Cheat Finder (script parser for admins)

[S_poon 69]

Im getting this after doingt he activex fix now.

<?xml version="1.0" encoding="ISO-8859-1" ?>

<Report />

[disorder 344]

if you get just <report/> it means nothing was detected.

Edit it with notepad, it should look like this

<?xml version="1.0" encoding="ISO-8859-1" ?>
<Report>
</Report> 

That means it was otherwise clean.

Edited August 23, 2012 by disorder

[disorder 344]

On another topic that has arisen; Does anyone use the built in DB much or do they use a custom scripts.txt?

It's a bit of a pain to keep the db up to date, unless I just make it a copy of dwardens every time. Besides most of it came from other forum posts and the rest were suggestions from users.

[(OCN)Vortech 65]

On another topic that has arisen; Does anyone use the built in DB much or do they use a custom scripts.txt?

It's a bit of a pain to keep the db up to date, unless I just make it a copy of dwardens every time. Besides most of it came from other forum posts and the rest were suggestions from users.

Custom script.txt based on a modified version of Dwarden's submissions over at the CBL (link in sig). I think BE includes a script.txt, if blank make it check then notify the user of an empty file. Maybe you could have it pull the official DayZ dev edition by default with the option to pull Dwardens bleeding edge submissions?

[disorder 344]

Well I merged the 2 I know of, but I am weary of adding too much to the db because it slows down the search.

I have a custom DB that I use for testing. It only has shared lines. By that I mean anything in a group that has a common part. It saves time but is less precise

100Rnd_556x45

100Rnd_762x51

100Rnd_762x54

> 100Rnd_

it will still find instances of 100rnd_ but without doing 3+ checks. This lack of precision can be a bit daunting for newcomers but I don't mind if anyone wants this file. This is what I was going to make the db eventually for everyone, a fast file that searched for generic strings, not exact ones like the scripts.txt.

--

UPDATE: Looks like the merged file didn't actually find anything in my test log. I really could do with some more cheat examples/logs to test it on.

Edited August 23, 2012 by disorder

[(OCN)Vortech 65]

UPDATE: Looks like the merged file didn't actually find anything in my test log. I really could do with some more cheat examples/logs to test it on.

http://code.google.com/p/dayz-community-banlist/issues/list?can=1&q=&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles Search through that and you'll find the examples you need.

I don't think you need to merge the files if they're the ones you mentioned because Shadows file is an older version of Dwardens. Compare them side-by-side in NotePad++ like I did and it'll show you the differences.

Edited August 23, 2012 by (OCN)Vortech

[disorder 344]

Damn that would take ages to sort through each entry.

New version is out, will work on some improvements tomorrow.

Edited August 24, 2012 by disorder

[gwbrewer 49]

what files should i be running through this? script.log obviously.. but is that it?

[disorder 344]

what files should i be running through this? script.log obviously.. but is that it?

Check first page, its all there. Any log which shares the same entry format as the what is listed in post #1

Edited August 24, 2012 by disorder

[gwbrewer 49]

Check first page, its all there. Any log which shares the same entry format as the what is listed in post #1

Well obviously I checked there.. "Scripts.log/RemoteExec.log*. And possibly others." So 2 logs? or am I to guess possibly 3?

[disorder 344]

When you get little * marks, it means there is another additional note near the bottom, that begins with *, AKA "smallprint". Did you read that?

* The file format has to have entries in the following template:

DATE TIME: NAME (IP) ID - #X

Soo.. it reads any file with entries in that template I just said then :P.. Like I mentioned in post #1

Edited August 24, 2012 by disorder

[cwc_shadow 70]

Hey guys,

big thanks for disorder to make this program. I'm pretty new to ArmA II anti-cheating and the script-stuff, but we want to get rid of the hackers on our server so I thought your program might come in handy here. :)

I let it check all our logs and it came up with some results. Some seem to be legit like:

GUID blabla

aliases=XXXXXXXXX

IP=xxx.xxx.xxx:xxxx

found <player setVariable['lastPos',0];>=794954

And then there is one huuuuuge chunk of strange stuff including (not in particular order):

found <God mode>=228

found <GodMode>=229

found <hacks>=230

found <Infammo>=231

found <Infinite Ammo>=232

found <InfiniteAmmo>=233

found <Killplayer>=234

found <m1a1>=235

found <M1A2_TUSK_MG>=236

found <zombieshield>=210

found <playershield>=211

found <bomblauncher>=224

What's that all about? Are those cheats/hacks and are the guys mentioned above that huge list with their GUIDs the hackers? Sorry for the dumb questions, but I'm really new to this and would love to fight those hacking b-tards as good as possible without banning innocent people by accident. :P

Edited August 24, 2012 by System98

[disorder 344]

Well that first one, I thought that was a cheat line, maybe it isn't. The second one looks strange like you are searching through another scripts.txt file. Can you send it to me?

Lastly which version of the program are you using.

Edited August 24, 2012 by disorder

[S_poon 69]

Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.

I am getting this.

[cwc_shadow 70]

@disorder: I'm using the most recent version of your program. I'll send you the saved result file via PM so you can take a look into it yourself. If you need the logs let me know.

I'm not sure if the small line I psoted is a cheat. But I thought a cheater might do more than just teleport himself once. The other list I have looks pretty much like on of the filters from CBL and those guys might have exccuted a huge cheat script there. Not sure, maybe you can find out. I'll send you the files via PM.

Edited August 25, 2012 by System98

[disorder 344]

Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.

I am getting this.

XML has been removed, update to latest.

On another note, has anyone else been getting lines from scripts.txt show up in their log files? By that I mean a cheat line with a number at the front that looks like this

1 addAction !"\"addAction\"," !"_action1 = _unit addAction [localize \"str_actions_medical_01" !"s_player_grabflare = player addAction [format[localize \"str_actions_medical_15\"

Edited August 25, 2012 by disorder

[Seelenschnitter 13]

Can somebody send a newer script.txt file to me? Would ben great wanna kick those cheaters a**** or do i only have to end the ending of the included "scripts data base file"?

Edited August 25, 2012 by Seelenschnitter

[disorder 344]

the newest db uses the community scripts here http://code.google.com/p/dayz-community-banlist/source/browse/filters/scripts.txt

[Seelenschnitter 13]

Thanks alot :)

[TheWeedMan 132]

Any idea what this is:- found <player setVariable['lastPos',0];>=54535,54537

Im seeing this alot

[disorder 344]

It's from a teleport script apparently. I would post the link I found it but I think I would get banned. just google the whole line in < > brackets

Edited August 26, 2012 by disorder

[funboy 0]

Tankyou for your works, i've downlaoded the tools, and seem to be really usefull, i've done a first scan of my script.log file using the script.db inside the package, i've obtaned a lot of player to ban in XML file, me and my friends to, sems cause we see a cheater generated SUV on our server, but there is no trace of who script generate the black SUV, and i see a lot of "invisible" command player, are we sure they are cheaters ?

Somthing like this:

<found>Line [645798] - SUV_PMC</found><found>Line [645808] - VWGolf</found>

or this:

<found>Line [719469] - SUV_TK</found><found>Line [719473] - ATV_US_EP1</found><found>Line [787974] - ATV_US_EP1</found><found>Line [794582] - SUV_PMC</found><found>Line [801196] - ATV_US_EP1</found><found>Line [801200] - SUV_PMC</found><found>Line [831826] - ATV_US_EP1</found>

or this:

<found>Line [1751479] - vehicle player setPos</found><found>Line [1751479] - vehicle player setpos _pos;</found>

or this:

<found>Line [1617005] - bInvisibleOn</found>

After that i've updated script.db pasting the content of http://code.google.c...ers/scripts.txt inside and i've maked a new scan on the same log but with NO RESULTS.

I'm making somthing wrong ? are they cheaters or not ?

P.S. there is a mode to make this search server side to kick ban the cheater directly in automatic mode ?

Edited August 27, 2012 by funboy

[disorder 344]

Oh get the newest version of the program, because the xml thing was a test to see if I could show info a bit differently. The most recent has an updated database and because the old one was a combination from different sources it probably contains lines that are wrong, or don't make sense.

Also don't ban with my program until you're sure they have cheated. Some items are normal and show up in the log anyway.

One more thing @funboy, you can't post the scripts.txt contents into the db file and save it, it uses different parsing on both files. Just save the community scripts as .txt and use it as normal.

Edited August 28, 2012 by disorder

[disorder 344]

New version 2.1 will be up shortly.

[auge103 63]

One question, V1.8 listed all players who created ammoboxes, inofficial vehicles and pipebomb explosions and so on, the newest version always says "All Clear". But there are enough entries with ammoboxes in the log :/

Tried 2.0, 2.1, several scripts.txt....