Author: lystic
Date: October 19, 2020
Arma 3 Remote Execution is considered one of the few peaks of script-based cheating. For server owners, cheaters with remote executions can be a real pain. It is important that every script developer understand how remote executions are created so they can avoid allowing these vulnerabilities to exist in the first place. Just as a […]
Author: lystic
Date: July 11, 2020
Everyone who has played Arma for an extended period has come across TFAR, Task Force Arrowhead Radio. I am not going to go into how the mod works, you can check it out here. I am going to dive directly into the code that drives TFAR, and do my best at explaining a type of […]
Author: lystic
Date: June 17, 2020
Recently I have been interacting directly with some guys at Bohemia Interactive. With the latest update, BIS_fnc_parseNumberSafe hasn’t been as safe as it should have been. A few great discussions later and I am hopeful that the guys at BI have it right this time, finally patching that multi-year vulnerability. During our back and forth, […]
Author: lystic
Date: April 20, 2020
With the “Old Man” update out now, I decided to take another look at the Functions and UI scripts to see what fixes they implemented, and to look for a new exploit for SQF execution. To my surprise, I was greeted with BIS_fnc_parseNumberSafe. This neat little function is a “fix” for their previously broken BIS_fnc_parseNumber. […]
Author: lystic
Date: October 22, 2019
I have covered remote execution in the past. Everyone by now knows that any remote execution cheat is brutal to the security of game servers in Arma. The developers have made strides to block unlogged and unfiltered remote execution, and they have come a long way since Arma 3 Alpha. This post covers an exploit […]
Author: lystic
Date: October 19, 2019
One of the least discussed issues with the Arma 3 Engine, Real Virtuality 4, is the Engine & the Developer’s inability to protect game servers from its own scripting language. For the last 3+ years, I have been abusing the scripting language & its intricacies to execute SQF code wherever and whenever I want. For […]
Author: lystic
Date: February 21, 2018
Oh yeah, it is time. So I have been looking into machine learning and decided I should dive head first into genetic algorithms. The concept was easy enough for me to wrap my head around. As a prefix, this SQF code was based on a python script written by Joeseph Misiti. The source code for that […]
Author: lystic
Date: September 7, 2017
There is a little-used feature in the ArmA 3 Multiplayer Server list that shows all of their “Official” servers. Currently, there are ~100 players on the official servers. These host games from Endgame to Zues. Stokes figured out how to override this list with the official servers for our mods. It involves a hack-ish way […]
Author: lystic
Date: May 8, 2017
If you run a Life Server you probably use extDB2. It is a wonderfully optimized and amazingly useful plugin used for Database connectivity. The problem with many life servers is they use SQL_RAW (mode 2), which take a string from SQF and executes it in the mySQL database. This inherently opens a security vulnerability on […]
Author: lystic
Date: November 4, 2016
EDIT: The latest patch (0.66) has fixed these issues. This post should now be used to learn how to better prevent these forms of exploits from appearing in your missions and mods. Now that BI has fixed the issue in its latest Dev Patch I wanted to go over, in detail, how this method works, […]