General Anti-hack creation

[Guest]

Hi,
This is a tiny code that run server side and kill people that teleport:

_ini = time;
waitUntil {
	_tm = time;
	if (_tm - _ini > 1) then {
		_ini = _tm;
		{
			_posNow = getPosASL _x;
			_posBefore = _x getVariable ["p_bfr",_posNow];
			_x setVariable ["p_bfr"_posNow,false];
			if (_posNow distance2D _posBefore > 150) then {
				if !(_x getVariable ["no_ah",false]) then { //*
					_x setDamage 1;
				};
			};
		} forEach playableUnits;
	};
};

I know two exceptions where the player teleport and don't need to be killed:
1 - The player respawn. This is like a teleport.
2 - A admin want to teleport a player.

For those exceptions you can set the variable "no_ah" to true on the player so he can teleport and not get killed (*).
After the teleport, "no_ah" can be changed back to false.

Seens wonderfull, but if a hacker can set "no_ah" to true in a player, he can teleport freelly.

Thinking in the possibilities about what a hacker can do, doing perfect anti-hack seens impossible.
This is why i ask what are the things a hack can do so i can do better anti-hack.

Thankyou a lot.

[Grumpy Old Man 3540]

Your best bet will be a password protected server with whitelist and 24/7 lvl 30 wizard admin .

 

Cheers

[Guest]

Really?

A hacker can easily set a variable on player like:

player setVariable ["no_ah",true];

[Grumpy Old Man 3540]

Not if you randomize it every n seconds.

 

Cheers

[Guest]

I have two great admins but want to do some basic checks. I liked your tip about random vars a lot.

 

I think in randonize the code directilly in the mission SQF files and then update BE filters automatically in each restart.

[Grumpy Old Man 3540]

You could also call BIS_fnc_endmission for the cheater only.

Make sure to use the faceplant endmission screen.

 

I am quite sure that there's been a function in A2 that clicked all dialog buttons in the correct order to actually shut down the game.

Might use that one aswell.

 

setdir random 360 with a stacked onEachFrame eventhandler could be cruel too.

 

Cheers

[sarogahtyp 1105]

You could also call BIS_fnc_endmission for the cheater only.

Make sure to use the faceplant endmission screen.

I am quite sure that there's been a function in A2 that clicked all dialog buttons in the correct order to actually shut down the game.

Might use that one aswell.

setdir random 360 with a stacked onEachFrame eventhandler could be cruel too.

Cheers

disabling user input after setting up those EH could be nice as well. after that the user 8s 9nly able to kill arma:

https://community.bistudio.com/wiki/disableUserInput

[willithappen 194]

you could make them buy all the train Simulator DLC, that might work?

 

EDIT: Seriously though, randomizing the value would make it very difficult for them to bypass the script you have, or, you could have some method of checking what it is thats assigning the "no_ah" variable, and if its not x or x then you could ban them or whatever you pleased.

[phronk 895]

^ Holy fucking shit.

I also get shitheads on my server every now and then, usually on weekends there's always one.  Been like that since the Alpha though, lol.  I'm curious if there is a way to call "disableUserInput" on a unit through the debug window while logged in as admin.  I have named all player slots as P# and would like to just use "disableUserInput P6;" but it never works.  Any ideas?

[HallyG 239]

^ Holy fucking shit.

I also get shitheads on my server every now and then, usually on weekends there's always one.  Been like that since the Alpha though, lol.  I'm curious if there is a way to call "disableUserInput" on a unit through the debug window while logged in as admin.  I have named all player slots as P# and would like to just use "disableUserInput P6;" but it never works.  Any ideas?

 

Not sure but, this maybe?

true remoteExec ["disableUserInput ", P6];

[pedeathtrian 99]

Okay you have some data you associate with players and it is done by server-side code, and this data is used by this same server-side code and this data is never intended to be used/accessed elsewhere. Right?

You can just create a simple associative array that maps user to their data (e.g. uid to their set of variables [p_bfr, no_ah]) and work with this array locally on server.

No chance of changing values by user.

You can build a whole server-side access list system which decides which actions to what objects can be performed by whom (the amount of sync traffic will increase).

[Guest]

Thankyou a lot for the replyes.
 
pedeathtrian
I understand, anti-hack must be completelly stand alone in the server, or may be in a headless client for a more rough one.

 

Nice.

But so there will be no exception for teleport, because this exception can't happens whitout client-server comunication. The player must ask for exception. So a hacker can do it either, in a hacky way.

[pedeathtrian 99]

So a hacker can do it either, in a hacky way.

Hacker can't change value of variable (here, script variable, not object's) local to server. Server has the last word in granting permissions and server has control system for checking if client has violated prohibitions or performed actions without even asking permission. Finally, punishment system, well, punishes.

The key point is to make decision process inacessible to client (in your case object variables give client that access, therefore should not be used).

Both positive cases (respawn and teleport by admin) are easily detectable by server. If someone else asks for teleport, then he's a hacker.

[Guest]

1) I can use this code server side to detect player respawn:

_player addEventHandler ["Killed",{/*allow _player to teleport one time*/}];

And allow player to respawn without punishment by anti-teleport.

 

2) On Demand teleport is executed server side (setPos):

 

A list of admins Steam IDs on a variable stored only server side.

Only those people on the list are allowed to teleport then selfs or ask the server to teleport someone.

 

Bypass:

Only fail possibilitie for 2) is if hacker uses false Steam Id and make server think he is an admin.

Steam ID is get on server with getPlayerUID, but may be a hacker can change something on his client making the server side command return an admin Steam ID.

 

What do you think?

[fn_Quiksilver 1633]

if someone is hacking what is to stop them from using your script to kill people?

 

I would just use battleye setpos.txt

[pedeathtrian 99]

Bypass:

Only fail possibilitie for 2) is if hacker uses false Steam Id and make server think he is an admin.

Steam ID is get on server with getPlayerUID, but may be a hacker can change something on his client making the server side command return an admin Steam ID.

 

What do you think?

Steam provides facilities to prevent this kind of attack. If the game server is connected to Steam and using the Multi-Player Authentication API, then hacker has to have full access to admin's Steam account to be able to fake the SteamID, that is correctly authenticate as admin.

Whether Arma 3 uses this API I don't know for sure, but my bet it does.

[barbolani 198]

On a first sight, this script is compatible with respawns, as all the variables are set for the dead object, a playableUnit will be one and once died, will be another object with new variables.

[Guest]

I'm going to a new feature: Vehicle Spawn.

 

Its easy to implement this rule:

All vehicles are created server side.

Only admin clients can ask server to create a vehicle.

Any client creating a local vehicle get kicked by BE Filter (7 "createVehicle" and 7 "createVehicleLocal").

Any client, that is not admin, asking the server to create a vehicle get disconnected by end mission or killed.

 

But... How about when a non-admin buy a vehicle on the store and needs to create it? He can't create it locally or ask the server to do that.