BattlEye Bypass Detection

[Magotchi 74]

As a server admin, is it possible to detect the BattlEye bypass method which involves editing the Arma 2 client in RAM and setting a custom script to run when the in-game Server Control button is clicked?

If not, then DayZ is nearly unplayable at the moment. A simple perusal of the Cheat Reporting forum reveals it's an epidemic. On my server, in the last 24 hours, at one point every vehicle in the server exploded simultaneously, then hours later everyone got teleported to a lighthouse and sniped, then hours later a helicopter flew overhead, then a bit later, a person with godmode teleported around the map, killing everyone (while spamming things like "friendly" and "Why are you shooting at me?" in Direct).

Can anyone recommend current best practices for preventing hacks and catching hackers with the current state of DayZ, Arma 2, and BattlEye?

Edited July 20, 2012 by Mister_Magotchi

[Guest]

Hey Mister_Magotchi,

Sorry to tell you friend, but BattlEye bypasses are exactly what they sound like; bypasses. Although there are many methods to blocking BattlEye from scanning your computer and the scripts you execute, they all prevent the server from being able to log anything you do.

Best practices to prevent hacking?

• Never have more than 45 players online, hackers target high-pop. servers.
  
• Don't be a dickish admin, ever; never give the hackers the excuse.
  
• It's more efficient to befriend hackers and convince them to stop doing malicious stuff on your server than banning them, angering them further, then they just come back to nuke you on a spoofed CD key.
  

EDIT: To expand on my third point, BattlEye never "insta-bans" it always has a 24-48 hour delay between when a hack is detected and when a user is globally banned. The intent of this is to prevent the hackers from knowing what exact script it is that got them banned. Befriend them for a day or two, they'll be banned globally before they do anymore real damage >.>.

Edited July 20, 2012 by Guest

[jdblair5 170]

t's more efficient to befriend hackers and convince them to stop doing malicious stuff on your server than banning them, angering them further, then they just come back to nuke you on a spoofed CD key.

LOL

[Guest]

LOL

Edited post to expand on that point. And I'm serious. I'd rather have a hacker spawning in vehicles and weapons any day vs. nuking servers. Everyone already dupes on this game anyway. Nuking just ruins everyone's day.

Edited July 20, 2012 by Guest

[Dreffh 3]

US 303 Dallas clanmsn server? i saw your chat about BE bypass in-game :)

i dont know jack about cheats but i wanted to grats you for your great server that gave me some good time,

thank you, sir. :)

Edited July 20, 2012 by Dreffh

[Magotchi 74]

Thanks, man. Things are just getting nuts at this point, though. I just want to make sure I'm doing everything I can to keep the hacks to a minimum with what I have available.

[Dvyjns 1]

This game is lost to hackers. I was just on a server where a hacker emptied my entire inventory then gave me a broken leg. When I respawned he killed off the entire server. That about does it for me I think, at least until alpha is over.

I have thick skin, I like the harshness of this game when its legitimate but stuff like that is unacceptable.

[Guest]

Thanks, man. Things are just getting nuts at this point, though. I just want to make sure I'm doing everything I can to keep the hacks to a minimum with what I have available.

Yup. The game is overrun, and I'm starting to get kind of pissed off with the devs. They threatened to blacklist my servers (all 3 of them) earlier today for having a minor naming issue. Yet, there are ~3 servers up right now with battleye off full of hackers spawning in items, and hundreds of locked servers where loot is being duped and hunted.

I'll prob make a rant thread tomorrow lol.

[Magotchi 74]

While I highly appreciate the DayZ team and the work they've done so far (for free with regard to me), something must be done about this hacking epidemic.

[jdblair5 170]

Ban. Ban. Ban. And then Ban some more.

Edited post to expand on that point. And I'm serious. I'd rather have a hacker spawning in vehicles and weapons any day vs. nuking servers. Everyone already dupes on this game anyway. Nuking just ruins everyone's day.

I get what your saying, but your basically conceding and picking your poison. Shouldn't have to do that. Don't do that.

It's more efficient to befriend hackers and convince them to stop doing malicious stuff on your server than banning them, angering them further, then they just come back to nuke you on a spoofed CD key.

Screw em. Let them keep buying keys, at some point the well will dry up.

Your trying to be too diplomatic about this, I applaud you for your tolerance, and I feel for all of you that rent servers and have to go through this bullshit, but at some point, and I hope soon, you guys ( server admins) will say enough of the bullshit.

[Magotchi 74]

I'd be banning them like crazy if there was evidence of their hacks in the logs. With the BattlEye bypass method I described, it seems admins are basically powerless at this point, unless there's some way to detect the bypass.

[jdblair5 170]

I'd be banning them like crazy if there was evidence of their hacks in the logs. With the BattlEye bypass method I described, it seems admins are basically powerless at this point, unless there's some way to detect the bypass.

I don't know anything about logs and such, so I might be talking out of my ass, but if everything in the game essentially runs off of scripts; executing, saving, etc, there is no tracers or anything that might show PLAYER X acquired " a gun" ( whatever) or PLAYER X executed " nuke script". Again, this element is above my understanding, but it would seem that every action a player commits is recorded or logged somehow, or is that not the case?

[Magotchi 74]

Normally you would see the equivalent of "PLAYER X executed 'nuke script'", but at this point, all but the dumbest of hackers are using a method to bypass BattlEye's script logging feature, as I described in the OP.

[jdblair5 170]

Normally you would see the equivalent of "PLAYER X executed 'nuke script'", but at this point, all but the dumbest of hackers are using a method to bypass BattlEye's script logging feature, as I described in the OP.

Do you guys (admins) have your own logs that you can look at that may or may not indicate something going down? I don't know what a log looks like, could be a billion lines of code and it would unrealistic to actually go through it and pinpoint a certain instance. But it seems like Battle Eye is dropping the ball and something needs to be done.

[Excession (DayZ) 7]

If they are bypassing battleye script logging, surely the answer is too look for players that SHOULD be in the script log, but are not?

[Magotchi 74]

Excession: With the method I described above (and would link if it weren't against the rules), only the script ran through the method doesn't show up in the scripts log. All other scripts ran as normal parts of the hackers gameplay still show up.