Jump to content
][niipaa

Niipaa's Workshop - Real Time Script Engine

Recommended Posts

UPDATE: The Documentation is missing from the V1.10 download. Here is the Readme for those who want it: https://dl.dropboxusercontent.com/u/39688260/NW_RTSE_Readme/Readme.txt

 

Howdy ho folks, been awhile since I've dabbled in the release field, and I figured what better time to come back, than with something I've rather selfishly held onto. I present Niipaa's Workshop - Real Time Script Engine or NW_RTSE, a powerful in-game GUI, that allows you to run Scripts in real time, even scripts that aren't located within the mission, as well as a plethora of other neat things, like a Real Time Code Engine, various tools, and other stuff. This is NOT the first tool of its kind, but it is my take on the idea. You can thank Genesis92x, as he helped convinced me that it was ready to be released, and apparently it has helped him a lot with developing Degeneration, so it can't be all bad. Not to mention he helped develop and refine a lot of its functionality. So a big shoutout to that cutie. Either way, I'll keep this short since people usually complain about my lengthy posts, and drop the link and some basic install information.

DOWNLOAD - V1.10

To use it, simply press LEFT CTRL-B while in-game, and it should bring up a neat menu that is discussed a little more in depth in the Readme.
To use scripts that aren't within a mission, simply create a folder in steamapps\ArmA 3 called "Scripts", and place what you want to test there.

Good luck and have fun.

Screenshots:



Changelog:

Changelog:
Version 1.10 - Update #1

*Updated* - Source Files, Readme.
*Added* - SAVE functionality to both RTSE and RTCE. This is the most major improvement for Update #1. Notably, it will allow you to save all entered info into either RTSE, or RTCE, and load it, all upon command. This is NOT the default behavior since not everyone will want everything they've entered to Save and Reload automatically, this gives everyone a choice on what they want. Currently it is only capable of saving one entry of code, and one entry of scripting info. I may or may not add in the functionality to save "Code Sets" and "Script Sets". Depending how well this is all received.
*Added* - 4 More Parameter Areas, bringing the total up to 9. Not really sure of a script out there that could need more.
*Changed* - Small layout changes to RTSE and RTCE to allow for their new SAVE, LOAD, and DEL (Delete) functionality.
*Changed* - "Script Name" now reads "Script Path\Name". This should make it's entry area a little more clear on its functionality.
*Removed* - Credits Text Area in both RTSE and RTCE menus. This is to allow more space for current and future changes to come.

Version 1.00 - Initial Release



~Niipaa

Edited by ][niipaa
New V1.10 Screens Added

Share this post


Link to post
Share on other sites

not to be a debby downer, however, with my limited understand of this mod, being its just arrived. This looks like Loki, and by that i mean,that will allows the script kiddies, yet another avenue to fuck up servers, and ruin peoples fun... correct me if im wrong. but that is what it looks like..

Share this post


Link to post
Share on other sites

You are absolutely right, it very well could be used for malicious activity. However, it was never developed with that in mind. It is signed, comes with keys, and signatures, all up to ArmA 3's standards. Servers can easily enforce whether or not this addon is allowed. Regrettably still, it can be used for that. I'll never make an ignorant gesture that that kind of activity would never happen. But at least there are standards in place to try and prevent it. By all means if this Addon breaks some kind of hidden clause in the EULA of ArmA 3, then that would be a different story. However it uses means that are all available within A3 itself. There are no external DLLs, or circumventions, hell 90% of the power behind it is the simplicity of BIS_fnc_spawn and BIS_fnc_MP. Should my head be wanted on the pike, and the community seeks to burn it down, I would be kind enough to remove it. But this is meant to HELP people, make more scripts and content for missions, or just for people to have fun with each other. It's not my place to strike down the hand of the ArmA gods, and tell someone how to use it.

Of course as the author of it, I don't want it to be used in ruining other people's experiences. But I don't have the power to stop them either (aside from pulling it down), just so something else would take its place, more aimed for those intentions. I guess we'll have to wait and see what the overall reception is, as I'm really gunning that it will be used for more good than evil. But I guess those are famous last words.

Edited by ][Niipaa
  • Like 1

Share this post


Link to post
Share on other sites
not to be a debby downer, however, with my limited understand of this mod, being its just arrived. This looks like Loki, and by that i mean,that will allows the script kiddies, yet another avenue to fuck up servers, and ruin peoples fun... correct me if im wrong. but that is what it looks like..

I would have to respectfully disagree.

There are many tools out like this anyway and a tool like this could be extremely beneficial to people who want an additional menu than just what BIS has to offer.

Unless a tool is intently made to be malicious then I see no reason why modders should squelch what they decide to release because of potential "script kiddies".

A server should always have signature checking anyway(if they are open to the public), or anyone that can script can execute code even without a tool like this...

I agree that this mod could cause issues in servers, but this addon can be stopped by simply doing signature checking. I fully believe that server owners should be responsible for protecting their server as much as possible - not modders.

Just because signature checking can be a pain is not an excuse to leave a server vulnerable to random addons.

ANY ADDON can cause trouble in servers. What if a player joins a Zeus mission with a random infantry mod and begins spawning units that no other player can see? The .rpt spam in the server would be glorious, not to mention the lag generated by people running random mods.

This is a mod for people who are interested in developing code for ArmA 3 with a slightly cleaner interface.

Share this post


Link to post
Share on other sites

Im trying to learn to create missions and the "script" part is hard for me, ¿do you recommend me to use this tool, or should i keep learning and trying to understsand how scripts works?

Share this post


Link to post
Share on other sites

Release frontpaged on the Armaholic homepage.

================================================

We have also "connected" these pages to your account on Armaholic.

This means soon you will be able to maintain these pages yourself if you wish to do so. Once this new feature is ready we will contact you about it and explain how things work and what options you have.

When you have any questions already feel free to PM or email me!

Share this post


Link to post
Share on other sites

New mod v1.0 available at withSIX. Download now by clicking:

banner-420x120.png

@][Niipaa;

You are now able to manage your own promo pages of your content on our web platform and publish new content yourself.

To do so, please hit 'this is me' button on the page while logged in and follow the quick and safe claim procedure to get connected to your work.

For now you can send new content or releases our way by using any filesharing service and add your notification at getsatisfaction.withsix.com.

Share this post


Link to post
Share on other sites

did i ever say anything about "squelshing" anything.. No, so dont put words into my mouth. Furthermore your defensive posture is clear, and warranted. as you stated people "should" properly admin their servers, however, you and i both know there are hundreds of servers out there that are not Signaturechecked. And this tool, as i was simply pointing out, Will be used maliciously. sorry that you took offense to my simple question. As i stated, with my limited knowledge of this mod. that is simply what it looks like to me. you can disagree with that all you want, however. It still stands, this can and will be use against us..

However, my simple question aside, Thank you for your hard work. It is appreciated. im sure this is a powerfull and valuable tool.

Mith86, unless i am mistaken this mod will allow you to inject scripts for testing and developement of a mission or for gameplay purposes like MCCSandbox. (unless im mistaken) You still have to know how scripts work and how to create them. but this tool can help you, i imagine, in some way

Edited by Lordprimate

Share this post


Link to post
Share on other sites

This mod can be easily protected agains malicious behaviour:

Area execution level:

if ((isServer) and (!isDedicated)) then {...);

More info here:

http://www.kylania.com/ex/?p=26

Creating a global variable inside the mod to allow his execution in case this variable take a value. (another form to prevent execution and link the mod to mission).

---------- Post added at 20:51 ---------- Previous post was at 20:41 ----------

"There are many tools out like this anyway and a tool like this could be extremely beneficial to people who want an additional menu than just what BIS has to offer.

Unless a tool is intently made to be malicious then I see no reason why modders should squelch what they decide to release because of potential "script kiddies".

A server should always have signature checking anyway(if they are open to the public), or anyone that can script can execute code even without a tool like this..."

You cannot expect the best scenario for a potentially dangerous situation.

Share this post


Link to post
Share on other sites
This mod can be easily protected agains malicious behaviour:

Area execution level:

if ((isServer) and (!isDedicated)) then {...);

More info here:

http://www.kylania.com/ex/?p=26

Creating a global variable inside the mod to allow his execution in case this variable take a value. (another form to prevent execution and link the mod to mission).

---------- Post added at 20:51 ---------- Previous post was at 20:41 ----------

"There are many tools out like this anyway and a tool like this could be extremely beneficial to people who want an additional menu than just what BIS has to offer.

Unless a tool is intently made to be malicious then I see no reason why modders should squelch what they decide to release because of potential "script kiddies".

A server should always have signature checking anyway(if they are open to the public), or anyone that can script can execute code even without a tool like this..."

You cannot expect the best scenario for a potentially dangerous situation.

I agree, and you can not just expect the worst either.

At the end of the day this is just a mod, this does not inject any code into memory, or does it read from memory.

Adding to the server config

 
verifySignatures = 2;

stops this mod, or any like it, from being a threat

ANY ADDON can cause trouble in servers. What if a player joins a Zeus mission with a random infantry mod and begins spawning units that no other player can see? The .rpt spam in the server would be glorious, not to mention the lag generated by people running random mods.

So any addon could be potentially dangerous.

Edited by Genesis92x

Share this post


Link to post
Share on other sites
Im trying to learn to create missions and the "script" part is hard for me, ¿do you recommend me to use this tool, or should i keep learning and trying to understsand how scripts works?

Sadly, this will not necessarily make learning scripting easier. Depending on how you script, and your style, when you that far into it, it could theoretically facilitate it, you will still need to go out and look for tutorials, or look at scripts to learn and understand. The source is included with this though, if you wanted to look at the scripts in here.

Release frontpaged on the Armaholic homepage.

================================================

We have also "connected" these pages to your account on Armaholic.

This means soon you will be able to maintain these pages yourself if you wish to do so. Once this new feature is ready we will contact you about it and explain how things work and what options you have.

When you have any questions already feel free to PM or email me!

Thanks Foxxy.

New mod v1.0 available at withSIX. Download now by clicking:

https://withsix-usercontent-cdn.withsix.com/mod/ce93b5ff-d2e8-4965-88e8-65cee6f8aa86/logos/banner-420x120.png

@][Niipaa;

You are now able to manage your own promo pages of your content on our web platform and publish new content yourself.

To do so, please hit 'this is me' button on the page while logged in and follow the quick and safe claim procedure to get connected to your work.

For now you can send new content or releases our way by using any filesharing service and add your notification at getsatisfaction.withsix.com.

Awesome, thanks.

This mod can be easily protected agains malicious behaviour:

Area execution level:

if ((isServer) and (!isDedicated)) then {...);

More info here:

http://www.kylania.com/ex/?p=26

Creating a global variable inside the mod to allow his execution in case this variable take a value. (another form to prevent execution and link the mod to mission).

---------- Post added at 20:51 ---------- Previous post was at 20:41 ----------

"There are many tools out like this anyway and a tool like this could be extremely beneficial to people who want an additional menu than just what BIS has to offer.

Unless a tool is intently made to be malicious then I see no reason why modders should squelch what they decide to release because of potential "script kiddies".

A server should always have signature checking anyway(if they are open to the public), or anyone that can script can execute code even without a tool like this..."

You cannot expect the best scenario for a potentially dangerous situation.

While there are plenty of ways to protect and direct the mod's usage from within, it also hurts the original functionality. For example MP development, which I have done before and will always prefer, because two minds are better than one. Using a isServer and isnotDedicated check will prevent anyone else from using it in that environment. Yes, it will stop people from being able to use it on Local Hosted Servers, and it will stop them from being able to use it on Dedicated, for all about 5 seconds. Since I release the Source with everything I do, it would not take long to find that change, and simply take it out, so long as you had the most basic understanding of scripting.

It seems I have more faith in the community than I should, as I all I ever want to do is help people to learn, modify, and create for a game series that in the end I feel is still lacking Vanilla wise. It's why for anything I ever made, I released source, and never asked for credit. While there are ways to prevent or circumvent the user from having access on servers, that is simply not my place. I refuse that responsibility much like LostKey from the old days. Server owners need to understand their options for security. This tool compared to what's already out for ArmA 2/DayZ/ArmA 3 is so, so small in functionality, and it's disturbing. But, BattlEye is there, Signature checking is there. I don't think anyone necessarily expects the best scenario for a potentially dangerous situation, but that's just it. It's a potential. Just like I could take the time to nerf some of the functionality within this, a server owner could take the time to use the rather ingenious methods that don't make much effort to protect themselves from things like this.

Share this post


Link to post
Share on other sites

Hate to double post, but an update has been released for the few if any using this currently, changelog and link follows, and they can also be found in the main post.

DOWNLOAD - V1.10

Changelog:

Version 1.10 - Update #1

*Updated* - Source Files, Readme.

*Added* - SAVE functionality to both RTSE and RTCE. This is the most major improvement for Update #1. Notably, it will allow you to save all entered info into either RTSE, or RTCE, and load it, all upon command. This is NOT the default behavior since not everyone will want everything they've entered to Save and Reload automatically, this gives everyone a choice on what they want. Currently it is only capable of saving one entry of code, and one entry of scripting info. I may or may not add in the functionality to save "Code Sets" and "Script Sets". Depending how well this is all received.

*Added* - 4 More Parameter Areas, bringing the total up to 9. Not really sure of a script out there that could need more.

*Changed* - Small layout changes to RTSE and RTCE to allow for their new SAVE, LOAD, and DEL (Delete) functionality.

*Changed* - "Script Name" now reads "Script Path\Name". This should make it's entry area a little more clear on its functionality.

*Removed* - Credits Text Area in both RTSE and RTCE menus. This is to allow more space for current and future changes to come.

Version 1.00 - Initial Release

Share this post


Link to post
Share on other sites

Genesis92x

"I agree, and you can not just expect the worst either."

I think you dont know nothing about security hosting servers.

][Niipaa

"While there are plenty of ways to protect and direct the mod's usage from within, it also hurts the original functionality."

Why?

You can enable the debug console (.ext) on a mission to achive exact same functionallity than your mod and this is the right way to avoid possible exploits. I think you know that but you dont want implement global variables to avoid the execution of your mod by default.

And yes your mod is a remote console that can inject code in remote servers. Right now your mod is a classical hack tool to break the unprotected servers.

I must insist on your responsibility to avoid creating such tools or release them in safe environments.

Share this post


Link to post
Share on other sites
Genesis92x

"I agree, and you can not just expect the worst either."

I think you dont know nothing about security hosting servers.

][Niipaa

"While there are plenty of ways to protect and direct the mod's usage from within, it also hurts the original functionality."

Why?

You can enable the debug console (.ext) on a mission to achive exact same functionallity than your mod and this is the right way to avoid possible exploits. I think you know that but you dont want implement global variables to avoid the execution of your mod by default.

And yes your mod is a remote console that can inject code in remote servers. Right now your mod is a classical hack tool to break the unprotected servers.

I must insist on your responsibility to avoid creating such tools or release them in safe environments.

djotacon,

I believe your argument holds many valid concerns and I think you are in the right to be concerned. I would urge you to take a second to really take a look at the other side for a brief moment.

Server Security

I never claimed to know a lot about server security, I just mentioned that server owners who want to protect their servers should know the basics like signature checking and Battleeye(Both of which this mod can not get past)...You have not even refuted these arguments and have simply chosen to ignore them.

Which could be why your argument turned into an ad hominem attack fallacy. -> "I think you dont know nothing about security hosting servers"

Unprotected Servers

You mention that this tool can be used to attack unprotected servers...well... let me just copy and paste my previous statement below (for the third time):

ANY ADDON can cause trouble in unprotected servers. What if a player joins a Zeus mission with a random infantry mod and begins spawning units that no other player can see? The .rpt spam in the server would be glorious, not to mention the lag generated by people running random mods.

Or what if someone joined with modified weapons/ammo? So that all their weapons killed anything in one shot?

Without signature checking, or battle eye, this is going to be common.

So any addon could be potentially dangerous.

Claim of Redundancy

As for your second point,

You should really take a look at what kind of functionality this has to offer. It does offer more than Bohemia's basic menu. I think it looks much better than Bohemia's debug and is easier for me to use. Granted that visual appeal is a subjective thing...

I understand that you may not want to use this tool, which is perfectly acceptable.

On these forums you are allowed to upload (within reason) the mods you want, and download the mods you wish.

That goes for everyone. If you don't like a mod, then you have that right to not like it.

But please do not attack the mod makers for releasing something they put a lot of work into because you disagree with an addon.

I like to believe people are measured more by the things they say about what they dislike, than what they say about the things they like. Respect goes a long way

Edited by Genesis92x

Share this post


Link to post
Share on other sites

I believe this has gone far enough. I've put almost a year of work into RTSE, and while it may not look like it, a lot of time has been dumped into creating something that was aimed to help a friend with his development goals. With his encouragement, I aimed to extend that to a community I once cherished and held dear, and always tried to give the best within my limited skill set. Perhaps I am naive, or misguided. That all being said, this thread has been derailed far enough, and is now a back and forth about server security, and whose responsibility it is. So let me lay this out as bluntly as possible.

As far as server security, and to put this nail in the coffin, whether naysayers want to believe it or not: It is NOT my responsibility for other peoples servers. Plain and simple, it isn't. Had I released something that was solely meant to harm a server, then surely, it would be my responsibility for creating such an addon. But I haven't. This is no "hack tool". If you want hack tools, perhaps you should actually look towards the communities whose sole purpose is the development of things like that, that usually deal with memory manipulation, and actual injection, in the real use of the term.

It is neither Bohemia's, nor my responsibility if a server owner chooses to not enable Signature Checking. That is the owner's job. It is their investment or property, it is their job to protect it. If you think that RTSE is the only addon with this kind of functionality, you are either incredibly naive, or ignorant. So please, if you have nothing to say actually pertaining to RTSE, its functionality, or its intended purpose, please refrain from bringing it here. If you want to create a bashing or awareness thread, by all means, be my guest if it is in compliance with the Forum Rules. But this is not the place. Nor is pretending that "doing this will help protect servers" is constructive. Aside from ensuring that RTSE doesn't cause some ridiculous performance drops, performance is the aim. Security is nigh pointless when I'm releasing the source with it. Why would I release the source with it? Because I BELIEVE in this community, even if no one else does.

Share this post


Link to post
Share on other sites

I'm not going to argue with someone who clearly does not care or care what I 'm saying.

The reality now is that this tool will cause very many problems to servers that are not protected .

If the creator of the mod is not interested in minimally protect their own creations and dodge the problem for me are his intentions clear .

Share this post


Link to post
Share on other sites

@ djotacon

Sorry to say it so harshly but you are clearly wrong here.

There are various consoles out there with this kind of functionality. One more wont change a thing.

Plus there are cheats to execute code (also remote ofc) without any pbo.

So it seems you have to do more research on server security.

Share this post


Link to post
Share on other sites
;2862491']@ djotacon

Sorry to say it so harshly but you are clearly wrong here.

There are various consoles out there with this kind of functionality. One more wont change a thing.

Plus there are cheats to execute code (also remote ofc) without any pbo.

So it seems you have to do more research on server security.

Genesis92x

I merely expose a clear safety issue.

It is a complete mystery to me why someone as evidenced problem automatically becomes a personal attack.

As you will understand I can not develop personal hate to people I do not know anything.

.kju [PvPscene]

The discussion here is not whether or no cheats but if you can minimally protect a mod to avoid problems in the community without harming its functionality.

For security a remote console is an open run remote scripts door.

As I personally understand not interested in the problem beyond its implications.

If the creator of the mod is not interested in solving the problem is not my business .

Edited by djotacon

Share this post


Link to post
Share on other sites

Sorry again but you don't get it.

Anyone can just extract his pbo, even with your check, remove the check and repack it.

So nothing is gained with your suggestion.

Share this post


Link to post
Share on other sites

Thanks for informing us of the updated version :cool:

Release frontpaged on the Armaholic homepage.

================================================

We have also "connected" these pages to your account on Armaholic.

This means soon you will be able to maintain these pages yourself if you wish to do so. Once this new feature is ready we will contact you about it and explain how things work and what options you have.

When you have any questions already feel free to PM or email me!

Share this post


Link to post
Share on other sites

this utility has saved me an immense amount of time and has increased my scripting education my huge leaps and bounds!!!!! There are many tools and options that have allowed me to test and try things on the fly that would of normally forced me to save-exit-work-reload-test ,, the sequence goes on and on!!! with this, i can type-paste-try-done!

and as a note to the insecure newbie server owners out there that are critical of this utility,,, hackers do not used publicly made utilities to inject script! In the real world, battleeye had any asects of this thing that could cause damage added to their database the day it was released. If you want to hack a server... well, i won't get into that. But using this is not going to do it, unless a server has no protection and at that point a simple script can be written to allow acces to the built in debug console and packed into a pbo that will do anything this tool will do as far as injecting script,, which is anything needed to do in the game. to the developer: Please continue to update and suppoet this utility as it is a huge help to adon/mission makers and script designers, Thank You

  • Like 1

Share this post


Link to post
Share on other sites

Just a heads up to anyone using this. Due to the nw Filepatching handling and security introduced in 1.50 (Yes I'm behind the times), you will need to enable Filepatching for the RTSE side (Running scripts from outside a mission or addon, basically loose files) for it work properly. RTCE (The code execution) still works without it, but to run loose scripts this is now mandatory.

 

If you are running in an SP or Local environment (Anything non-dedicated) this can be done simply by going to your Launch Parameters, then the Advanced Tab, and then the Advanced Dropdown menu, and checking "Enable File Patching".

 

 

If you are running a dedicated server and wish to use RTSE functionality, then follow Terox's advice as posted here:

 

From user: Terox

 

To fix this issue server-side, you need to do 2 things

 

  1. server commandline parameter: -filepatching
  2. servercfg entry:  allowedFilePatching = 1;

 

 

This now allows me to execvm a script locally on the server that is in the Dedicated servers userconfig file

 

Best of luck in your future developments!

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×