Jump to content

Photo
- - - - -

Still cheats/hacks bypass sigcheck and battleye!!!


  • This topic is locked This topic is locked
18 replies to this topic

#1 mr.g-c

mr.g-c

    Warrant Officer

  • Members
  • 2381 posts

Posted 09 July 2008 - 12:48 PM

Dear Battleye developer Bastian and dear Arma Dediserver-developers,
as you might know, our community "arma-rpg.com" are running a Gameserver (placed second in the list) with one of the most played missions, called Sahrani-Life(reloaded).

We have both Battleye enabled and Sigchecking enabled, but still people CAN and DO HACK/CHEAT THE SHIT OUT OF THE SERVER, by spawning Bombs and stuff and destryoing everything.
This leads then sometimes that the whole Server crashes and can only be restarted by shell-console and the server-script (we using linux).

It was with most certainty this new KFC-Package:
<span style='color:red'>K F C link removed</span>

As you can read in this thread, you can bypass the sig-checking by placing the PBO in your addons-folder AFTER you joined, means when you already ingame.
This must be a joke right? Sigchecking ONLY check when joining but not after?Posted Image Please FIX this.

Please, who ever is responsible for preventing this, DO IT!
Do not release a other version of the dedicated server/Battleye until you fixed this. We are so unbelievably annoyed by this.

This is so annoying, i am working from home and people annoys me every hour that the thing got hacked/cheated again - i have no time for this!

Please Please Please fix this!

Sorry for my harsh way of presenting this, but enough is enough....

Best Regards, Christian




Marek Spanel: [...] Every single element is well taught so that it fits together. So this is a significant change, because with ArmA 1 it was just random, really.
We made some units because we had to. There wasn't much passion from our side with the first ArmA, to be honest. This time it's different. (Videogamer.com Interview:)

Please BIS: Arma2 must become a TRUE MASTERPIECE - Not a middle-heavy catastrophe!

#2 Opteryx

Opteryx

    Retarded Member

  • Members
  • 1722 posts

Posted 09 July 2008 - 01:02 PM

T K C wordfilters to KFC


BI forums slowly morphing into another chan board? Posted Image

#3 Mr_Tea

Mr_Tea

    Warrant Officer

  • Members
  • 2167 posts

Posted 09 July 2008 - 01:15 PM

Providing Links to this KFC assholes will surely not help keep hacking and cheating away.

That link does not work atm, but should be deleted before the Server is up again.
MB: Gigabyte GA-MA770-UD3 - CPU: AMD Phenom II X4 945 - RAM: Corsair XMS 8GB DDR2 RAM-800 MHZ - Video: EVGA GTX 660 TI SC 3GB - Sound: Asus Xonar DX PCI Express 7.1 Audio Card - OS: Win7 Home Premium 64 BIT
Buy the Games you play.
This should be the minimum support and respect to the Developers work.
Posted Image

#4 -able

-able

    BattlEye Developer

  • Members
  • 697 posts

Posted 09 July 2008 - 01:16 PM

While I understand your frustration very well, I can only say that's impossible to prevent everything.
To put it straight, it's a fact that you can hack any code running on a client. If someone puts enough effort into this, he will be able to accomplish anything.

Therefore, the maximum BattlEye can do is to detect ALL public hacks and MOST private (non-bypass) hacks. If I promised you more than that I'd just lie and I am not going to do this.

Also, BattlEye can't do anything against script hacks (and things such as spawning bombs sound like scripts). Scripts are a legitimate feature of the game engine and therefore not detectable from BE's point of view.
If there are ways to trick the signature checking other than hacking the game's .exe (with a BE bypass, since BE detects the modifications), then this is very bad and indeed needs to be fixed in the next patch.

I hardly believe that the exploit you posted is true though. Technically this sounds very unlogical to me.
You shouldn't believe everything you read on those sites anyway. Over the time I have often read things that simply are nothing more than blatant lies, either spread with or without intention - and I am not doing propaganda against them here.

#5 mr.g-c

mr.g-c

    Warrant Officer

  • Members
  • 2381 posts

Posted 09 July 2008 - 01:26 PM

Thanks for your reply. I can tell you more:

1. One of our game admins always tries privately the newest KFC Hacks/Cheats and he confirmed me yesterday that this one i linked IS WORKING!!!

2. It was a KFC hack because as soon as the bombardments started, everyone got a message like "----------KFC started----------" or something like that.

3. I don't care at all who will fix or prevent this, as longs as it's getting fixed.

I mean honestly, everyone knows how small the Arma playerbase is already, and those recently upcomming hack-attempts (which also can crashes the servers) will SHRINK it even more.
GOD DAMN, BIS do something working against it! Or Armas online playerbase will DIE! THe people are so pissed off and you can read in dozneds of forums that people say they don't play Arma anymore because of hacks and cheats! Great, isn't it?  Posted Image  Posted Image

I'm off, this is enough for today.

Regards, Christian




Marek Spanel: [...] Every single element is well taught so that it fits together. So this is a significant change, because with ArmA 1 it was just random, really.
We made some units because we had to. There wasn't much passion from our side with the first ArmA, to be honest. This time it's different. (Videogamer.com Interview:)

Please BIS: Arma2 must become a TRUE MASTERPIECE - Not a middle-heavy catastrophe!

#6 -able

-able

    BattlEye Developer

  • Members
  • 697 posts

Posted 09 July 2008 - 01:29 PM

1. One of our game admins always tries privately the newest KFC Hacks/Cheats and he confirmed me yesterday that this one i linked IS WORKING!!!

I need to ask: It works on a server with signature checking enabled?

#7 mr.g-c

mr.g-c

    Warrant Officer

  • Members
  • 2381 posts

Posted 09 July 2008 - 01:32 PM

1. One of our game admins always tries privately the newest KFC Hacks/Cheats and he confirmed me yesterday that this one i linked IS WORKING!!!

I need to ask: It works on a server with signature checking enabled?

I think so.... i'll ask him as soon as he is online again....
Maybe he is even registered here and can answer here directly.

This is what they have written in their forums (KFC):

Quote[/b] ]The idea is to start the game with the .pbo cheat attached. Then moving it somewhere else while joining a server and putting it back or similar.....





Marek Spanel: [...] Every single element is well taught so that it fits together. So this is a significant change, because with ArmA 1 it was just random, really.
We made some units because we had to. There wasn't much passion from our side with the first ArmA, to be honest. This time it's different. (Videogamer.com Interview:)

Please BIS: Arma2 must become a TRUE MASTERPIECE - Not a middle-heavy catastrophe!

#8 Deady

Deady

    Forum Pessimist

  • Members
  • 404 posts

Posted 09 July 2008 - 01:40 PM

Well the problem is the regularCheck part of signature checking still kicks people for timing out, even after the timeout was increased in the latest patch - so most servers with sig checking still run with regularcheck off.

So if a hacker *is* removing addons during joining, and then readding them once connected, the regularcheck is the only line of defense.

Still, they can cause havoc in the time period between completing the join signature check and the next scheduled regularcheck. Enough to drop some GBUs i imagine.

#9 whisper

whisper

    Chief Warrant Officer

  • Members
  • 3476 posts

Posted 09 July 2008 - 01:49 PM

Putting the exploit itself in public isn't the wisest idea ever...

Suma has a PM box, I suggest you use it instead.


As for the whole "it's unnacceptable" stance, like stated, NOTHING, and I mean absolutely NOTHING will prevent cheating, you do your BEST to counter what exists, but it will eventually be countered itself, always.
It's now the case.
Just warn BI, and wait for the fix.
Whisper / Kalbuth / MrK
ex-OFrP member.
ArmA3 / Planetside 2, member of MercenaryS
Planetside / ET:QW / Tribes Ascend, member of Formido Clan

#10 -APS-Gnat

-APS-Gnat

    Captain

  • Members
  • 6401 posts

Posted 09 July 2008 - 01:49 PM

Arhg! Why make this public ffs !

The baby brains with little penis's and hairy palms will giggle like girls when they see this sort of shyt in here.

#11 Victor

Victor

    Sergeant Major

  • Members
  • 1417 posts

Posted 09 July 2008 - 02:57 PM

Gnat @ July 09 2008,08:49)]Arhg! Why make this public ffs !

The baby brains with little penis's and hairy palms will giggle like girls when they see this sort of shyt in here.

Perhaps a PM to $able would have been sufficient? This'll be quoted on KentuckyFriedChicken's website in no time.

#12 Deady

Deady

    Forum Pessimist

  • Members
  • 404 posts

Posted 09 July 2008 - 03:39 PM

Well it's not as simple as it sounds. The game files and directories are locked during gameplay, so it's not as if *anyone* can just start moving files around while the game is running Posted Image

#13 mr.g-c

mr.g-c

    Warrant Officer

  • Members
  • 2381 posts

Posted 09 July 2008 - 03:56 PM

Ok one of our game admins made another test to replicate how they managed it to crash the server:

They bypass the signature-check and create hundreds of hundreds of units at once on the map and the server-ram will fill-up instantly and will completely lock forever.

But we have now a way to bypass this... its called DOACS.... Posted Image
Its the only thing which can block that according to our tries... Still a shame we have to run like 3 independent protection ways or softwares to stop these fuckers.
Anyway hope Doolittle will update this system frequently to protect us from these fuckers.

I hope for Arma2 there will be a whole new concept incorporated by default. Valves system seems to be awesome i heard....

Regards, Christian
Marek Spanel: [...] Every single element is well taught so that it fits together. So this is a significant change, because with ArmA 1 it was just random, really.
We made some units because we had to. There wasn't much passion from our side with the first ArmA, to be honest. This time it's different. (Videogamer.com Interview:)

Please BIS: Arma2 must become a TRUE MASTERPIECE - Not a middle-heavy catastrophe!

#14 -able

-able

    BattlEye Developer

  • Members
  • 697 posts

Posted 09 July 2008 - 04:18 PM

Ok one of our game admins made another test to replicate how they managed it to crash the server:

They bypass the signature-check and create hundreds of hundreds of units at once on the map and the server-ram will fill-up instantly and will completely lock forever.

Could you please PM me the method?

I am sorry for all that, but there is nothing BE can do about these scripts.

#15 whisper

whisper

    Chief Warrant Officer

  • Members
  • 3476 posts

Posted 09 July 2008 - 04:25 PM

If Valve softwares included the scripting possibilities offered by ArmA for mission editing, then their current anti-cheat solution would be bypassed exactly like BE is bypassed currently.

Once again, there is no cheat-proof solution.

Report the exploit/cheat technique to the devs (in our case, PM Suma), they will get it fixed if possible, currently through a change in signature system most probably which is the module responsible for fighting this script injectors.

Or maybe the solution already exists and it is to use the regularCheck statement in the server configuration and to not bypass it like most of us do currently because of the potential disconnections that ensue.


So, maybe you could try to remove in your configuration file of the server this statement :
<table border="0" align="center" width="95%" cellpadding="0" cellspacing="0"><tr><td>Code Sample </td></tr><tr><td id="CODE">regularCheck="";[/QUOTE]or similar line that disable the kicks on failed mid game checks.
As well, if the technique is really what you describe, it is quite possible that a message is globalled when the regular check is performed and it stumbles on the hack .pbo file, something like "XXX is using wrong signature file for <insert_hack_pbo_name _here>", but the player is not kicked (because of the code above in the server's configuration), in which case admin can manually kick said player.
Whisper / Kalbuth / MrK
ex-OFrP member.
ArmA3 / Planetside 2, member of MercenaryS
Planetside / ET:QW / Tribes Ascend, member of Formido Clan

#16 Doolittle

Doolittle

    First Sergeant

  • Members
  • 824 posts

Posted 09 July 2008 - 07:07 PM

Glad you like DooACS. Makes me very happy..
Posted Image
Ranger School - Make your own mission in game! Full MP support (Old ver)
DooACS - Arma2 anti-cheat to protect your server, feared by cheaters

#17 SWAT_BigBear

SWAT_BigBear

    SWAT IGG

  • Members
  • 1806 posts

Posted 09 July 2008 - 10:03 PM

Still a shame we have to run like 3 independent protection ways or softwares to stop these

Considering the simplicity to cheat, yet not so simple to catch, from what I've been reading on these forums and with the 3 options to help stop or even slow them down... it seems up to standards.
Even PunkBuster enabled games, will have PunBusterA & B services running on all clients. Then you can add other private server configs, additional cvars, md5tool checks ect ect.
Yet, cheaters are still every where.
Cya in the CrossHairs Kill Zone!

Spoiler

#18 ker8er0s

ker8er0s

    Corporal

  • Members
  • 71 posts

Posted 22 March 2011 - 06:34 PM

Is it possible (although very laborious for mission designers) to have a list of script filenames that are allowed to run? so the mission maker can list the scripts he has and only they will run successfully on that mission.

Maybe some sort of keysigning for each file so hacker cant name the script the same and run it?

I know its probably impossible but just throwing it out there to see if it will spark any idea's.
Posted Image

#19 Dwarden

Dwarden

    BI Developer

  • BI Developer
  • 9617 posts
  • LocationBrno, Czech Republic

Posted 23 March 2011 - 01:15 PM

i wonder what's point to ressurect years old and unused thread

btw. sorry but Your suggestion would resolve nothing, i can instantly see 3 ways around

RealTimeChat ~ARMA2 in Your browser (w/o Java), RealTimeChat ~ARMA3 in Your browser (w/o Java),
irc.GameSurge.net/ARMA2 (external IRC clients) irc.GameSurge.net/ARMA3 (external IRC clients)
ARMA 3 Feedback Tracker: http://feedback.arma...y_view_page.php
~100k fans @STEAM ARMA 2 + ARMA 2: OA + ARMA 3: + ~2k @XFIRE A2:OA
Follow my Twitter: http://twitter.com/FoltynD or my Facebook http://facebook.com/FoltynD