mr.g-c

Still cheats/hacks bypass sigcheck and battleye!!!

19 posts in this topic

Dear Battleye developer Bastian and dear Arma Dediserver-developers,

as you might know, our community "arma-rpg.com" are running a Gameserver (placed second in the list) with one of the most played missions, called Sahrani-Life(reloaded).

We have both Battleye enabled and Sigchecking enabled, but still people CAN and DO HACK/CHEAT THE SHIT OUT OF THE SERVER, by spawning Bombs and stuff and destryoing everything.

This leads then sometimes that the whole Server crashes and can only be restarted by shell-console and the server-script (we using linux).

It was with most certainty this new KFC-Package:

<span style='color:red'>K F C link removed</span>

As you can read in this thread, you can bypass the sig-checking by placing the PBO in your addons-folder AFTER you joined, means when you already ingame.

This must be a joke right? Sigchecking ONLY check when joining but not after?huh.gif Please FIX this.

Please, who ever is responsible for preventing this, DO IT!

Do not release a other version of the dedicated server/Battleye until you fixed this. We are so unbelievably annoyed by this.

This is so annoying, i am working from home and people annoys me every hour that the thing got hacked/cheated again - i have no time for this!

Please Please Please fix this!

Sorry for my harsh way of presenting this, but enough is enough....

Best Regards, Christian

Share this post


Link to post
Share on other sites

T K C wordfilters to KFC

BI forums slowly morphing into another chan board? rofl.gif

Share this post


Link to post
Share on other sites

Providing Links to this KFC assholes will surely not help keep hacking and cheating away.

That link does not work atm, but should be deleted before the Server is up again.

Share this post


Link to post
Share on other sites

While I understand your frustration very well, I can only say that's impossible to prevent everything.

To put it straight, it's a fact that you can hack any code running on a client. If someone puts enough effort into this, he will be able to accomplish anything.

Therefore, the maximum BattlEye can do is to detect ALL public hacks and MOST private (non-bypass) hacks. If I promised you more than that I'd just lie and I am not going to do this.

Also, BattlEye can't do anything against script hacks (and things such as spawning bombs sound like scripts). Scripts are a legitimate feature of the game engine and therefore not detectable from BE's point of view.

If there are ways to trick the signature checking other than hacking the game's .exe (with a BE bypass, since BE detects the modifications), then this is very bad and indeed needs to be fixed in the next patch.

I hardly believe that the exploit you posted is true though. Technically this sounds very unlogical to me.

You shouldn't believe everything you read on those sites anyway. Over the time I have often read things that simply are nothing more than blatant lies, either spread with or without intention - and I am not doing propaganda against them here.

Share this post


Link to post
Share on other sites

Thanks for your reply. I can tell you more:

1. One of our game admins always tries privately the newest KFC Hacks/Cheats and he confirmed me yesterday that this one i linked IS WORKING!!!

2. It was a KFC hack because as soon as the bombardments started, everyone got a message like "----------KFC started----------" or something like that.

3. I don't care at all who will fix or prevent this, as longs as it's getting fixed.

I mean honestly, everyone knows how small the Arma playerbase is already, and those recently upcomming hack-attempts (which also can crashes the servers) will SHRINK it even more.

GOD DAMN, BIS do something working against it! Or Armas online playerbase will DIE! THe people are so pissed off and you can read in dozneds of forums that people say they don't play Arma anymore because of hacks and cheats! Great, isn't it?  icon_rolleyes.gif  icon_rolleyes.gif

I'm off, this is enough for today.

Regards, Christian

Share this post


Link to post
Share on other sites
1. One of our game admins always tries privately the newest KFC Hacks/Cheats and he confirmed me yesterday that this one i linked IS WORKING!!!

I need to ask: It works on a server with signature checking enabled?

Share this post


Link to post
Share on other sites
1. One of our game admins always tries privately the newest KFC Hacks/Cheats and he confirmed me yesterday that this one i linked IS WORKING!!!

I need to ask: It works on a server with signature checking enabled?

I think so.... i'll ask him as soon as he is online again....

Maybe he is even registered here and can answer here directly.

This is what they have written in their forums (KFC):

Quote[/b] ]The idea is to start the game with the .pbo cheat attached. Then moving it somewhere else while joining a server and putting it back or similar.....

Share this post


Link to post
Share on other sites

Well the problem is the regularCheck part of signature checking still kicks people for timing out, even after the timeout was increased in the latest patch - so most servers with sig checking still run with regularcheck off.

So if a hacker *is* removing addons during joining, and then readding them once connected, the regularcheck is the only line of defense.

Still, they can cause havoc in the time period between completing the join signature check and the next scheduled regularcheck. Enough to drop some GBUs i imagine.

Share this post


Link to post
Share on other sites

Putting the exploit itself in public isn't the wisest idea ever...

Suma has a PM box, I suggest you use it instead.

As for the whole "it's unnacceptable" stance, like stated, NOTHING, and I mean absolutely NOTHING will prevent cheating, you do your BEST to counter what exists, but it will eventually be countered itself, always.

It's now the case.

Just warn BI, and wait for the fix.

Share this post


Link to post
Share on other sites

Arhg! Why make this public ffs !

The baby brains with little penis's and hairy palms will giggle like girls when they see this sort of shyt in here.

Share this post


Link to post
Share on other sites
Gnat @ July 09 2008,08:49)]Arhg! Why make this public ffs !

The baby brains with little penis's and hairy palms will giggle like girls when they see this sort of shyt in here.

Perhaps a PM to $able would have been sufficient? This'll be quoted on KentuckyFriedChicken's website in no time.

Share this post


Link to post
Share on other sites

Well it's not as simple as it sounds. The game files and directories are locked during gameplay, so it's not as if *anyone* can just start moving files around while the game is running smile_o.gif

Share this post


Link to post
Share on other sites

Ok one of our game admins made another test to replicate how they managed it to crash the server:

They bypass the signature-check and create hundreds of hundreds of units at once on the map and the server-ram will fill-up instantly and will completely lock forever.

But we have now a way to bypass this... its called DOACS.... notworthy.gif

Its the only thing which can block that according to our tries... Still a shame we have to run like 3 independent protection ways or softwares to stop these fuckers.

Anyway hope Doolittle will update this system frequently to protect us from these fuckers.

I hope for Arma2 there will be a whole new concept incorporated by default. Valves system seems to be awesome i heard....

Regards, Christian

Share this post


Link to post
Share on other sites
Ok one of our game admins made another test to replicate how they managed it to crash the server:

They bypass the signature-check and create hundreds of hundreds of units at once on the map and the server-ram will fill-up instantly and will completely lock forever.

Could you please PM me the method?

I am sorry for all that, but there is nothing BE can do about these scripts.

Share this post


Link to post
Share on other sites

If Valve softwares included the scripting possibilities offered by ArmA for mission editing, then their current anti-cheat solution would be bypassed exactly like BE is bypassed currently.

Once again, there is no cheat-proof solution.

Report the exploit/cheat technique to the devs (in our case, PM Suma), they will get it fixed if possible, currently through a change in signature system most probably which is the module responsible for fighting this script injectors.

Or maybe the solution already exists and it is to use the regularCheck statement in the server configuration and to not bypass it like most of us do currently because of the potential disconnections that ensue.

So, maybe you could try to remove in your configuration file of the server this statement :

<table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">regularCheck="";or similar line that disable the kicks on failed mid game checks.

As well, if the technique is really what you describe, it is quite possible that a message is globalled when the regular check is performed and it stumbles on the hack .pbo file, something like "XXX is using wrong signature file for <insert_hack_pbo_name _here>", but the player is not kicked (because of the code above in the server's configuration), in which case admin can manually kick said player.

Share this post


Link to post
Share on other sites
Still a shame we have to run like 3 independent protection ways or softwares to stop these

Considering the simplicity to cheat, yet not so simple to catch, from what I've been reading on these forums and with the 3 options to help stop or even slow them down... it seems up to standards.

Even PunkBuster enabled games, will have PunBusterA & B services running on all clients. Then you can add other private server configs, additional cvars, md5tool checks ect ect.

Yet, cheaters are still every where.

Share this post


Link to post
Share on other sites

Is it possible (although very laborious for mission designers) to have a list of script filenames that are allowed to run? so the mission maker can list the scripts he has and only they will run successfully on that mission.

Maybe some sort of keysigning for each file so hacker cant name the script the same and run it?

I know its probably impossible but just throwing it out there to see if it will spark any idea's.

Share this post


Link to post
Share on other sites

i wonder what's point to ressurect years old and unused thread

btw. sorry but Your suggestion would resolve nothing, i can instantly see 3 ways around

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.