AgentRev 22 Posted July 7, 2013 How can we send code from the client to the server, other than with the old createUnit function, BIS_fnc_MP, or a custom framework like ASCOM? Any undocumented functions? Share this post Link to post Share on other sites
mantls 2 Posted July 7, 2013 May i ask why you want know that? And whats wrong with BIS_fnc_MP? Share this post Link to post Share on other sites
AgentRev 22 Posted July 7, 2013 May i ask why you want know that? And whats wrong with BIS_fnc_MP? Hackers. Share this post Link to post Share on other sites
giallustio 770 Posted July 7, 2013 addPublicVariableEventHandler Share this post Link to post Share on other sites
tonic-_- 53 Posted July 7, 2013 As Giallustio said you can use a mix of addPublicVariableEventHandler and if you are specifically sending it to the server only it is recommended to use publicVariableServer so that the data only goes from the client to the server and not to everyone like publicVariable does. BIS_fnc_MP is a nice framework but it is a pitty that they are constanting nulling the BIS_fnc_MP_packet just so they can try and go undetected on servers, they really don't understand how much they break by doing that. Share this post Link to post Share on other sites
AgentRev 22 Posted July 7, 2013 addPublicVariableEventHandler This counts as custom framework, I mean something that a client can use to execute stuff on the server without anything being set up in advance on the server itself. The purpose of this is so I can try to block all methods. BIS_fnc_MP is a nice framework but it is a pitty that they are constanting nulling the BIS_fnc_MP_packet just so they can try and go undetected on servers, they really don't understand how much they break by doing that. I have already countered the createUnit, and I modified and recompiled into my mission all the files relating to BIS_fnc_MP to use a public variable with a random name generated on server start instead of "BIS_fnc_MP_packet". One hack uses createUnit, and I suspect another of using BIS_fnc_MP. If it continues, I'm about to null out BIS_fnc_MP_packet myself. Share this post Link to post Share on other sites
giallustio 770 Posted July 7, 2013 Could you make an example? Share this post Link to post Share on other sites
AgentRev 22 Posted July 7, 2013 Could you make an example? Of what? I'm asking if such methods exist, and if they do, what are they. Share this post Link to post Share on other sites
giallustio 770 Posted July 7, 2013 An example of what you're trying to do, a specific example Share this post Link to post Share on other sites
kylania 568 Posted July 7, 2013 He wants to know all the ways of how to cheat and hack, presumably to prevent others from doing that to him. But also documenting that on these forums for everyone. The best answer is just to lock your server and stop playing with idiots. :) Share this post Link to post Share on other sites
AgentRev 22 Posted July 7, 2013 He wants to know all the ways of how to cheat and hack, presumably to prevent others from doing that to him. But also documenting that on these forums for everyone.The best answer is just to lock your server and stop playing with idiots. :) If "documenting" is a problem, then PM me. And, locking a 50-man public server with a mostly random playerbase is not an acceptable solution. Share this post Link to post Share on other sites
tonic-_- 53 Posted July 7, 2013 Honestly, as a person who is running a 75 man server that is constantly targeted, trying to counter cheaters past this point is starting to become a pointless task. Anything you try to null out from them using will just make them target you more and all it really comes down to is a SQF war that can't be won on either side. I mean I can tell you a few tricks if you don't know already to catch those using the majority of the cheats out there (released and unreleased). But again it's starting to become a pointless battle with the approach of battleye, the upcoming stable build which should include Battleye is due around this week or next. From my opinion i'd just take the abuse till then. Anything you block they can counter, if you lock out BIS_fnc_MP and createUnit they'll just hook into what you created for your mission to function and communicate between client->server. But again that is all just my opinion, I don't like wasting time on countering cheaters when I can spend that time developing something while waiting for Battleye at this point. Share this post Link to post Share on other sites
AgentRev 22 Posted July 7, 2013 Honestly, as a person who is running a 75 man server that is constantly targeted, trying to counter cheaters past this point is starting to become a pointless task. Well, the server keeps being hacked to death every 2-3 hours, which is kind of annoying. Even, a couple weeks ago, we were getting DDoS'd by a 30,000-man botnet every other day, until we changed the IP. Anything you block they can counter, if you lock out BIS_fnc_MP and createUnit they'll just hook into what you created for your mission to function and communicate between client->server. My communication framework processes all inbound commands, removing all quotes, tabs, spaces, plus signs, then runs a case-insensitive keyword filter before execution. But again it's starting to become a pointless battle with the approach of battleye Although it will solve the createUnit problem for good, I highly doubt BattlEye will be able to prevent cheaters from using BIS_fnc_MP. I mean I can tell you a few tricks if you don't know already to catch those using the majority of the cheats out there (released and unreleased). I would love to hear them. Share this post Link to post Share on other sites
bloodxgusher 10 Posted July 7, 2013 Being a server owner seems to be pretty grim these days lol. Share this post Link to post Share on other sites
holo89 10 Posted July 7, 2013 just a quick question, is banning them a safe solution? I mean, is there a way for hacker to spoof their UID, or a way to send code even if they are not connected? cause I use ban, and I think I'm safe from this steam account to come back. Am I too naive? could we just share a list of banned UID meanwhile, between trusted server owners? Share this post Link to post Share on other sites
AgentRev 22 Posted July 7, 2013 just a quick question, is banning them a safe solution? I mean, is there a way for hacker to spoof their UID, or a way to send code even if they are not connected?cause I use ban, and I think I'm safe from this steam account to come back. Am I too naive? could we just share a list of banned UID meanwhile, between trusted server owners? No, the player UID is in fact the SteamID64 of that account. For the shared banlist, I'll send you a PM because we're not allowed to post these here. Share this post Link to post Share on other sites
zooloo75 834 Posted July 7, 2013 just a quick question, is banning them a safe solution? I mean, is there a way for hacker to spoof their UID, or a way to send code even if they are not connected?cause I use ban, and I think I'm safe from this steam account to come back. Am I too naive? could we just share a list of banned UID meanwhile, between trusted server owners? AFAIK, you can't spoof your UID in ArmA3. In ArmA2 (and possibly earlier) the UID was linked to your CD-Key. There were many ways of spoofing the UID. Seeing as of how there is no CD-Key since it's linked to Steam now, there are fewer methods to spoof. Share this post Link to post Share on other sites
tonic-_- 53 Posted July 8, 2013 (edited) Well, the server keeps being hacked to death every 2-3 hours, which is kind of annoying. Even, a couple weeks ago, we were getting DDoS'd by a 30,000-man botnet every other day, until we changed the IP. Yeah, that's basically what I see 24/7 since the creation of the server (I Code for and help run Seal Team Sloth Stratis Life so that should give you a sense). Although it will solve the createUnit problem for good, I highly doubt BattlEye will be able to prevent cheaters from using BIS_fnc_MP. Well everything passed through BIS_fnc_MP goes through BIS_fnc_MP_packet so with Battleye you could set it up so only prefixed patterns to be allowed through BIS_fnc_MP_packet and everything else can be a kickable offense so yes it can solve it. Anything they have to send over the network in a 'global like' execution is logged by the server, since A3 is a new engine battleye will also have new memory footprints so the client-side scripts detection will also be quite effective (more effective then what we do via sqf) since again it's new and won't be a bypass for some time. I would love to hear them. I'll send you a PM of something I built. As for the other responses, spoofing a UID isn't as easy anymore, as mentioned your player UID is your steam64 ID of that account, virtually anyone you 'ban' you can view their steam profile account via: https://steamcommunity.com/profiles/UIDHERE And spoofing that is well... good luck since that's been around for awhile, VAC might not be worth anything and is useless but a game to rely on the Steam64 ID is effective for ban systems. Edited July 8, 2013 by Tonic-_- Share this post Link to post Share on other sites