Some Anti-cheat ideas!

[Hawk24 94]

If you suggest actual anti-cheat measures then, yes, you should atleast know basic stuff about ArmA itself

Like the unique Player ID and systems already in use

"Some kind of system that scans for third party software" sounds like a 12yr old explaining rocket science

Ever wondered why anti-cheat systems like Punkbuster always need updates to work?

It's not the hack itself that changes, it's the bypass mechanism that changes

Everytime the author of the hack changes the bypass, the affected anti-cheat solution needs to adapt via update

ArmA never needed a 100% strong anti-cheat because it never was in the focus of many scripters

Guess why Battlefield 3 has a rampant cheating problem, a lot of people play it, a lot of people want hacks for it, that's money just waiting to be taken by a good scripter

ArmA always had a small, loyal and mature community, you don't find many people asking for hacks there

Now DayZ has brought a large chunk of players(and with it retards) into the world of ArmA, and so hacks are developed/updated/extended to make money(you didn't think you would get them awesome VIP hacks for free, did you?)

BattleEye is not prepared for this, and that's why we got problem

Edited August 6, 2012 by Hawk24

[TheWalkingDude (DayZ) 8]

Not only is BattleEye not prepared but it seems the game itself (ARMA2) was designed under the assumption people wouldn't try to run scripts to cheat. There is an easy way to stop people doing this - you don't let clients run scripts online, period. At the very least not scripts which directly interact with other players. Someone being able to teleport another player is laughable in its stupidity - this isn't a normal problem because no other respectible game could possibly allow this to happen. Most hacks and cheats are limited to the scope of the player - aim bots, wall hacks etc. These things will always exist. But ARMA2 by way of DayZ has redefined what it means to be affected by cheaters online, to previously unprecedented levels. In other words, this isn't a case of "oh well every game has cheaters", this is well beyond that.

It doesn't mean you have to kill scripting entirely - you just add some framework around it so it isn't this easy. I can understand a closed "by request only" simulator being this open, but ARMA2 is a publically released game with at least some effort given by BI to market it directly to PC gamers. For them to not address these gaping security loopholes and rely on a cheat detector which is clearly incapable of doing the job is appauling.

DayZ has simply exposed ARMA2 for what it is - an abortion of a game from a security point of view.

[Hawk24 94]

Someone being able to teleport another player is laughable in its stupidity - this isn't a normal problem because no other respectible game could possibly allow this to happen

This is funny because it's actually happening in BF3 too

Hackers can teleport the whole enemy team onto one spot filled with C4 and hit the detonator

Millions of dollar worth of advertisement, but it fails to qualify as a respectible game to your definition

And I fully agree of course, aimbot/wallhack/ESP is common stuff, but one should never be able to manipulate other players position or equipment(reports of people being equipped with golden AKMs by hackers)

Edited August 6, 2012 by Hawk24

[TheWalkingDude (DayZ) 8]

This is funny because it's actually happening in BF3 too

Hackers can teleport the whole enemy team onto one spot filled with C4 and hit the detonator

Yes but I'm going to guess it is happening in BF3 because the hack involves an exploit in gaining the privledges to do it - ARMA2 apparently treats every client like they're the administrator and then uses some patchwork crap called BattleEye to try and stop them doing stuff.

Exploits which grant privledges are too always going to happen, but they are usually fixable without having to rethink your entire approach like BI would have to do if they cared about how terrible ARMA2 handles security.

[famematt 7]

deleted

Edited May 2, 2017 by famematt
deleted

[TheWalkingDude (DayZ) 8]

Admins can view player X,Y,Z coords via logs, but they are not as good as you would think. Its really next to useless.

Well if player X kills player A, B and C, and B and C happen to be nowhere near him, shouldn't that raise some red flag somewhere?

And I'm sure it's self explanatory how it could be used to counter teleporting (assuming you quit before dying).

I understand rocket has limited control over ARMA2, so its swiss cheese approach to security is always going to be a problem, but it appears to me he either didn't realize how bad it was, or didn't care, because DayZ doesn't seem to even try and cover some of the common problems with hacking. It pretty much boils down to data validation - not just accepting the data a client is sending the server and hence the hive, but checking it for plausibility. Perhaps there is simply too much else going on for this to be economical, but when it seems pointless to even play DayZ anymore due to hacking, it kinda seems to me it should have had the upmost priority.

[famematt 7]

deleted

Edited May 2, 2017 by famematt
deleted

[TheWalkingDude (DayZ) 8]

The log shows player positions when they sync to the hive but it dosent show who killed who. You cant just see who was close to who via logs.... If you are an administrator, go and open the RPT file and have a look.

Ok fair enough - but part of this suggestion assumed some work may need to be done to improve the logging, so common hacking scenarios can be detected.

Relying on client side detection will never work - it's a losing battle. Ideally you also want a game which simply doesn't accept random scripting commands from just anyone - I still can't stop laughing about how utterly insane that is. But with the cards ARMA2 has dealt, clearly there needs to be some work around server side method to at least detect hackers after the fact. At least force them to keep buying new CD keys.

[SmashT 10907]

This is funny because it's actually happening in BF3 too

That's not actually possible, was patched a long while ago, may have even been patched before BF3 was actually released. Only time I recall seeing it was during the alpha and beta.

The engine could be modified to not allow that to happen in DayZ too, but we will have to wait for a standalone version for them to work on these problems since they can't make engine changes until that happens.

Edited August 6, 2012 by smasht_AU

[TheWalkingDude (DayZ) 8]

That's not actually possible, was patched a long while ago, may have even been patched before BF3 was actually released. Only time I recall seeing it was during the alpha and beta. The engine could be modified to not allow that to happen in DayZ too, but we will have to wait for standalone for them to work on these problems since they cant it currently.

Yeah my quick google on it seems to suggest it was related to the beta, and only came about because of BF3's leak. In any case once patched in a game like BF3 it stays patched - because as I said, it was probably an exploit in tricking the server into running code - the server doesn't normally allow it. The difference with ARMA2 is you don't have to trick it to run code - you have to trick an arbitrary cheat detecting software, which is much easier. If ARMA2 didn't allow it on principle then scripting wouldn't be a problem.

[TheWalkingDude (DayZ) 8]

The engine could be modified to not allow that to happen in DayZ too, but we will have to wait for a standalone version for them to work on these problems since they can't make engine changes until that happens.

BI could, and probably should given how much DayZ has meant for their back pockets. But I guess if there are real plans to move the mod away to standalone then so be it - probably not worth it now. Hopefully at least BI learned that taking shortcuts with security is not acceptable. I plan on never buying a BI game again.