Anti-Hacking suggestion

[themurdertrain 33]

Hey all,

There's a lot of times someone will spawn, go prone, then come at me with a 249 or some such insanity. I've witnessed it, you've witnessed it, we've all had to deal with it.

I'm not deeply familiar with the code for the arma2 engine, however I do know that whenever an item is created there has to be a process which creates it. I see people banned for trying to spawn vehicles often, but very rarely do I see someone spawned for weapons unless there is an admin on the server and someone reports it.

Here's my idea, in psuedo code:

spawn item.

if spawn item != (list of items we can spawn, like fire places etc...)

instantly kill player

else

nada.

It's pretty easy code to write, as I'm sure there is all ready something which runs when we spawn an item to make sure it's something spawnable. So long as all of the proper exceptions are made (fireplaces, dropping items, etc... dont want people to die for something they were allowed to have).

Any thoughts?

[Steak and Potatoes 13480]

You've got it figured out for sure I'd pursue this.

[Fraggle (DayZ) 15720]

I think that's basically what a lot of the anti-hax software many private server owners use does. Hence private servers having many less problems with hackers. The issue is though that hackers will pick the code apart and then figure out a workaround, so the antihax software has to keep developing to stay ahead of the hackers.

Essentially the issue is Arma itself, it was never supposed to be used in the way DayZ uses it, that's why the SA is able to address these issues with much less effort than trying to bend the mod to their will.

Edited January 1, 2013 by Fraggle

[colekern 1364]

The line of code made me crack up, and yes, that might work.

[themurdertrain 33]

I appreciate the feed back.

The idea of a work around is rather limited, unless they manage to interface with the server itself, and change the definition of the approved 'non-explode your head' items that the script checks for first. I can only imagine what I would do to get around it, which as I've said would involve them telling the server that a can of beans is actually an M16. I'm not sure if item definitions are stored centrally or client side, but if it is client side there isn't a single fix that would prevent hacking.

[Nillzie 4]

If killed

Then don't die

Else spawn m107

[plrsniper 87]

So without any knowledge in how the ArmA engine works or how scripting works or how the battleeye client is bypassed or that there already is a "banned item" list on servers that is somehow bypassed to (because they know how it works) you come with a proposal that would be one solution to the hacking problem?

It's simple really, there's a lot of things happening on a server that is part of the normal operation of the mod. Hackers will find ways to abuse that even if they might not be able to spawn items outside the range of valid items they will still spawn an AS50, NVG's, rangefinder and all the other stuff for themselves and then use the map hacks and teleport commands in lieu with godmode and just headshot everyone for shits and giggles.

At least when they clusterbomb cherno you know they are operating, it's the assholes (like a certain frankie) that try and hide the fact they are cheating that are the real problem and you can't really stop them easily because they (at least try to) blend in.

The only way that i can see as a possible solution is to make the beclient binary compile differently for every single system making it impossible to inject their NOP codes (No operation) into the process that is designed to stop the injection of scripts in the global command chain in the first place. Then the beclient will stop 99% of all hacks used today.

That still doesn't stop the remaining cheats like decryption of the network traffic and decoding of the data sent between client and server. (Which allows them to draw a map of all players, vehicles and tents on the map as well as heli crash sites and anything else you can think of that exists as an object in the game)

But once again, if the hackers really want to hack they will find the offset in the randomly compiled beclient too and inject none the less. In other words, they will always be one step ahead of any countermeasures you take.

Which leaves the only option that has ever worked well... A diligent server admin catching the cheaters and banning them manually.

You can also join a strict whitelisted server, thus making it too much work for a cheater to join.

For instance, there is one server here where you have to leave your social security number to join it. I doubt any cheater would be willing to provide that to hack on that server because god knows what's going to happen to such a person IRL if found out to be cheating... *BOOM, HEADSHOT*