Jump to content
Sign in to follow this  
Guest

Anti-Extasy hack

Recommended Posts

Guest

Hello,

There is a new hack for AltisLife server (*LINK REMOVED*).

Many servers are hacked because of this.

But i have blocked @mod when players are connected. But don't work apparently.

Do you have other solution against those cheaters ?

Edited by Guest
Link removed

Share this post


Link to post
Share on other sites

one solution would be to not post this shit here too so every kid who doesnt already know about it can read it here too...

switch your brains on... if you have some...

Share this post


Link to post
Share on other sites
Do you have other solution against those cheaters ?

Active admins, white listed user IDs, password protected server comes to my mind.

Share this post


Link to post
Share on other sites

This very simple remoteexec.txt filter for BattlEye is enough to block it, along with the old hack it was built upon, and all of their derivatives:

5 "BIS_fnc_MP_packet"

Also, this fine selection of publicvariable.txt filters might also help:

5 "^E_X_T_A_S_Y_"
5 "FAGGOT$"
5 "GUNSTOREFUKER$"
5 "PLAYERLOL$"

Edited by AgentRev

Share this post


Link to post
Share on other sites

@Polymath820 : It's got absolutely nothing to do with what you've said. It's a script hack, loaded using a memory editing program, thus bypassing signature verification.

Edited by AgentRev

Share this post


Link to post
Share on other sites
Yeah thats C AND A and I thought windows server 2012 etc had "Memory Restrictions"? I know for sure it does. I have used them...

P.S The Battle-eye filters part of the wiki should be updated.

"Memory editing" Doesn't windows have a system that prevent it what is it called DEP (Data Execution Prevention)? Couldn't you place ArmA 3's server executable into that type of environment? I am not sure if DEP can do that, and you give the "remote-execution filter" I am sure people get pretty tired of having to update that...

I have no idea what the heck is "C and A", and the memory editing is done on the scriptkiddie's own game, not on the server. BattlEye filters are still the most reliable way to keep scriptkiddies at bay, and if you get "tired" of updating them, then you're just lazy and it's your fault if your server gets turned upside-down.

Share this post


Link to post
Share on other sites

Because I'm nice, that are just a .sqf and to make a Anti-Hack who block that .... Just block that

createDialog"RscDisplayServer"

;)

Or update your altis life server on 3.1.3 tonic put an anti-hack !

cordially Extasy Hosting !

Share this post


Link to post
Share on other sites
Cain & Abel

That's a password cracking tool. It's got absolutely nothing to do with game hacking. It seems like you have very little idea of what you're talking about.

Oh and, hello there Mr Extasy, didn't expect you to grace us of your presence.

Share this post


Link to post
Share on other sites
No, Cain & Abel whatever has a lot more than just password cracking. To ARP Poisoning (DNS-listening) It has a fair few functionality other than Password cracking. Lets just say it also has a "plugin infrastructure". It is also still updated...

Maybe, but that's still unrelated to game hacking in general.

Share this post


Link to post
Share on other sites
What do you relate to game-hacking? DDoS? Wallhacks? They're normally packaged together... One big, bad-news package to wreak havoc.

Game hacking is anything related to reverse-engineering of game clients and modifying them with the intent of gaining an unfair advantage and/or ruining the game for other players. If it doesn't involve a local installation of the game (like DDoS'ing), then it's not really game hacking, but rather network hacking in general.

Edited by AgentRev

Share this post


Link to post
Share on other sites
Why are we arguing about the specifics of game-hacks again? I do not see how it's helping the original poster...

Again, because everything you've mentioned so far has very little to do with the issue that asurion is having, and you didn't seem to understand his problem, considering you were talking about SQL injection and server-side DEP. You say that giving him BE filters without explaining how to install them is not helpful, but yet you tell him to "blacklist characters or input" without any bit of explanation. Then, you go on with saying that most of these "kids" are using Cain & Abel, which doesn't have anything to do with Arma kiddies, let alone game hacking in general.

Long story short, I'm just trying to point out that you're way off-track.

What might defend against game-hacks would be an adaptive script detection system that "notices abnormal script activity" takes it and then adds it to a log. Then as a lump sum takes all that data and aggregates it into all the filters defined by battle-eye after approval from an admin has been given.

That is exactly what BattlEye is: an adaptive script detection system. The problem is that what can be considered as "abnormal script activity" for one mission can be perfectly normal for another. As such, it is the responsibility of mission makers to write filters for their missions. There is no all-in-one infallible anti-cheat, and as such, most issues must be reviewed on a case-by-case basis in order not to cause false positives. Hence why I wrote some filters specifically tailored for the hack that asurion is having trouble dealing with.

Share this post


Link to post
Share on other sites

Well then this escalated quickly.

There is quite a few ways for them to execute this stuff, you can hook execVM directly, you can memory edit a few onLoad entries for various displays although the known ones such as inventory and field manual have pattern scans by Battleye for when they don't match and report back to Battleye but those takes weeks for validation from Battleye and then you have addons (Regardless of signature verification) although the addons method isn't used a whole lot because most don't have the knowledge.

Battleye filters are rather quite powerful however I don't recommend using the scripts.txt filter method as that can clog up the client and degrade performance but overall they're powerful for global execution based methods but as AgentRev has stated it comes down to you as the server admin or mission maker to setup filters that suite the mission that is being ran and updating them when needed. The issue with it is most are not experienced and want to treat ARMA as another game and not have the time or will to configure and setup BE Filters.

The best advice to you is to actually sit down one day and setup the Battleye filters for your server, the absolute best advice is to log everything first, find the patterns and whats accepted and whats not to properly configure the server. When it comes to ARMA there is no quick solution for something as you will always have to sit down for a day or two and actually spend some time reading, monitoring and configuring.

Share this post


Link to post
Share on other sites

Yeah it's too easy when someone can execute code globally in MP eventhandlers.

If they changed it to function name only, then that would help shut one massive door.

Share this post


Link to post
Share on other sites
You might be surprised :cool:

So I take it from on your handle that you are the hacker? Why not be useful and help BIS to shore up the holes instead of exploiting them?

Share this post


Link to post
Share on other sites
Yeah it's too easy when someone can execute code globally in MP eventhandlers.

If they changed it to function name only, then that would help shut one massive door.

A man can dream am I right?

So I take it from on your handle that you are the hacker? Why not be useful and help BIS to shore up the holes instead of exploiting them?

He's not actually that big of a threat, He is in the same category as a few of them that take others work and modify it, a slightly higher category then the normal snatch and grab. The real threats don't actually come to surface and brag about it they just like to fiddle and are not out there to destroy the game.

Share this post


Link to post
Share on other sites
Yeah it's too easy when someone can execute code globally in MP eventhandlers.

If they changed it to function name only, then that would help shut one massive door.

MP handlers are not really a primary concern, good coders know to stay away from them and just 5 "" up mpEventHandler.txt

What would be more important is rethinking the whole BIS_fnc_MP thing (personally I just run a whitelist onto BIS_fnc_MP_packet in the server's PV event handler, and I modified BIS_fnc_MP's code into a custom function that uses a randomly-generated public variable), also completely removing legacy stuff like the createUnit command with the init field, RE, the MPF, and other shit I forget. All that crap is cancer. Okay, it could break other stuff, but it can't be worse than when setVehicleInit was removed.

Another thing I will forever long for are BE filters integrated into the mission PBO for straight out-of-box filtering. Arma could simply extract them to a temp folder on mission start for BE to read them, deleting previous temp filters if there were any. No more babysitting server admins on how to install filters, all BE-enabled servers protected without lifting a finger.

Like Tonic said, a man can dream.

Edited by AgentRev

Share this post


Link to post
Share on other sites
A man can dream am I right?

Right on man - I mean, does anyone actually use them for legit purposes? There's nothing you can't do with them that can't be done using PVEH/BIS_FNC_MP so I can't see why they shouldn't be removed or at least updated to be safer.

@AgentRev - totally agree with you. I didn't see your reply as I was writing my post slowly in between watching some TV.

Share this post


Link to post
Share on other sites

category as a few of them that take others work and modify it

It's not the definition of a hacker ? take work of some body and modify it :cool:

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×