Jump to content
Sign in to follow this  
AgentRev

Sending code from client to server

Recommended Posts

How can we send code from the client to the server, other than with the old createUnit function, BIS_fnc_MP, or a custom framework like ASCOM? Any undocumented functions?

Share this post


Link to post
Share on other sites

May i ask why you want know that?

And whats wrong with BIS_fnc_MP?

Share this post


Link to post
Share on other sites
May i ask why you want know that?

And whats wrong with BIS_fnc_MP?

Hackers.

Share this post


Link to post
Share on other sites

As Giallustio said you can use a mix of addPublicVariableEventHandler and if you are specifically sending it to the server only it is recommended to use publicVariableServer so that the data only goes from the client to the server and not to everyone like publicVariable does.

BIS_fnc_MP is a nice framework but it is a pitty that they are constanting nulling the BIS_fnc_MP_packet just so they can try and go undetected on servers, they really don't understand how much they break by doing that.

Share this post


Link to post
Share on other sites

This counts as custom framework, I mean something that a client can use to execute stuff on the server without anything being set up in advance on the server itself. The purpose of this is so I can try to block all methods.

BIS_fnc_MP is a nice framework but it is a pitty that they are constanting nulling the BIS_fnc_MP_packet just so they can try and go undetected on servers, they really don't understand how much they break by doing that.

I have already countered the createUnit, and I modified and recompiled into my mission all the files relating to BIS_fnc_MP to use a public variable with a random name generated on server start instead of "BIS_fnc_MP_packet". One hack uses createUnit, and I suspect another of using BIS_fnc_MP. If it continues, I'm about to null out BIS_fnc_MP_packet myself.

Share this post


Link to post
Share on other sites
Could you make an example?

Of what? I'm asking if such methods exist, and if they do, what are they.

Share this post


Link to post
Share on other sites

He wants to know all the ways of how to cheat and hack, presumably to prevent others from doing that to him. But also documenting that on these forums for everyone.

The best answer is just to lock your server and stop playing with idiots. :)

Share this post


Link to post
Share on other sites
He wants to know all the ways of how to cheat and hack, presumably to prevent others from doing that to him. But also documenting that on these forums for everyone.

The best answer is just to lock your server and stop playing with idiots. :)

If "documenting" is a problem, then PM me. And, locking a 50-man public server with a mostly random playerbase is not an acceptable solution.

Share this post


Link to post
Share on other sites

Honestly, as a person who is running a 75 man server that is constantly targeted, trying to counter cheaters past this point is starting to become a pointless task. Anything you try to null out from them using will just make them target you more and all it really comes down to is a SQF war that can't be won on either side.

I mean I can tell you a few tricks if you don't know already to catch those using the majority of the cheats out there (released and unreleased). But again it's starting to become a pointless battle with the approach of battleye, the upcoming stable build which should include Battleye is due around this week or next. From my opinion i'd just take the abuse till then. Anything you block they can counter, if you lock out BIS_fnc_MP and createUnit they'll just hook into what you created for your mission to function and communicate between client->server.

But again that is all just my opinion, I don't like wasting time on countering cheaters when I can spend that time developing something while waiting for Battleye at this point.

Share this post


Link to post
Share on other sites
Honestly, as a person who is running a 75 man server that is constantly targeted, trying to counter cheaters past this point is starting to become a pointless task.

Well, the server keeps being hacked to death every 2-3 hours, which is kind of annoying. Even, a couple weeks ago, we were getting DDoS'd by a 30,000-man botnet every other day, until we changed the IP.

Anything you block they can counter, if you lock out BIS_fnc_MP and createUnit they'll just hook into what you created for your mission to function and communicate between client->server.

My communication framework processes all inbound commands, removing all quotes, tabs, spaces, plus signs, then runs a case-insensitive keyword filter before execution.

But again it's starting to become a pointless battle with the approach of battleye

Although it will solve the createUnit problem for good, I highly doubt BattlEye will be able to prevent cheaters from using BIS_fnc_MP.

I mean I can tell you a few tricks if you don't know already to catch those using the majority of the cheats out there (released and unreleased).

I would love to hear them.

Share this post


Link to post
Share on other sites

just a quick question, is banning them a safe solution? I mean, is there a way for hacker to spoof their UID, or a way to send code even if they are not connected?

cause I use ban, and I think I'm safe from this steam account to come back. Am I too naive?

could we just share a list of banned UID meanwhile, between trusted server owners?

Share this post


Link to post
Share on other sites
just a quick question, is banning them a safe solution? I mean, is there a way for hacker to spoof their UID, or a way to send code even if they are not connected?

cause I use ban, and I think I'm safe from this steam account to come back. Am I too naive?

could we just share a list of banned UID meanwhile, between trusted server owners?

No, the player UID is in fact the SteamID64 of that account. For the shared banlist, I'll send you a PM because we're not allowed to post these here.

Share this post


Link to post
Share on other sites
just a quick question, is banning them a safe solution? I mean, is there a way for hacker to spoof their UID, or a way to send code even if they are not connected?

cause I use ban, and I think I'm safe from this steam account to come back. Am I too naive?

could we just share a list of banned UID meanwhile, between trusted server owners?

AFAIK, you can't spoof your UID in ArmA3. In ArmA2 (and possibly earlier) the UID was linked to your CD-Key. There were many ways of spoofing the UID. Seeing as of how there is no CD-Key since it's linked to Steam now, there are fewer methods to spoof.

Share this post


Link to post
Share on other sites
Well, the server keeps being hacked to death every 2-3 hours, which is kind of annoying. Even, a couple weeks ago, we were getting DDoS'd by a 30,000-man botnet every other day, until we changed the IP.

Yeah, that's basically what I see 24/7 since the creation of the server (I Code for and help run Seal Team Sloth Stratis Life so that should give you a sense).

Although it will solve the createUnit problem for good, I highly doubt BattlEye will be able to prevent cheaters from using BIS_fnc_MP.

Well everything passed through BIS_fnc_MP goes through BIS_fnc_MP_packet so with Battleye you could set it up so only prefixed patterns to be allowed through BIS_fnc_MP_packet and everything else can be a kickable offense so yes it can solve it. Anything they have to send over the network in a 'global like' execution is logged by the server, since A3 is a new engine battleye will also have new memory footprints so the client-side scripts detection will also be quite effective (more effective then what we do via sqf) since again it's new and won't be a bypass for some time.

I would love to hear them.

I'll send you a PM of something I built.

As for the other responses, spoofing a UID isn't as easy anymore, as mentioned your player UID is your steam64 ID of that account, virtually anyone you 'ban' you can view their steam profile account via:

https://steamcommunity.com/profiles/UIDHERE

And spoofing that is well... good luck since that's been around for awhile, VAC might not be worth anything and is useless but a game to rely on the Steam64 ID is effective for ban systems.

Edited by Tonic-_-

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×