A Warning Server Admins: BattlEye v1.167 (once again) fully bypassed, scripts released to public.

[Guest]

Hey Everybody,

I just wanted to make a warning post to all the server admins out there to be extremely vigilant as multiple new undetected bypasses for BatlEye have recently been released to the public. Expect hacking to spike up quite a bit in the next few days. The worst part is the methods that these bypasses use to get around BattlEye will prevent any analytic information from being sent to the server (scripts will not appear in log files).

So, basically we're f**ked until BattlEye decides to patch these new bypasses. These bypass methods are actually very old, been around for a few months. The only difference is that the bypasses have recently been recompiled, reobsfucated, and re-released to the masses so BattlEye will no longer detect the MD5 hashes of the hacks the skids use.

P.S. I'm assuming the devs / mods already know about this other exploit, but a tool has also been released that allows server admins to "whitelist" their GUID to not be checked by BattlEye, even if the system is enabled on their server. This allows them (and anyone else they whitelist) to run any scripts they want without fear of being banned.

Edited August 1, 2012 by Guest

[Food 309]

Oh I see you keep updated on what hacks to block too.

I've learned today to be scared. Very, scared.

[Guest]

Oh I see you keep updated on what hacks to block too.

I've learned today to be scared. Very, scared.

Yea, "block". You can't block these lol; BattlEye is too shit to be able to do anything about it unfortunetly.

[suspense 210]

Hey Everybody,

I just wanted to make a warning post to all the server admins out there to be extremely vigilant as multiple new undetected bypasses for BatlEye have recently been released to the public. Expect hacking to spike up quite a bit in the next few days. The worst part is the methods that these bypasses use to get around BattlEye will prevent any analytic information from being sent to the server (scripts will not appear in log files).

So, basically we're fucked :D.

P.S. I'm assuming the devs / mods already know about this other exploit, but a tool has also been released that allows server admins to "whitelist" their GUID to not be checked by BattlEye, even if the system is enabled on their server. This allows them (and anyone else they whitelist) to run any scripts they want without fear of being banned.

Theres no difference from doing this, or releasing any other "undected" hack for punkbuster or vac. Last time "this person" released a "bypass" it was detected within a week, so please, dont yell up about we're fucked, when its less then 3 days old.

EDIT: To be more specific, a software detection has to be done by battleye this requires MANUAL work, and happens usually within 1-2 weeks. Most anti-cheat programs then detect the hacks, and postpone the bans another 3-4 weeks to make it more difficult to spot what got them detected in the first place. Battleye does not delay bans from detections

So with battleye, we see bans within a week, rather then after a month. Battleye is NOT SHIT, you just DO NOT UNDERSTAND HOW IT WORKS.

Got this make me so angry lol.

Edited August 1, 2012 by Suspenselol

[Guest]

Theres no difference from doing this, or releasing any other "undected" hack for punkbuster or vac. Last time "this person" released a "bypass" it was detected within a week, so please, dont yell up about we're fucked, when its less then 3 days old.

Sorry, I modified my post.

[ryahn 112]

We need reform! PunkBuster

[Guest]

Theres no difference from doing this, or releasing any other "undected" hack for punkbuster or vac. Last time "this person" released a "bypass" it was detected within a week, so please, dont yell up about we're fucked, when its less then 3 days old.

EDIT: To be more specific, a software detection has to be done by battleye this requires MANUAL work, and happens usually within 1-2 weeks. Most anti-cheat programs then detect the hacks, and postpone the bans another 3-4 weeks to make it more difficult to spot what got them detected in the first place. Battleye does not delay bans from detections

So with battleye, we see bans within a week, rather then after a month. Battleye is NOT SHIT, you just DO NOT UNDERSTAND HOW IT WORKS.

Got this make me so angry lol.

I understand how it works, and I think it's idiotic. Even detected hacks that are months old can be used to nuke 20 or so servers before you're banned lol. I'd call that pretty shit, and I think they're full of BS that they do these delayed bans on purpose. Why not at least stop the script from executing and flag the user, rather than just "HERP DERP we'll ban after he's griefed 20 more servers."

These bypass methods are actually very old, been around for a few months. The only difference is that the bypasses have recently been recompiled, reobsfucated, and re-released to the masses so BattlEye will no longer detect the MD5 hashes of the hacks the skids use.

Edited August 1, 2012 by Guest

[Food 309]

Yea, "block". You can't block these lol; BattlEye is too shit to be able to do anything about it unfortunetly.

by "block" I mean add to scripts.txt lol

And remember to keep rcon open while I'm on.

[Guest]

by "block" I mean add to scripts.txt lol

And remember to keep rcon open while I'm on.

These scripts aren't checked through script.txt; hence the battleye bypass.

[ryahn 112]

These scripts aren't checked through script.txt; hence the battleye bypass.

Would there be a way to add them? But I probably know the answer. If BE is bypassed, the scripts.txt wont work

[suspense 210]

I understand how it works, and I think it's idiotic. Even detected hacks that are months old can be used to nuke 20 or so servers before you're banned lol. I'd call that pretty shit, and I think they're full of BS that they do these delayed bans on purpose. Why not at least stop the script from executing and flag the user, rather than just "HERP DERP we'll ban after he's griefed 20 more servers."

These are not old. The passed 3 months, this "one person" has released 4 different hacks in order to bypass battleye. Its got nothing to do with md5 hashes, reobfuscation or recompiling . Obfuscation has nothing to do with how it works, the md5 hash or anything, only how difficult it is to read and understand the code without source.

A software detection is done by reversing the hack in order to find which memory spaces it injects into, so that it stops battleye from updating and inizializing on the server. Once battleye has done this, they update battleye so that the "bypass" no longer stops battleye from running when joining a server, the updated version of battleye then searches for injections in this memory space that they discovered, and any injects done that arent supposed to be done = ban.

Why dont you take his hack, reverse it and look for where it injects, how it injects, and what signatures it leaves. Then come back to this thread, quote me with a workaround, and then we can imaginarily say "we got the hackers".

I'm waiting.

Edited August 1, 2012 by Suspenselol

[Scrumilation 16]

An anti-cheat need to suck very hard to be bypassed, this sucks.

BTW The server side stuff seems to be harder to fix, maybe becouse battleeye don't scan for modifications on the server or something? this TOTALLY sucks...

Edited August 1, 2012 by Scrumilation

[okano666@hotmail.co.uk 81]

Its strange that private hive servers protect against these hacks yet our servers have none............................

[okano666@hotmail.co.uk 81]

These are not old. The passed 3 months, this "one person" has released 4 different hacks in order to bypass battleye. Its got nothing to do with md5 hashes, reobfuscation or recompiling . Obfuscation has nothing to do with how it works, the md5 hash or anything, only how difficult it is to read and understand the code without source.

A software detection is done by reversing the hack in order to find which memory spaces it injects into, so that it stops battleye from updating and inizializing on the server. Once battleye has done this, they update battleye so that the "bypass" no longer stops battleye from running when joining a server, the updated version of battleye then searches for injections in this memory space that they discovered, and any injects done that arent supposed to be done = ban.

Why dont you take his hack, reverse it and look for where it injects, how it injects, and what signatures it leaves. Then come back to this thread, quote me with a workaround, and then we can imaginarily say "we got the hackers".

I'm waiting.

my beans

take them

[Guest]

These are not old. The passed 3 months, this "one person" has released 4 different hacks in order to bypass battleye. Its got nothing to do with md5 hashes, reobfuscation or recompiling . Obfuscation has nothing to do with how it works, the md5 hash or anything, only how difficult it is to read and understand the code without source.

A software detection is done by reversing the hack in order to find which memory spaces it injects into, so that it stops battleye from updating and inizializing on the server. Once battleye has done this, they update battleye so that the "bypass" no longer stops battleye from running when joining a server, the updated version of battleye then searches for injections in this memory space that they discovered, and any injects done that arent supposed to be done = ban.

Why dont you take his hack, reverse it and look for where it injects, how it injects, and what signatures it leaves. Then come back to this thread, quote me with a workaround, and then we can imaginarily say "we got the hackers".

I'm waiting.

Have you read his code? You can freeze the BattlEye memory thread for up to 1500ms and it does nothing about it, it simply freezes the thread, injects the script, and keeps on going. ANY anti-cheat engine should constantly have some kind of monitor built in running every few ms to ensure it's never interrupted, and if it is, it should force close the game immediately. This is just one example of why BattlEye is terrible.

BRB dinner.

[Scrumilation 16]

I understand how it works, and I think it's idiotic. Even detected hacks that are months old can be used to nuke 20 or so servers before you're banned lol. I'd call that pretty shit, and I think they're full of BS that they do these delayed bans on purpose. Why not at least stop the script from executing and flag the user, rather than just "HERP DERP we'll ban after he's griefed 20 more servers."

These bypass methods are actually very old, been around for a few months. The only difference is that the bypasses have recently been recompiled, reobsfucated, and re-released to the masses so BattlEye will no longer detect the MD5 hashes of the hacks the skids use.

The good part of delayed bans are that more people get banned, if one person gets ban he may go to the place the hack got released and OMG OMG BANNED STOP USING PPL OMGZ :/

And if the bans are delayed all hackers will be flagged and later banned, more bans is better.

[doom4mr 135]

As I know the scripts injected before the BE even running, BE run only on server connection and cheaters do all the stuff before they connect to server so when they in, they use cheats and BE think its regular game script.

[suspense 210]

Have you read his code? You can freeze the BattlEye memory thread for up to 1500ms and it does nothing about it, it simply freezes the thread, injects the script, and keeps on going. ANY anti-cheat engine should constantly have some kind of monitor built in running every few ms to ensure it's never interrupted, and if it is, it should force close the game immediately. This is just one example of why BattlEye is terrible.

BRB dinner.

Battleye does sync during gameplay, its not enough just "bypassing" it once. I am gonna go look at his code now, but if it seriously does what you say it does, it wont take more then a few days to detect it, and kabam goodbye stupid hackers.

I know how battleye works(what is of knowledge to "people") and i know how anti-cheat bypassing works, ive reversed programs and anti-cheat systems for years. This person has used different methods in his 5 bypasses(10 bypasses counting those before dayZ) and its obvious that the holes he is using, are being plugged. That is literally ALL an anti cheat system can do.

Every anti cheat system can be bypassed, every encryption, ssl, wpa2, nothing is secure, it wont ever be secure. What defines a good anti-cheat, is how quick and how effective they are at responding, and battleye responds fast.

Edited August 1, 2012 by Suspenselol

[mikhail 65]

Battleye does sync during gameplay, its not enough just "bypassing" it once. I am gonna go look at his code now, but if it seriously does what you say it does, it wont take more then a few days to detect it, and kabam goodbye stupid hackers.

I know how battleye works(what is of knowledge to "people") and i know how anti-cheat bypassing works, ive reversed programs and anti-cheat systems for years. This person has used different methods in his 5 bypasses(10 bypasses counting those before dayZ) and its obvious that the holes he is using, are being plugged. That is literally ALL an anti cheat system can do.

Every anti cheat system can be bypassed, every encryption, ssl, wpa2, nothing is secure, it wont ever be secure. What defines a good anti-cheat, is how quick and how effective they are at responding, and battleye responds fast.

you keep talking like BE is effective and all I keep seeing are more posts in the forums about entire servers being wiped out.

[suspense 210]

you keep talking like BE is effective and all I keep seeing are more posts in the forums about entire servers being wiped out.

Thats not battleyes fault, thats bohemias fault. If it werent for "scripts" (Bohemias implemented these) or creating items/putting nukes in the game, teleporting(bohemia put this in the game). All we would see, would be aimbotting, wallhacking, which wouldnt "appear" as a major issue, because it is much more difficult to spot. But it would still be as much of an issue, as the current hacking shenanigans are.

On top of that, 90% of everyone making posts about battleye on these forums, has absolutely no clue about what they are talking about. They see a server get hacked on monday, and then see it getting hacked again next monday, and they assume nothing was done. Plain and simply wrong, and its mind blowing how people can come on forums here, claim something is bad, while having 0 understanding for what it is, what it does, or how it functions.

[Guest]

Thats not battleyes fault, thats bohemias fault. If it werent for "scripts" (Bohemias implemented these) or creating items/putting nukes in the game, teleporting(bohemia put this in the game). All we would see, would be aimbotting, wallhacking, which wouldnt "appear" as a major issue, because it is much more difficult to spot. But it would still be as much of an issue, as the current hacking shenanigans are.

On top of that, 90% of everyone making posts about battleye on these forums, has absolutely no clue about what they are talking about. They see a server get hacked on monday, and then see it getting hacked again next monday, and they assume nothing was done. Plain and simply wrong, and its mind blowing how people can come on forums here, claim something is bad, while having 0 understanding for what it is, what it does, or how it functions.

I mean in Boehmias defense, they didn't create an engine for an MMO to run on it's meant to be like gary's mod... as rocket said, this mod is a hack of a hack.

[Cerven 80]

Thats not battleyes fault, thats bohemias fault. If it werent for "scripts" (Bohemias implemented these) or creating items/putting nukes in the game, teleporting(bohemia put this in the game). All we would see, would be aimbotting, wallhacking, which wouldnt "appear" as a major issue, because it is much more difficult to spot. But it would still be as much of an issue, as the current hacking shenanigans are.

On top of that, 90% of everyone making posts about battleye on these forums, has absolutely no clue about what they are talking about. They see a server get hacked on monday, and then see it getting hacked again next monday, and they assume nothing was done. Plain and simply wrong, and its mind blowing how people can come on forums here, claim something is bad, while having 0 understanding for what it is, what it does, or how it functions.

I think the issue here is that people don't CARE where the problem stems - whether it's BattleEye or Bohemia. The fact is that they want it fixed and they can't understand why it hasn't been. That's a reasonable concern when people are getting hit over and over again by nukes or teleported ad nauseam. As far as I'm concerned, Battleye has to share some of the blame only because they ARE the anti-cheat portion of the problem, whereas Bohemia is responsible for the code of the game. Maybe Bohemia is hamstringing Battleye's efforts: I don't know. Again though, it doesn't really matter - they both end up sharing the blame.

Regardless of who is actually to blame, the vast majority of people who are posting here aren't programmers and don't know the first thing about anti-cheat protection. They just want the shit fixed, period. That's not an unreasonable request.

Edited August 1, 2012 by Cerven

[suspense 210]

I think the issue here is that people don't CARE where the problem stems - whether it's BattleEye or Bohemia. The fact is that they want it fixed and they can't understand why it hasn't been. That's a reasonable concern when people are getting hit over and over again by nukes or teleported ad nauseam. As far as I'm concerned, Battleye has to share some of the blame only because they ARE the anti-cheat portion of the problem, whereas Bohemia is responsible for the code of the game. Maybe Bohemia is hamstringing Battleye's efforts: I don't know. Again though, it doesn't really matter - they both end up sharing the blame.

Regardless of who is actually to blame, the vast majority of people who are posting here aren't programmers and don't know the first thing about anti-cheat protection. They just want the shit fixed, period. That's not an unreasonable request.

It is to an extend.

They want "cheating" and "Exploits" fixed so that ArmA functions as an MMO. This is not possible, it will remove key features and abilities used by the arma community for 3 years already, to run feature full servers, with mods, without mods. Custom user missions, custom vehicles, custom "abilities" such as radios, airdrops etc etc. All things that works through the scripting that arma is build around.

It is NOT a fair request to ask bohemia to re-do how arma works, just so that a mod functions. Especially not when arma 3 is around the corner. If you want a great Day Z game, wait for standalone. Right now, it is what it is, its not up to bohemia to to suddenly abide by a mod, it is, afterall, a mod.

[paronity 83]

You both make valid points, but while the holes get patched quickly. The holes they are patching are much larger in BE than in any other system.

The TTL on those updates can be longer because they aren't as severe. The holes that keep getting fixed by BE should have been fixed to begin with and that is my frustration towards it.

I think they are quick to respond and make quick updates, but the things they are fixing should never have been "broken". Simple QA would have gotten most of these fixes detected....

[Glanza 0]

The easiest way to fix this temp would be allowing clans to password their server and have white lists set up.