The ultimate thread about Arma 3 anti-cheat discussion

My "anticheat" is nothing more than a hack (i'm surprised that BE didn't banned me yet after more than a year of usage.. but it's just because i'm the "only" one using it..), there's no "magic" into it, nothing that couldn't be implemented natively to assist the server admins. Having or not having these tools isn't a matter of skill, it's a decision: we asked for more admin tools by years already, nor that is something new > what you cannot fight with anti-cheat can be fight by humans... BUT having the right tools or it will be just randomly guessing: who's the script kid now?

Just wondering, how does your tool determine that it's not someone else executing scripts on an innocent player, making him look like the cheater?

How about giving the scripts to Dwarden then?

I bet theres something in there he can use somehow and it would benefit us all in the long run.

I understand people are frustrated and start writing theyre own code, but i dont understand why it isnt shared with everybody, so we all can get some more safety tbh.

Im no pro coder, so i will most likely not be creating anything my self, that doesnt mean i dont want protection :)

thats what he just did imho. we all want stuff to be properly made from start, but when we cannot get it, ppl endup makign it themselves outta frustration. and ppl needing to code their own anti hacks says a lot about how well BE works in the first place.

Why BE is not as effective as it should be in Arma 2 has been explained all over the thread.... also, most of these "self-made" anti-hacks are entirely based based on BE and its features, if not they are scripts running server-side, mostly blocking some keys like insert or delete.. and this can be bypassed client side much, much easier than it is e.g. to bypass BE's script detection.

Just wondering, how does your tool determine that it's not someone else executing scripts on an innocent player, making him look like the cheater?

Heuristically... when it cannot be determined i review what happened and i adjust the behavior: most of cheaters are really "script kids", they doesn't know how to code a cheat, they just use what they find on the net, and so they have a very recognizable path and behavior.

There's those smart cheaters (ie: those ones using a ESP that are smart enough to not go straight for their victmins) that must be remotely observed (remote cam), they do something wrong first or late.. i don't actively admin anymore btw, it's too time expensive on A2, that's why i hope we will have something better for A3, i'm not planning to spend half of my free time to spy those kids.

And no, you couldn't apply a solution like this for a public anti-cheat because a single false positive will give you much trouble.. while on my server a false positive is just a collateral damage: i can accept it. But on the other side you have more possibilities to analyze what's happening in the game instead of hacking into a bunch of data in the memory like i do.

---------- Post added at 00:46 ---------- Previous post was at 00:40 ----------

How about giving the scripts to Dwarden then?

I bet theres something in there he can use somehow and it would benefit us all in the long run.

I understand people are frustrated and start writing theyre own code, but i dont understand why it isnt shared with everybody, so we all can get some more safety tbh.

Im no pro coder, so i will most likely not be creating anything my self, that doesnt mean i dont want protection :)

I think there's something "public", similar to what i'm using privately.. but the guy wanted some money for it, plus he admitted he was a key stealer in the past (yes, i'm serious.. lol), so ppl didn't gave him much trust. But the tool is there, you can find a thread in the "Server" area of the dayz forum.

Returning to what i'm using: i'm technically cheating, i don't do anything else that other tools like the navigator does: i read game data from the memory.. with the only difference that instead of just representing it on a map, i elaborate this data to find out who's cheating: why that user is surfing from a vehicle to another in a straight line? Why that user was in a place and now is elsewhere? Why this user has a As50 30 seconds after spawning? Why there's a MedBox in the middle of nowhere? ...and stuff like this. What i should public then? A admin tool that can be easily used to cheat? It will be banned in a week (i'm not banned only coz im the only one using it...). We really need proper admins tools into the game.. and they must be official, not "hacks".

Exatcly why you should hand over the code to the devs so they can make it official....

If its as awsome as you say.

...

Interesting... weren't you the guy bashing the "spectator mode" because it's "cheating"? ;) http://dayzmod.com/forum/index.php?/topic/103490-community-releases-spectate-mode/#entry973677

Also, admin tools like that are perfectly fine for BE and from a technical point of view as long as they're loaded through the game and not injected like hacks/ scripts etc.

Example:

And no, you couldn't apply a solution like this for a public anti-cheat because a single false positive will give you much trouble.. while on my server a false positive is just a collateral damage: i can accept it. But on the other side you have more possibilities to analyze what's happening in the game instead of hacking into a bunch of data in the memory like i do.

You know that in a properly designed mission (see, we always go back to that - the scripting system, which is beyond BE's control, is too open!), the anti-cheat you claim is so ineffective would prevent that collateral damage? If RE and remote teleport were filtered, your current method for local teleport detection wouldn't have any risk of banning an innocent player. Same for spawning medboxes or whatever (createvehicle).

I've played ARMA as long as any elitist here, consistently since OFP's release date, but I find it insulting that hacking is blamed on "stupid server admins". Anyone so far that has attributed this as the main reason, or one of the main reasons, is just naive and plain arrogant.

• You run a server with 30+ different missions. You expect to have a single createvehicle.txt that will work for all those missions? Please... :j:
  
• Server admins are "stupid" because they don't have the time (or skill) to look through the code of every mission and addon they allow on their servers, to code effective filters? You are incredibly full of crap if you think you're "that" good no matter who you are. Dwarden or Suma don't even have the time or skill to do that unless they make it a full-time job, or run 1-2 servers with limited mission selections.
  
• BE filters have only been around AFTER DayZ (and because of it). So you 'veteran' server admins that have been running servers 'for years', what tools did you use to make your servers free of hackers? BE, verify sigs, and constant scanning of .rpt files thinking that everything gets logged there? LOL. "Luck" and "obscurity" is the answer you're looking for, not "I was just a great server admin that knew everything".
  
• ARMA3 was not just released with almost zero anti-cheating functionality, but the lack of BattlEye also meant no ping-limit kicker, no remote administration, no multi-admin support, no chat logging, and no way of managing your player base (such as white-listing, storing players to a database, TS3 integration, talking to players over RCON, etc). So "excusing" the Alpha for not having BE because other games lack AC, just doesn't cut it. The Alpha needs BE ASAP, or add those features as part of the dedicated server tools (at least the ping kicker and RCON).
  

As I said, I'm not voting to replace BE with any particular alternative, because I don't know how good the alternatives are. Although I like BE, I still believe BattlEye just isn't good enough. Either BE improves dramatically, or it needs to be replaced with "Product X". Either solution needs better integration with the game and more input from BI themselves.

BI release a game with a powerful scripting engine with almost no permissions or restrictions on who can run what. They contract another company (1 person) to prevent hackers from exploiting all these vulnerabilities. The game is over-run with hackers when it starts to become more popular, and the guys running the servers are blamed for being too stupid because they're not coders (as well as qualified network/server engineers) and able to work tirelessly around the clock.

BI and BE is like comparing Windows and Anti-Virus. Having an OS that is completely vulnerable where everyone has admin access to each other's PC and expecting 3rd party anti-virus providers to plug every hole and take responsibility for every exploit, then blaming the ISP for being too stupid to stop hackers attacking their customers when the anti-virus/firewall software is periodically circumvented.

As I said, I'm not voting to replace BE with any particular alternative, because I don't know how good the alternatives are. Although I like BE, I still believe BattlEye just isn't good enough. Either BE improves dramatically, or it needs to be replaced with "Product X". Either solution needs better integration with the game and more input from BI themselves.

BI release a game with a powerful scripting engine with almost no permissions or restrictions on who can run what. They contract another company (1 person) to prevent hackers from exploiting all these vulnerabilities. The game is over-run with hackers when it starts to become more popular, and the guys running the servers are blamed for being too stupid because they're not coders (as well as qualified network/server engineers) and able to work tirelessly around the clock.

I don't see any problems with BattlEye specifically. You can only really expect an AC to block public cheats, and BE does a good job at that.

I'm not saying the overall situation has been good - quite the contrary, in fact. It's just that the fault lies not with BE, but BI. No AC (whether that be PB, VAC, BE, or any other) is going to consistently detect private cheats, and the engine has left too many possibilities open for mischief. In most games, it's not possible for the client to spawn a bunch of bombs or tanks, teleport everyone into the sky, kill everyone or anything like that.

The scripting system has been entirely BI's responsibility. The same applies for detection of script-based cheats (modified PBOs and signature check bypasses). The server-side filters were made possible thanks to deeper integration with the game (again, BI's responsibility). And BattlEye has done a lot of good for the game and server admins with things like that - as you said, features like RCon, reliable bans (hopefully secure player IDs fix that), chat logging, ping limits, and (I would add) event filters SHOULD be features of the game, not provided by a third-party anti-cheat package. But they aren't, and we should be thankful that BattlEye picked up the slack.

BTW, it shouldn't be too hard to write a script to automatically switch filter config files based on the mission (just tail the log file). But I agree, it would be nice to have that feature as well. :)

Exatcly why you should hand over the code to the devs so they can make it official....

If its as awsome as you say.

The only reason cheaters "can't" bypass it, is because it's only on his server. If his method suddenly starts getting used by all server admins (his method is not really that good/safe), cheaters would bypass it.

Interesting... weren't you the guy bashing the "spectator mode" because it's "cheating"? ;)

I still, in fact im asking for official admin tools to be used under a controlled environment. The tools we have now (and the ones i'm using) are literally cheats, and i won't see them "legalized" (including mine), because they would be used by any kid out there: i trust myself, i wouldn't trust any other else using a such tool without control.

---------- Post added at 09:43 ---------- Previous post was at 09:32 ----------

You know that in a properly designed mission (see, we always go back to that - the scripting system, which is beyond BE's control, is too open!), the anti-cheat you claim is so ineffective would prevent that collateral damage? If RE and remote teleport were filtered, your current method for local teleport detection wouldn't have any risk of banning an innocent player. Same for spawning medboxes or whatever (createvehicle).

BE works with the assumption that the cheater leaves a trace somewhere (in the logs), so a bypass is enough to do anything you want without being noticed; and it analyzes the running processes to look for something suspicious, but again: i slightly modded a custom cheat would be enough to not being caught. You really need much more integration to be effective with this engine, an integration that today doesn't exists: BE is an external entity, it sits at the top (actually bottom) of ArmA, pretending to know what's happening into the game.

BE filters have only been around AFTER DayZ (and because of it).

The client-side script detection (scripts.txt) was first added in March 2012, which was before DayZ.

Although I like BE, I still believe BattlEye just isn't good enough. Either BE improves dramatically, or it needs to be replaced with "Product X".

You're right and the main reason for that has been mentioned many times (not scripting). It's unfortunate that due to this most don't realize that BE's detection rate is much higher than that of other solutions.

BE works with the assumption that the cheater leaves a trace somewhere (in the logs), so a bypass is enough to do anything you want without being noticed; and it analyzes the running processes to look for something suspicious, but again: i slightly modded a custom cheat would be enough to not being caught. You really need much more integration to be effective with this engine, an integration that today doesn't exists: BE is an external entity, it sits at the top (actually bottom) of ArmA, pretending to know what's happening into the game.

I've got to ask... do you understand the way hacks and anti-hack programs work and the constant battle behind them? By definition a BYPASS, literally bypasses the anti-hack entirely allowing anything the hackers choose to occur. That is the point of the bypass, it works the same for every game and every anti hack client. The hacker creates a bypass that allow hacks to work, at which point the anti hack program gets an update to remove that bypass... this cycle then repeats for the life of the game. The method that BE has used in the past has been great. The main issue with arma 2 once it got "hacker" happy was key thefts. Battle Eye did a great job banning hackers, the only reason it was a loosing battle is because of the limitless stolen keys being sold for pennies. The hackers had no fear of being banned simply because they could get a new key for next to nothing.

I'd also like to add I would much rather see hackers and hacks in Arma 3 if the opposite meant restricting my ability to play the game with complete freedom. What you want sounds like a complete removal of all scripting and ability for people to play and change things while playing mid mission. Editor, scripts, mods, is what makes the series unique and needs to remain unrestricted.

I do however believe that hacking wont be as big of an issue once the game is released because game keys can't get generated, stolen, or even sold freely. If someone was to steal a key, they would need to steal access to someones entire steam account.

The only way for keys to be sold for "cheap" are from stolen credit cards however those copies usually get locked once a charge back occurs. I use parenthesis when I say cheap, as they will not be sold for anything close to arma 2's stolen keys and will pose a larger threat for being banned.

The main issue with arma 2 once it got "hacker" happy was key thefts. Battle Eye did a great job banning hackers, the only reason it was a loosing battle is because of the limitless stolen keys being sold for pennies. The hackers had no fear of being banned simply because they could get a new key for next to nothing.

As I said many pages back, I personally think that the theft problem got so ridiculously massive (never seen in any other game before) due to BE's effectiveness at banning the cheaters (both public and private hacks), so they were literally forced to come up with this scamming scheme. These days it's absolutely normal for cheaters to go through multiple cd-keys per week, to them it's just part of the game and most don't even complain about that anymore.

By talking about BI's responsibility, I fear that this discussion will lead to that point, where BI is going to say:

- Sorry, no more mod-support for online gaming with ArmA3. You can use the game how it is, it will be digitally signed and protected with (let's say) BattlEye.

-- Signatures are strong enough, we didn't even need BE anymore...

-- (Because that's the actual status, Alpha release without BE).

- If the player wants more units, there will be some fully supported official DLC's from BIS.

-- Download, pay it and play it @ Steam online.

- Steam could say, we provide you with more digitally signed (semi-official) mods, together with BattlEye or any other AC for a price of: $XX.

-- That could be the end of the non-commercial modding in ArmA.

- When you allow custom mods, you will have to play without BI's official signatures, and have probably no AC for support. Generally a weaker protection.

-- That's the wilderness, where all the scum will come together.

BE works with the assumption that the cheater leaves a trace somewhere (in the logs), so a bypass is enough to do anything you want without being noticed; and it analyzes the running processes to look for something suspicious, but again: i slightly modded a custom cheat would be enough to not being caught. You really need much more integration to be effective with this engine, an integration that today doesn't exists: BE is an external entity, it sits at the top (actually bottom) of ArmA, pretending to know what's happening into the game.

That's not correct. BE's server-side filter functionality allows it to block scripting commands completely, which means the Arma server actively runs everything past BE and only executes commands if they aren't blocked.

BE is not just scanning some logs; it is more like a gatekeeper, and it can actually block off angles of attack completely once they are known. The problem in the past has simply been that new angles of attack kept popping up, forcing BE to evolve in order to cover all bases.

When I look at the YouTube movie, where the "Admin" is using a second monitor for his observations (or was it cheats?) I am asking myself, for what is that PiP-feature in ArmA3?

It seems like that every player have to turn "picture in picture" off, because it is wasting 50% of the performance.

And on the other hand it is so obvious that this PiP-feature can also be used from cheaters and hackers for they own purpose.

Better they take the PiP-feature out and and use in in ArmA4 ;)

And on the other hand it is so obvious that this PiP-feature can also be used from cheaters and hackers for they own purpose.

Well then, better take out setDamage and setPos as the hackers can use that to kill people and warp around the map...

Your argument is just so rediculous...

I'd also like to add I would much rather see hackers and hacks in Arma 3 if the opposite meant restricting my ability to play the game with complete freedom. What you want sounds like a complete removal of all scripting and ability for people to play and change things while playing mid mission. Editor, scripts, mods, is what makes the series unique and needs to remain unrestricted.

Nope, but sounds logical to me to change how the scripting works in arma, at the moment it gives complete freedom without even considering that someone could use this freedom to cheat.. because it was designed this way... years ago (hardcore target; less ppl interested to cheat coz they were more into the "simulation"). You can make the script more secure without limiting the scripting freedom, using the basic concept that it must be the server to check if what the client is pretending to do, is a legit request or not (the script filtering is not enough). But this requires an engine (re)design, something that is not going to happens.. nor for ArmA3.

Well then, better take out setDamage and setPos as the hackers can use that to kill people and warp around the map...

Your argument is just so rediculous...

How do they invoke this code? Through leaks, offered by the modding capability, custom faces, custom sounds and what so ever?

Did you read my proposal: Arm3 online without all of this.

That's not correct. BE's server-side filter functionality allows it to block scripting commands completely, which means the Arma server actively runs everything past BE and only executes commands if they aren't blocked.

BE filters works when a filter kicks in.. if i call the script routine without leaving any trace of the call, i will obtain the result without BE notices it. This is how 99.9% of cheats works in Arma, and in other games as well, with the difference that in any other game a teleporting (in example) is always a cheat.. while in arma (due to the scripting) it could be a legit request, the problem is that (due to the engine limitation) it's very hard to figure who initiated that request and why.

BE is not just scanning some logs; it is more like a gatekeeper, and it can actually block off angles of attack completely once they are known. The problem in the past has simply been that new angles of attack kept popping up, forcing BE to evolve in order to cover all bases.

BE has the filters functionality .. *and* it operates like a traditional anti-cheat... and it has the same problems of any other anti-cheat: getting up to date, coz the cheaters/hackers evolves.

BE filters works when a filter kicks in.. if i call the script routine without leaving any trace of the call, i will obtain the result without BE notices it.

We seem to be talking about two different things. I am referring to the server-side filters introduced last August, such as publicvariable.txt - when something is sent from a client to the server (for example via publicVariable or setVehicleInit+processInitCommands), there is simply no way not to "leave a trace". The script filters will kick in no matter what, because they are server-side and the server has to process the command before it can be broadcast to other clients. You seem to be referring to the old script detection (scripts.txt) which is obviously far less secure since it is scanning on the client side. I wouldn't even bother with that anymore.

BE has the filters functionality .. *and* it operates like a traditional anti-cheat... and it has the same problems of any other anti-cheat: getting up to date, coz the cheaters/hackers evolves.

Yeah, that much is clear.

BE filters works when a filter kicks in.. if i call the script routine without leaving any trace of the call, i will obtain the result without BE notices it. This is how 99.9% of cheats works in Arma, and in other games as well, with the difference that in any other game a teleporting (in example) is always a cheat.. while in arma (due to the scripting) it could be a legit request, the problem is that (due to the engine limitation) it's very hard to figure who initiated that request and why.

Basicly you just explained why we have a million BE filters and why we will get more down the road.

And its "simply" a matter of setting the filter correctly for each mission, so you know whats legit and whats not and lets face it, most public servers tend to run the same mission for a long period of time. (70-80% of all public servers are Wasteland atm)

Not saying its easy, but its the end goal here. To have mission specific filters only allowing whats allowed in the mission and nothing else, while still keeping the freedom Arma is know and love for.

So if your mission doesnt have any kind of TP requests, you would filter it out in the BE filter and people who actually TP'ed would get caught.

Its both simple and extremly difficult at the same time and this is where the phrase "stupid admins" come to play. Most admins expect to just throw in a BE filter and then it will keep you safe, but it needs to be mission specific, to provide the most protection. Just like DayZ has custom BE filters.

Like mentioned before, the filters we have now can spot alot, but there will be more specialized filters to catch more down the road, no doubt about it.

You even said it your self:

BE has the filters functionality .. *and* it operates like a traditional anti-cheat... and it has the same problems of any other anti-cheat: getting up to date, coz the cheaters/hackers evolves.

Its an ever evolving aspect of gaming and the more hacks that are used, the easier it will be to find them and prevent them, because of the amount of people using it. They will all leave some kind of proof, and im 100% confident theres gonna be new filters to catch new things, just like we saw in Arma II.

In the beginning it was simple poorly written cheats, they got caught. Later came some more sophisticated ones, new filters were created and they were caught. Thats the way it wil be for ever and we cant change that.

But changing the entire engine and locking everything down, because you think its the best way, is a no go.

Arma is what Arma is and thats why people love it. Take away theyre freedom and you remove the "pillars" in the community, thus killing it off and making it "just another shooter" out there.

If the short amount of time spend on BE filters in Arma II could catch so many hackers (it did, thats facts), just think about the possibilities with more money and more time. :)

All I can say with Honesty nothing is 100% safe when dealing with security measures, the hackers and script kiddies as we call them will always find a back door to this stuff. Only preventive measures and advice can help to a certain extent with also frequent updating in the Anti-cheat will help. Thats all I am going to say on this subject.