AntiHack Tools for Public (Official) Hives (introducing DayZ(Anti)Hack)

[kr4uzi 0]

EDIT (04 Nov 2013): due to massive problems caused by SQLite3 vs Visual Studio 2013 i have to switch from a database based config to a file based config. This may take a additional week or two since i cannot work on this project full-time now anymore :/

 

So there was me, playing DayZ since it came out until i found a server running smooth and which was updated regularly with good connection and low pings. However this server didn't have any antihack tools installed like gotcha.

So i contacted the admin and he finally gave me root access for the dayz server after finding out i'm friendly.

Having parsed the battleye log files manually i banned like 20 hackers who played on the server the last week, gotcha did a more or less good job on detecting teleport hackers that played on the server beyond the "manual log parsing" work.

 

However this was not enough... i still had to parse the log files manually since gotcha's teleport detection system has like 80% false detection.

One day i got shot with a hacked weapon i also realised that gotcha's weapon detection doesn't work well on public hives either (and neither do vehicle teleport which hacker seem to like now since gotcha cannot detect this in any way).

 

This was the day i searched for AntiHack measures for public hives. i didnt find ANY. i even though about buying a private hack for money as i read that they have "observer mode" built in. since the private hack would cost me lot of money over time (getting banned -> new key -> i also think this private hack cost money per week/month/year) i decided to code my own anti hack tool. 

 

and this is the reason i'm writing this: The AntiHack Tools i've written is nearly finished. I've spent hours into this and on my current field study it performs very nice.

 

##################### TL;DR #####################

##################### TL;DR #####################

##################### TL;DR #####################

I was getting annoyed of hackers and since there are no antihack tools out there except gotcha (which is neither stable nor has a good hacker detection on public hives) i coded my own antihack-tool.

 

Features:

- plugin system (Javascript, Python, C/C++) [Lua support planned]

- live map of all player/vehicle movement (~5 - 10 sec delay)

- battleye filter.log live parsing

- ban system which can be either automated or requires human approval (e.g. triggers on scripts.log -> then a human has to approve whether this log records are cause of a hacker or just general dayz stuff [btw the program learns so you have less false alarms over time])

- show player/vehicle gear and stats (inventory, blood, vehicle-body status, vehicle-damage)

- server restart/shutdown

- central ban database [planned]

- server messages

- multiple servers over one interface

- user rights management

 

The reason why im not publishing this yet are as follows:

- field studies on my server showed (multiple admins) that this tool is basically like a hack and so the chance of admin abuse is VERY HIGH

- the program is alpha at the moment (so not 100% stable however it didnt't crash for over a week now)

- hacker's might code inject (very unlikely)

 

The reason why im writing this thread: i just want you to know that there will be an efficient antihack tool (that doesnt require ANY MODIFICATIONS ON DAYZ, NOR YOUR SERVER) out there soon.

 

I'm going to start the beta test soon and if you have interests of joing just write me a PM.

Beta tests may start in one week or two (as of 13.09.2013).

Edited November 4, 2013 by Krauzi

[facoptere 180]

Yes anti-hack tools exist since a long time, but are not all public since hackers could use this to fix their hack.

BTW, using HiveExt, RPT and BE logs are not always enough to detect hacks such ESP, graphical library tampering, vehicle repair hacks, infinite ammos, local explosion exploit. So some code is often necessary on client and server sides, to detect and sometime to fix or mitigate the impact. 

 

If you could publish your RPT/BE logs parser for every admins, you are welcome.

The problem in DayZ Mod is the "audit trail" = how to follow player actions along all logs with all IDs he gets: user id (UID#..., bound to your license key), character id (CID#...), owner id (PID#...), net id (the thing with "number:number" you can see in createvehicle.log, setvariable.log and sometimes in some RPT error lines)

 

Reading logs is quite complicated, I will write an small HOWTO with some case study when 1.8 is out.

[kr4uzi 0]

ESP, graphical library tampering, vehicle repair hacks, infinite ammos, local explosion exploit

ESP: nothing i can do against this except if this works with .sqf scripts

vehicle repair hack: detected

inifnite ammo: detected

local explosion: detected since this will create a entry in scripts.log

Edited September 13, 2013 by Krauzi

[haywardgb 129]

 

 

Reading logs is quite complicated, I will write an small HOWTO with some case study when 1.8 is out.

 

I look forward to reading that.  I'm always struggling to catch hackers due to the complicated scripts etc :(

[facoptere 180]

I look forward to reading that.  I'm always struggling to catch hackers due to the complicated scripts etc :(

I started something in 'BE filters for 1.8' thread

http://dayzmod.com/forum/index.php?/topic/139058-battleye-server-filters-for-dayzmod-18/

[kr4uzi 0]

some updates:

porting the source to c++ for this reasons:

- performance

- better scripting support

- source code protection (admin abuse/hacker bypassing the tracking system)

[sanctifieddevil 3]

More than willing to try out a beta test of this to see how things go. 

[polli 57]

Sounds good. Count me in :D

[kr4uzi 0]

Little Update:

Updating to Visual Studio 2013 due to some additional c++11 features added.

Release within the next week(s).

 

Took some time since i had some problems implementing a good C++ Plugin interface with plugins that cannot crash the main program (e.g. cuz of a segfault).