Jump to content

Photo
- - - - -

New BattlEye features for server admins


  • Please log in to reply
229 replies to this topic
Thread Starter
$able
$able

    BattlEye Developer

  • Members
  • 697 posts

#1

Posted 02 March 2012 - 11:11

Let's kick off March with two new features added in BE Server v1.131 and BE Client v1.151:


1. New script detection/logging that is fully customizable by server admins

You can now easily set up your BE Server to scan clients for certain strings that are used in script attacks on your server, for example "createVehicle", "serverCommand", "setVehicleInit" or anything else that could potentially be exploited on your server. All you need to do to enable this is create a file called "scripts.txt" in your BE working directory (in the game's application data / profiles / BEpath folder, not the install folder - where bans.txt is placed as well) with per-line entries formatted as follows:
[type] [string to search for]

The following types exist:
1 - Log detections to "scripts.log"
2 - Log detections to server console
4 - Kick for detections ("Script Restriction #X")

When logging detections, the BE Server logs an extract of 100 characters of the script being executed showing the detected string. You can combine types by adding them, so e.g. 3 causes positive detections to be logged both to scripts.log and server console, 5 causes detections to be logged to scripts.log and kicked for at the same time, 7 combines all methods, etc..

See the following random scripts.txt example (please do not use the list below unless You know what's command for/why):
1 createVehicle
1 setVehicleInit
3 serverCommand
4 godmode
3 Bo_Mk82
3 #shutdown
7 disableUserInput true

Important update: http://forums.bistud...l=1#post2192402


2. Messaging players via RCon

RCon admins can now directly send in-game messages to players using the new "say" command:
say [player #] [message]

If player # is -1, the message is sent to all players. Otherwise the message is sent privately to the specific player. Note that player # is the one shown when entering "players", not the one used by the game itself. Also, keep in mind that only in-game players can be messaged, not those that are still in the lobby.

Example:
say 11 hey mate, how are you doing today?


I hope you like these new features. Feedback of any sort, as always, is welcome. :)

Edited by $able, 27 July 2012 - 11:42.


nuxil
nuxil

    Sergeant Major

  • Members
  • 1606 posts

#2

Posted 02 March 2012 - 11:18

This is just too Awesome! :yay:

Great work there $able

nomad_man
nomad_man

    Corporal

  • Members
  • 93 posts

#3

Posted 02 March 2012 - 11:59

SWEEET. Good job!

Except now they will try to bypass knowing how it worked

Edited by nomad_man, 02 March 2012 - 12:04.


.kju -PvPscene-
.kju -PvPscene-

    Brigadier General

  • Members
  • 12275 posts

#4

Posted 02 March 2012 - 12:04

Awesome job :bounce3:



Current active projects: None :(

Maintained/assisted projects: IFA3, Blitzkrieg


Help: Got a crash? Report it! What is the RPT log file?


MattXR
MattXR

    Captain

  • Members
  • 6026 posts

#5

Posted 02 March 2012 - 12:48

Good work! :))


MattXR ( MxR )
Posted Image
Check out my Twitter BIS Fans and Sub! :)
-- MRKCCO Twitter --


Dwarden
Dwarden

    BI Developer

  • 9647 posts
  • LocationBrno, Czech Republic

#6

Posted 02 March 2012 - 12:54

i will stick this topic soon after it gets some attention, for now i leave it unstickied as it's easier to spot (irony)

RealTimeChat ~ARMA2 in Your browser (w/o Java), RealTimeChat ~ARMA3 in Your browser (w/o Java),
irc.GameSurge.net/ARMA2 (external IRC clients) irc.GameSurge.net/ARMA3 (external IRC clients)
ARMA 3 Feedback Tracker: http://feedback.arma...y_view_page.php
~100k fans @STEAM ARMA 2 + ARMA 2: OA + ARMA 3: + ~2k @XFIRE A2:OA
Follow my Twitter: http://twitter.com/FoltynD or my Facebook http://facebook.com/FoltynD


mousetrap
mousetrap

    Corporal

  • Members
  • 77 posts

#7

Posted 02 March 2012 - 13:13

Hi
I am getting kicked from my Dedicated server used this from 1st post
What did I mess up ?

See the following scripts.txt example:
Code:
1 createVehicle
1 setVehicleInit
3 serverCommand
4 godmode
7 Bo_Mk82
6 #shutdown

Logged in successfully

RCon admin #0 (X.13x.10x.x53:x35x2) logged in
Important new script detection feature added to BattlEye! See here for more info
rmation: http://forums.bistud...tlEye-features-
for-server-admins
Script Log: #0 MYname (165029dcxac8bce37299531x76) - "(serverCommandAva
ilable "#shutdown") || !isMultiplayer"
Script Log: #0 MYname (165029dcxac8bce37299531x76) - "(serverCommandAva
ilable "#shutdown") || !isMultiplayer"
Player #0 MYname (165029dc6562ac8bce37299531x76) has been kicked by BattlE
ye: Script Restriction #11



sickboy
sickboy

    Colonel

  • Members
  • 9947 posts

#8

Posted 02 March 2012 - 13:20

Really great, thanks (yet again) $able!

MadDogX
MadDogX

    Mindless F@nb0!

  • Moderator
  • 9050 posts

#9

Posted 02 March 2012 - 14:39

Wow, good stuff. Thanks $able! :)

Gigabyte Z97-HD3 Motherboard | Intel Core i5 4690k @ 4.5GHz | NVidia GTX 970
16GB G-Skill Ripjaws 2133MHz RAM | Kingston HyperX SSD | be Quiet! 750W PSU

Xeno
Xeno

    ACE Team Leader

  • Members
  • 1814 posts

#10

Posted 02 March 2012 - 15:06

Hi
I am getting kicked from my Dedicated server used this from 1st post
What did I mess up ?

You haven't messed up anything, the code is from a FSM in Domination which checks if an user is logged in as admin and then adds extra admin tools (like spectating and admin dialog).

Meh, am not happy with this. Many missions use those commands on the client side and it just shows the heart of the problem. There should be some kind of trusted environment where execution of all scripting commands is possible, for example from mission scripts/folders as you can't manipulate MP missions.

Xeno

Edited by Xeno, 02 March 2012 - 15:28.

[SIZE=1][/SIZE]

.kju -PvPscene-
.kju -PvPscene-

    Brigadier General

  • Members
  • 12275 posts

#11

Posted 02 March 2012 - 15:50

I guess $able cannot determine if the code is from the mission or an addon/runtime code, can you $able?



Current active projects: None :(

Maintained/assisted projects: IFA3, Blitzkrieg


Help: Got a crash? Report it! What is the RPT log file?


-KH-Jman
-KH-Jman

    First Sergeant

  • Members
  • 861 posts

#12

Posted 02 March 2012 - 16:04

There appears to be a character limit on the say command which is quite low. If the text is too high it disconnects BERcon.
[KH]Jman - Kellys Heroes ArmA Clan Leader
Posted ImageDedi Server Guide | PersistentDB
Posted Image
Posted ImagePosted ImagePosted Image

Thread Starter
$able
$able

    BattlEye Developer

  • Members
  • 697 posts

#13

Posted 02 March 2012 - 16:31

Hi
I am getting kicked from my Dedicated server used this from 1st post
What did I mess up ?

See the following scripts.txt example:
Code:
1 createVehicle
1 setVehicleInit
3 serverCommand
4 godmode
7 Bo_Mk82
6 #shutdown


That was only an example. It doesn't mean you should use it (especially with kicking).

nuxil
nuxil

    Sergeant Major

  • Members
  • 1606 posts

#14

Posted 02 March 2012 - 16:37

Meh, am not happy with this.


How can you be unhappy.. its not something thats forced down your throat.. its a option free to have enabled :)
this can be usefull for server runing other missions than Domi ;)

Thread Starter
$able
$able

    BattlEye Developer

  • Members
  • 697 posts

#15

Posted 02 March 2012 - 16:39

You haven't messed up anything, the code is from a FSM in Domination which checks if an user is logged in as admin and then adds extra admin tools (like spectating and admin dialog).

Meh, am not happy with this. Many missions use those commands on the client side and it just shows the heart of the problem. There should be some kind of trusted environment where execution of all scripting commands is possible, for example from mission scripts/folders as you can't manipulate MP missions.

Xeno


There won't ever be a trusted environment, because you can directly change existing scripts or inject code in memory without even dealing with PBOs or the signature check system (there are hacks that do exactly that).

If there are problems, just scan for more specific strings (for example, you can even add a space after "serverCommand" so "serverCommandAvailable" isn't picked up) or disable kicking. There is a reason this is fully customizable.

Xeno
Xeno

    ACE Team Leader

  • Members
  • 1814 posts

#16

Posted 02 March 2012 - 16:41

How can you be unhappy.. its not something thats forced down your throat.. its a option free to have enabled :)
this can be usefull for server runing other missions than Domi ;)

Read again what I wrote. It's the wrong approach to the problem and not related to Domina, Warfare or whatever mission.

There won't ever be a trusted environment, because you can directly change existing scripts or inject code in memory without even dealing with PBOs or the signature check system (there are hacks that do exactly that).

I'm aware about that for a long time already :)
The question remains, why is it so easy to inject code ?

If there are problems, just scan for more specific strings (for example, you can even add a space after "serverCommand" so "serverCommandAvailable" isn't picked up) or disable kicking. There is a reason this is fully customizable.

Then please change your example above or add a better explanation because otherwise we will see lots of players getting kicked in the next time because some server admins simply take what they find as example without even thinking about it or knowing what's going to happen.

Xeno

Edited by Xeno, 02 March 2012 - 16:54.

[SIZE=1][/SIZE]

nuxil
nuxil

    Sergeant Major

  • Members
  • 1606 posts

#17

Posted 02 March 2012 - 16:51

sorry. i misread.

but you should know. there is no such thing as a trusted enviourment. even that would be exploited.
btw. wasnt the command #servercommand Kick etc etc disabled/ignored is patch 1.56 or later by bis,i may be wrong. if thats the case. no need to look for thouse commands.

Dwarden
Dwarden

    BI Developer

  • 9647 posts
  • LocationBrno, Czech Republic

#18

Posted 02 March 2012 - 17:39

this is optional tool for administrators, not much different from CVAR checkings in PunkBuster ...

hence if You wise enough all You need is logging and analyze the result post mortem
and then ban the BEGUID of clear offenders

only if you have mission and locked content environment t
then You can use kick on the commands which You know aren't needed for missions You run

RealTimeChat ~ARMA2 in Your browser (w/o Java), RealTimeChat ~ARMA3 in Your browser (w/o Java),
irc.GameSurge.net/ARMA2 (external IRC clients) irc.GameSurge.net/ARMA3 (external IRC clients)
ARMA 3 Feedback Tracker: http://feedback.arma...y_view_page.php
~100k fans @STEAM ARMA 2 + ARMA 2: OA + ARMA 3: + ~2k @XFIRE A2:OA
Follow my Twitter: http://twitter.com/FoltynD or my Facebook http://facebook.com/FoltynD


tonic-_-
tonic-_-

    Master Sergeant

  • Members
  • 798 posts

#19

Posted 02 March 2012 - 17:56

Like Dwarden said, it's optional.

I myself would much rather log common things such as 'Bo_mk82' or something that is widely used in missions and then for the other stuff that we obviously won't be using in our missions like 'Loki' or 'Gerk Menu' just simply kick for it.

kylania
kylania

    Lieutenant Colonel

  • Members
  • 8281 posts

#20

Posted 02 March 2012 - 19:08

Just because it's "optional" doesn't mean it shouldn't be improved or clarified.