HOWTO: Use publicvariableval.txt to auto-kick players with hacked weapons

[venthos 605]

Credit goes to the folks at Gotcha-Antihack for the list of 'Hacked in Weapons'. I basically look the list from the .ini file to use as the basis of my "hacked items list".

I had initially tried Gotcha-Antihack, but the RCON spam and in-game global advertisements turned me away from it. One of the only things it seemed to do beyond the default filtering system and BEC was hacked weapon kicking. So, I decided to implement that in an alternative way once I realized it could be done.

Using this method, you don't need anything other than your DayZ server out of the box. It's included functionality with the ARMA2 server with the latest betas.

THE STEPS

[1] Open (or create if it doesn't exist) "publicvariableval.txt" in your BattlEye directory. Note that this is DIFFERENT from "publicvariable.txt".

publicvariable.txt = Checks against variable names

publicvariableval.txt = Checks against the values of variables

We want publicvariableval.txt

However, both of these filter files log to publicvariable.log

[2] Paste in the below:

5 "\"BAF_AS50_TWS\""

5 "\"ItemRadio\""

5 "\"UZI_SD_EP1\""

5 "\"30Rnd_9x19_UZI_SD\""

5 "\"M4A1_HWS_GL_SD_Camo\""

5 "\"Skin_Soldier1_DZ\""

5 "\"G36_C_SD_camo\""

5 "\"Laserdesignator\""

5 "\"30Rnd_556x45_G36SD\""

5 "\"Soldier1_DZ\""

5 "\"revolver_gold_EP1\""

5 "\"MakarovSD\""

5 "\"5Rnd_86x70_L115A1\""

5 "\"G36_C_SD_eotech\""

5 "\"M40A3\""

5 "\"m107\""

5 "\"BAF_LRR_scoped\""

5 "\"M4A1_HWS_GL\""

5 "\"20Rnd_B_765x17_Ball\""

5 "\"Sa61_EP1\""

5 "\"M4SPR\""

5 "\"M4A3_RCO_GL_EP1\""

5 "\"Mk_48_DES_EP1\""

5 "\"M4A1_Aim_camo\""

5 "\"M249\""

5 "\"AKS_GOLD\""

5 "\"8Rnd_9x18_MakarovSD\""

5 "\"1Rnd_HE_GP25\""

5 "\"100Rnd_556x45_BetaCMag\""

5 "\"Mk_48\""

5 "\"AK_107_GL_pso\""

5 "\"20Rnd_556x45_Stanag\""

5 "\"30Rnd_556x45_G36\""

5 "\"100Rnd_762x54_PK\""

5 "\"SmokeShellPurple\""

5 "\"100Rnd_556x45_M249\""

5 "\"MG36\""

5 "\"M16A4_ACG_GL\""

5 "\"ksvk\""

5 "\"AK_74_GL_kobra\""

5 "\"5Rnd_127x108_KSVK\""

5 "\"Pecheneg\""

5 "\"Laserbatteries\""

5 "\"30Rnd_545x39_AKSD\""

5 "\"SVD_des_EP1\""

5 "\"SmokeShellYellow\""

5 "\"MineE\""

5 "\"M249_EP1\""

5 "\"M24_des_EP1\""

5 "\"BAF_LRR_scoped_W\""

5 "\"BAF_ied_v1\""

5 "\"AK_107_kobra\""

5 "\"1Rnd_SmokeRed_M203\""

5 "\"m16a4\""

5 "\"G36C_camo\""

5 "\"AKS_74_UN_kobra\""

5 "\"1470Rnd_127x108_YakB\""

5 "\"SmokeShellBlue\""

5 "\"M4A1_RCO_GL\""

5 "\"M249_m145_EP1\""

5 "\"FlareYellow_M203\""

5 "\"FlareRed_M203\""

5 "\"BAF_L86A2_ACOG\""

5 "\"AK_107_GL_kobra\""

5 "\"2100Rnd_20mm_M168\""

5 "\"1Rnd_SmokeGreen_M203\""

5 "\"SmokeShellOrange\""

5 "\"Saiga12K\""

5 "\"PK\""

5 "\"M60A4_EP1\""

5 "\"G36K_camo\""

5 "\"EvMoney\""

5 "\"BAF_M240_veh\""

5 "\"BAF_L85A2_UGL_Holo\""

5 "\"1Rnd_SmokeYellow_M203\""

5 "\"15Rnd_W1866_Pellet\""

5 "\"TimeBomb\""

5 "\"SVD\""

5 "\"Rocket_DZ\""

5 "\"Mine\""

5 "\"m240_scoped_EP1\""

5 "\"M16A4_GL\""

5 "\"m107_TWS_EP1_DZ\""

5 "\"GRAD\""

5 "\"EvMap\""

5 "\"bizon\""

5 "\"BAF_L85A2_UGL_ACOG\""

5 "\"BAF_L85A2_RIS_Holo\""

5 "\"BAF_L85A2_RIS_ACOG\""

5 "\"AKS_74\""

5 "\"AK_107_pso\""

5 "\"8Rnd_Hellfire\""

5 "\"8Rnd_B_Saiga12_Pellets\""

5 "\"750Rnd_M197_AH1\""

5 "\"6Rnd_GBU12_AV8B\""

5 "\"64Rnd_9x19_Bizon\""

5 "\"30Rnd_762x39_SA58\""

5 "\"20Rnd_120mmSABOT_M1A2\""

5 "\"20Rnd_120mmHE_M1A2\""

5 "\"200Rnd_556x45_L110A1\""

5 "\"2000Rnd_23mm_AZP85\""

5 "\"1Rnd_SmokeRed_GP25\""

5 "\"1Rnd_SmokeGreen_GP25\""

Run the "loadevents" command through rcon to read in the new filters. Or, worst case, just restart the server.

When someone gets ejected for a hacked in weapon, you will see something like this in publicvariable.log

19.09.2012 07:58:35: PLAYER (IP:PORT) GUID - Value Restriction #46 "dayzPlayerSave" = ,"20Rnd_762x51_FNFAL","30Rnd_556x45_G36SD","30Rnd_556x45_G36SD","ItemMorphine","ItemWaterbottle","ItemWaterbottle","FoodCanFrankBeans","ItemSodaCoke","FoodCanBakedBeans","ItemSodaCoke","30Rnd_556x45_G36SD",["15Rnd_9x19_M9SD",8],"15Rnd_9x19_M9SD","ItemBanda

The actual "Value Restriction #" will vary based on how many rules are in your publicvariableval.txt

How effective is it?

It's better than nothing. Basically, every time a player's information is saved to the hive this filter will have the opportunity to check for hacked weapons. So, every hive save is when the check goes off for a given player. You'll see the kicks fire off with two public variable names. "dayzPlayerSave" (the hive save) and "dayzCharDisco" (which I *think* is the final hive save on disconnect?). The latter obviously doesn't really do much when you're kicking someone who is already logging off.

I don't see the hacked weapon in the publicvariable.log text

As you'll quickly notice with all of the publicvariable.log logged lines, there seems to be a character limit on the log. After so many characters per line, it truncates the line. Note my example above, you don't actually see the G36SD weapon in the log line, but the ammo is there that makes it apparent he had one. Despite that the log line isn't conclusive, the filter actually seems to get to check against the full variable value and did in fact see the hacked weapon.

Can I ban more stuff?

Sure. You can kick for any item name at all from being on a player. It should be self apparent how to add new stuff in. Just make sure you enclose the item name in escaped quotations, otherwise you run the risk of matching more than you intended. In other words, make sure you match with:

"\"GUNHERE\""

and not:

"GUNHERE"

But my name is AndreasB, and therefore I am already donning my angry pants about this.

The only thing I don't like about filtering for hacked weapons this way is that it's not clear at all to the person being kicked as to why they're being kicked. They'll just see "You were kicked for: Value Restriction #". I wish you could customize the filter message kicks. However, on that same token this is purely a kick and not a ban. Hopefully if enough people filter for these hacked weapons it can become common forum knowledge to explain to people what the kick means and that they can happily play on that server once they drop the hacked weapons.

Edited October 3, 2012 by Venthos

[Hydra (DayZ) 472]

But I loves my KSVK.

1: cannot find more ammo for it

2: no zeroing, actually takes skill

3: looks fucking awesome

4: same bloodval damage as m107

No problem here.

[venthos 605]

I'm sure you'll find a reasonable amount of servers who do not care what weapons you use on their server. You're welcome to play on those servers. There are those of us who wish to stick to only items that are legitimately obtainable. I don't care if the only difference between the hacked gun and legit gun is that one has a small sticker of a kitten on the side. I only want legit weapons on my server ;)

[sp86 508]

I don't know how Citizen Purple extracted spark energy promotion code from Keri Hilsons ass pictures via Hyperspatial travel but I'd kinda like to hear more.

[stokvis 24]

The M16 M203 is a legit weapon isn't it??

[sp86 508]

The M16 M203 is a legit weapon isn't it??

M16A2 is. M16A4 is not.

Edited September 19, 2012 by sp86

[venthos 605]

The M16 M203 is a legit weapon isn't it??

Good catch. The list I copied over is direct from Gotcha-Antihack. So, this means Gotcha-Antihack by default is kicking for the M16A2_M203 as well. I'll edit the original post and remove that gun from the kick list.

[DrainBamaged 38]

Venthos,

Would it be ok to PM or email you Re; instituting this? I have some questions I'd like to get answered first.

Best,

DB

[DrainBamaged 38]

Venthos,

Would it be ok to PM or email you Re; instituting this? I have some questions I'd like to get answered first.

Best,

DB

[venthos 605]

Sure, go ahead and send me a PM. I'm kind of curious what questions you have that you wouldn't just ask in the thread ;)

[Omaran 18]

As a new server admin I have been trying to find the right files to help eliminate hackers as much as possible, so I will try this.

Another question though: is there a single place I can go to download all the latest and recommended files for my server?

[sp86 508]

As a new server admin I have been trying to find the right files to help eliminate hackers as much as possible, so I will try this.

Another question though: is there a single place I can go to download all the latest and recommended files for my server?

Right here. CBL Link, pops.

Edited September 19, 2012 by sp86

[robciviccrx 28]

Have some beans if not for the information for the AndreasB comment :D

[Omaran 18]

Thankyou :)

[venthos 605]

I was pondering this, and I realized that this rule set may actually prevent the player from saving the hacked item to their character on the hive since it's tripping on the hive saves. Therefore, if someone OBTAINS a hacked item on your server (hacks it in, loots from a crate/tent, loots from a player corpse, whatever) then the hive save will be blocked and they'll be kicked. This effectively prevents someone from even abusing your server to grab a hacked item and take it to another server.

The only way someone would get to keep the hacked in weapon is if they already had saved it to the hive from having it on another server first that didn't have this rule set.

Kind of interesting. By this rule set blocking hive saves of hacked in gear, the garbage should slowly filter out of the hive if more people kick for this stuff.

I'll work on expanding the list beyond just a "top offenders" weapon list. It's just annoying that since you can only block on variable name OR value (not both), I have to make this a blacklist vs. just whitelisting known good DayZ items.

[DrainBamaged 38]

Venthos,

I'll make a deal with you. You get this working on my servers and I'll type the lists for you.

~DB

[polli 57]

I think it will be a good idea to add this to the CBL files. I'm using the autoupdate tool and it will overwrite my changes on every update now.

I'm sure that it will be not an issue when these lines are added to the files. People who use the CBL files and update frequently, don't like hacked in shit on there servers.

Edited September 20, 2012 by Polli

[cwc_shadow 70]

Thanks for the info Venthos. I'll give this a try for sure. :)

[ZiiP_Scottyboy 17]

M16A2 is. M16A4 is not.

M16A4 Acog is on Dayz Wiki as legit?

Doh. Edit. You mean the m16a4 with GL right.

Edited September 20, 2012 by scottyboy

[Magotchi 74]

For those using another publicvariableval.txt already (like the DayZ Community Banlist version), I added this to the script that downloads that file on my server to merge them, after the line that downloads the fresh DCBL publicvariableval.txt:

copy /b publicvariableval.txt + publicvariableval-local.txt publicvariableval.txt

publicvariableval-local.txt contains Venthos' entries, with an extra line break at the top to make the merge work correctly.

Update: I'm actually using the following in my publicvariableval-local.txt, though, based on the list of personally-detected invalid items I provided, and it seems to work great:

Moved to Google Code project.

Edited October 27, 2012 by Mister_Magotchi

[Frop 33]

Nice list, but I've set the entries to 1 instead of 5 since I thought the server hosting rules stated you can't kick people for this kind of stuff.

Furthermore, given the fact that I've seen someone get kicked for spawning in a vehicle and actually finding said vehicle makes me believe the BE kicks only take place after the fact. I don't think you'll see players losing illegal items over this.

[venthos 605]

Nice list, but I've set the entries to 1 instead of 5 since I thought the server hosting rules stated you can't kick people for this kind of stuff.

Fair enough. With the stated relaxation on the some public hive rules, though, I feel a kick is not unfair here. The only thing I don't like about this solution is it doesn't clearly say why they were kicked. It's just the generic kick with # like all other BattlEye filters. If this method becomes more popular, then hopefully it can become common knowledge of what's happening.

I would not condone banning players through this method. That doesn't make sense and I would side with anyone who complained about being banned for having a hacked item on their person. That is, as long as their excuse was that they did not know it was hacked and would happily destroy it otherwise. If their excuse is "I didn't hack it in, therefore I should get to use it forever and ever" - AndreasB. then I think they're just being a douche bag. Sadly, banning for being a douche bag isn't something anyone should do on the public hive ;) But, I'd smirk as the filter kicks them constantly until they dispose of the hacked item(s).

I'm also unsure about whether it actually will block the hive saves, just like you I'm skeptical. It's yet to be confirmed. I destroy all the hacked weapons I come across so I simply don't have anything to test with ;) Either way, a kick for this stuff is sufficient in my eyes. The hive save block would've just been a bonus.

[machomanugget 26]

Interesting Stuff, thanks for the information i think i will try this on my server, its already seeing a massive influx of thermal as50's..

[xforce@yourgamebuddy.com 11]

I'm also unsure about whether it actually will block the hive saves, just like you I'm skeptical. It's yet to be confirmed. I destroy all the hacked weapons I come across so I simply don't have anything to test with ;) Either way, a kick for this stuff is sufficient in my eyes. The hive save block would've just been a bonus.

I tested this 5 minutes ago, picked up an AS50 Thermal from a dead body (Cherno roof tops galore:D), got kicked 2/3 minutes later for value restriction but i was able to log back on with the same weapon, so i am assuming it won't prevent hive saves.

[nik21 287]

I tested this 5 minutes ago, picked up an AS50 Thermal from a dead body (Cherno roof tops galore:D), got kicked 2/3 minutes later for value restriction but i was able to log back on with the same weapon, so i am assuming it won't prevent hive saves.

Obviously not. But you will get kicked as long as you carry hacked gear.