of how people could bypass any precautions against code injection / remote code execution, without an anti-cheat, that'd be nice. Thanks again. Share this post Link to post Share on other sites
zzecool 10 Posted April 24, 2013 (edited) So what we have here is a guy that found a big security hole that seems BIS was aware of , he asked for a solution , BIS respond somehow telling him that it is normal to be such a hole as we are in Alpha , The same guy asked again for a fix or a solution because he forseen that the Evil is coming , BIS didnt gave nothing in return and ..... ....Some days later EVERY single server is infected with a hack-script that make use of this security hole. Bad thing is that it is acting like a virus and spread from the "infected" client to the next server he joins. This is a topic where ppl discussing about it http://forums.bistudio.com/showthread.php?153686-Hacked-by-a-player-with-no-ID The message that it appears on the infected servers is not like other "hacks" running by script kiddos like "i have big fat dick" etc... Its more like coming from an activist that trying with this way ( probably frustated ) to make Arma 3 better and safer. What i think is that he is going to make it because if BIS not going to solve this ASAP , they gonna lost a big part of supporters of Alpha version as we now cant test the game and give feedback public because of this issue. My team like other teams passworded the server and now its close to public like many other teams - server owners did. A good advice to BIS is to pay great attention on reports like this , because having wrong priorities could initiate a reaction that will drive all the feedback mecanism irrelevent , as it did. I dont know if i "hate or love" this guy , what i know is that i payed the Alpha version of a game that i like with the intention to help but i cant .:mad: Edited April 24, 2013 by zzecool Share this post Link to post Share on other sites
MisterEcks 1 Posted April 24, 2013 So what we have here is a guy that found a big security hole that seems BIS was aware of , he asked for a solution , BIS respond somehow telling him that it is normal to be such a hole as we are in Alpha , The same guy asked again for a fix or a solution because he forseen that the Evil is coming , BIS didnt gave nothing in return and .........Some days later EVERY single server is infected with a hack-script that make use of this security hole. Bad thing is that it is acting like a virus and spread from the "infected" client to the next server he joins. So, if we translate this into reality.... the conversation goes like this.... Anon: "Hey BIS, I just discovered a security hole in alpha. It has to do with the scripting engine and its really insecure" BIS: "Yeah, thanks, we know, its not a hole it there by design. We haven't implemented any security or lock down in the alpha yet. That will happen later." Anon: "No, you don't understand. I am telling you that this is a big problem" BIS: "Dude, we heard you, see our previous answer" Anon: "Why haven't you stopped working on shaders, models, game logic, design and the rest of the whole game to deal with my discovery? I demand action" BIS: "Ok, look, we hear you, see what we said first and remember, ALPHA!!!" Anon: "I am in charge here, I am king, Fix this or I will fuck it up for everyone" BIS: "Whatevs, there is not talking to you" Anon: "Waaaaaaaahhhh, I hate being treated as just another ALPHA tester, Waaaaaaahhhhh... let me ruin it for EVERYONE!!!!" Community: "WTF" Share this post Link to post Share on other sites
ak1287 1 Posted April 24, 2013 So, if we translate this into reality.... the conversation goes like this....Anon: "Hey BIS, I just discovered a security hole in alpha. It has to do with the scripting engine and its really insecure" BIS: "Yeah, thanks, we know, its not a hole it there by design. We haven't implemented any security or lock down in the alpha yet. That will happen later." Anon: "No, you don't understand. I am telling you that this is a big problem" BIS: "Dude, we heard you, see our previous answer" Anon: "Why haven't you stopped working on shaders, models, game logic, design and the rest of the whole game to deal with my discovery? I demand action" BIS: "Ok, look, we hear you, see what we said first and remember, ALPHA!!!" Anon: "I am in charge here, I am king, Fix this or I will fuck it up for everyone" BIS: "Whatevs, there is not talking to you" Anon: "Waaaaaaaahhhh, I hate being treated as just another ALPHA tester, Waaaaaaahhhhh... let me ruin it for EVERYONE!!!!" Community: "WTF" That's accurate, although I'd make the hacker sound more like a petulant baby. Share this post Link to post Share on other sites
zzecool 10 Posted April 24, 2013 Name him whatever you want , he gonna push his way through and we must wait.. for BIS to fix it As i said before i dont know if i love him or hate him , but he is the winner of the fight . BIS is now forced to fix this or the community rage is going to grow huge fast. We are the victims , at the end we gonna love this guy because with his unorthodoxe way forced the bis to close this door once and for all =) Share this post Link to post Share on other sites
Fuzzy Bandit 10 Posted April 24, 2013 We are the victims , at the end we gonna love this guy because with his unorthodoxe way forced the bis to close this door once and for all =) Even if BIS do respond and introduce BattlEye early, it won't be ready and will be unfinished and unstable. Don't get confused; this "hacker" is doing nothing to help either the developers or the community. Share this post Link to post Share on other sites
Tuliq 2 Posted April 24, 2013 Well, just lock your servers and put up those whitelists, and pretend this is an alpha until BI releases the proper game. :) Share this post Link to post Share on other sites
harold5187 10 Posted April 24, 2013 I, as many others here, have been playing this game since Operation Flashpoint, and I've never seen such widespread hacking in previous games, as I see now. I've been saying it for quite some time, that it's obvious to me that what we see happening now, appears intentional, and not just a bunch of trouble-doers bored out of their minds. Bis decides to take a risk on a new game engine, not able to for-see whether their endeavor will pay off or put them into debt. They realize they will never be able to uphold their promises to the general public, those great expectations they've had for this game, but they still want as much money back as possible, so as not to end up a total lost of their investment, so they release the game early as an Alpha, start racking in the money by offering expensive supporter editions promising names in the credits for some supposed final release. Meanwhile in the background they work on the very plan that will cause them to "cancel" the game, while being able to put the blame anywhere but themselves. They keep the money they've taken, and take a smaller loss than they would have, had they been honest with us. By making the Alpha totally vunerable, going so far as to even incorporate MP_Exec feature thus giving their secret cohorts what they need to hack through the front doors, enough people complain, till they bring in their Ace in the hole, one final incident that takes the cake, one single great hack that brings down all the servers. This has all been orchestrated from the very beginning, and the stupid people are the people like ME who actually had faith in Bis not to screw us over! Why as of this time are the servers still down; How hard is it to fix their own games after such a hack? This wasn't Anonymous, or perhaps it was, guess we'll never know, but I doubt it, but I'm certain it has the smell of corporate planning behind it. It would look awefully stupid if all the servers went down except their own Dev servers, so they had to make sure their own servers went down as well. Now they can blame these so called Hackers for the failure of their game. http://pixeljudge.com/en/news/hacker-hacking-into-arma-3-alphas-leaky-ship/ Share this post Link to post Share on other sites
Alo Keen 7 Posted April 24, 2013 Good one, Harlod :) Humor is the right way to combat the panic that has overcome most people here :) Share this post Link to post Share on other sites
MisterEcks 1 Posted April 24, 2013 Meanwhile in the background they work on the very plan that will cause them to "cancel" the game, while being able to put the blame anywhere but themselves. They keep the money they've taken, and take a smaller loss than they would have, had they been honest with us. By making the Alpha totally vunerable, going so far as to even incorporate MP_Exec feature thus giving their secret cohorts what they need to hack through the front doors, enough people complain, till they bring in their Ace in the hole, one final incident that takes the cake, one single great hack that brings down all the servers. This has all been orchestrated from the very beginning, and the stupid people are the people like ME who actually had faith in Bis not to screw us over! Why as of this time are the servers still down; How hard is it to fix their own games after such a hack? This wasn't Anonymous, or perhaps it was, guess we'll never know, but I doubt it, but I'm certain it has the smell of corporate planning behind it. Dude - Maybe you need to equip the tinfoil hat and watch out for the black unmarked heli's. Jaysus, some ppl. Share this post Link to post Share on other sites
galzohar 31 Posted April 24, 2013 If a hacker can get around the verifySignatures to run a script that he's not supposed to be allowed to, and needing to wait for battleeye for a fix... That's one thing. But... To have hackers to run a script within a mission that actually saves stuff between missions - That's a completely different level of hacking. Why should a script that runs during a mission be allowed to save anything at all? What good can come out of such functionality? This isn't just letting hackers ruin your game, but also any poor mission maker who used the wrong commands in the wrong place - Sure it requires some extremely bad luck to do it by accident, but it should just not be possible to break the entire game by running a script during a single mission... What are we losing by overriding the BIS_fnc_MP and BIS_fnc_MPExec? After all, while there may be other ways to cause troubles, those seem to be the ones the hacker is most butt-hurt about, so should be a good enough band-aid solution until BIS comes up with a better one. As long as it doesn't completely break important aspects of the game... Share this post Link to post Share on other sites
jasin 1 Posted April 25, 2013 I, as many others here, have been playing this game since Operation Flashpoint, and I've never seen such widespread hacking in previous games, as I see now. I've been saying it for quite some time, that it's obvious to me that what we see happening now, appears intentional, and not just a bunch of trouble-doers bored out of their minds. Bis decides to take a risk on a new game engine, not able to for-see whether their endeavor will pay off or put them into debt. They realize they will never be able to uphold their promises to the general public, those great expectations they've had for this game, but they still want as much money back as possible, so as not to end up a total lost of their investment, so they release the game early as an Alpha, start racking in the money by offering expensive supporter editions promising names in the credits for some supposed final release.Meanwhile in the background they work on the very plan that will cause them to "cancel" the game, while being able to put the blame anywhere but themselves. They keep the money they've taken, and take a smaller loss than they would have, had they been honest with us. By making the Alpha totally vunerable, going so far as to even incorporate MP_Exec feature thus giving their secret cohorts what they need to hack through the front doors, enough people complain, till they bring in their Ace in the hole, one final incident that takes the cake, one single great hack that brings down all the servers. This has all been orchestrated from the very beginning, and the stupid people are the people like ME who actually had faith in Bis not to screw us over! Why as of this time are the servers still down; How hard is it to fix their own games after such a hack? This wasn't Anonymous, or perhaps it was, guess we'll never know, but I doubt it, but I'm certain it has the smell of corporate planning behind it. It would look awefully stupid if all the servers went down except their own Dev servers, so they had to make sure their own servers went down as well. Now they can blame these so called Hackers for the failure of their game. http://pixeljudge.com/en/news/hacker-hacking-into-arma-3-alphas-leaky-ship/ Hehe, yeah. They put 2 of their devs in a Geek jail as well, to make it realistic? :p Share this post Link to post Share on other sites
purepassion 22 Posted April 25, 2013 #whakeupsheeples #endisnear You forgot about the stable server exe DLC :icon_twisted: Share this post Link to post Share on other sites