From 026788e714f49256eb0893813569205fa838c6c0 Mon Sep 17 00:00:00 2001 From: ebayShopper Date: Sun, 13 Aug 2017 16:07:03 -0400 Subject: [PATCH] Block another A2OA script execution exploit Thanks to Dihan for reporting on Discord. This exploit may work with other event handlers, displays and controls. Please leave a comment if you find any others that work. I tested GPS, abort, MP setup and group menu displays, as well as the map diary list box controls, but none of those had this problem. This should be fixed with an A2OA patch, please report to Bohemia. --- SQF/dayz_code/system/antihack.sqf | 18 +++++++++++++++++- Server Files/Battleye/scripts.txt | 6 ++---- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/SQF/dayz_code/system/antihack.sqf b/SQF/dayz_code/system/antihack.sqf index f5c6f4556..b7c43b9e4 100644 --- a/SQF/dayz_code/system/antihack.sqf +++ b/SQF/dayz_code/system/antihack.sqf @@ -1,7 +1,23 @@ -/* Block local script execution bug. Still not fixed in A20A as of 1.63.131129 */ +/* + These event handlers are not cleared after exiting the editor, allowing script execution in MP servers + Still not fixed in A2OA as of 1.63.131129 +*/ inGameUISetEventHandler ["PrevAction","false"]; inGameUISetEventHandler ["NextAction","false"]; inGameUISetEventHandler ["Action","false"]; +{ + (findDisplay 12) displayCtrl 51 ctrlRemoveAllEventHandlers _x; + (findDisplay 12) displayRemoveAllEventHandlers _x; +} count [ + "Load","Unload","ChildDestroyed","MouseEnter","MouseExit","SetFocus", + "KillFocus","Timer","KeyDown","KeyUp","Char","IMEChar","IMEComposition","JoystickButton","MouseButtonDown", + "MouseButtonUp","MouseButtonClick","MouseButtonDblClick","MouseMoving","MouseHolding","MouseZChanged", + "CanDestroy","Destroy","ButtonClick","ButtonDblClick","ButtonDown","ButtonUp","LBSelChanged", + "LBListSelChanged","LBDblClick","LBDrag","LBDragging","LBDrop","TreeSelChanged","TreeLButtonDown", + "TreeDblClick","TreeExpanded","TreeCollapsed","TreeMouseMove","TreeMouseHold","TreeMouseExit", + "ToolBoxSelChanged","Checked","CheckedChanged","CheckBoxesSelChanged","HTMLLink","SliderPosChanged", + "ObjectMoved","MenuSelected","Draw","VideoStopped" +]; // (c) facoptere@gmail.com, licensed to DayZMod for the community // diff --git a/Server Files/Battleye/scripts.txt b/Server Files/Battleye/scripts.txt index b1c994d93..64eb7873c 100644 --- a/Server Files/Battleye/scripts.txt +++ b/Server Files/Battleye/scripts.txt @@ -15,18 +15,16 @@ 5 createUnit !="_newUnit = _group createUnit [_class,respawn_west_original,[],0,\"NONE\"];" !="BIS_MPF_logic = BIS_MPF_dummygroup createUnit [\"Logic\", [1000,10,0], [], 0, \"NONE\"];" 5 createVehicleLocal !="_object = (_x select 1) createVehicleLocal [0,0,0];" !="_plant = _x createVehicleLocal (getMarkerPos \"center\");" !="_point = \"Logic\" createVehicleLocal getPosATL _unit;" !"_object = _type createVehicleLocal [0,0,0];" !="_obj = _class createVehicleLocal (getMarkerpos \"respawn_west\");" !" = \"#lightpoint\" createVehicleLocal " !" = \"#particlesource\" createVehicleLocal " !="_object = _ghost createVehicleLocal getMarkerpos \"respawn_west\";" !="_cursorTarget = _upgrade createVehicleLocal getMarkerpos \"respawn_west\";" !="_para = \"ParachuteWest\" createVehicleLocal [0,0,0];" !="_sign = \"Sign_arrow_down_large_EP1\" createVehicleLocal [0,0,0];" !"_obj = \"Sign_sphere10cm_EP1\" createVehicleLocal [0,0,0];" !="_objectSnapGizmo = \"Sign_sphere10cm_EP1\" createVehicleLocal [0,0,0];" !"_object2 = _ghost2 createVehicleLocal [0,0,0];\nhideObject _object;" 5 ctrlAddEventHandler -5 ctrlRemoveAllEventHandlers 5 ctrlSetPosition !="_control ctrlSetPosition [_posX, _posY];" !"3,_h]};\n_control ctrlsetposition _pos;" !="_control ctrlSetPosition [0, (_y + _deltaY)];" !="_disp_ctrl ctrlSetPosition [_posX, _posY];" !="_control ctrlSetPosition _grpPos;" !="_group ctrlSetPosition _pos;" !="_control ctrlSetPosition [_controlPos select 0, _controlPos select 1, _controlPos select 2, 0.03921 * _lines];" !="((uiNamespace getVariable 'DAYZ_GUI_waiting') displayCtrl 1400) ctrlSetPosition _sandLevel;" !="_delayControl ctrlSetPosition [0, _pos];" !="_icon ctrlSetPosition [(_screen select 0),(_screen select 1),.99,.65];" 5 deleteMarker !"} count allDead;\n\n\nif (dayz_oldBodyCount > _bodyCount) then {" 5 displayAddEventHandler !"bis_fnc_halo_keydown_eh = (finddisplay 46) displayaddeventhandler [\"keydown\",\"_this call bis_fnc_halo_keydown;\"];" -5 displayRemoveAllEventHandlers 5 displaySetEventHandler 5 enableEnvironment 5 groupIcon 5 hideObject !"rhideObject" !"\"hideObject\"" !"_object2 = _ghost2 createVehicleLocal [0,0,0];\nhideObject _object;" 5 lbCurSel !"_selectedUserIndex = lbCurSel _lbUsersControl;" !="profileNamespace setVariable ['streamerMode',(lbCurSel (_this select 0))];" !"_index = lbCurSel _lbcontrol;\n_selectedItem" !"_selected = lbCurSel _list;\n_classname = _list lnbData [_selected, 2];" !="_friendName = _userList lbText (lbCurSel _userList);" !")] call Z_" !"(lbCurSel 7421) call Z_fillCategoryList" !"] call Door" !"] call Plot" !"[(lbCurSel 12001)] " !="[(lbCurSel 21000), ((ctrlParent (_this select 0)) displayCtrl 21001)] spawn EpochDeathBoardClick;" !"((ctrlParent (_this select 0)) closeDisplay 2);" !="_uid = _playerList lbData (lbCurSel _playerList);" !"_myGroup lbData (lbCurSel _myGroup);" 5 lbSet !"_lbUsersControl lbSetColor [_x, [1,0,0,1]];" !"\n_control lbSetColor [_x, _color];\n};" !"_weaponsLBSetFocus" !="(_this select 0) displayCtrl 140 lbSetCurSel (profileNamespace getVariable ['streamerMode',0]);" !="(_display displayCtrl 105) lbSetColor [_i, [0.06, 0.05, 0.03, 1]];" !" [7421," !"lbSetPicture [7422, _index" !"lbSetPicture [7402, _index" !"lbSetPicture [7401, _index" !="_userList lbSetData [(lbSize _userList) -1,_friendUID];" !" [TraderDialogItemList, _index, " !"_myGroup lbSetData [_index,getPlayerUID _x];" -5 menu !"_menu = _parent displayCtrl (1600 + _i);\n_menu ctrlShow " !="createDialog 'RscDisplayCraftingMenu';" !"BIS_fnc_commsMenu" !"BIS_fnc_kbMenu" !"call gear_ui_offMenu;" !"dayz_inflame_showMenu" !"\"showCommandingMenu\", " !"rshowCommandingMenu" !"menu_" !"use action menu to " !"\"_menu\",\"_menu1\"" !"PVDZE_plr_TradeMenu" !"fn_gearMenuChecks" !"fn_pauseMenuChecks" +5 menu !",\"MenuSelected\",\"Draw\",\"VideoStop" !"_menu = _parent displayCtrl (1600 + _i);\n_menu ctrlShow " !="createDialog 'RscDisplayCraftingMenu';" !"BIS_fnc_commsMenu" !"BIS_fnc_kbMenu" !"call gear_ui_offMenu;" !"dayz_inflame_showMenu" !"\"showCommandingMenu\", " !"rshowCommandingMenu" !"menu_" !"use action menu to " !"\"_menu\",\"_menu1\"" !"PVDZE_plr_TradeMenu" !"fn_gearMenuChecks" !"fn_pauseMenuChecks" 5 onMapSingleClick 5 playableUnits !"for [{_y=0},{_y < count(playableUnits)},{_y=_y+1}] do {" !"typeName player == \"OBJECT\" && {(player in playableUnits" !"AND {((alive _x) AND {((vehicle _x) distance _obj < 150)})}} count playableUnits)}) then {" !="_local = { _unit distance _x < _dis; } count playableUnits <= 1;" !"if (!_isOk) exitWith {false};\nuiSleep 0.001;\n} forEach playableUnits;" !"ManagementMustBeClose) then { player nearEntities [\"CAManBase\", 10] } else { playableUnits };" 5 selectPlayer !"addSwitchableUnit dayz_originalPlayer;\nsetPlayable dayz_originalPlayer;\nselectPlayer dayz_originalPlayer;" !"addSwitchableUnit _newUnit;\nsetPlayable _newUnit;\nselectPlayer _newUnit;" @@ -57,7 +55,7 @@ 5 endMission !="agazineCargo\", \n\"clearMagazineCargo\",\n\"clearWeaponCargo\",\n\"endMission\",\n\"failMission\",\n\"titleCut\", \n\"titleText\", \n\n\"say\", \n\"play" !="eateTaskSet\", \"debugLog\", \"deleteWP\", \"enablesimulation\", \"endMission\", \"execfsm\", \"fadeMusic\", \"fadeSound\", \"failMission\", \"glo" !="lize \"str_player_login_timeout\", \"PLAIN DOWN\"];\nuiSleep 5;\nendMission \"END1\";\n};\nif ((!isNil \"Dayz_loginCompleted\") and {(Dayz_l" !="rendMission = 'endMission'" !="rendMissioncode = compile preprocessFileLineNumbers (BIS_PathMPscriptCommands + 'endMission.sqf')" !="rendMissioncode={diag_log(\"WARNING illegal RE rendMissioncode with args:\"+str(_this));};" !="ack for type \" + _x);\npublicVariableServer \"PVDZ_sec_atp\";\nendMission \"LOSER\";\n};\ndeleteVehicle _plant;\n} count [\"grass\",\"prunus" !="etPlayerUID player]);\npublicVariableServer \"PVDZ_sec_atp\";\nendMission \"LOSER\";\n};\n\nswitch (true) do {\ncase (1==0) : {\nPVDZ_sec_a" !="ra cameraEffect [\"Terminate\",\"BACK\"];\ncamDestroy _camera;\n\nendMission \"END1\";\n};" 5 player_humanityMorph !="rs \"\\z\\addons\\dayz_code\\compile\\fn_surfaceNoise.sqf\";\nplayer_humanityMorph = compile preprocessFileLineNumbers \"\\z\\addons\\dayz_c" !="_generateKey = {[0,0]};\nfnc_usec_damageHandler = {0};\nplayer_humanityMorph = {};\nplayer_zombieCheck = {};\nPVDZ_pass = [\"none\",\"n" !="#line 1 \"z\\addons\\dayz_code\\compile\\player_humanityMorph.sqf\"\nprivate [\"_charID\",\"_newmodel\",\"_old\",\"_updates\",\"_humanity\",\"_med" !="orld_sunRise; [] spawn world_surfaceNoise; [] spawn player_humanityMorph; [] spawn player_throwObject; [] spawn player_alert" !="ndle = [dayz_playerUID,dayz_characterID,_model] spawn player_humanityMorph;\n};\n} else {\nlocalize \"str_player_fail_wear3\" call da" 5 HelicopterExplo !="(isNull _who) then {\nif (_ammo != \"\" && _ammo isKindOf \"HelicopterExploSmall\") then {\n_who = player;\n_dist = round (_who distanc" !="gger getVariable [\"\"obj\"\", objNull];\n createVehicle [\"\"HelicopterExploSmall\"\", getPos _v, [], 0, \"\"CAN_COLLIDE\"\"] setPosATL get" !="Trigger getVariable [\"obj\", objNull];\n createVehicle [\"HelicopterExploSmall\", getPos _v, [], 0, \"CAN_COLLIDE\"] setPosATL getPos" !=" _atl set [2, (_atl select 2) + 1];\n createVehicle [\"HelicopterExploBig\", getPos _v, [], 0, \"CAN_COLLIDE\"] setPosATL _atl;\n " -5 removeAllEventhandlers !="x select 1,0] nearestObject (_x select 2);\n_building removeAllEventHandlers \"handleDamage\";\n_building addEventHandler [\"handleDa" !="autFuel)) then {\n_WarnFuel = false;\n};\n\n};\n\n_vehicle removeAllEventHandlers \"IncomingMissile\";\n_vehicle removeAllEventHandlers \"" !="leep _wait;} else {sleep (_wait * 4);};\n};\n\n_vehicle removeAllEventHandlers \"Dammaged\";" !="\n\n\n\n\nif (_this isKindOf \"AllVehicles\") then {\n\n_this removeAllEventHandlers \"HandleDamage\";\n_this removeAllEventHandlers \"Killed" !="ect 1;\n_model = _this select 2;\n_old = player;\n\n_old removeAllEventHandlers \"FiredNear\";\n_old removeAllEventHandlers \"HandleDama" !="\npublicVariableServer \"PVDZ_veh_Save\";\n};\n};\n\n\n_unit removeAllEventHandlers \"HandleDamage\";\n_unit removeAllEventHandlers \"Killed" +5 removeAllEventHandlers !"lse\"];\n{\n(findDisplay 12) displayCtrl 51 ctrlRemoveAllEventHandlers _x;\n(findDisplay 12) displayRemov" !="x select 1,0] nearestObject (_x select 2);\n_building removeAllEventHandlers \"handleDamage\";\n_building addEventHandler [\"handleDa" !="autFuel)) then {\n_WarnFuel = false;\n};\n\n};\n\n_vehicle removeAllEventHandlers \"IncomingMissile\";\n_vehicle removeAllEventHandlers \"" !="leep _wait;} else {sleep (_wait * 4);};\n};\n\n_vehicle removeAllEventHandlers \"Dammaged\";" !="\n\n\n\n\nif (_this isKindOf \"AllVehicles\") then {\n\n_this removeAllEventHandlers \"HandleDamage\";\n_this removeAllEventHandlers \"Killed" !="ect 1;\n_model = _this select 2;\n_old = player;\n\n_old removeAllEventHandlers \"FiredNear\";\n_old removeAllEventHandlers \"HandleDama" !="\npublicVariableServer \"PVDZ_veh_Save\";\n};\n};\n\n\n_unit removeAllEventHandlers \"HandleDamage\";\n_unit removeAllEventHandlers \"Killed" 5 AccTime !="oOpenChuteHeight} do {\n\n\n_fpsCoef = ((time - _time) * 60) / acctime; \n_time = time;\n\nbis_fnc_halo_velLimit = 0.2 * _fpsCoef;\nbis" 5 forceEnd 5 failMission !="\n\"clearMagazineCargo\",\n\"clearWeaponCargo\",\n\"endMission\",\n\"failMission\",\n\"titleCut\", \n\"titleText\", \n\n\"say\", \n\"playMusic\", \n\"switc" !="ion\", \"endMission\", \"execfsm\", \"fadeMusic\", \"fadeSound\", \"failMission\", \"globalChat\", \"globalRadio\", \"groupChat\", \"groupRadio\", " !="rfailMission = 'failMission'" !="rfailMissioncode = compile preprocessFileLineNumbers (BIS_PathMPscriptCommands + 'failMission.sqf')" !="rfailMissioncode={diag_log(\"WARNING illegal RE rfailMissioncode with args:\"+str(_this));};"