Could infiSTAR Admin Tools have a malicious backdoor into your server?

[Gregarious]

I found this thread while doing some research on the popular DayZ hack that evolved into a set of admin tools:

 

http://www.unknowncheats.me/forum/arma-2/106583-infistar-anti-hack-backdoor-no-download-required.html

 

tl;dr: infiSTAR's Admin Tools has a backdoor that allow him and others admin access to your server.

 

...but is this true? I don't use the tools myself, but I thought I'd toss this onto the table in case this is a real problem. The thread has a step-by-step guide on how to take control of a server that uses infiSTAR's antihack, which I imagine is many of you. Worth a look, at least.

 

A few notable quotes:

 

Do you really think, that infistar went from a leecher (combining other people's scripts, renaming the variables with his own name, and reselling it), to someone who has the competence to write over 90% of what is in the anti-hack? A majority of it was written by Monky/Hangender, the parts that he's "contributed" were either copy pasted from cheats (admin tool is mostly copy/paste with the addition of logging), or the dayz modified variable checks (checks for things like modified damage handler, etc. from breakingpoint's anti-hack (written by hangender)), and finally the unlimited ammo check (which he actually did himself, as far as I am concerned.. It only took him 6+ months to finally "fix" the false positives).

The original idea for ridding of the requirement to use BIS_MPF_remoteExecutionServer to spawn the anti-hack on JIP clients was also not his own, and the same goes for many of the admin tool scripts that WERE custom. But of course, as expect after nearly 2 years of leeching and reselling other people's work, he's starting to 'write' some things.
Nothing major, actually.
Just things like generating keys (already part of dayz_server.pbo for epoch).. and.. nothing comes to mind.

Evidently writing 'cheats' didn't take off for him (tons of problems with his VG cheat, and very few purchases, lots of chargebacks), so this is why the backdoor is in place. It allows him to do what he's always wanted, to 'cheat' on any server he likes. 

 

Someone even made a mock reaction video on Youtube of infiSTAR "reacting" to people finding out about his backdoor (it's the angry german kid): 

 

I have no answers, only data, and not much. Is this all a ploy to frame infiSTAR and make him lose potential customers, or did he really code a backdoor into his Admin Tools and sell them for $40?

[TheVampire]

[Gregarious]

Huh.

 

So there WAS a backdoor (what he calls a 'front door'), but it was patched. Sketchy.

 

Thanks for the reference link, Vamp.

 

P.S. I love your mission system. 

[MGT]

Chris sells to a lot of hosts, he used to have a access for debug purposes, it was only when Douggem and co discovered this that it became a problem. The last 6 or so builds have had the access removed.

[LoadingSA]

Even when there was a "backdoor" it was super easy to remove and secure. Most people just like to have things to bitch about.

[nutshot]

lol, am I the only one who thinks its hysterical that the guy making dayz hacks also sells the admin tools to combat dayz hacks?

[Defent]

That reminds me of McAfee back in the days when they were accused for creating false viruses that their anti-virus detected first.
This then made them sell in insane amounts. But this was in like '92. Nothing is new under the sun.

[Richie]

lol, am I the only one who thinks its hysterical that the guy making dayz hacks also sells the admin tools to combat dayz hacks?

Black hats turning into white hats is nothing new, same thing here and for what it's worth, It's an exellent tool :)

[LoadingSA]

lol, am I the only one who thinks its hysterical that the guy making dayz hacks also sells the admin tools to combat dayz hacks?

 

No but you're not being clever. He never had hacks simply scripts and the menus to use them. The "hacks" laways came from someone else. Most admins from way back in the early days know that the best way to catch hackers is to use hacks your self. Rocket hates admins and kept removing the ability for us to do anything.

[Mercules]

Rocket hates admins and kept removing the ability for us to do anything.

 

Where do you get that from?

[FrenzyFire000]

Guys, a lot of the backdoor issues have been addressed and new security addons have been added to this tool.

I have used Infistars admin tool for a few years, and yes it was something that could get hack back then, but looks great now.

 

Thanks

FrenzyFire000

[Gooober]

Let them find another back door.   Will just be another door locked shut..........   

[DeanReid]

Found this too, http://www.unknowncheats.me/forum/arma-2/106571-infistar-anti-cheat-admin-backdoor-2-a.html

[MGT]

That got patched about a day after it was released, its wasn't a backdoor provided by infiSTAR it was a hack to gain use of the admin menu.

[insertcoins]

it's always a cat a mouse game. Infistar creates a tool, hackers do what they do, infistar patches, hackers find something else, infistar patches etc etc.

 

If you do not want this you've gotta ask yourself the question if the constant cat mouse is worth it for you personally. I find that it is, the pro's far outweigh the cons in terms of usability and function, but I can imagine somebody not wanting the hassle and the constant threat of your server being a potential " backdoor" away from being taken over.

[MGT]

If you have more than 20 players at any one time on your server then this is necessary as the hackers get pleasure from misery, misery such as deleting your players bases, killing them all, teleporting them to Kamenka etc.

[insertcoins]

true that

[DeanReid]

I'm still with the Epoch Anti-Hack/TP and I only recently started getting hackers after 6 months of being up, just thinking if I should make my own anti-hack, so I know what is actually in the code.

[insertcoins]

I'm still with the Epoch Anti-Hack/TP and I only recently started getting hackers after 6 months of being up, just thinking if I should make my own anti-hack, so I know what is actually in the code.

 

You only recently caught them. ;)

[TheKingIDC]

One of my admins was going through the AH.sqf and the AHconfig.sqf from infiSTAR, and found a few extra UIDs added in near the bottom. it was something like _superadmins + "############". always check these things before you add it. i've been a few admin tools with similar things in it using comlie to string to "hide" what it says. 

[cen]

He's not hiding anything. He will be the first to tell you they are his UID's. He does testing on live servers some times with players. He's been on my server plenty of times and doesn't do anything to disrupt gameplay.

 

If you don't like it, just remove them. Chances are he will never join your server anyway unless you have actually talked with him other than over email.

[ruubje11]

I agree with Cen.

 

He has never done anything on my server to disrupt gameplay and if I ever have a hacker issue, he has the ability to come check it firsthand as well.

[insertcoins]

Chris is one of the most helpful peope in this little community called dayz.

[Achmed]

He has joined my server a few times also and even been very helpful with anything i ever ask him. nothing to worry about with chris

[xSkilledElitex]

well this has certainly changed over the last year hasn't it I will probably never by infistar again.