Arma battleye support for 1.09beta

[baddo 0]

WarWolf @ Jan. 05 2008,01:01)]Userrights? Its a DLL running in ArmA space, therefore as ArmA seems to run reliably only with Admin rights then this is sort-of a moot point?

Uh, what?

ArmA runs stable when I use a restricted account... I know not all games work well if they are not used by admin account, but all of those which I know are old games and their developers probably never were thinking that users might actually have accounts and different permissions.

[ArMoGaDoN 0]

I see the issue of whether it CAN or DOES access anything outside of the game folder as a VERY VALID question, also I don't see this single question as 'endless'...!

Game concern questions, like it's effectiveness against cheats, are important questions that have, as you rightly pointed out, been asked.

But before many will allow this protection from cheats to be installed on their systems, mine included, the mechanism itself needs to be trusted. Hence my re-statement of the earlier question on the access issues. The subsequent avoidance of answering that question directly has given me more cause for concern - and now the seeming playing-down of the issues that the question raises I now see as nothing short of suspicious.

If this software does or can access outside the game folders then we have a RIGHT to know this BEFORE installing, if it does not then it is in everyone's interest to know this as soon as possible to avoid this argument entirely.

A simple answer to a simple question is all I have asked for.

Please do not insult me further by suggesting otherwise.

p.s. @Yoma: if they're bright enough to build a driver then they're bright enough to change it's name. No system such as this could stop that reliably so I disagree that access outside the game folder is desirable or necessary. It simply could not prevent that type of hack anyway.

[Yoma 0]

Maybe the simple answer is as simple as telling my grandfather he will never get his pc infected with a virus when using a virusscanner.

It's a lie, but he simply can't handle the truth.

I'm sorry if that offends you, that's not my goal.

[aussie dave 0]

Have setup a server running it.

I joined it without BattlEye and it disconnected me from server - I can't find any logs on the server to tell me any info on kicks etc.

[ArMoGaDoN 0]

Response from BattlEye dev:

Hi,

please read the EULA before installing BattlEye which overwrites the general readme included in the zip. It states that your privacy won't be violated.

BE will of course only scan files that are somehow related to the game (thus system files outside of game folder as well). And this is mostly only done in memory and not on harddrive. Besides, if entire files are read it would, if so, only send one-way hashes and not the contents themselves.

Regarding BE Server influence, this is only very limited. The BE Client mainly gets very abstract technical data from the BE Server that tell it what and where to scan. There will always be error checking so that the BE Client cannot crash the game or be exploited in any way. For example, if some detection required sending file names to the BE Client it would make sure that these are valid and not refer to game-unrelated files.

I hope that this answers all your questions.

Regards,

Bastian Suter

..........

So, I for one am glad for this reassurance, and it would seem from his reply that the dev has also added protection against spoofing from the server end into the client. Am still dubious about the usefulness of such scanning outside of the game folder in relation to the more advanced and private hacks possible, but for mass-released hacks I guess it will prove it's worth over time.

Now, I guess, it's time to see if the server kicks me for all the modified addons I have tweaked and 'perfected' over the course of the last year...

If it kicks me for the modified higher-resolution rain am gonna be pi**ed. Guess the solution is to sign an addon ourself in this case? But does the server have to have the same addon as well now to allow the use of such a privately signed addon?

Or do we just need to add an addonmakers public key someplace on a server in order to trust addons from that source?

----------

A question that's niggling at me is does anyone know why the games that used/intergrated BattlEye support that are listed on the devs website:

(BattlEye)

eventually removed BattlEye from those games as I have read?

[[kh]jman 49]

WarWolf @ Jan. 05 2008,11:13)]But does the server have to have the same addon as well now to allow the use of such a privately signed addon?

Or do we just need to add an addonmakers public key someplace on a server in order to trust addons from that source?

If the mission running required an addon vehicle for example you'd need the addon serverside as well as clientside. For your rain addon however that would work fine just clientside as it's not intregral to the mission.

You would need a public key installed in the server's 'arma/key' folder in both respects once signature checking is enabled serverside. This could be done by the addon developer (with all subsequent addons created by that developer using the same private key to sign the addons) or by the server admin creating their own private key and making the bisigns available for download.

I like the idea of BattleEye but to have signature checking enabled to prevent certain cheats even though BattleEye is enabled will definately reduce the amount of successful player connects on a server regardless of how well you make players aware that signature checking is enabled serverside. Trust me I know.

Why not have an area on popular addon download websites where server admins can submit their public key (bikey) and bisigns so players are more likely find them/download them when they actually download the addon in the first place. This will help things immensely when the developers of addons do not make their own public keys available for signature checking compatibility.

Ideally addon developers MUST create and include a public key (bikey for servers) and the bisigns for each pbo file in their addon. The addon should be nuked if it does not. End of.

[brit~XR 0]

Quote[/b] ]Fighting cheaters in multiplayer games was one of our priorites for ArmA Patch 1.09

If thats the case then why u using a free AC system that runs on s.t.a.l.k.e.r game and is known to have been cracked  

Heres a quote from KFC Leader

Quote[/b] ]Yeah basically just another bit of spyware which states it will scan and report everything on your HD...even though an email sent to them says they will not share your personal and financial information.

The problem is  that when you install it you give them -permision- to that information and agree to let them use it as they see fit.

Anyone who installs it does so at their own risk!

I can't see BI -paying- for any AC service so it must be free...so you go figure out how this BE company makes a liveing.  

It's track record shows it has never stopped cheaters in any game so far...the dll is easy to open and mod.

So not only is it a FREE AC system which spys on people and collects personal and financial information which the user AGGRES to provide....it  is 100% crap in it's function as a AC system as KFC has previously broken it and documented doing so.

I guess we will see how it runs so i rather wait for others to use it and if they report it is good vs cheaters then i start using it but i dont think this will be the case so for now i will just use signed files once i get around to that  

[sbsmac 0]

Some people are never satisfied :-(

Quote[/b] ]Heres a quote from KFC Leader

To which the obvious retort is "well, he would say that, wouldn't he?". I find it rather ironic that you would choose to promote that kind of scare-mongering from someone who clearly has very few morals himself.

[Dwarden 1124]

Quote[/b] ]Fighting cheaters in multiplayer games was one of our priorites for ArmA Patch 1.09

If thats the case then why u using a free AC system that runs on s.t.a.l.k.e.r game and is known to have been cracked  

Heres a quote from KFC Leader

Quote[/b] ]Yeah basically just another bit of spyware which states it will scan and report everything on your HD...even though an email sent to them says they will not share your personal and financial information.

The problem is  that when you install it you give them -permision- to that information and agree to let them use it as they see fit.

Anyone who installs it does so at their own risk!

I can't see BI -paying- for any AC service so it must be free...so you go figure out how this BE company makes a liveing.  

It's track record shows it has never stopped cheaters in any game so far...the dll is easy to open and mod.

So not only is it a FREE AC system which spys on people and collects personal and financial information which the user AGGRES to provide....it  is 100% crap in it's function as a AC system as KFC has previously broken it and documented doing so.

I guess we will see how it runs so i rather wait for others to use it and if they report it is good vs cheaters then i start using it but i dont think this will be the case so for now i will just use signed files once i get around to that  

erm BE for S.T.A.L.K.E.R. wasn't yet released

(BattlEye is supposed to be in patch 1.0006, latest patch is 1.0005)

so someone who claims that version was cracked already

a. GSC or local publisher tester and violating NDA and game EULA and program EULA

b. big mouth 'liar'

ofcourse this would be different in case of BattleEye for Soldat and abadoned BE versions Urban Terror and Warsow ...

anyway it's always funny when KFC claims they documented something yet it's not available to read anywhere (even in general form)

same like these security holes claims about PunkBuster (we don't publish them because everyone would abuse and crash PB)

either you tell developers (common standard security vulnerability warning)

or release this on some security site la Secunia, SecurityFocus, NVD,CVE etc.

or contact some expert like ''Luigi Auriemma' who like to reverse engineer games/game related sw and he examine and write some good 'advisority' on the bug/flaw or else

hoarding such stuff for themself and toss 'notes' about I'm the only who knows it is just pathetic (noone knows the truth)

---

anyway the point 'how' BattleEye generate profit is valid and if they not sponsored by developers / publishers then 'vague' website, EULA, TOS and privacy agreement details etc not gunna help to gain trust ....

it's problem only as long as software firm / authors not clearly state this on website and install EULA/etc. to comply with German/EU privacy laws (etc.)

in moment this fit they simply can't share any private informations (beyond what's described in EULA/PA) w/o approval from users (if they do then they break law)

in short PB got advantage there in the 'trust' and 'documentation' area

[ProPilot 0]

So..... Why the hell couldnt BIS just use a proper anti cheat system that doesnt need signed addons? God, you would think you guys could atleast spend a bit of money? Either way. Nice try. If you can impiment it into 1.09 completely, with a BIS signed addon database or somthing, that auto downloads the signatures from the server. I can see it working well.

[The_Captain 0]

I think the BattlEye implementation only detects 'real time' cheats, not addon modifications. Thus, since addons can have clientside modifications, signed addons are needed to make sure client and server have the proper addons. There's no need to make the arma battleye anticheat detect pbo/addon changes: that's what signed addons are for.

Battleye without signed addons would likely prevent more severe non-addon based cheats while allowing clients to still use clientside mods. Sounds good to me...

[HitmanFF 6]

So..... Why the hell couldnt BIS just use a proper anti cheat system that doesnt need signed addons?

You cannot expect an automated system to distinguish between a good addon and a bad addon. The only way not to have signed addons as an anti cheat measure, is to not have addons at all...

If you can impiment it into 1.09 completely, with a BIS signed addon database or somthing, that auto downloads the signatures from the server. I can see it working well.

You cannot expect a business like BIS to assume responsibility for community created content.

Responsibility for community created content lies within the community. I do think it's a good idea in the sense that a well established ArmA community site - like for example OFPEC - could (re-)sign addons that are tested and proven to be working and cheat free with one key. This way you could have a single 'trusted' key that server owners could install on their server; all addons that are considered trustworthy by the community could be used by the community on servers.

[aussie dave 0]

Good to see 21 people testing BE tonight.

http://stats.swec.se/server/data/4829

[XaRaBaS 0]

Me and my Clan wants to try the anticheat.. we want to enter with any cheat/script know or we find out..

We'll report..

[sickboy 13]

All scream very loud and hard for months. System finally almost arrives and you read nearly nothing else than Privacy, Functionality, Usefullness etc. etc. complaints. Can the mind of a public player or public server owner actually be at ease? Makes you wonder

Now as a private player I feel left out. Months of waiting on patch v1.09 basicly and mostly because of Anti Cheat measures that were so much "wanted by so many thousands of (public) players and server admins". Now it's arriving; nothing but critics I wished they put all that time in other stuff

Keys for addons: Contact maker to sign or sign them yourself as server admin and make the keys available on your website, and make that known to players by join message or in servername.

Voilawee, voilawaa, voilawooo.

Anti Cheating and Secured Gaming; It will always go at the cost of user-friendlyness and options. Every option has its downsides and it's upsides.

Business Privacy etc: I'm sorry but anyone processing sensitive private data on a PC connected to internet, used as gaming and what other leisure you can think off, without proper security like Encryption or disconnected drives, is imho asking for it... Has nothing to do with rich or poor. Dwarden pointed out some good free solutions.

Just my opinion

[maruk 80]

WarWolf @ Jan. 05 2008,00:01)]Userrights? Its a DLL running in ArmA space, therefore as ArmA seems to run reliably only with Admin rights then this is sort-of a moot point?

Incorrect statement.

You need to be an admin to install BE, yes, but its really used working/cached copy is in local settings\application data\arma\battleye

You still are able to run the game as a limited user (as is case with Arma for long time already).

As to those concerns about your private data, despite the nature of anti cheat software, the problem is not very different from runing Arma itself. Generally, using limited user accounts is always best practice...

[maruk 80]

WarWolf @ Jan. 05 2008,00:45)]I see the issue of whether it CAN or DOES access anything outside of the game folder as a VERY VALID question, also I don't see this single question as 'endless'...!

In fact, any process can access anywhere depending on current permissions granted in the OS.

The only purpose of BattlEye is to prevent hacking and related cheating.

Probably best is to make sure to read and understand Battleye license before you start using it as it seems to be quite specific and as clear as possible.

It is displayed when installing the application but I also include it here for convenience:

Quote[/b] ]

********************************

End-User License Agreement

********************************

IMPORTANT - READ CAREFULLY:YOU SHOULD CAREFULLY READ THE

FOLLOWING END-USER LICENSE AGREEMENT BEFORE INSTALLING THIS

SOFTWARE PROGRAM.

This License is an agreement between you (the “Licenseeâ€)

and BattlEye Innovations / Bastian Suter (the “Licensorâ€).

The terms of this License agreement apply to all current and future versions

and updates of BattlEye.

By installing, enabling or using BattlEye, Licensee agrees with all the terms of this License.

Licensor reserves all rights not specifically granted and transferred to Licensee.

If you do not agree to the terms of this Agreement, do not install or use BattlEye.

1) Licensor grants Licensee a non-exclusive and non-transferable License to use BattlEye

for non-commercial purposes only. Licensee therefore does not own BattlEye,

Licensor remains the owner of BattlEye.

2) Licensor provides BattlEye on an “as is†basis without warranty of any kind.

Licensor neither guarantees the correct, error-free functioning of BattlEye

nor is he responsible for any damage caused by the use of BattlEye. The entire

risk arising out of use or performance of BattlEye remains with the Licensee.

3) Licensee may not decompile, disassemble, reverse-engineer, modify or redistribute

BattlEye in any way.

4) BattlEye will automatically, without notice to Licensee, download and install

updates from time to time.

5) BattlEye may scan the entire memory, and any game-related and system-related

files and folders on harddisk and report results to the connected game server

for the sole purpose of detecting cheats.

6) BattlEye will never report any of Licensee’s private data (documents, passwords, etc.)

to other connected computers or to Licensor. BattlEye will not violate Licensee’s

privacy in any way.

7) Licensor is allowed to terminate the License at any time for breach of any term of this

agreement and without notice to Licensee.

8) Licensee acknowledges that BattlEye software is optional and is not a

required in any respect for using or enjoying games that integrate

BattlEye technology.

This License agreement constitutes the entire agreement between Licensor and Licensee

and supersedes any prior statements.

You hereby acknowledge that you have read and understand the foregoing License

and agree that the action of installing BattlEye is an acknowledgment of

your agreement to be bound by the terms and conditions of the License contained

herein. You also acknowledge and agree that this License is the entire and exclusive

statement of the agreement between the Licensor and you that supersedes any

prior statements.

Copyright © 2008 BattlEye Innovations. All rights reserved.

http://www.battleye.com

[maruk 80]

I would like to thank everyone who tested BE so far.

It is very valuable and it hopefully will bring some positive results very soon.

To sum up the entire fight against cheating (and related hacking):

- integrity of clients and servers executables is secured (with BattlEye being part of this effort)

- only trusted content is used in the game (digital signatures are used signatures @ community wiki )

[rundll.exe 12]

As stated before, BE doesnt stop pbo hacks, therefore what you first tested isnt relevant here. Use addon signatures instead (you shouldnt be able to join with kfc pbo then)

Your screens indicate you use doolittles ACS so thats what the msg is from.

What you should test is the memory hacks and cracked exe's as you did, but thats 1.08 it seems...

[XaRaBaS 0]

As stated before, BE doesnt stop pbo hacks, therefore what you first tested isnt relevant here. Use addon signatures instead (you shouldnt be able to join with kfc pbo then)

Your screens indicate you use doolittles ACS so thats what the msg is from.

What you should test is the memory hacks and cracked exe's as you did, but thats 1.08 it seems...

LOL

doolittles ACS works perfectly..

[Nutty_101 0]

If battleeye is on the server side does it block any exe attaching as well to that exe? or only client side?

[deady 0]

Good question Nutty. Will battleye protect players from malicious server operators who, for example, aim to harvest cdkeys using a modifed cdkey check routine?

[oChaos.DNJ 0]

Im not sure but I thought I read that the server is already able to log the key hashes of players, by config settings?

Then if they could reverse the hash to a key, thats how they would get it.

If that is possible, then theres nothing BE can do about that.

[deady 0]

What I heard was, since the updated exe the server is checking the client's registry directly for a valid key entry in there.  Modified server exes *may* be able to hook into that check and store the read key.

Please note thats all second hand information though, and I don't have any sources to quote.

[Nutty_101 0]

I am more curious about being able to add functions to the game's dedicated server. I have a few things i do and just curious if battle eye is still going to work with them.