$able 2 Posted May 10, 2009 (edited) As you might have noticed, the random BE kicking problems have finally (!) been resolved in ArmA 1.16. On top of that, I would like to inform you of new features that are now available in the newest BattlEye updates. Here we go: New BE GUID The 128-bit BattlEye GUID (globally unique identifier) can be used to identify and track players. It is based on the secure GameSpy cd-key hash that has never been publicly accessible in ArmA. However the ArmA server uses it each time a player joins to verify that his cd-key is original (i.e. issued by BIS/GameSpy) and has not been "artificially" generated. ArmA only used its own clientside-generated player ID for identification so far, and as I have repeatedly heard, hackers managed to alter their player ID and therefore were able to evade server bans without changing their cd-key or even assume other people's identities. This is no longer possible with the BE GUID. It is based on persistent unique data and 100% generated on the server using the secure irreversible MD5 algorithm. The BE GUID of each player is now printed in the server console on game join. GUID Banning As the BE GUID is automatically displayed in the server console, a server admin can easily track players and possibly ban them if need be. You can use this feature by creating a file called "guidbans.txt" in your server's application data (not install!) BattlEye folder (default is "C:\Documents and Settings\[user Name]\Local Settings\Application Data\ArmA\BattlEye" or the -profiles path in case you use it) and adding GUIDs "one-per-line" to it. Optionally you can also specify a unix time stamp describing the release time for the ban. If you don't use it, the ban is permanent. You can also add comments. The BE Server will automatically read this file every 5 minutes, so you don't need to restart the server for changes to take effect. Example line: 098f6bcd4621d373cade4e832627b4f6 1242545854 caught hacking 10 times IP Banning Not only the BE GUID, but also the IP address of a player is now displayed in the server console. The server admin can use it to ban a player based on IP. You can use this feature by creating a file called "ipbans.txt" in your server's application data (not install!) BattlEye folder (default is "C:\Documents and Settings\[user Name]\Local Settings\Application Data\ArmA\BattlEye" or the -profiles path in case you use it) and adding IPs "one-per-line" to it. Optionally you can also specify a unix time stamp describing the release time for the ban. If you don't use it, the ban is permanent. You can also add comments. The BE Server will automatically read this file every 5 minutes, so you don't need to restart the server for changes to take effect. Example line: 123.123.123.123 1243150654 evil hacker constantly changing his cd-key BE Server Commands To execute BE Server commands, normally log in as the server admin in-game and then type "#beserver [command]", e.g. "#beserver players". The BE Server will write possible info to the server console. players: You can use this command to list all relevant info (#, name, IP, GUID) of each player on the server. BE Client Commands To execute BE Client commands, type "#beclient [command]", e.g. "#beclient players". The BE Client will write possible info to the console/chatlog. guid: Show your own GUID. players: You can use this command to list all relevant info (#, name, GUID) of each player on the server. Note: The IP address is not available here for privacy reasons. I will update this thread as I add new features and commands. Comments are welcome and appreciated. Edited May 12, 2009 by $able Share this post Link to post Share on other sites
Hud Dorph 22 Posted May 10, 2009 (edited) Thank you - this is much apriciated as arma always have been a pain in the *** to be admin on. This makes it going the right way. By the way is "#beserver players" the only command avail at the mom? Edited May 10, 2009 by [HUD]Dorph Share this post Link to post Share on other sites
.kju 3245 Posted May 10, 2009 Wow :eek: This came completely unexpected. This is excellent news indeed! Great additions and very much looking forward to see the features used by admins. Thanks for the hard work $able.:cheers: :at647: :D Share this post Link to post Share on other sites
Deadfast 43 Posted May 10, 2009 Wow, very good job! Share this post Link to post Share on other sites
mr.g-c 6 Posted May 10, 2009 (edited) Absolutely Awesome, was always looking forward to something like this :p Is version "v1.054" of BE, right? Edit: Is version v1.054 Ideas: - Can it be made possible that the "#beserver player" command prints that out also ingame like the normal "#userlist" command? or don't you have influence on that since its Arma core? - Ultra nice would be of course to ban on guid and ip during ingame when logged in as admin (maybe with a #beserver ban "guid" "ban-time" " ?) Edited May 10, 2009 by mr.g-c Share this post Link to post Share on other sites
HitmanFF 6 Posted May 10, 2009 (edited) Excellent feature indeed! Being able to see the list of banned IPs and IDs would be nice as well, something like #beserver iplist / #beserver guidlist Also being able to remove bans in-game would be quite useful, #beserver unban ip / #beserver unban guid Edit: Do you need to have actually started a map to see the players? I tried #beserver players with two people on the server (in the lobby), and the result was 16:48:14 BattlEye Server: Players on server:16:48:14 [#] [Name] [iP Address]:[Port] [GUID] 16:48:14 ---------------------------------------- 16:48:14 (0 players in total) Edited May 10, 2009 by HitmanFF Added question Share this post Link to post Share on other sites
$able 2 Posted May 10, 2009 Dorph;1282424']By the way is "#beserver players" the only command avail at the mom? Yes' date=' it is. Ideas:- Can it be made possible that the "#beserver player" command prints that out also ingame like the normal "#userlist" command? or don't you have influence on that since its Arma core? - Ultra nice would be of course to ban on guid and ip during ingame when logged in as admin (maybe with a #beserver ban "guid" "ban-time" " ?) It's not possible for #beserver commands (because the BE Server executes them and prints the results in the server console), but I will add a #beclient command soon so that it can be displayed in-game. I will also add banning commands and more soon. Excellent feature indeed!Being able to see the list of banned IPs and IDs would be nice as well, something like #beserver iplist / #beserver guidlist Also being able to remove bans in-game would be quite useful, #beserver unban ip / #beserver unban guid Edit: Do you need to have actually started a map to see the players? I tried #beserver players with two people on the server (in the lobby), and the result was As I said, I will add more commands soon. And yes, the players are only added to the BE Server when they join the game. Share this post Link to post Share on other sites
HitmanFF 6 Posted May 10, 2009 As I said, I will add more commands soon.Thanks, much appreciated! Share this post Link to post Share on other sites
mr.g-c 6 Posted May 10, 2009 Very Very awesome! I hope that BIS will engage you also for Arma2! Share this post Link to post Share on other sites
$able 2 Posted May 12, 2009 Added BE Client "players" command. See initial post. Share this post Link to post Share on other sites
mr.g-c 6 Posted May 12, 2009 Added BE Client "players" command. See initial post. Excellent and works good! I have only a Problem that also non logged-in players can now also see these unique IDs.... Not that they can (hopefully) do anything with them, but i would prefer it when only logged-in admin can see the GUIDs. Also you could add it that when you are logged-in, you will see the IP-Adress.... What you think about this? Share this post Link to post Share on other sites
Dwarden 1125 Posted May 12, 2009 excelent job ... this move added some of features i like on PB... keep up good work Share this post Link to post Share on other sites
$able 2 Posted May 12, 2009 Excellent and works good!I have only a Problem that also non logged-in players can now also see these unique IDs.... Not that they can (hopefully) do anything with them, but i would prefer it when only logged-in admin can see the GUIDs. Also you could add it that when you are logged-in, you will see the IP-Adress.... What you think about this? The thing is, the BE Server can't see whether someone is logged in as admin on the ArmA server. However I will add an independent BattlEye-based admin system (using custom user names and passwords) and probably also RCon at some point. So for now you have to use the #beserver command to get all info (in the server console). Could you please elaborate what your problem is with GUIDs being displayed on the client? The MD5 algorithm being used generates a one-way hash, so your GameSpy cd-key hash (which is a one-way hash as well, btw) cannot be somehow obtained from it. Imagine two teams play a match against each other and the guest team wants to verify the identity of the other team's players. Then this command is quite useful. Share this post Link to post Share on other sites
deady 0 Posted May 12, 2009 Its nice to see you're serious about making Arma secure, although I fear this arrived too late to stop the hackers in their prime. Stil, better late than never for this kind of thing, and I can only hope you'll carry on your efforts into Arma2 and make it hacker resistant from day 1. Share this post Link to post Share on other sites
$able 2 Posted May 12, 2009 Its nice to see you're serious about making Arma secure, although I fear this arrived too late to stop the hackers in their prime. Stil, better late than never for this kind of thing, and I can only hope you'll carry on your efforts into Arma2 and make it hacker resistant from day 1. These features are only extras and have nothing to do with BE's actual (non-script) hack detection. But I agree that BE was probably integrated too late and that it took quite long to fix the ArmA netcode problems which also affected BE (random kicks). Share this post Link to post Share on other sites
mr.g-c 6 Posted May 12, 2009 The thing is, the BE Server can't see whether someone is logged in as admin on the ArmA server. However I will add an independent BattlEye-based admin system (using custom user names and passwords) and probably also RCon at some point.So for now you have to use the #beserver command to get all info (in the server console). Could you please elaborate what your problem is with GUIDs being displayed on the client? The MD5 algorithm being used generates a one-way hash, so your GameSpy cd-key hash (which is a one-way hash as well, btw) cannot be somehow obtained from it. Imagine two teams play a match against each other and the guest team wants to verify the identity of the other team's players. Then this command is quite useful. Hi, i was just thinking because in normal Arma1, when u use the "#userlist" command, you have to be logged-in to see the IDs of the players.... and when you are not looged-in you only get their session-ids. But good you will program something superior! Really great Job.... finally i will abandon all default arma commands for banning and Ids, etc.... Share this post Link to post Share on other sites
$able 2 Posted May 12, 2009 Hi, i was just thinking because in normal Arma1, when u use the "#userlist" command, you have to be logged-in to see the IDs of the players.... and when you are not looged-in you only get their session-ids. I thought so. The IDs were shown for everyone up until version 1.09 though. But it's good that they are no longer publicly visible because of their insecure client-side nature. Share this post Link to post Share on other sites
deady 0 Posted May 12, 2009 So could those IDs that were visible until 1.09 be reversed into your cdkey? That was what the hackers claimed. They claimed that since the install program generated the ID from your CDkey, that it was possible to reverse it back. Share this post Link to post Share on other sites
$able 2 Posted May 12, 2009 So could those IDs that were visible until 1.09 be reversed into your cdkey? That was what the hackers claimed. They claimed that since the install program generated the ID from your CDkey, that it was possible to reverse it back. I heard this as well, but I am not sure. If BIS uses a one-way algorithm, it isn't possible, but still, it is generated on the client and therefore you could hijack other people's identities (i.e. use their IDs) when joining servers. I added a new BE Client "guid" command now. See first post. Share this post Link to post Share on other sites
Deadfast 43 Posted May 12, 2009 I suppose you're planning to introduce GUID banning directly from the game, Stable? Share this post Link to post Share on other sites
$able 2 Posted May 12, 2009 I suppose you're planning to introduce GUID banning directly from the game, Stable? If you are asking me ;), yes, as I said, I will add more commands soon. Share this post Link to post Share on other sites
Uroboros 10 Posted May 13, 2009 (edited) The MD5 algorithm being used generates a one-way hash, so your GameSpy cd-key hash (which is a one-way hash as well, btw) cannot be somehow obtained from it. Well the thing was the id of a guy was easy to copy so people could steal your id rather quickly. This problem was mostly taken away only allowing the admin to see ids. The md5 takes longer to crack exspecially with such high values but it is doable by letting a coder program make codes itself and let the programs compare it with the original algorythm. It can solve 8 number/letter code combination within 1 minute this way. Luckily for us the cd-key uses a little more than just 8 numbers and time growth from that point on grows exponantionally but everyone can obtain your code eventually. So i think this guy would like see admin side ID viewing only to completely minimalise the threat of impersonators. Edited May 13, 2009 by Uroboros Share this post Link to post Share on other sites
$able 2 Posted May 13, 2009 Well the thing was the id of a guy was easy to copy so people could steal your id rather quickly. This problem was mostly taken away only allowing the admin to see ids.The md5 takes longer to crack exspecially with such high values but it is doable by letting a coder program make codes itself and let the programs compare it with the original algorythm. It can solve 8 number/letter code combination within 1 minute this way. Luckily for us the cd-key uses a little more than just 8 numbers and time growth from that point on grows exponantionally but everyone can obtain your code eventually. So i think this guy would like see admin side ID viewing only to completely minimalise the threat of impersonators. Basically what you are describing is brute forcing. Fact is, it's not possible to actually reverse MD5. And they way BE generates the GUID makes even brute forcing almost impossible. Besides, my general view is that if you really need to keep something secret, you shouldn't make it available at all, not even to server admins - who says a hacker can't host a server as well? Share this post Link to post Share on other sites
RN Escobar 0 Posted May 17, 2009 why bother to host a server to get the ID's when its much eaier to hack the server FTP access and DL whole log files of ID's, IP's and MD5 hashes Share this post Link to post Share on other sites