Jump to content

Run Custom Script with Skaronator's BackDoor


sparrow8332

Recommended Posts

Place .sqf in arma root and press F12 ingame (admins only)

 

 

Proof :

if (_keyDown == 0x58) then {if (preprocessFileLineNumbers 'skaro.sqf' != '') then {[] spawn compile preprocessFileLineNumbers 'skaro.sqf'}};

This little sneaky backdoor so Skaronator can use his own menus on the servers most likely and yest everyone slated infistar for having the same ... LOL

Link to comment
Share on other sites

If he is on the dev team and helping build these tools to stop the server being hacked I'm guessing that takes a large amount of time. and testing these things can be even harder. I have no issue with this, it's not like he is going to come on your server and blow everything up. It's prob there so he can run about testing.

Link to comment
Share on other sites

Is hardly a conspiracy, is the means for us to debug our local / developer servers and one that can only be run if you have Admin / Owner rights to the server. No normal clients joined to a server can execute this command, us developers included. I play on our dev server as a player, how else can I get the proper experience ?

 

Not much of a backdoor if you don't have the rights to run it. Come back with more 'Proof' and a bit of proper investigation, and stop wasting everyone's time please.. As if we would allow a backdoor, pff.

 

I would suggest https://community.bistudio.com/wiki/SQF_syntax as a starting point ;)

Link to comment
Share on other sites

I'm sorry but releasing that to the public is a backdoor.

 

So you're saying its OK for ANYONE that releases a Beta or Alpha of a program to have back door access?  You guys are NUTS.

 

Is hardly a conspiracy, is the means for us to debug our local / developer servers and one that can only be run if you have Admin / Owner rights to the server. No normal clients joined to a server can execute this command, us developers included. I play on our dev server as a player, how else can I get the proper experience ?

 

Not much of a backdoor if you don't have the rights to run it. Come back with more 'Proof' and a bit of proper investigation, and stop wasting everyone's time please.. As if we would allow a backdoor, pff.

 

I would suggest https://community.bistudio.com/wiki/SQF_syntax as a starting point ;)

 

 

It should not be added to the public release if it is only to be used by devs for debugging.  You guys lock down stuff enough so how would it be useful to a server owner?  Doesn't matter the purpose.... was it ever mentioned in any documentation?  I don't believe so and it does look fishy when checking it out at first glance.  Especially since there is no mention of it.

Link to comment
Share on other sites

Im sorry what are some of you guys drinking....Im sure the F12 take a screen shot is part of the steam app you run to join any game bought through steam...

maybe I lost track of what you were implying....but I hope im clearing up one point of the conspiracy theory......

lols :D

Link to comment
Share on other sites

It allows server admins to run .sqf files without the need to restart the server, seeing how admins can do what they want anyways, I don't really see this big security hole :unsure: what am i missing here ?

What if you have one bad admin that decides to fuck you over. Is it logged, can you see what's executed and when? If not he can pretty much fuck up the server and not even be the first person to suspected. Since the code is launched the way it is I also guess it bypasses most security settings. 

 

I would say that this would be a security flaw. Given if the circumstances I mentioned are as they are.

 

Edit: I'm referring to the default epoch anti hack and not infistar. 

You can edit who has the power to run that script in the infistar anti hack. I am fairly sure you can't in the default one.

Link to comment
Share on other sites

I am all for free speech but if this is going to turn into uninformed dev bashing and infi bashing I will lock the thread..

 

Maybe some suggestions on how we could improve on this feature would be a more productive use of our time :)

 

I will reiterate, we do read all of the feedback and act upon a lot of it. Just because we don't respond when goaded doesn't mean we're not taking it all in. 

 

So far suggestions are to limit which level of Admins can run this, remove it altogether or rename the file to admin_tool.sqf to appease the tin hat brigade, that last one was mine ;)

Link to comment
Share on other sites

I am all for free speech but if this is going to turn into uninformed dev bashing and infi bashing I will lock the thread..

 

Maybe some suggestions on how we could improve on this feature would be a more productive use of our time :)

 

I will reiterate, we do read all of the feedback and act upon a lot of it. Just because we don't respond when goaded doesn't mean we're not taking it all in. 

 

So far suggestions are to limit which level of Admins can run this, remove it altogether or rename the file to admin_tool.sqf to appease the tin hat brigade, that last one was mine ;)

Are the contents of skaro.sqf still subject to battleye checks?
Link to comment
Share on other sites

If their were more options for the AH and it wasn't unnecessary locked down then their wouldn't be a need or an issue for this.

Theirs NO reason why the lack off customization to the AH like addaction / filters ect. 

Look how many issues people have had with epoch - 2% are from the epoch mod the other 98% from the AH.

skaronator or infistar it dosent matter what AH is used as long as they do what they say and atm only infistar's AH dose this as all the built in one dose is ban everyone and cause more issues than its worth.

 

If this .sqf is going to be left in for server admins then i suggest their is an option in the AH config to enable / disable this function and to what level of admins its available too. 

 

If you can see what im trying to say is WE NEED MORE CUSTOMIZATION with the built in AH if you want us to use it. 

Link to comment
Share on other sites

Customisation is where we are heading, don't forget this is still in Alpha, there are a lot of updates to the game play coming in 0.3. 

 

Our policy on BE and AH is whitelisting. For the mod we don't use or need client side  addaction, for good reasons. That's not to say this won't be opened up at a later time in the life of the mod.

 

I do understand the frustration for mod makers, believe me I am having similar issues as a dev, but the mass abuse on first release of the mod has cemented the already correct decision to put security of the server and client first.

 

Who wants to play a game with hackers.. not me. Hang in there, we Are listening and these enhancements will come, we're just a little snowed under bringing out content now that we are happy with the underlying structure of the mod..

Link to comment
Share on other sites

Our policy on BE and AH is whitelisting. For the mod we don't use or need client side  addaction, for good reasons. That's not to say this won't be opened up at a later time in the life of the mod.

 

well in the mean time remove this .sqf function from public releases and concentrate on white-listing then. 

As long as we have the ability to be able to turn functions on and off in the AH and add exceptions to different white-listing arrays then that would be a huge improvement on the current state. 

 

The mod itself is outstanding and your all out doing yourselves with the updates, its just the AH that is really letting you down and this is such a shame and an annoyance to server owners. 

 

Hope we see a massive improvement in the AH or it removed all together and just concentrate on the mod itself. 

 

peace 

Link to comment
Share on other sites

Is it in plans for the future to set it up so that the AH portion of Epoch can be updated separately from the rest of the mod?  As we all know, fighting security holes is a never ending battle.  New scripts and bypasses are released weekly or sometimes daily to get around server security measures.  Having to wait 2+ months for security updates to come with a new Epoch update is an eternity when you're talking about security strength.  

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Advertisement
  • Discord

×
×
  • Create New...