CfgRemoteExec – Arma 3

From Bohemia Interactive Community
Jump to navigation Jump to search
(BattlEye)
Line 49: Line 49:
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:
<code>!="\w+?_fnc_\w+? \[.*\]"</code>
<code>!="\w+?_fnc_\w+? \[.*\]"</code>
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, and instead use functions, as commands need to be excluded individually for BE, while all functions are covered by the above exclusion.
Any attempt to exploit this exclusion using other RE methods like [[createUnit]] will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they need individual BE exclusions, and instead use functions containing _fnc_ in their name, which are covered by the above exclusion.
</ul>
</ul>
</dd>
</dd>

Revision as of 18:07, 17 September 2017

Arma 3 logo black.png1.50

Description

Class containing a list of all scripted functions and commands which can be remotely executed by BIS_fnc_MP / remoteExec / remoteExecCall on server or client machines. Can be defined in Config.cpp or in campaign's or mission's Description.ext. The most local variant is used. See also CfgRemoteExecCommands.

Format

class CfgRemoteExec
{        
       // List of script functions allowed to be sent from client via remoteExec
       class Functions
       {
               // State of remoteExec: 0-turned off, 1-turned on, taking whitelist into account, 2-turned on, however, ignoring whitelists (default because of backward compatibility)
               mode = 2;
               // Ability to send jip messages: 0-disabled, 1-enabled (default)
               jip = 1;
               /*your functions here*/
               class YourFunction1
               {
                      allowedTargets=0; // can target anyone (default)
                      jip = 0; // sending jip messages is disabled for this function (overrides settings in the Functions class)
               };
               class YourFunction2 { allowedTargets=1; }; // can target only clients
               class YourFunction3 { allowedTargets=2; }; // can target only the server
       };        
       // List of script commands allowed to be sent from client via remoteExec
       class Commands
       {
              /*your commands here*/
              class YourCommand1 { allowedTargets=0; jip=0; } // can target anyone, sending jip is turned off (overrides settings in the Commands class)
	};
};


Notes

Posted on January 1, 2016
AgentRev
  • As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1; class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {};
  • For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist.

  • For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.

  • remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output: format ["%1 %2", functionName, str params] The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through: !="\w+?_fnc_\w+? \[.*\]" Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they need individual BE exclusions, and instead use functions containing _fnc_ in their name, which are covered by the above exclusion.