Author: lystic
Date: May 8, 2017
If you run a Life Server you probably use extDB2. It is a wonderfully optimized and amazingly useful plugin used for Database connectivity. The problem with many life servers is they use SQL_RAW (mode 2), which take a string from SQF and executes it in the mySQL database. This inherently opens a security vulnerability on […]
Author: lystic
Date: October 15, 2016
Categories:
ArmA 2,
ArmA 3Recently, there have been a lot of server file leaks. The way cheaters obtain server files has always been the same. Remote Execute some code up to the server that retrieves data and returns it back to the cheater’s client. Upon receiving data the cheater writes it to their log file or profilenamespace or something […]
Author: lystic
Date: August 27, 2016
I spent the last two days working on a method for stealing server admin passwords. I figured if I used the altis life database injection that I talked about in my previous post I could inject a server and have the bruteforce run for weeks on end until it finds the admin password. The first […]
Author: lystic
Date: August 22, 2016
This post comes after I asked /r/ArmADev for suggestions and subsequently got down voted to hell for what, in my opinion, is a fair dislike towards me in the community. I will be responding to the suggestion posted by /u/otherworldlyBuffoon Here is the post. So what kind of attacks do cheaters use on arma 3 […]
Author: lystic
Date: May 24, 2016
Categories:
ArmA 2,
ArmA 3The worst nightmare for any anticheat developer is coming across a cheat that is nearly impossible to detect. Hint menus are one such cheat. There is no way to disable the “hint” command and no way to detect what is being displayed in the current hint. So how would an anticheat go about stopping people […]
Author: lystic
Date: May 21, 2016
Categories:
ArmA 2,
ArmA 3A big issue with most game modes in ArmA 3 is how they handle network messages. Most servers I have come across do nothing to protect publicVariableEventHandlers and remoteExec calls. Now before I get started I will mention that there are many different ways to secure network messages and I will only be showing one. […]