DayZ Hacks already happening

[mercules 1290]

I just had a run in with someone who is running something that lets them respawn completely geared out.

 

I was sitting in a room going through my inventory when I noticed a flashlight shining on the floor below me. I took out my M4 and lined up a clear shot at the closed door thinking that if they were sweeping the building it was only a matter of time before they opened up the door. Needless to say, shortly after lining up my shot, the door opened and in walked one guy followed close behind by another. I was totally freaked out not expecting two guys. I dropped the first in the middle of the room and the second guy backed out of the room as soon as I fired my first burst. We fired a few shots back and forth and he finally went down. Both of them laying dead on the floor. As I was looting the first guy I dropped I noticed the body of the second guy disappeared... thought it was odd... but went about my business looting the remaining body. Shortly there after I hear the sound of a gun loading... the same sound it makes when you spawn in when you have a weapon equipped. I turned and there was a guy spawning right where the second body had been laying before it disappeared. I tried shooting at him as he spawned but my gun would not fire... I started to panic and moved to the corner of the room. He backed out of the room and again we exchanged gunfire and he went down. Again the body disappeared... and sure enough a few seconds later the guy respawned again in the same place, fully equipped. He ended up going down again... but this time instead of waiting I said "screw this" and logged off the server.

 

I wish you could see the names of people you have killed somewhere, I'd report the guy.

 

 

This is a known BUG, which you would KNOW if you were registered in and paying attention to the *GASP* BUG TRACKER!!

Yep, documented and happening to people. Not a hack.

But you know, since we can google and a website comes up that SAYS it has a hack... we all know sites that state they have hacks for games are never lying, that they never take your money then turn around and give you nothing, that they don't post things like, "Sign up for an account and get the latest DayZ Standalone Hacks as we release them... just $20 a month." they deliver on their promise even if they never provide a DayZ SA hack. ;)

[current1y 4]

Yeah had finally found a daylight server for the first time late last night. Spawned in a fresh character and started looting. Shortly after finding a dead person with tons of loot I got teleported to a random field, all my stuff gone, my character model was changed to a black women and I was surrounded by other black women in their underwear.. I admit after the initial wtf moment even I had to laugh.

 

A friend who was not near me but on the same server said the same thing happened to him at the same time except he said he had his gear. 

 

Hopefully they fix that as I wouldn't mind getting more then 20 min on a daylight server tonight. 

Edited December 18, 2013 by current1y

[AlcApwn (DayZ) 28]

How is this even possible? Server-client architecture with any shred of decency work like this:

 

Client: "Hey, can I spawn an item here?"

Server: "No. You are a client, you can never spawn an item anywhere, period."

Client: "OK."

 

Client: "Hey, can I dictate to you where my position is?"

Server: "No. You are a client, you may never dictate to me where your position is."

Client: "OK."

 

I understand ESP because the client does have that information, but spawning items and teleporting is rediculous, how is your system even allowing that?

 

this is the one question rocket will have to answer - he said he will implement a proper server-client architecture, which he did not do.

this can not be excused by being in alpha stadium, this is fail by design. again.

 

 

Actually, having legitimate hackers attack a piece of software is often times the only way to efficiently find vulnerabilities in that software. It seems paradoxical but that's just how it goes.

 

the best way to find attack vectors is to release the sourcecode. which works pretty well for foundations like apache, but is not a widely used option for game designers. give me information/sourcecode of the server implementation and i will gladly help, but i dont want to spend months of my life with IDA disassembling BI's binaries.

 

 

but with the server allowing clients to teleport there is no sense in using any kind of anti-cheat enforcement like VAC/punkbuster. such poor design can not made up by any anti-cheat measure.

[semipr0 402]

This.

 

It's a tactic some developers have used before - I know Mozilla have used it in the past, and I'm pretty sure Google did the same - they announce 'bounties' of fairly substantial amounts of cash ($5k plus I believe) to any hackers that can find and report an exploit to them.

 

So just for a moment lets visualize a little hypothetical scenario.

 

For years Bohemia Interactive has kept BattlEye on contract to police their games and keep the Arma franchise a fair multiplayer experience and regardless of how much money they're paying BattlEye and how many people actually work at BattlEye to achieve the goal they're being paid to achieve they have actually failed rather massively at controlling hacks...which...in turn, forced A2 DayZ server admins to turn to other alternatives, like Hangender's server pbo based antihack which was....in almost all cases 100% better at stopping hackers than BattlEye ever was.

 

Now lets look at the scenario and realize that the DayZ Standalone has a very small team of developers actually working on it and BIS is mostly hands off on this project, whats more the stand alone has no current anti-hack enabled...and somehow amongst all the other rough edges and bug stomping and feature development...this very small dev team is somehow taking the time to intentionally allow people to attack their server package so they can make said attacks impossible in the future?

 

Seems to me it would have just been more efficient to turn on VAC from day one, or even BattlEye (cause as crappy as it is it does at least eventually catch hackers and ban them, if not prevent them) cause in this hypothetical scenario I cannot think of anyone on this very small development team that is going to have the time to deal with this situation amongst their other high priority responsibilities.

Edited December 18, 2013 by semipr0

[dgeesio 1034]

what one man can do so can another. so there will always be hacks regardless.

[Weedz 1105]

wrong. first link on google after put in Day Z standalone hacks.

Which brings you to a website with 1 thread which doesn't even have a link to download the imaginary hack and is using pictures of an old hack from the mod to show it's working ....

 

 

Repair Vehicle ... man that's weird those aren't even in the game. And why is it using the textures from the mod not the standalone?

 

... idiots.

 

 

 

There WAS a speed "hack" (lagswitch) working but it got broke in the patch.

Edited December 18, 2013 by Weedz

[brzator47@gmail.com 524]

Aimbot and radar hacks were always going to happen. I'm yet to see a proof of this, but VAC disabled or not, something isn't right IF clients are allowed to spawn in items or teleport other players. It simply shouldn't happen.

[blitz 64]

Please read about how I said VAC (VALVE ANTI CHEAT) IS CURRENTLY DISABLED.

Where is my proof its a new engine? Were you born that stupid or did you have do land on your head a few times first?

I love how you think VAC is going to come riding into the rescue and sprinkle fairy dust and everything will be fine and dandy.

Truth of the matter is, hackers made a lot of money selling scripts to people that wanted to cheat in the MOD, now they will be looking to sell scripts to them same idiots that want to Cheat in the standalone. Unless Bohemia spend 50 million a year on developing or licensing encryption software, but guess what. That not going to happen, because A, the cost will cripple the game, B that much data being sent back and forth between client and server would make it to laggy.

So that only leaves them to find out what scripts are available and patch in a fix, but guess what the hackers love that, because they get to sell they're next script, to the idiots. The cycle of goes on and on.

[Target Practice (DayZ) 1335]

So just for a moment lets visualize a little hypothetical scenario.

 

For years Bohemia Interactive has kept BattlEye on contract to police their games and keep the Arma franchise a fair multiplayer experience and regardless of how much money they're paying BattlEye and how many people actually work at BattlEye to achieve the goal they're being paid to achieve they have actually failed rather massively at controlling hacks...which...in turn, forced A2 DayZ server admins to turn to other alternatives, like Hangender's server pbo based antihack which was....in almost all cases 100% better at stopping hackers than BattlEye ever was.

 

Now lets look at the scenario and realize that the DayZ Standalone has a very small team of developers actually working on it and BIS is mostly hands off on this project, whats more the stand alone has no current anti-hack enabled...and somehow amongst all the other rough edges and bug stomping and feature development...this very small dev team is somehow taking the time to intentionally allow people to attack their server package so they can make said attacks impossible in the future?

 

Seems to me it would have just been more efficient to turn on VAC from day one, or even BattlEye (cause as crappy as it is it does at least eventually catch hackers and ban them, if not prevent them) cause in this hypothetical scenario I cannot think of anyone on this very small development team that is going to have the time to deal with this situation amongst their other high priority responsibilities.

 

I wasn't even remotely suggesting that this was all some kind of ingenious plan on the part of the devs to get the hacking community to do their work for them or anything like that - I was simply agreeing with the quoted post saying that sometimes the best way to prevent hackers is to look at it from a hacker's point of view.

 

I'm sure in an ideal world, they'd love to have VAC and/or Battleye running, but I'm guessing at this embryonic stage of the game there are technical reasons why that hasn't been an option they've pursued yet. Who knows? I'm sure there wasn't a meeting at some point, someone raised the subject of antihacks and Rocket just said 'nah, fuck it - can't be bothered yet'.

Edited December 18, 2013 by Target Practice

[AlcApwn (DayZ) 28]

 It simply shouldn't happen.

 

dayz standalone still contains big parts of arma2/dayzmods scripting. so rocket has apparently given a **** about security issues >:(

[Katana67 2907]

People need to learn how to offer critique without being inflammatory. It's so easy! All you have to do is you know... not... say certain things.

 

It'll be addressed.

[GeneralMelchett 35]

I wonder what the official word is on this.

 

For me it is extremely dissapointing. I was so positive about this alpha and tought they deserved the time they took for the alpha to go live as they rewritten large parts of the engine, but now everything turns out to be total crap that has just been made up? Nothing server-side at all? Sounds to me they tried it but failed.

 

I assume the next thing that will happen is mass cheaters again. This is what ruined the DayZ mod 1,5 years ago.

[semipr0 402]

Issue is, one of the largest selling points of the SA was the change in server to client relations that were largely geared towards not allowing clients to tell a server data that it knows is incorrect.

 

Arma 2 worked like this:

 

[12:00]Client: I am at <1.234567, 765432.1, 987.6>

[12:00]Server: You are at <1.234567, 765432.1, 987.6>

[12:01]Client: Now I am at <3613561.2, 6351531.6, 362.2>

[12:01]Server: Of course you are. Enjoy your day.

 

Thats basically a verbal demonstration of how a teleport happens between client and server in the A2 system. Now the SA was constantly hammered on as "the fix" for these problems because the server architecture would not accept any input from the client that was not concurrently accurate with server data.

 

And...they've failed to deliver that. Thats not just "oh the anti-hack isn't enabled yet"...thats a flat out lie about the capabilities of their server package, that they've told over and over, every time the validity of BattlEye and/or BIS multiplayer experiences are questioned (largely due to BIS using BattlEye).

 

"Its alpha" doesn't cut it on something like this....this isn't something you patch in later, it should have been built into the SA from the ground up because it was a core concept of trying to make the DayZ game a superior experience to the DayZ mod...if some hackass can Thunderdome an SA server in the next few days, then the SA has failed on a core feature that a lot of long term fans were convinced it was supposed to address.

Edited December 18, 2013 by semipr0

[27 others 102]

i understood all that "client bubble" thing similarly. am i missing something? i thought this would finally prevent hacking, purely by its architecture.

 

is there still a way to get a protection against hackers or is the engine not capable of that?

Edited December 18, 2013 by 27 others

[Lady Kyrah 1109]

Issue one of the largest selling points of the SA was the change in server to client relations that were largely geared towards not allowing clients to tell a server data that it knows is incorrect.

 

Arma 2 worked like this:

 

[12:00]Client: I am at <1.234567, 765432.1, 987.6>

[12:00]Server: You are at <1.234567, 765432.1, 987.6>

[12:01]Client: Now I am at <3613561.2, 6351531.6, 362.2>

[12:01]Server: Of course you are. Enjoy your day.

 

Thats basically a verbal demonstration of how a teleport happens between client and server in the A2 system. Now the SA was constantly hammered on as "the fix" for these problems because the server architecture would not accept any input from the client that was not concurrently accurate with server data.

 

And...they've failed to deliver that. Thats not just "oh the anti-hack isn't enabled yet"...thats a flat out lie about the capabilities of their server package, that they've told over and over, every time the validity of BattlEye and/or BIS multiplayer experiences are questioned (largely due to BIS using BattlEye).

 

"Its alpha" doesn't cut it on something like this....this isn't something you patch in later, it should have been built into the SA from the ground up because it was a core concept of trying to make the DayZ game a superior experience to the DayZ mod...if some hackass can Thunderdome an SA server in the next few days, then the SA has failed on a core feature that a lot of long term fans were convinced it was supposed to address.

Actually it's even better in "normal" games. The only thing the client is allowed to send to the server is "i am walking forward" and it's the server who tells him where he is every frame (the client does move by himself without waiting for the server to reply, but it's only for client side prediction, the server will "correct" the prediction of the client.

 

Basically, you can't teleport hack in a 'well' coded' game because there is simply no such command that the server will respond to.

[stugis 0]

i knew that's gonna hapen didnt bought it and wont buy it...

[greenpeacekiller 6]

My god...

It's been 2 days.

 

Why are people such douchebags?

Because its waaaay to easy to hack this game. I've seen people using shit like cheat engine and simple crap like that. no effort at all

[Nienko 41]

UNRELEASED HACK THAT WILL ONLY BE AVAILABLE TO PEOPLE WHO PAY 50$ A MONTH WHEN IT IS RELEASED.

The only features listed on the hack that isn't out yet is an aimbot and a ESP that works only within 800M.

People are not teleporting and will not be, nor will there be god mode, or spawning in loot. If you are going to cry about hacks at least look the shit up for yourself before crying about hacks that don't even exist to the public yet or things that are not and never will be possible without physically hacking into the servers where the game is running from.

Oh man you so wrong. There are paid/vip hacks and they are cheap as shit.

Oh and all that op mentioned, all is working. Spawning esp teleport even aimbot. Try google it again. The hacks were out just one day after launch. Lets wait for privite whitelist servers, because it will only get worse.

Edited December 18, 2013 by Nienko

[ZlobaRUS54 441]

How is this even possible? Server-client architecture with any shred of decency work like this:

 

Client: "Hey, can I spawn an item here?"

Server: "No. You are a client, you can never spawn an item anywhere, period."

Client: "OK."

 

Client: "Hey, can I dictate to you where my position is?"

Server: "No. You are a client, you may never dictate to me where your position is."

Client: "OK."

 

I understand ESP because the client does have that information, but spawning items and teleporting is rediculous, how is your system even allowing that?

 

Quite surprising. From 

   

 

 

 

"The server completely controls your character"

 

This is supposed to be literally the main thing they have been working for a year. Sad, if its still possible. I hate to spread panic but people saying hackers are breaking everybody's legs and spawning items.

[AlcApwn (DayZ) 28]

Issue is, one of the largest selling points of the SA was the change in server to client relations that were largely geared towards not allowing clients to tell a server data that it knows is incorrect.

 

Arma 2 worked like this:

 

[12:00]Client: I am at <1.234567, 765432.1, 987.6>

[12:00]Server: You are at <1.234567, 765432.1, 987.6>

[12:01]Client: Now I am at <3613561.2, 6351531.6, 362.2>

[12:01]Server: Of course you are. Enjoy your day.

 

Thats basically a verbal demonstration of how a teleport happens between client and server in the A2 system. Now the SA was constantly hammered on as "the fix" for these problems because the server architecture would not accept any input from the client that was not concurrently accurate with server data.

 

And...they've failed to deliver that. Thats not just "oh the anti-hack isn't enabled yet"...thats a flat out lie about the capabilities of their server package, that they've told over and over, every time the validity of BattlEye and/or BIS multiplayer experiences are questioned (largely due to BIS using BattlEye).

 

"Its alpha" doesn't cut it on something like this....this isn't something you patch in later, it should have been built into the SA from the ground up because it was a core concept of trying to make the DayZ game a superior experience to the DayZ mod...if some hackass can Thunderdome an SA server in the next few days, then the SA has failed on a core feature that a lot of long term fans were convinced it was supposed to address.

 

now my biggest question is: what did rocket do for the whole months? they reduced the amount of data sent to the client, spent the remaining months on some fancy grafics while ignoring the most urgent problem: the concept of their server-client communication which could have been done better by a 16year old.

[tsandrey 379]

This is why standalone needs BattlEye. Arma 3 is just as open as Arma 2, yet there are no cheaters. You want to know why? Because of BE and Steam. No cheater wants to pay 25€ (in A3 even more) just to cheat in a game. VAC won't help because it's an useless anti-cheat.

[piffaroni 13]

now my biggest question is: what did rocket do for the whole months? they reduced the amount of data sent to the client, spent the remaining months on some fancy grafics while ignoring the most urgent problem: the concept of their server-client communication which could have been done better by a 16year old.

seems like they just care about making a quick buck, then actually working on the game

 

or at least, thats what it seems like

[drayson 158]

Despite the fact that there are giant warnings stating don't buy it if you are even the least bit unsure, it's an alpha, etc...

[joe_mcentire 2073]

 

unfortunately it is. No matter how much denial about client side this and server side that. But as Razor said, the Devs are more than aware.

the most horrible and at the same time beautiful thing i've ever seen...

[rossums 2190]

It's not really an issue.

None of the new security measures have been properly put in to place - trying to get the game working first.