ArmA AntiCheat for Servers and Map makers

[maddogx 13]

I would like to point out that ArmAAC does not yet detect every single possible cheat. It currently only covers weapons modifications and, to a certain extent, modded menus. It can also only detect modifications of configs.

[sicilian 0]

...Then ym friend activated his Multihack. [...]

Did i something wrong?...

No, you did all right!

The cheat you talk about is a local one. It cannot be detected by any script in the world because this f***ng thing works in memory loaded on your machine!

ARMAAC is only detecting changes in configs which is also be done by "verifySignatures=1;".... ARMAAC is a little protection for configs until the signatureTool for addon makers comes out.

Don't expect too much...

[sickboy 13]

did you depbo the mission and add the line of Armaac code to the Mission you were playing?

You don't have to edit all your missions, if you use ArmAAC in combination with SIX_Misc.

[maddogx 13]

ARMAAC is only detecting changes in configs which is also be done by "verifySignatures=1;".... ARMAAC is a little protection for configs until the signatureTool for addon makers comes out.

Don't expect too much...

Quite correct.

ArmAAC is currently a very basic tool to stop casual cheaters with hacked addons from causing mayhem, while at the same time allowing people to use mods such as FDF_Sounds, ModWar etc.

Once the addon signing tools are out, I believe we can safely do away with ArmAAC, because makers of such addons can simply sign their work and server admins can allow such addons.

[Dwarden 1124]

ofc that only applies till cheaters break the signature system

in moment they can fake the reply or return w/e information they need

you know what i mean

[ColonelSandersLite 0]

Again, what exactly is considered a malicious mod.

More specifically, how exactly can I make sure that any legetimate mods I make do not trigger a cheat alarm or whatever.

I would rather avoid tearing apart the scripts and diggind around for the answer just to make sure my stuff is as complient as possible.

[maddogx 13]

Again, what exactly is considered a malicious mod.

More specifically, how exactly can I make sure that any legetimate mods I make do not trigger a cheat alarm or whatever.

I would rather avoid tearing apart the scripts and diggind around for the answer just to make sure my stuff is as complient as possible.

Sorry, I kind of overlooked your last post.

My definition of a malicious mod, is any mod that:

A: Changes the actual firing and/or damage characteristics of any weapon, magazine or ammo type. For example: rate of fire, damage strength, damage radius, muzzle velocity etc. Sounds, models and such are not considered relevant to multiplayer gameplay and are not checked.

B: A mod that adds any kinds of menus to the game, becuase any menu can potentially be used for cheating. I have heard some reports of hackers still using cheat menus on servers, so these are currenty not covered to 100%, but I'm working on it.

C: Any mod that changes multiplayer characteristics of soldiers and vehicles, such as armor values.

[Jack-UK 0]

It was running nicely on the 22SAS server today, no noticable increase in lag.

I just wish all servers would run this.. just got accused of cheating earlier in a DM game with an 'aim hack' by the MIT clan.. Just great

Not only can these stop the cheaters it can prove who is and who isnt! :P

[ColonelSandersLite 0]

A: Changes the actual firing and/or damage characteristics of any weapon, magazine or ammo type. For example: rate of fire, damage strength, damage radius, muzzle velocity etc. Sounds, models and such are not considered relevant to multiplayer gameplay and are not checked.

B: A mod that adds any kinds of menus to the game, becuase any menu can potentially be used for cheating. I have heard some reports of hackers still using cheat menus on servers, so these are currenty not covered to 100%, but I'm working on it.

C: Any mod that changes multiplayer characteristics of soldiers and vehicles, such as armor values.

Ok, so 3 questions:

Does my UI mod (which changes the color of the ingame menus from light clear to black to make the text always visible) set this off as it may be effected by C above. Or is it only new menus that I need to worry about?

It's not my mod, but does TrueView get effected? It changes the zoom levels and fov on a great many items.

Do you have some kind of routine where you can make exceptions with a specifically allowed or disallowed mod?

[maddogx 13]

Ok, so 3 questions:

Does my UI mod (which changes the color of the ingame menus from light clear to black to make the text always visible) set this off as it may be effected by C above.  Or is it only new menus that I need to worry about?

It's not my mod, but does TrueView get effected?  It changes the zoom levels and fov on a great many items.

Do you have some kind of routine where you can make exceptions with a specifically allowed or disallowed mod?

1. Should be fine.

2. Not sure, haven't tried it before or looked at the code. From what I've heard, it should also be ok.

3. Not yet, but it should be possible.

[Frantic 0]

It was running nicely on the 22SAS server today, no noticable increase in lag.

How many players were on the server and how was the frequency of joining and leaving players?

I would like to have it on my server too, but till now i have only read that its good up to 7 players and more players will lag the server...

so im waiting for nice reports about that till i put it up on my server and my missions.

[sickboy 13]

How many players were on the server and how was the frequency of joining and leaving players?

I would like to have it on my server too, but till now i have only read that its good up to 7 players and more players will lag the server...

so im waiting for nice reports about that till i put it up on my server and my missions.

Heya, Just add the ArmAAC and the SIX_Misc addon to your server.

No need to edit missions! This way you can test it clean and mean without having to do much more for it than copying the files to the server, restarting, checking how it works, if it works bad, just remove the SIX_Misc and ArmAAC again :0

[Jack-UK 0]

Hmm i dont think we had any more than about 12 players, so i cant say that it was a 'full' server but with that amount of players it seemed fine.

And for the curious: Trueview is NOT affected.

[Acecombat 0]

I didnt know anything about ARMAAC until i played in a MP game just now and it read 'this server is protected by ARMAAC' .... so i think ok neato , very much like PB, ArmA needs something to protect players in MP.

And guess what in that very game on that very server, a guy from some clan called Mygot shows up and cheats left & right , tking deliberately everyone just to show off that he can do so even with Armaac on , then he put on some wierd sound file which played the sound of a man screaming bloody murder on and on and on ..... untill it forced us all playing to shutdown the volume of our radios in options. he kept on asking for an admin to ban him so he could come back and prove how worthless bans are as he was changing his game ID's on the fly according to him.

It was a real pain playing like that.

Now i dont know how it all works but BIS should do better with in game security. If cheats like this get out, MP is doomed. or will only be enjoyed behind closed doors locked sessions   .

P.S: It was the 22SAS server the one on which this happened iirc.

[whisper 0]

AFAIK TKing != cheat and Armaac will not protect you from that.

The sound thing is not cheat either and can be done by anyone, provided the server has a configuration that accepts it (it can be disabled, and imho should be on most big free server)

As for ID changer.... well.... 95% of these guys are THAT obvious that you'll spot them the very second they reconnect with their neat changed ID.

[mattxr 9]

I belive this Signatues thing is going to fuck the game up. Becuase many people i see on servers is using there own replacement packs and the servers arnt going to enable every addon available which will greatly decrease players from servers and we knw if that happens with the little players arma has were fucked.

[highplainsdrifter 0]

Is it possible to set up a server to autokick or disallow a connection for user id's that are too long? I've noticed that the suspect players (hackers) always seem to have a long id, like 10 digits, where regular players have a 6 or 7 digit id. (I'm at work so I don't have access to my game to check the normal id length)

[Junker 0]

Is it possible to set up a server to autokick or disallow a connection for user id's that are too long?  I've noticed that the suspect players (hackers) always seem to have a long id, like 10 digits, where regular players have a 6 or 7 digit id.  (I'm at work so I don't have access to my game to check the normal id length)

It is possible but i myself cant figure it ATM.

[Nutty_101 0]

To be honest were screwed. The truth to the matter is that the packets are where the key is held. If i was really bored i could write a nice little utility that would swap your key to any length at random while you play (don't ask me, if you do ill just foward the request to a mod! I am trying to help us out). This is problem number one. The servers don't check this key at all. Feed it a 6666666 and it will take it, feed it 1234567890 and it will take it. So until they release a freaking key gen auth tool for the servers to run that compares to a master database were sol. Then in that case it does not matter as the people who want to get more keys just put up a server and catch all the keys out there.

So a central login server that issues a temp key to each logged in client then that key gets sent to the game server who in turn sends it to be verified via the master servers.

Here is an example: 6666666 = cd key. humm riiiight!

<table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">

E...6'....r"....B.&....~.k(pc.. h0......)............!?....gH..=.=.mini6666666.Nutty.Default.None.dan....?......pD.>i.........

Get the picture? As i said we have to have something for the servers to check this junk. Even if it was something we had to run next to the server or what ever. We just need something to validate the id's. I applaud maddog for trying to help out, and i am sure it has to some people. Though it does nothing for us. I have sat and looked at the server and tried to figure out what was a way to reduce issues but i cannot come up with anything.

The servers i am working on I am blocking anything that gets created on the client side now. So the createvehicle command will not make it to the server. Still not sure how well it will work as i have not tested this with more than myself and some random people who join up. I have also got the code to check damage when a gun is fired but i don't think i have figured it all out. So who knows.

[DBO_ 0]

You are doing a fine job it sounds like.

But please make sure you keep this info between you and Bis because all other efforts to combat cheats have failed due to step by step reports on how the anti cheat works leading to counter software being produced almost immediately normally i would not mention this ecause of course the other anti cheats needed to be given to all people and thus could be de pbo and read, yours it seems may only be needed by bis and yourself to create aa "anti cheat police". It is also alledged that the biggest creator of the cheat hooks was once a very respected member of this community who was disgruntled in the early days of codies and bis and regularly watches the forums.

once again thanks for your efforts to combat the cheats.

[Nutty_101 0]

Yeah, I am sure there are ways around anything we do. Mostly what i am doing will stop some things that cause the worst hacks. The rest i cannot help with. Heh, heck what i am trying to do might be useless anyway since it would break most the missions out there. At the least I am trying to give another method to ID the people cheating on the server right away. Nothing wrong with sharing that info. It might stop a few out there, the private cheats i don't think i can stop to be honest. It just sucks to join and a tank shell blasts ya to a new level when your inside a building where they couldn't hit you with a tank. Grin

As for the person being on here. I am sure, there are quite a few people who are making cheats on this forum. Most of them are doing nothing more than using public resources like everyone else does. If anyone takes the time, every single thing they have done is out there. They just package it so anyone can click buttons to make it work. Plus this game is using directx, anything you could want to do is out in public anyway. So client side there isn't much one can do. I do have a server side fix for the so called speed hack they did. Eats a few clicks off your cpu but keeps the players in check. Does not use speed to check it either because that information is not correct as they just use the + accel time to forward the client local. So to the client and server it see's the speed as normal. Just keep track of their position and then check it often. If you do that and a lil simple math you can tell their true speed. Since they are on foot you know they cannot be going that fast and you can also check vehicles. However the reload and everything else that comes with accelerate time takes a different approach to detect.

In what might be taking wrong by quite a few people. I applaud people for at least putting the cheats out publicly. That way we know what they are and can work to fix them one way or another. Cause it's the people who keep it to a closed circle who can really cause hell trying to guess what is going on. Yeah, less people wreck the public games but that is also one less cheat used on tournies and other ranked games. Get what i am saying??

[ggxjimmy 0]

well i dont think i will play any tournaments in ArmA ever again. i've seen some buitiful bull from people i talk to often.

but it always comes to me digging a hole for myself as obviously im the noob

[Backinthetxt 0]

I haven't read the whole topic here so don't know what exactly you guys have discussed but please read my topic regarding and idea to prevent hackers from connecting to your server.

http://www.flashpoint1985.com/cgi-bin....1117556

[1436 1]

yah over 10 digits are ketgen ids that a old fact from ofp.

best way to make a secure server is to make it equalmodrequires=1

and have a config checkfile in the server.cfg this does not mean you can not come in with addons. it just forces players to put thare addons in thare addons folder. so the file check can can scan them

see my server config

http://www.freewebs.com/sieish/server2.txt

also updated my sticky

http://www.flashpoint1985.com/cgi-bin....t=63934

[1436 1]

ahh nvm theys tkc guys wher on a server with equalmodrequires and finechecks