$able

New BattlEye features for server admins

230 posts in this topic

Let's kick off March with two new features added in BE Server v1.131 and BE Client v1.151:

1. New script detection/logging that is fully customizable by server admins

You can now easily set up your BE Server to scan clients for certain strings that are used in script attacks on your server, for example "createVehicle", "serverCommand", "setVehicleInit" or anything else that could potentially be exploited on your server. All you need to do to enable this is create a file called "scripts.txt" in your BE working directory (in the game's application data / profiles / BEpath folder, not the install folder - where bans.txt is placed as well) with per-line entries formatted as follows:

[type] [string to search for]

The following types exist:

1 - Log detections to "scripts.log"

2 - Log detections to server console

4 - Kick for detections ("Script Restriction #X")

When logging detections, the BE Server logs an extract of 100 characters of the script being executed showing the detected string. You can combine types by adding them, so e.g. 3 causes positive detections to be logged both to scripts.log and server console, 5 causes detections to be logged to scripts.log and kicked for at the same time, 7 combines all methods, etc..

See the following random scripts.txt example (please do not use the list below unless You know what's command for/why):

1 createVehicle
1 setVehicleInit
3 serverCommand
4 godmode
3 Bo_Mk82
3 #shutdown
7 disableUserInput true

Important update: http://forums.bistudio.com/showthread.php?131759-New-BattlEye-features-for-server-admins&p=2192402&viewfull=1#post2192402

2. Messaging players via RCon

RCon admins can now directly send in-game messages to players using the new "say" command:

say [player #] [message]

If player # is -1, the message is sent to all players. Otherwise the message is sent privately to the specific player. Note that player # is the one shown when entering "players", not the one used by the game itself. Also, keep in mind that only in-game players can be messaged, not those that are still in the lobby.

Example:

say 11 hey mate, how are you doing today?

I hope you like these new features. Feedback of any sort, as always, is welcome. :)

Edited by $able

Share this post


Link to post
Share on other sites

SWEEET. Good job!

Except now they will try to bypass knowing how it worked

Edited by nomad_man

Share this post


Link to post
Share on other sites

i will stick this topic soon after it gets some attention, for now i leave it unstickied as it's easier to spot (irony)

Share this post


Link to post
Share on other sites

Hi

I am getting kicked from my Dedicated server used this from 1st post

What did I mess up ?

See the following scripts.txt example:

Code:

1 createVehicle

1 setVehicleInit

3 serverCommand

4 godmode

7 Bo_Mk82

6 #shutdown

Logged in successfully

RCon admin #0 (X.13x.10x.x53:x35x2) logged in

Important new script detection feature added to BattlEye! See here for more info

rmation: http://forums.bistudio.com/showthread.php?131759-New-BattlEye-features-

for-server-admins

Script Log: #0 MYname (165029dcxac8bce37299531x76) - "(serverCommandAva

ilable "#shutdown") || !isMultiplayer"

Script Log: #0 MYname (165029dcxac8bce37299531x76) - "(serverCommandAva

ilable "#shutdown") || !isMultiplayer"

Player #0 MYname (165029dc6562ac8bce37299531x76) has been kicked by BattlE

ye: Script Restriction #11

Share this post


Link to post
Share on other sites
Hi

I am getting kicked from my Dedicated server used this from 1st post

What did I mess up ?

You haven't messed up anything, the code is from a FSM in Domination which checks if an user is logged in as admin and then adds extra admin tools (like spectating and admin dialog).

Meh, am not happy with this. Many missions use those commands on the client side and it just shows the heart of the problem. There should be some kind of trusted environment where execution of all scripting commands is possible, for example from mission scripts/folders as you can't manipulate MP missions.

Xeno

Edited by Xeno

Share this post


Link to post
Share on other sites

I guess $able cannot determine if the code is from the mission or an addon/runtime code, can you $able?

Share this post


Link to post
Share on other sites

There appears to be a character limit on the say command which is quite low. If the text is too high it disconnects BERcon.

Share this post


Link to post
Share on other sites
Hi

I am getting kicked from my Dedicated server used this from 1st post

What did I mess up ?

See the following scripts.txt example:

Code:

1 createVehicle

1 setVehicleInit

3 serverCommand

4 godmode

7 Bo_Mk82

6 #shutdown

That was only an example. It doesn't mean you should use it (especially with kicking).

Share this post


Link to post
Share on other sites

Meh, am not happy with this.

How can you be unhappy.. its not something thats forced down your throat.. its a option free to have enabled :)

this can be usefull for server runing other missions than Domi ;)

Share this post


Link to post
Share on other sites
You haven't messed up anything, the code is from a FSM in Domination which checks if an user is logged in as admin and then adds extra admin tools (like spectating and admin dialog).

Meh, am not happy with this. Many missions use those commands on the client side and it just shows the heart of the problem. There should be some kind of trusted environment where execution of all scripting commands is possible, for example from mission scripts/folders as you can't manipulate MP missions.

Xeno

There won't ever be a trusted environment, because you can directly change existing scripts or inject code in memory without even dealing with PBOs or the signature check system (there are hacks that do exactly that).

If there are problems, just scan for more specific strings (for example, you can even add a space after "serverCommand" so "serverCommandAvailable" isn't picked up) or disable kicking. There is a reason this is fully customizable.

Share this post


Link to post
Share on other sites
How can you be unhappy.. its not something thats forced down your throat.. its a option free to have enabled :)

this can be usefull for server runing other missions than Domi ;)

Read again what I wrote. It's the wrong approach to the problem and not related to Domina, Warfare or whatever mission.

There won't ever be a trusted environment, because you can directly change existing scripts or inject code in memory without even dealing with PBOs or the signature check system (there are hacks that do exactly that).

I'm aware about that for a long time already :)

The question remains, why is it so easy to inject code ?

If there are problems, just scan for more specific strings (for example, you can even add a space after "serverCommand" so "serverCommandAvailable" isn't picked up) or disable kicking. There is a reason this is fully customizable.

Then please change your example above or add a better explanation because otherwise we will see lots of players getting kicked in the next time because some server admins simply take what they find as example without even thinking about it or knowing what's going to happen.

Xeno

Edited by Xeno

Share this post


Link to post
Share on other sites

sorry. i misread.

but you should know. there is no such thing as a trusted enviourment. even that would be exploited.

btw. wasnt the command #servercommand Kick etc etc disabled/ignored is patch 1.56 or later by bis,i may be wrong. if thats the case. no need to look for thouse commands.

Share this post


Link to post
Share on other sites

this is optional tool for administrators, not much different from CVAR checkings in PunkBuster ...

hence if You wise enough all You need is logging and analyze the result post mortem

and then ban the BEGUID of clear offenders

only if you have mission and locked content environment t

then You can use kick on the commands which You know aren't needed for missions You run

Share this post


Link to post
Share on other sites

Like Dwarden said, it's optional.

I myself would much rather log common things such as 'Bo_mk82' or something that is widely used in missions and then for the other stuff that we obviously won't be using in our missions like 'Loki' or 'Gerk Menu' just simply kick for it.

Share this post


Link to post
Share on other sites

Just because it's "optional" doesn't mean it shouldn't be improved or clarified.

Share this post


Link to post
Share on other sites

@kylania... which i didn't denied ... i simply stated facts ...

i will not go into things like why games can't be secure enough

because if they were, you would not find computer capable to run that game

(ever seen cpu/ram overhead on secured memory allocator for example?)

some things aren't possible as you not making security software

(which btw. become obsolete within 30days after release)

so while trusted environment sounds magically simple ... it isn't

ofcourse we will try to make things better and safer ...

Edited by Dwarden

Share this post


Link to post
Share on other sites
I'm aware about that for a long time already :)

The question remains, why is it so easy to inject code ?

Your demand for a trusted environment didn't exactly sound like you were aware of that. ;)

Any code running on a computer can be modified, that's a basic rule. BE can detect certain methods, but there are limits and so there will always be others that are undetected. There simply won't ever be a way to completely prevent the injection of script code. Given that, it at least seems like a good idea to directly detect the scripts being executed.

Share this post


Link to post
Share on other sites

Nice feature.. but all this I saw in network traffic dump... now its just more comfortable..

The only way I 100% catch the hackers on my little server is own DLL that required to join server and acting like a PBSS - just sending screenshots to server ftp...

BTW.. battleye even doesn't detect this inject... and adding this feature to BE will be awesome protection!

Share this post


Link to post
Share on other sites
Nice feature.. but all this I saw in network traffic dump... now its just more comfortable..

The only way I 100% catch the hackers on my little server is own DLL that required to join server and acting like a PBSS - just sending screenshots to server ftp...

BTW.. battleye even doesn't detect this inject... and adding this feature to BE will be awesome protection!

Wrong, you don't see everything in the network traffic. Mainly you only see script code that is to be executed remotely and public variable values in it (as strings).

And yes, BE is currently detecting all public hacks. As I said though, there are many different ways to inject script code into the game, so it's impossible to detect all those phantom private hacks out there.

Share this post


Link to post
Share on other sites

I have noticed that this is strictly only to script based code, it's really a shame because it would be nice if this could work on Dialogs as well. If the attacker is using scripts to 'fill' their dialog options it works fine but if not then it's really a cat and mouse game.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now