Jump to content
Rikus (DayZ)

Why do scripts exist?

Recommended Posts

Hey,

This is quite a simple question. Why do the script system is allowed to exist? I don't know anything about the Arma II engine, but I do know a lot of game engines, I'm a video game programmer, engine programmer, I even code anti-exploit / anti-hack code for our games.

I do not get which is the reason of why these client-side scripting system is allowed to exist on DayZ. Is it used by the game itself for another purpose?

How difficult it is to completely deny the use of this scripts by code? And even if Arma II or DayZ need this system, is really that hard to deny or override the functions (with an empty function or auto kick) used on malicious scripts?

I took a look at the code on some of these hacking scripts and I cannot believe that a client is allowed to run those commands.

Does someone know something about the Arma II engine and will be kind enough to enlight me on this subject? Because as a videogame programmer I see this as a quick and easy (and dirty) hard-coded fixable problem to me.

Thanks in advance!

Edited by Rikus

Share this post


Link to post
Share on other sites

It's because the ARMA II engine is built for military simulation.

It's so that people can inject scenarios, complications, or new mission updates into the simulation.

It's to add realism but it's mainly abused in DayZ.

Share this post


Link to post
Share on other sites

Yeah. The whole point of ArmA is military simulation. The scripting is so that people can design their own scenarios, spawn things in on the fly etc. Setting up a battle basically.

It's a side effect of using the ArmA engine...hopefully the stand alone will be locked down a lot more.

Share this post


Link to post
Share on other sites

Thanks Scrumilation.

That's what I thought. Still, maybe someone (maybe you) who knows how the sdk mod of Arma II works, could explain me why it cannot be coded a hard-coded fix that doesn't allow to execute scripts by the user.

EDIT: Or even inside the Arma 2 engine, a server variable that denies the use of client side scripts executed by a user. Arma 2 servers could leave this on, while DayZ (or other mods) can leave this off. i.e.: "s_allow_user_scripts = 0/1"

Edited by Rikus

Share this post


Link to post
Share on other sites

Hey,

This is quite a simple question. Why do the script system is allowed to exist? I don't know anything about the Arma II engine, but I do know a lot of game engines, I'm a video game programmer, engine programmer, I even code anti-exploit / anti-hack code for our games.

I do not get which is the reason of why these client-side scripting system is allowed to exist on DayZ. Is it used by the game itself for another purpose?

How difficult it is to completely deny the use of this scripts by code? And even if Arma II or DayZ need this system, is really that hard to deny or override the functions (with an empty function or auto kick) used on malicious scripts?

I took a look at the code on some of these hacking scripts and I cannot believe that a client is allowed to run those commands.

Does someone know something about the Arma II engine and will be kind enough to enlight me on this subject? Because as a videogame programmer I see this as a quick and easy (and dirty) hard-coded fixable problem to me.

Thanks in advance!

Flexible mission creation:

When you connect to a server and download the mission file, it also contains the scripts that your client has to execute in order to run the client side part of the mission.

It turns out it's actually difficult to prevent the client from executing scripts that where not part of the mission. Add to this that the server is very trusting with the client when it comes to what the cient can send back to the server.

Share this post


Link to post
Share on other sites

It's literally just because the Engine won't allow it.

They can only be injected by someone who as access to the editor and that's why single player was blocked off.

Alas it cannot be done on the engines current iteration.

Wait for ARMA III's engine.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks Scrumilation.

That's what I thought. Still, maybe someone (maybe you) who knows how the sdk mod of Arma II works, could explain me why it cannot be coded a hard-coded fix that doesn't allow to execute scripts by the user.

EDIT: Or even inside the Arma 2 engine, a server variable that denies the use of client side scripts executed by a user. Arma 2 servers could leave this on, while DayZ (or other mods) can leave this off. i.e.: "s_allow_user_scripts = 0/1"

It's not that easy, even if the only thing allowed to execute was the dayz code, hackers would find a way to inject their code on it, even if they had some md5 checks they could just run it like if it was coming from the pbo.

So it's kinda hard to avoid hackers with client-sided script running.

Share this post


Link to post
Share on other sites

It's literally just because the Engine won't allow it.

They can only be injected by someone who as access to the editor and that's why single player was blocked off.

Alas it cannot be done on the engines current iteration.

Wait for ARMA III's engine.

It's not a question of allowing or not, wether your game allow ESP hacks or not is irrelevant since it all happens client side. Where it gets iffy with arma is that clients have a lot of leeway in how they affect the server's simulation.

In most games when a client want to spawn a vehicle it sends a "request" to the server, which then performs the operation or reject it based on game logic. While with arma it's aknowledgeing it all the time because due to the huge possible variations of gameplay the scripting engine offers, the server doesn't know wether the client is actually allowed to do it or not.

This problem also exist to a lesser degree on Garry's mod due to it's extensive scripting engine. Most games have the server run in a full autoritative mode where clients have very limited say in what is going on, usually:

  • My character is moving (and the server check if the speed is right and if it's not through a wall)
  • My character is pointing in this direction.
  • My character is pulling the trigger (and the server decide if it's a 'bang' or a 'clic' depending if the player has bullets left.

Edited by Lady Kyrah

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×