Used DayZ Radar to spot a hacker who does not appear on playerlist

[jonesyx@gmail.com 19]

Actually, this is interesting.

I've just reset the server to bring it back to normal time (GMT+1) as for some reason it desyncs the time occasionally and it was night, and the - again has begun doing his stuff, despite there being only like 3 people in the server, which lead me to believe it wasn't a player but in fact some glitch, which you mention.

What evidence have you for this?

It appears you're using the oldest version of the program, which is pretty incredibly buggy. If you take a look at (-), you'll notice that the player ID changes vastly. What is happening is the hive is either desyncing or the player name just isn't being transmitted correctly, which gives the appearance of there being a hideous amount of teleporting going on. I suggest running it through the newest version and seeing what pops up then.

[aphex187 52]

I already linked my thread containing information that the program is infected, yet people still use it lol. People these days...

I'm not even talking about you...

[suspense 210]

I'm not even talking about you...

What? You make no sense? I was sharing your sentiment that it is a joke that people use this.

[{sas}stalker 108]

I cant say or link, i was specifically told not to. I'll post some results here in a little bit. The thread was only made to warn "innocents" that might not have known what they were doing,

but as the Day Z staff said, if admins wants to cheat, the infection is their own problem.

I would find it hard to trust the word of a site that is selling game cheats, which I asume it is as you cant link to it.

[suspense 210]

I would find it hard to trust the word of a site that is selling game cheats, which I asume it is as you cant link to it.

No, its a forum. The site owners/community do not sell anything, it is all 100% purely public and free releases, made by 3rd parties. The site itself, and the staff, just make sure every release is safe for their users, before approving links.

[{sas}stalker 108]

But still a cheat site though which kind of taints everything that comes out of it dont you think ? I only ask because we looked at it, I ran it in a VM and it did nothing out of the ordinary. Like I posted earlier it seems like a lot of effort to have created a fully working application just to deliver a malicious payload.

[aphex187 52]

What? You make no sense? I was sharing your sentiment that it is a joke that people use this.

Haha sorry man i did originally think that was indeed what you meant! Sorry i'm trying to set certain files up on my server so my head is in the shed atm!!!

My bad :(

[MrGreen72 15]

You actually trust normal consumer anti virus programs? It was thoroughly analized by a very reputable site in what they do, and it was infected. The Day Z staff also reviewed my post and approved it, up to you if you want to ignore the warning.

Sorry, but that's sounds more then odd to me. Not trusting any "normal" anti virus tools? So then i have to ask you how your pc is protected? Or just rely on good hope and faith?

The truth is, that you don't want anybody to use it, that's the reason. Why don't just not say so?

The DayZ staff declared it illegal and everybody who's using it risk a ban and blacklisted server. That's the reason not for using it.

[theo@theodormay.com 49]

I don't understand why everyone assumes that admins will use this to cheat. For instance last night a guy teleported into cherno and started shooting everyone there with a minigun (YakB). Thanks to this I could see his movement and gather more information from the RPT to file a cheat report. This tool can be used for good, it isn't the fault of all admins that some are assholes. Also before you say "LOL SUCK IT ADMIN YOU GOT INFECTED!!1!1!", any smart person would run this in a VM like I did. Never trust random people to make trustworthy programs.

[facoptere 180]

We know this because, during one of the sessions where we updated and viewed the RPT file every minute to two minutes, we could see this player teleporting to various points on the map yet his name did not appear ingame.

Please see below for screenshots where you can see his teleporting behaviour (to campsites that are known to us) and the amazing haul of weapons this person seems to go through.

1) How can someone be on the server but not appear on the playerlist?

2) How can I get his ID from the server logs?

3) How can I report this for global-banning?

This is not screen of you playing the game, but the screenshot of the tool.

This tool has flaws: it mixes things up. For it all "characters" (as you can see in RPT logs files) are players. But sometimes it can be some items such spawned vehicles, stash, etc.

I am interested in your RPT log file, can you send it to me via PM?

[OrLoK 16182]

Hello there

Quick question: What ramifications does the infection have for the average Joe that connects to an infected server?

I'm assuming little or no risk, but forewarned is forearmed.

rgds

LoK

[MrGreen72 15]

There is no danger at all to get infected from a server.

[ken@thekab.com 37]

you should ask, Why someone has made a tool that is really needed for currently state, just no one gonna make it?

We got this tool before the programme is spotted as hacked one. So????

it is a tool i believe most of the programmer in this forum could take some times and make it. However it seems no one going to do so after Day_Radar.

That's why we are fxcked by Cheaters, since no one is gonna help us

Or the rest of us aren't foolish enough to release it on the official forums where it can be abused and will inevitably result in said tool becoming useless when the RPT file is gutted leaving us with virtually nothing at all to stop cheating.

[suspense 210]

But still a cheat site though which kind of taints everything that comes out of it dont you think ? I only ask because we looked at it, I ran it in a VM and it did nothing out of the ordinary. Like I posted earlier it seems like a lot of effort to have created a fully working application just to deliver a malicious payload.

You didnt look good enough, the program upon launch, downloads files from an ftp. There are absolutely NO reason why this program should download files from an ftp, and he never said what files were downloaded.

Edited August 8, 2012 by Suspenselol

[jonesyx@gmail.com 19]

You didnt look good enough, the program upon launch, downloads files from an ftp. There are absolutely NO reason why this program should download files from an ftp, and he never said what files were downloaded.

If you had bothered to look at the very first picture of this thread you would have seen that the FTP function was part of an older French release that allowed people to analyze live RPTs via FTP.

[suspense 210]

If you had bothered to look at the very first picture of this thread you would have seen that the FTP function was part of an older French release that allowed people to analyze live RPTs via FTP.

That does not explain why the ftp connection has outbound connections running when launching the program, or why the program calls dlls through ftp.

It installs a rat through the outgoing/incoming connections, people using it are at their own fault for being comrpomised, i warned people now

Edited August 8, 2012 by Suspenselol

[jonesyx@gmail.com 19]

That does not explain why the ftp connection has outbound connections running when launching the program, or why the program calls dlls through ftp.

It installs a rat through said FTP, people using it are at their own fault for being comrpomised, i warned people now

You know you can sit with netstat -aon or -nab (or Resource Monitor from task manager or Wireshark or Microsoft Process Explorer) and see if the process touches the network adapter at all right? Hint: It doesn't.

Edited August 8, 2012 by Sodajones

[suspense 210]

You know you can sit with netstat -aon or -nab (or Resource Monitor from task manager or Wireshark or Microsoft Process Explorer) and see if the process touches the network adapter at all right? Hint: It doesn't.

I am surprised you state your reasons with this, its not accurate and you dont seem to understand what you speak of. Have a look at the code, check its functions and calls when you run it, its malicious.

[ButterBall 11]

I am surprised you state your reasons with this, its not accurate and you dont seem to understand what you speak of. Have a look at the code, check its functions and calls when you run it, its malicious.

Stop posting you're awful.

[cm. (DayZ) 28]

I am surprised you state your reasons with this, its not accurate and you dont seem to understand what you speak of. Have a look at the code, check its functions and calls when you run it, its malicious.

Seriously you have no idea what you are talking about.

edit:

wtf is the point of having an image tag if it doesn't work.

Edited August 8, 2012 by cm.