A Legit way to stop hackers.

[Deitic 48]

Anti-cheat programs like punkbuster, battleye, etc. Don't really do anything towards stopping hackers. They can bypass those programs within an hour of releasing a patch. So here's a real way to stop them

First of all, everything a game adds up to is basically codes. The hackers are using programs to detect these lines of codes, and using said codes to do whatever they want. So the real and only viable way to minimize hacking would be to have some sort of program randomize code lines for everything from weapons to health every day.

Now i understand how huge the undertaking would be to make something like this happen. The program would have to randomize every code, and register those codes to their appropriate directories to keep the game working in full order. However, this is honestly the only way to stop casual hackers from doing whatever they want.

It's impossible to stop dedicated hackers, but at least with randomizing codes every day, eventually they'll just get tired of spending hours a day trying to get the codes then being only able to play the game with them for a little while.

~Deitic

(This is for the Dayz Standalone btw, the current DayZ mod is just too far gone :( )

Edited October 22, 2012 by Deitic

[puppetworx 474]

Presumably that would mean pushing the code for clients and servers everyday(you couldn't recompile at the client or server because that would expose your source code). You'd also have to update the file definitions used by Battleye everyday too. That's an expensive solution and one which may well lead to what is considered an untenable experience for users.

I don't know if your solution would even work either, I do like the thinking though.

Myself I'd like to see a gaming operating system developed where the policy is to only run signed code. Maybe Gabe Newell has such an idea up his sleeve.

[AlcApwn (DayZ) 28]

1) not everything "a game adds up to" is code.

2) 99% if dayz's "hackers" is entirely the fault of the engine design, not the failure of anti-cheat measures (which are, of cause, a joke. you can attach a debugger to arma2oa and BE does not notice).

3) Nope, hackers are not "detecting" "these lines of codes".

a ) if you want to execute weird shit on the server,you have to manipulate the regular client-server communication.

this is usually archieved by changing the path of a legit script to a manipulated one, and execute it legally. but the path itself is NOT in the "lines of codes", but in a... different part of the memory.

b ) if you want to cheat weapons, just execute the legal scripts somehow (you know the bugs yourself how to double items and bagpacks. what the interface does, can easily be done somehow else)

4) this will not help anything.

things like units (players, vehicles, environment bullshit, etc) are stored in 6 different lists in arma2's memory. its pretty easy to find and read them... opensource code describing how to can be found on any half-serious board dealing with DayZ. as long as the client has too much information and power, someone will easily find a way to abuse it. (and yes, even with morphcode and other ill-bred "security" concepts :))

5) OBFUSCATION IS NOT SECURITY.

you could stop 99% of dayzs hacks by using a RELIABLE engine. not by trying to obfuscate what is obvious anyways. (dont start your mimimi-"trusting engine"-bullshit again - in germany your boss would rip your head off if you design software like that!)

Edited October 22, 2012 by AlcApwn

[Deitic 48]

yo do realize scripting is basically manipulating codes for certain objects or stats in a game like dayZ right?.

Everything is a line of code. That's what programming is. "Obfuscation" is definitely security in the long run. 90% of the hackers in Dayz are probably public bypassers, or players that buy a bypass from actual hackers. IF they're forced to wait hours before being able to play without hacks eventually they will lose interest.

Once again constant Obfuscation is the best form of security. It's used in all sorts of places and it works. Hacking a game like DayZ isn't exactly hard. Especially when you know what you're looking for. But trust me, I've seen real hackers hired by capital companies get thwarted by simple randomizing programs. If a program can do it enough, and do it well. The only way to stop it would be to directly connect to that program and stop it from the inside. I can guarantee no hacker with the ability to completely mask their presence on the internet while they're back dooring a secure client side server is wasting their time hacking DayZ.

You can't even call scripting hacking. You can read a book about scripting in 3 hours and achieve something like a kill command or weapon spawn system in DayZ.

[hollenfeuer88 124]

Sounds like it would be a bitch to do, but good idea non the less.

[AlcApwn (DayZ) 28]

yo do realize scripting is basically manipulating codes for certain objects or stats in a game like dayZ right?.

Everything is a line of code. That's what programming is. "Obfuscation" is definitely security in the long run. 90% of the hackers in Dayz are probably public bypassers, or players that buy a bypass from actual hackers. IF they're forced to wait hours before being able to play without hacks eventually they will lose interest.

Once again constant Obfuscation is the best form of security. It's used in all sorts of places and it works. Hacking a game like DayZ isn't exactly hard. Especially when you know what you're looking for. But trust me, I've seen real hackers hired by capital companies get thwarted by simple randomizing programs. If a program can do it enough, and do it well. The only way to stop it would be to directly connect to that program and stop it from the inside. I can guarantee no hacker with the ability to completely mask their presence on the internet while they're back dooring a secure client side server is wasting their time hacking DayZ.

You can't even call scripting hacking. You can read a book about scripting in 3 hours and achieve something like a kill command or weapon spawn system in DayZ.

first of all, good luck finding a book that covers BIS's custom scripting api o_O.

second, scripting is NOT the manipulation of the objects themselves. for comparison, take a look at the sourcecode of dayz survival or whatever the hack is called.

and nope, NOT anything is a line of code.

i dont want to start a futile discussion with a smart-arse who does not bring up reasonable arguments, so please watch this link(s) to understand how memory is organized and basics of reverse engineering:

and nope, obfuscation is no security by definition.

you can obfuscate and morph your code as often as you want - you will always find static pointers, with the help of opensource/freeware tools like cheatengine.

as i said, use a reliable engine and 99% of the hacks are impossible. or rework the old one until it is fit enough, dont know what is cheaper.

[joanjett (DayZ) 31]

5) OBFUSCATION IS NOT SECURITY.

Obfuscation? This should win the big word contest for February (you made my brain ache)

[OrLoK 16182]

Hello there

I understand OP's reasoning, but to me it's flawed. I too thought of the random element idea. Surely if it was that simple those of us with bigger brains than me (everyone) would have implemented a system like this by now?

The issue appears to be more complex that that.

The main thrust of your idea is sound. Make the game a pain to hack/script by forcing the hackers/scripters have to re-edit their work every day and therefore making it so much of a pain that it eventually is not worth the effort. If there was a foolproof way to do this it would have been done.

Rgds

LoK

[kingflip 42]

Lok is right, not only that but they are "hackers" someway somehow, they would find a way to hack, codes or not. im not one who is code savvy and knows a lot about the programming side of things. but the best one can do to stop hackers, is to avoid them when they are a midst

[ShokeR (DayZ) 29]

It's very diffuclt to stop hackers becasue Arma 2 engine is really bad.

In the SA I hope they will use a diffrent engine or improve it.

Anyway, do not try to stop the hackers, the best thing to stop the hackers is just to stop talk about them.

It's like don't feed the troll, when someone troll just don't answer, same with hackers, if they hack just let them hack don't tell them you care.

Dean Rocket said he knows the main problem of Dayz project is hackers, and I'm sure he is gonig to solve the problem.

[dutchmuffin 11]

I think the fix would probably be in server / client communication. To explain, if the server is placed in complete charge of creating things, then a client shouldn't be able to manipulate that.

It's probably waaay more complicated though.

[Garblax 4]

I don't count on hackers just giving up because its tedious.. It's the Internet. Where there's a glimmer of a will, there's a definite way with these guys. Right? Surely they'll work around it.

[Easy_Tiger (DayZ) 33]

Anti-cheat programs like punkbuster, battleye, etc. Don't really do anything towards stopping hackers. They can bypass those programs within an hour of releasing a patch. So here's a real way to stop them

First of all, everything a game adds up to is basically codes. The hackers are using programs to detect these lines of codes, and using said codes to do whatever they want. So the real and only viable way to minimize hacking would be to have some sort of program randomize code lines for everything from weapons to health every day.

Now i understand how huge the undertaking would be to make something like this happen. The program would have to randomize every code, and register those codes to their appropriate directories to keep the game working in full order. However, this is honestly the only way to stop casual hackers from doing whatever they want.

It's impossible to stop dedicated hackers, but at least with randomizing codes every day, eventually they'll just get tired of spending hours a day trying to get the codes then being only able to play the game with them for a little while.

~Deitic

(This is for the Dayz Standalone btw, the current DayZ mod is just too far gone :( )

In the context of traditional memory debugging:

Im not sure if there are any performance implications but from my experience games would be alot harder to hack if no static variables are used as every time the game is launched variables would reside in a different memory location. This would make it alot harder to keep hacks active as they would have to scan the games entire memory allocation to locate whatever they want to fiddle with every time they try and attach/ inject their hacks.

basically they couldnt write a hack that says "go to memory offset xxxx and do this to get infinite ammo" because every time the game starts the ammo count is in a different place i.e offset yyyyy or offset aaaaaa etc..

Edited February 21, 2013 by Easy_Tiger

[Kentarion 0]

1) not everything "a game adds up to" is code.

....

....

5) OBFUSCATION IS NOT SECURITY.

you could stop 99% of dayzs hacks by using a RELIABLE engine. not by trying to obfuscate what is obvious anyways. (dont start your mimimi-"trusting engine"-bullshit again - in germany your boss would rip your head off if you design software like that!)

sry, could just give you one set of beans.

anyway, i love the naive way ppl think of security.

i guess the ppl from bohemia didn't think about the security hole they have with their design. now the game / the mod is popular - they have to care.

i rly hope they have a better design solution for dayz sa. i read more about serverside and database orientation - so i guess they are going the right direction.

...but we will see :)

[dutchmuffin 11]

They didn't 'care' simply because ArmA wasn't meant to be a game that people wanted to hack in.

[JamesMoore 51]

Every game you play will face the constant bug of exploiters, griefers, etc etc. There's no permanent solution to these script kiddies. Power is responsibility...

[JamesMoore 51]

Every game you play will face the constant bug of exploiters, griefers, etc etc. There's no permanent solution to these script kiddies. Power is responsibility...

I also usually play arma, and i'm not sure if they're actual legit nuclear explosions or what but i'll almost every day see some kind of atomic explosion in the distance, and the sidechat appears a bit worried so i'll guess hackers are just exploding targets. Same with DayZ. All we can do is slow them down

[dutchmuffin 11]

Every game you play will face the constant bug of exploiters, griefers, etc etc. There's no permanent solution to these script kiddies. Power is responsibility...

I also usually play arma, and i'm not sure if they're actual legit nuclear explosions or what but i'll almost every day see some kind of atomic explosion in the distance, and the sidechat appears a bit worried so i'll guess hackers are just exploding targets. Same with DayZ. All we can do is slow them down

Did you just quote yourself?

[aussiestig 681]

Congratulations, you managed to stop something that has been stopped by the DayZ SA by it being server side. The client can no longer trick the server into doing something for them, because it will not allow it.

All hacks like teleporting, spawning gear, vehicle spawning etc. has all been stopped by this. There is still the issue of ESP, wallhacks and all of the other crap out there. Stopping them will take a lot more than a dodgy solution that is just randomizing numbers

[Inception. 9443]

Why was this resurrected?

Please check the date in which the OP was posted.

*cough* orlok *cough*

[OrLoK 16182]

I'm just a poor old man, I have no time for necro posts. My legs are grey, my ears are old, my eyes are old and bent...

Edited February 22, 2013 by orlok