ArmA debug console hack?! WTF?!

[crashvector 0]

This morning on our server (=SF= Server) someone was killing everyone on the opposite team.

Another player said something about it being a debug console hack of some sort, and that he could see the command he was using.

Does anyone know anything aobut this and how to stop it? If someone can come in our server and basically kill everyone on the opposite team, it quickly ruins the game.

BTW: I am an admin recruit for =SF=, not some wannabe looking for a new hack. I need as much information as possible on how this can be stopped, or at LEAST how to see what command they are using so I can possibly figure out a way to stop it.

[zaphod 0]

do not allow addons and modified files, as such a thing like a debug or cheat console can be implemented into arma itself.

set customfilesize=0;

this will improve server capabilities and increase player maximum to over 80, and you avoid custom sound spamming.

... this is not a real "solution" for these problems, but will reduce many of them.

[crashvector 0]

do not allow addons and modified files, as such a thing like a debug or cheat console can be implemented into arma itself.

set customfilesize=0;

this will improve server capabilities and increase player maximum to over 80, and you avoid custom sound spamming.

... this is not a real "solution" for these problems, but will reduce many of them.

Do you know anything about this Zaphod?

BTW: I am =SF=WaltherP99

[zaphod 0]

hi WaltherP99!

its easy to create a selfmade "console" ... you just need to implement a way to enter code somewhere (a modified arma dialog with edit input field, or create a new one) and execute it with a button or on <ENTER> key.

this is very useful on testing and debugging new missions, but in a multiplayer game, it's a very powerful cheat possibility, as you can enter and execute any type of code. (call compile edit field content)

for example ..

{_x setdammage 1;} foreach [e1,e2,e3,e4];

will kill these 4 players ... even over MP executed on a client.

same problem with setpos, addscore, setvelocity and so on ...

in my opinion, the major problem is, that BI allows really dangerous scripting functions to be executed on a client ... this might be the easiest way for creating SP missions ...

as i wrote in another thread, i wish that BI makes critical functions only available on the server... but i don't really know what i'm talking about, as i just know of the scripting language and nothing about the BI game code itself...

Regards & nice games on =SF= anyways,

Zap

[whisper 0]

Agree completely with Zaphod on what BI could do for better MP security.

A "level" of security per server config file could/should be added, listing the scripting commands available to clients on said server, for example.

Mmmmh, think I gonna create a BT ticket for that. Excellent suggestion!

EDIT : done : TT 2751

[zaphod 0]

*THUMBS UP*

this is the best solution i've seen until now ...

I will be one of the first supporters with berzerk map pack, as most missions will not work anymore with these heavy limitations ...

but let's DO IT ... funky cold medina!

[Hyrax0740 0]

off topic zaphod on your berzerk 2.0 any thought of limiting that javalin like the sniper rifles?

will add that code to the server in a few hours

[zaphod 0]

limitations in berzerk v2.0 are still done ...

all limit ratios belong to the playercount on each side:

sniper rifles 1/8

AA Launchers 1/4

AT Launchers 1/2

so in a team with 16 players there can be 2 snipers,4 AA Launchers and 8 AT Launchers.

in addition a sniper cannot carry a launcher anymore, like MG soldiers...

Tipps for configuring server can be found in berzerk map pack readme... a example server.cfg will follow in next map package (for veteran mode +/- 3rd person)

Regards,

Zap

[Hyrax0740 0]

Sweet! cant wait to throw it on the sever!

[whisper 0]

*THUMBS UP*

this is the best solution i've seen until now ...

I will be one of the first supporters with berzerk map pack, as most missions will not work anymore with these heavy limitations ...

but let's DO IT ... funky cold medina!

Yup, limiting createVehicle on server only would limit the spawning capacities, of both cheaters.... and mission makers.

But it's still feasible for mission makers, harder but still feasible, and with tighter control over what is created.

Ofc, it's absolutely not a complete 100% hacker-proof solution (moreover depending on how such limitations are implemented), but anything making their their work harder is good.

[deady 0]

I would have to agree. Allowing clients to spawn vehicles in MP games is rather asking for trouble. There would be no inconvenience to mission makers by making only the server able to do such things.

[zaphod 0]

there is much more on clients ...

addweapon+addmagazine+createvehicle -> as described above ...

setdammage -> without words ...

setvelocity -> kick anything in the air

setpos -> beam player

addscore on server -> doesn't work .. MUST on client!?

this is what i remember right now ... but there's more, i'll update this list.

[InqWiper 0]

What about the good old equalmodrequired ? Not as easy to come in with a console then I guess?

[Maddmatt 1]

What about the good old equalmodrequired ? Not as easy to come in with a console then I guess?

Actually it's still pretty easy

[.kju 3242]

Scripting isn't really my domain ... however isn't there some

usefulness within Server_Side_Scripting:

event: onUnsignedData

description: unsigned data detected

handler parameters: user id, file name

//pseudo code

if (file name not in ArmAOriginalFiles): kick player

[whisper 0]

Well, I was more thinking of a server interdiction/check of said use (and mis-use) of script commands on client side, independantly of mods/addons check system.

I guess code can be "injected", without the need of addons/mods.

[.kju 3242]

no question about that whisper.

this suggestion / thought was meant for in between

also these config related script commands could be of some use.

it seems not many people got into them though

[zaphod 0]

as i know this server side scripting is new and very basic ... maybe it can be extended with critical functions not really needed on clients... i'll take a closer look at it...

[crashvector 0]

one of the other players in the server said he could see the commands the player was using...

THAT is what I'm interested in...seeing the commands they are trying to use because it pinpoints who it is without any doubts as to who the user is, plus it shows their IP.

[Nutty_101 0]

This morning on our server (=SF= Server) someone was killing everyone on the opposite team.

Another player said something about it being a debug console hack of some sort, and that he could see the command he was using.

Does anyone know anything aobut this and how to stop it? If someone can come in our server and basically kill everyone on the opposite team, it quickly ruins the game.

BTW: I am an admin recruit for =SF=, not some wannabe looking for a new hack. I need as much information as possible on how this can be stopped, or at LEAST how to see what command they are using so I can possibly figure out a way to stop it.

There are ways to see what everyone is doing on the server thru the packets. I can tell you that you can see the events being sent out to the clients. With that there are ways to determine what all is being done.

[jasono 0]

Is there an easy way to detect local client scripts (aka cheat scripts) being executed and the result sent to the server?

If a script has setdammage 1, and the packet with that is found and connection cut from that person, the effect won't be executed on the server or clients right ?

[Nutty_101 0]

Is there an easy way to detect local client scripts (aka cheat scripts) being executed and the result sent to the server?

If a script has setdammage 1, and the packet with that is found and connection cut from that person, the effect won't be executed on the server or clients right ?

You could just drop the packet and stop all information from the client. However if a script is written like that then you would call the player a cheater when they are not. Kinda lame.

[TeRp 1]

I think restricting the commands that can be used by a client is not a solution.

If you do so, you _are_ affecting addons that are using of these scripting commands (e.g. addWeapon / addMagazine is used for dynamic loadouts on vehicles) and make these addons unusable in MP.

I really understand your point because there are cheaters on public servers everywhere now, but if such things as above are done, addon creation will be restricted to a point where it is impossible to achive any scripting functionalities in vehicles.

This will also make it harder to design or achive specifing things in missions, as some missions may use scripts or comamnds which are and can not be executed by the server. Just say you do a mission where at one point a player will be rewared with a new gun. As addWeapon & addMagazine only work localy to the unit, this won't be possible if it's put on the script.deny list.

[Michael_Wittman 0]

I think restricting the commands that can be used by a client is not a solution.

If you do so, you _are_ affecting addons that are using of these scripting commands (e.g. addWeapon / addMagazine is used for dynamic loadouts on vehicles) and make these addons unusable in MP.

I really understand your point because there are cheaters on public servers everywhere now, but if such things as above are done, addon creation will be restricted to a point where it is impossible to achive any scripting functionalities in vehicles.

This will also make it harder to design or achive specifing things in missions, as some missions may use scripts or comamnds which are and can not be executed by the server. Just say you do a mission where at one point a player will be rewared with a new gun. As addWeapon & addMagazine only work localy to the unit, this won't be possible if it's put on the script.deny list.

So, what we need is a much better editor.

[TeRp 1]

Sorry, but what's the link from an editor to an anti-cheat solution and allowing the usage of scripts in addons and missions?