Jump to content
Sign in to follow this  
Tilt3d

[Anti-Hack] Trying to beat Cheat Engine. Can we scan client files?

Recommended Posts

Hi guys,

This is my first post on any Arma game/mod! I am a software engineer by day, arma3 server owner/mission creator by night. Currently I am primarily running wasteland which keeps my server at a pretty constant 50/50 due to an optimized version and tons of people loving that game mode (although I hope my rendition of CTI will be even more popular :P).

Naturally, as I am sure you are all aware, hackers are a pretty big problem. I know that BattlEye is on the horizon, but I'd really like to combat these little bastards right now. I am confident I can come up with a script to effectively end their ability to use script-injection, the only problem I have is needing the ability to scan client files. It would appear that most hacks in use are dependent on "Cheat Engine" script injector.

As you'll note, this specific hacking menu replaces the inventory onLoad event with the custom script. My question is this: I am unaware of the abilities of sqf (I've only taken my first look 2 days ago). Do I have to ability to locate directories and read (at the bare minimum) client file sizes (or better yet, contents)? I am aware a service and/or third-party executable would be more than sufficient, but I (as I would assume most server admins) do not have root access to my server as I'm using a hosting company.

Thanks in advance!

Edited by Tilt3d
Removed link

Share this post


Link to post
Share on other sites
Last edited by Tilt3d; Today at 11:00. Reason: Updated with link

You might want to rethink that.

Share this post


Link to post
Share on other sites

Erm, yea you are probably right. Didn't even think about repercussions of posting a link to a hack...silly innocent me =/

Share this post


Link to post
Share on other sites

I doubt such a feature would be available. It could be used for more nefarious purposes than anti-hack scripts. When it comes to stuff like Cheat Engine you pretty much have to wait on Battleye.

P.S. what is your server? I'd love to play if it really is more optimised. :D

Share this post


Link to post
Share on other sites

Well, read-only access really should be available, I'm just wondering if it's implemented. I just found the scripting forums so I think I'll throw my question up there as this looks like more of a conceptual forum =P

My server name is Tilt3d's Wasteland [50+ Vehicles | Bases | Anti-Hack] (69.197.149.54:3302) currently. The base mission is very well optimized and I'm working to make it more interesting/cleaner all the time...however with the overwhelming number of "script-kiddies" my main goal right now is to come up with a solution to getting hacked. I do have some personal scripts and modded a few existing AH scripts so I can say my server is probably slightly more secure than others as well...but the CE injections are impossible to stop right so far...I'm not giving up though :alien:

Please feel free to stop in! I'll be on ~5:30ish EST

Share this post


Link to post
Share on other sites
I doubt such a feature would be available. It could be used for more nefarious purposes than anti-hack scripts. When it comes to stuff like Cheat Engine you pretty much have to wait on Battleye.

This. It's job of Battleye to do the invasive investigation, because it's official content, its source is known and they're responsible of what it's doing. No unidentified person/quarter should have access to your files without your full permission, it's not only disgusting (in my opinion) but also against multiple EULAs and laws, I believe. The recent scandal with NSA is good example of that: while the purpose itself might be good, no-one can guarantee how the persons and quarters handle and use the information – the more valuable the information is and the more quarters have access to it, the more likely it is that it will be misused. For example, one could think that is it really "protecting US citizens from terror attacks" when they installed microphones and cameras eg. in European Union headquarters and listened in and watched them...

Every script command in the game is available for blackhats as well, and I don't like the fact that they'd have a shortcut in form of piece of SQF to dive into peoples files. If I see a day when that kind of command will be implemented into game (that I doubt will happen), I'm out – and will tell everyone considering to buy the game about that feature as well...

If you want to help to make the game clean, get to talk with BE dev and/or mail him. BE will be out within few days, patience man.

Edited by Ezcoo

Share this post


Link to post
Share on other sites

Read-only access of structured game files is a farcry from tapping a phone line....and not to get off topic but please for the love of God don't mistake a world-wide modern-day surveillance program for an isolated US gov't conspiracy, I'm so sick of this NSA BS.

Edited by Tilt3d

Share this post


Link to post
Share on other sites
Read-only access of structured game files is a farcry from tapping a phone line....

But that's what signature check is doing already, right?

Edit: Well, little more OT here but I don't think that I'm making a big mistake if I equate "world-wide modern-day surveillance program" with "isolated US gov't conspiracy"... :p

Edited by Ezcoo

Share this post


Link to post
Share on other sites
But that's what signature check is doing already, right?

To be honest, I don't know. I only found the command a few hours ago and haven't tested it. However, after reading http://community.bistudio.com/wiki/ArmA:_Addon_Signatures I believe it will only run on connection...and CE only injects scripts post-connection as far as I know. So similar, yes...but not entirely effective.

Share this post


Link to post
Share on other sites
To be honest, I don't know. I only found the command a few hours ago and haven't tested it. However, after reading http://community.bistudio.com/wiki/ArmA:_Addon_Signatures I believe it will only run on connection...and CE only injects scripts post-connection as far as I know. So similar, yes...but not entirely effective.

I suggest you to enable signature check immediately, it's the most crucial and only very efficient way to prevent script kiddies from joining currently, it will stop like 95% of them.. Increases server load, but it's pretty minor con when compared to the pros. Battleye (the official anticheat) is not implemented in the game yet but we will apparently get it within next few days, and it will take care of the CEs. Like I said, if you find one and want to get rid of it, report it to Battleye right away.

Share this post


Link to post
Share on other sites

If you haven't enabled signature (version 2!!) verification, then this thread can be deleted. It does exactly what you want to do yourself. I can't understand that server admins of public servers don't use it, ans still complain.

Share this post


Link to post
Share on other sites

Do you know which persons have the biggest interest in anti-cheat measurements?

It's not the players. The players only expect it to work.

Do you believe that it is a good idea to talk about [Anti-Hack] here in the wilderness, with everybody,

posting the name/IP of your server, while BattlEye isn't even released in the beta-stage?

Did I get that right? Actually without the signatur-checking?

If those cheaters don't have financial interests, they will do it for a achievement and try to break down the barriers.

They will be able to improve their code on your server in real time.

And when they fail, they will try to beat down your server.

Share this post


Link to post
Share on other sites

The only way to do it currently would be to release a DLL that scans as the game is running, and interface with the dll using callExtension, or have the dll hook into the game and interface with the game directly.

Share this post


Link to post
Share on other sites
The only way to do it currently would be to release a DLL that scans as the game is running, and interface with the dll using callExtension, or have the dll hook into the game and interface with the game directly.

I'll have to take a look at callExtension...thanks!

---------- Post added at 12:34 ---------- Previous post was at 12:32 ----------

Do you know which persons have the biggest interest in anti-cheat measurements?

It's not the players. The players only expect it to work.

Do you believe that it is a good idea to talk about [Anti-Hack] here in the wilderness, with everybody,

posting the name/IP of your server, while BattlEye isn't even released in the beta-stage?

Did I get that right? Actually without the signatur-checking?

If those cheaters don't have financial interests, they will do it for a achievement and try to break down the barriers.

They will be able to improve their code on your server in real time.

And when they fail, they will try to beat down your server.

People can and do frequently visit my server to "hack" it. That being said, I usually don't need to kick them...I scare them into leaving. So far it's been 100% successful, and I've had no repeat offenders (not to mention the players get a kick out of it every time).

Share this post


Link to post
Share on other sites
I'll have to take a look at callExtension...thanks!

If you're taking this route, you're going to have to distribute your dll to everyone who wants to play on your server.

Share this post


Link to post
Share on other sites
If you're taking this route, you're going to have to distribute your dll to everyone who wants to play on your server.

Naturally...that's not a big deal to me though.

Share this post


Link to post
Share on other sites
If you're taking this route, you're going to have to distribute your dll to everyone who wants to play on your server.

Naturally...that's not a big deal to me though.

People can and do frequently visit my server to "hack" it. That being said, I usually don't need to kick them...I scare them into leaving. So far it's been 100% successful, and I've had no repeat offenders (not to mention the players get a kick out of it every time).

So you refuse to put signature check on but instead force distributing custom dll's to random people and scan their PC with them? Doesn't sound very good when combined with the underlined part of the quote.

Sounds like attempt to install malware on PCs of clients instead of trying to protect your server... If you wanted to actually protect your server, you'd enable v2 signature check immediately (that seems to be disabled still). It's like if you had a jewelry shop in a town in an area with worst reputation, keeping your doors and jewelry box locks open 24/7 and then complaining to the town council that it's their fault that your shop gets robbed every night, because they haven't put enough cops to patrol your area. facepalm.png

Have to memorize your name so that I never accidentally click myself in that server.

Share this post


Link to post
Share on other sites
So you refuse to put signature check on but instead force distributing custom dll's to random people and scan their PC with them? Doesn't sound very good when combined with the underlined part of the quote.

Sounds like attempt to install malware on PCs of clients instead of trying to protect your server... If you wanted to actually protect your server, you'd enable v2 signature check immediately (that seems to be disabled still). It's like if you had a jewelry shop in a town in an area with worst reputation, keeping your doors and jewelry box locks open 24/7 and then complaining to the town council that it's their fault that your shop gets robbed every night, because they haven't put enough cops to patrol your area. http://murobbs.plaza.fi/images/smilies/facepalm.png

Have to memorize your name so that I never accidentally click myself in that server.

When did I say I wasn't going to use signature checking?

Share this post


Link to post
Share on other sites
When did I say I wasn't going to use signature checking?

You actually didn't, that's right. I based my educated guess on two things: you didn't say either that you're going to enable it, and that your server is still running with signature check disabled even though it has been restarted after our discussion yesterday.

Share this post


Link to post
Share on other sites
You actually didn't, that's right. I based my educated guess on two things: you didn't say either that you're going to enable it, and that your server is still running with signature check disabled even though it has been restarted after our discussion yesterday.

Well this isn't exactly a thread to promote my server......

Share this post


Link to post
Share on other sites
Well this isn't exactly a thread to promote my server......

Quote from the first page on this thread:

Well, read-only access really should be available, I'm just wondering if it's implemented. I just found the scripting forums so I think I'll throw my question up there as this looks like more of a conceptual forum =P

My server name is Tilt3d's Wasteland [50+ Vehicles | Bases | Anti-Hack] (69.197.149.54:3302) currently. The base mission is very well optimized and I'm working to make it more interesting/cleaner all the time...however with the overwhelming number of "script-kiddies" my main goal right now is to come up with a solution to getting hacked. I do have some personal scripts and modded a few existing AH scripts so I can say my server is probably slightly more secure than others as well...but the CE injections are impossible to stop right so far...I'm not giving up though :alien:

Please feel free to stop in! I'll be on ~5:30ish EST

I'm getting offtopic now, so this is my last post in this thread.

I wish you and your server all the best, and I sincerely hope that you will enable that v2 signature checking to make everyone's life easier (both players' and your's) and especially that you will not create and distribute those custom DLLs on people, they still remind more malware than cheat protection in my opinion. Battleye will take care of the CEs automatically for you within a couple of days.

Remember that by reporting a cheat engine to Battleye its users will be globally banned from the multiplayer, that makes the life of creators of CEs harder, and thus decreases their prevalence. By issuing only private bans of possible CE users on your server you just ensure that you'll have the script kiddies with you as well in future. The Battleye will be so much, much more powerful in Arma 3 because the game is Steam-exclusive; in Arma 2 there was a totally uncontrolled and huge market of stolen CD keys that script kiddies could buy with 1-2 euros, rendering Battleye global bans pretty much useless. But thanks to A3 being Steam-exclusive, the theft of CD keys is almost impossible, and BE bans will be damn powerful – the cost of new CD key to script kiddies will be 30-45 euros instead of 1-2 euros. I'm sure that you realise it as well that it makes a big difference.

Edited by Ezcoo

Share this post


Link to post
Share on other sites
Quote from the first page on this thread:

This is getting to offtopic now, so this is my last post in this thread. I wish you and your server all the best, and I sincerely hope that you will enable that v2 signature checking to everyones life easier (both players and yours) and especially that you will not create and distribute those custom DLLs on people, they still remind more malware than cheat protection in my opinion. BE will take care of the CEs automatically for you within a couple of days.

Somebody asked for the info, but the title of the thread hasn't changed (however it's direction sort of has, unfortunately). This ultimately has nothing to do with me or my server...I'm trying to combat script injection. Something I'd like to share with the community. Honestly I can't see why you have been posting in this thread for the past ~5 replies other than to throw in your rusted two cents and repeatedly telling me to "just wait"...which as I've stated previously, I don't want to. If you have nothing more meaningful to contribute to the actual issue, then please don't.

Share this post


Link to post
Share on other sites

Also, something to keep in mind. If you use callExtension, all of the detection messages would have to propogate through the script VM, and the skiddies could just patch that out. If using callExtension, at most, I recommend having the DLL call ExitProcess() to end A3, and not worry about banning them.

Share this post


Link to post
Share on other sites
Also, something to keep in mind. If you use callExtension, all of the detection messages would have to propogate through the script VM, and the skiddies could just patch that out. If using callExtension, at most, I recommend having the DLL call ExitProcess() to end A3, and not worry about banning them.

Yea that's effectively what I'm doing right now. Banning only goes as far as the profile which is more or less futile anyway (outside of maintaining a db and storing/checking ips).

Share this post


Link to post
Share on other sites
Yea that's effectively what I'm doing right now. Banning only goes as far as the profile which is more or less futile anyway (outside of maintaining a db and storing/checking ips).

I'm sorry, I have to cancel my decision and post once more: When you ban a player from the game, you ban his game ID, not his player profile. The player UID is not related to player profiles in any way, you can't avoid an issued ban by creating new player profile. Only way to avoid server ban is to buy new key with full price.

I'd suggest that you learn the basics of Arma and Arma server administration before doing any advanced and hacky stuff; there are a lot of informative threads here in Servers & Administration and Multiplayer sections of this forum. Hope you get it sorted mate.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×