CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
(BIS_fnc_debugConsoleExec)
(BattlEye)
Line 42: Line 42:
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_effectKilledSecondaries {};
class BIS_fnc_objectVar {};
class BIS_fnc_objectVar {};
</code>
</code><br/>
<li>For [[Event_Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.
<li>For [[Event_Scripts|initPlayerServer.sqf]] to work, [[BIS_fnc_execVM]] would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.<br/><br/>
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.
<li>For the debug console to be able to execute anything (even locally), [[BIS_fnc_debugConsoleExec]] must be whitelisted. This function only works when its [[remoteExecutedOwner]] is [[admin]], so it is safe to whitelist for everyone.<br/><br/>
<li>remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
<code>[[format]] ["%1 %2", functionName, [[str]] params]</code>
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
<code>!="\w+?_fnc_\w+? \[.*\]"</code>
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, and instead use functions, as commands need to be excluded individually for BE, while all functions are covered by the above exclusion.
</ul>
</ul>
</dd>
</dd>

Revision as of 17:55, 17 September 2017

Arma 3 logo black.png1.50

Description

Class containing a list of all scripted functions and commands which can be remotely executed by BIS_fnc_MP / remoteExec / remoteExecCall on server or client machines. Can be defined in Config.cpp or in campaign's or mission's Description.ext. The most local variant is used. See also CfgRemoteExecCommands.

Format

class CfgRemoteExec
{        
       // List of script functions allowed to be sent from client via remoteExec
       class Functions
       {
               // State of remoteExec: 0-turned off, 1-turned on, taking whitelist into account, 2-turned on, however, ignoring whitelists (default because of backward compatibility)
               mode = 2;
               // Ability to send jip messages: 0-disabled, 1-enabled (default)
               jip = 1;
               /*your functions here*/
               class YourFunction1
               {
                      allowedTargets=0; // can target anyone (default)
                      jip = 0; // sending jip messages is disabled for this function (overrides settings in the Functions class)
               };
               class YourFunction2 { allowedTargets=1; }; // can target only clients
               class YourFunction3 { allowedTargets=2; }; // can target only the server
       };        
       // List of script commands allowed to be sent from client via remoteExec
       class Commands
       {
              /*your commands here*/
              class YourCommand1 { allowedTargets=0; jip=0; } // can target anyone, sending jip is turned off (overrides settings in the Commands class)
	};
};


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1; class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.

  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.

  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[.*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, and instead use functions, as commands need to be excluded individually for BE, while all functions are covered by the above exclusion.