extDB2 Exploit And Why You Should Use SQL_CUSTOM_V2

Categories: ArmA 3

If you run a Life Server you probably use extDB2. It is a wonderfully optimized and amazingly useful plugin used for Database connectivity. The problem with many life servers is they use SQL_RAW (mode 2), which take a string from SQF and executes it in the mySQL database. This inherently opens a security vulnerability on […]

Blocking Scripted Remote Execution

Categories: ArmA 2, ArmA 3

Recently, there have been a lot of server file leaks. The way cheaters obtain server files has always been the same. Remote Execute some code up to the server that retrieves data and returns it back to the cheater’s client. Upon receiving data the cheater writes it to their log file or profilenamespace or something […]

Server password bruteforcing

Categories: ArmA 3

I spent the last two days working on a method for stealing server admin passwords. I figured if I used the altis life database injection that I talked about in my previous post I could inject a server and have the bruteforce run for weeks on end until it finds the admin password. The first […]

What do cheaters use on ArmA 3 servers?

Categories: ArmA 3

This post comes after I asked /r/ArmADev for suggestions and subsequently got down voted to hell for what, in my opinion, is a fair dislike towards me in the community. I will be responding to the suggestion posted by /u/otherworldlyBuffoon Here is the post. So what kind of attacks do cheaters use on arma 3 […]

How to detect hint menus

Categories: ArmA 2, ArmA 3

The worst nightmare for any anticheat developer is coming across a cheat that is nearly impossible to detect. Hint menus are one such cheat. There is no way to disable the “hint” command and no way to detect what is being displayed in the current hint. So how would an anticheat go about stopping people […]

Securing publicVariableEventHandlers

Categories: ArmA 2, ArmA 3

A big issue with most game modes in ArmA 3 is how they handle network messages. Most servers I have come across do nothing to protect publicVariableEventHandlers and remoteExec calls. Now before I get started I will mention that there are many different ways to secure network messages and I will only be showing one. […]