Jump to content
wickedphoenix

Address Game Vulnerability

Recommended Posts

DayZ has a core game exploit that has to be addressed . 

Based on our information, those people leveraging a kernel exploit to load rogue DLL's from Battleye. 

As soon as clients setup a authenticated session with the Game Server, they are able to use Enforce Script. With that they have the ability to build Client-Side cheats, like ESP and other admin tools. They also can use RPC's to use server-side mods. This is possible because of the lack of Client Validation. The current check can be bypassed easy. 

The people abusing this use it to force-crash DayZ Communtiy servers, use Carpet-Bombing to kill all players online and use ESP to despawn players bases on the whole map. 

Help us and make Bohemia aware, that this issue is affecting the majority of their player base and has to be addressed with the highest priority. 

Several community based servers have become a target of these exploitations and have caused many to cease hosting community servers on DayZ because we have received no response form Bohemia regarding this despite being made well aware of the issue in the feedback tracker.

  • Like 12
  • Sad 2

Share this post


Link to post
Share on other sites

Have seen this too. My favorite server is down because of it. Dayz is effectively shut down for a LOT of people right now. Please stop these Hackers in you community Bohemia.

  • Like 2

Share this post


Link to post
Share on other sites

also experiencing this issue, cant play 3/4 of my servers i regular on, this is stupid.... why is something like this not INSTANTLY being worked on? 

  • Like 3

Share this post


Link to post
Share on other sites

This looks bad on their end. Hopefully we will all he back to playing our favorite servers soon.

  • Like 2

Share this post


Link to post
Share on other sites

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

  • Like 2
  • Confused 4

Share this post


Link to post
Share on other sites

This issue should have been addressed as soon as possible a long time ago. Why the developers and Bohemia are actively ignoring this issue is beyond any of us and unless this issue is addressed more community servers which make up a large a majority of the DayZ playerbase will continue to suffer and be forced to shut down as there is no fix for this exploit. As of now when I typed this at least 4 other servers plus the one I currently play actively on (Ceasefire RP) are under attack by a very well known group who are forcing community servers to shut down. Where is Bohemia Interactive and the developers? All we want is a fix to this issue so we aren't watching our Community servers suffer anymore and exploiters like this are stopped.

 

I see a BI Developer has responded and I'll add this here. To quote you my friend...

"...what you wrote is repeatedly circulating in community , sometimes multiple times / year. We're aware of those reports but w/o details of what / how it isn't easy to fix those issues good reports help to resolve those as soon as possible."

If this issue has been brought up multiple times a year why are you guys still not having this issue resolved or at least letting us know that you're working on it? Maybe it's me but instead of constantly adding in new content to the game why are you not focused on this exploit that has been around for a decent amount of time now, especially when it is so alarmingly easy for exploiters to abuse it? If the community is talking about this why haven't you jumped on it sooner? This raises more questions than answers for me and I'm not trying to be mean, just frustrated and appalled at the fact that this has gone on and has seemingly been allowed to be unresolved for months/years.

Edited by beekibo
Developer replied to original forum post
  • Like 2

Share this post


Link to post
Share on other sites
8 minutes ago, Dwarden said:

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

I don't believe you read the issue correctly. Nor can not nor will not try to reproduce malicious activity on battleye protected services. Which is the very thing that is being exploited. Because we have banned the individual involved but they are still able to cause the server to crash regardless. This means they can simply disrupt our services by merely initiating a connection/handshake without needing to be fully connected and loaded into the game. There has already been a feedback tracker ticket created regarding this very issue that has been ongoing for several months and has not yet been addressed. We can only create so many feedback tracker requests until we get to a point were the damage has been too substantial to community servers to even continue perusing intervention. 

  • Like 4

Share this post


Link to post
Share on other sites

Can't play in community server because of this. Please Fix.

  • Like 1

Share this post


Link to post
Share on other sites

please dont fuck it all up and just listen to the community yeah? We all wanna play again and these hacker bozos are ruining it

  • Like 2

Share this post


Link to post
Share on other sites

As someone with thousands of hours invested in BI games over the years, if this isn't addressed soon, I will avoid all BI products in the future. You're just watching the community burn to the ground. I'm not going to pay you to be harassed by cheaters and hackers. I really hope you fix this issue quickly.

  • Like 1

Share this post


Link to post
Share on other sites
39 minutes ago, Dwarden said:

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

Hey Dwarden. All communities which were hit with it would like you provide everything they can but it's all we have rn. Probably, it would be possible to gather new details about it with some kind of extended logging if you can provide something like this. May be modified server exe or anything?

 

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, Dwarden said:

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

Sorry but this has been reported to the feedback tracker SEVERAL times over the past 11 months(literally) and we have yet to see a significant response, let alone a patch that acutely fixes the exploits. Feedback tracker has got us no where. Its time for Bohemia Interactive to treat these exploits & security vulnerabilities seriously. This should be a top priority. 

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, Dwarden said:

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

 

Many server owners already have tickets open regarding the issue. Not sure if you realize, but not many if any have the expertise to give steps to reproduce. There is no source code or PoC, this is DayZ, the game you develop, being exploited to destroy all SA servers. Now, I know a ticket was already opened on my behalf and we have added pertinent information in regards to our speculations, but at some point BI is going to have to take responsibility as well as BE. Furthermore (not sure what good it will do) there is a petition cycling around being signed by community owners and members.

BI, DayZ, has thousands of members and likely 10's if not 100's of servers being attacked, I think the reason this thread was opened is because WE FEEL NEGLECTED. We want a public response of reassurance, it is not our job to fend of hackers from the game, it is yours. What do you want us to do? Completely rewrite the the game and engine? We cant handle this one, get it together and step in.

  • Like 1

Share this post


Link to post
Share on other sites

There are currently many big popular servers under attack because of this serious exploit some like TrumpsWall have already been take down, nothing has been done since a year not even any tweet or any information (poor job). There are some people in the community that can help to guide / track down this exploit. If this will soon not be resolved many big communties are at risk of closing down some have already lost many players and day by day the attacks get worse causing Database corruptions rollbacks making servers unplayable. Attacks range from bombings, making players go unconcious, base teleportation and many more. This certain individual/group has bad motives for this game and admins. They will drive the game to the ground. Some servers that are currently effected by this are BloodyNightmare, Heros Haven, Lone Survivor, UnknownSixx, CeasefireRP, Exdecay and more. Even a petition has been going around to grab your attention. We need your help on this. Its not our job to fix this major issue. https://chng.it/hy4CRDs9w4 

 

 

Edited by Brozy
  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, Dwarden said:

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

So I'm guessing we should get 30 euros and pay for the hacks so you guys can fix your game engine that is from 2013? how should I say this no normal person would risk their account to provide you guys with the source code or something so you could fix game issues that have been present since Arma 2 days. And as far as i am aware multiple communities have attempted to make tickets and report these issues to you guys directly with no response and actual actions to fix these things

  • Like 1

Share this post


Link to post
Share on other sites

That's a complete cop-out and you know it.

 

It is not our responsibility to exploit the game to fix a security hole. We've offered you everything that is in our power to do. We've also offered you access to our communities and servers to run additional tests.

 

I have, on multiple occasions, pointed out that the reasonable course of action for BI to take in this instance is to provide profiling builds of DayZServer_x64 to affected communities to obtain more detailed logs that will actually be useful in tracing the origin and methodology of these attacks. Yet for some reason, BI is unwilling to do so.

 

You are, as you say, fully aware of the "reports" (we'll ignore the fact that referring to it as "reports" rather than an "issue" implies you don't believe that there's a problem, for the moment), and yet you've taken no steps to work with the community to isolate the cause aside from "send us the code to do it".

 

You should also be aware that over 90% of the game's playerbase is from community servers, not official. BI are enjoying and bragging about breaking the game's all-time-high peak playercount on Steam Charts at the moment, so allow me to provide a reality check.

 

The majority of server owners, right now, are waiting for any contracts or commitments they have with their hosting providers to run out. Then they're switching their servers off. Unless you want to go from a peak of 50,000 to a peak of 5,000 incredibly frustrated players, stuck with a mediocre experience on official - before, of course, the exploit starts getting used on Official and you drop to a peak of 0 players, I suggest you take my advice and actually do something. Because if you think that simply letting DayZ die, shrugging, and then releasing Arma 4 is going to save your company, you might want to ask CD Projekt Red how their prospects are looking for the future.

 

  • Like 1

Share this post


Link to post
Share on other sites

Your answers are a insult towards the hard working community that gave a place to play to thousends of your player base. 
We have tickets open. https://feedback.bistudio.com/T162879

We provide the information. 
We INVITE you to participate. To get into the conversation with the brightest minds and talentest developers we have to offer. 
I don't think there is another Studio out there that has this kind of luxury. A community packed with developers as talented as your own that offers free help to fix your broken game. Still, you refuse. Still, you don't take action. Still, you hide behind feedback trackers and forum posts. 

It's about time you guys are proud of the work you've done in the past. That would at least mean you feel shame for what you are doing to this community and to your players right now. It's time you feel ashamed and start acting to make it better. 

Take the help we offer. Get into the conversation with us. Be a part of the solution rather then blocking it. Even if it means that your own community has to solve the problem because you dont care to. At least give us a chance to do so for gods sake. 

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, Dwarden said:

we have Feedback Tracker where bugs, exploits and security issues can be reported as private tickets

for both DayZ and Arma 3 https://feedback.bistudio.com/

 

please provide the details

1. proof of concept / source-code

2. simple reproduction steps

 

what you wrote is repeatedly circulating in community , sometimes multiple times / year

we're aware of those reports

 

but w/o details of what / how it isn't easy to fix those issues

 

good reports help to resolve those as soon as possible

 

Pull your head out of your arse, listen to the communities that keep your game alive, get involved with them. There’s multiple big discords full of all the biggest server owners who are all busy dealing with these issues. I don’t see any of you in there trying to gather some information, provide some answers or generally support these communities. Instead you have good old Sumrak leaving them to avoid the subject. Holla at me if you want an invite. We’re all there waiting for you. 
 

Dizzle

  • Like 1

Share this post


Link to post
Share on other sites

it would be nice if some of you paid attention to what is in my post

 

"we're aware of those reports" 

 

in short the issue is being investigated ... 

  • Like 3

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×