CfgRemoteExec – Arma 3
Class containing a list of all scripted functions and commands which can be remotely executed by remoteExec / remoteExecCall (and BIS_fnc_MP, obsolete) on server or client machines. This can be defined in main config.cpp or in campaign or mission Description.ext.
Format
class CfgRemoteExec
{
// List of Functions allowed to be sent from client via remoteExec
class Functions
{
// RemoteExec modes:
// 0 - disabled
// 1 - allowed, taking whitelist into account
// 2 - allowed, ignoring whitelist (default, because of backward compatibility)
mode = 2;
// Ability to send JIP messages:
// 0 - disable JIP messages
// 1 - allow JIP messages (default)
jip = 1;
class BIS_fnc_aFunction
{
// Remote Execution from clients:
// 0 - allowed on other clients and server (default)
// 1 - allowed on other clients only
// 2 - allowed on server only
// any other value will be treated as 0
allowedTargets = 0;
// overrides the global Functions setting for this function
jip = 0;
};
};
// List of Commands allowed to be sent from client via remoteExec
class Commands
{
mode = 1;
class setDir
{
allowedTargets = 2;
jip = 0;
};
// etc
};
};
Safe Config
This config only allows needed default game functions - see Notes below.
class CfgRemoteExec
{
class Functions
{
mode = 1; // whitelist
jip = 0; // JIP not allowed
class BIS_fnc_effectKilledAirDestruction { allowedTargets = 0; jip = 0; };
class BIS_fnc_effectKilledSecondaries { allowedTargets = 0; jip = 0; };
class BIS_fnc_objectVar { allowedTargets = 0; jip = 0; };
class BIS_fnc_setCustomSoundController { allowedTargets = 0; jip = 0; };
/*
class BIS_fnc_debugConsoleExec { allowedTargets = 0; }; // allow debug console - optional
*/
};
};
initPlayerServer.sqf
If execVM is not in the commands whitelist, initPlayerServer.sqf will not be executed. To have it functional without allowing execVM, use the following workaround through CfgFunctions:
class CfgFunctions
{
class TAG
{
class Category
{
class initPlayerServer { file = "initPlayerServer.sqf"; };
};
};
};
class CfgRemoteExec
{
class Functions
{
mode = 1;
class TAG_fnc_initPlayerServer { allowedTargets = 2; };
};
};
and have it run from init.sqf:
if (hasInterface) then
{
[] spawn
{
waitUntil { not isNull player };
[player, didJIP] remoteExec ["TAG_fnc_initPlayerServer", 2];
};
};
Default Config
This is the default config.cpp entry (obsolete):
class CfgRemoteExec
{
class Server
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
class Client
{
class Functions
{
mode = 2;
};
class Commands
{
mode = 2;
};
};
};
Notes
- Posted on January 1, 2016
- AgentRev
-
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1:
class BIS_fnc_effectKilledAirDestruction {}; class BIS_fnc_effectKilledSecondaries {}; class BIS_fnc_objectVar {}; class BIS_fnc_setCustomSoundController {};
- For initPlayerServer.sqf to work, BIS_fnc_execVM would need to be whitelisted, but that should be avoided at all costs, as it allows hackers to bypass the whitelist. Use this method instead.
- For the debug console to be able to execute anything (even locally), BIS_fnc_debugConsoleExec must be whitelisted. This function only works when its remoteExecutedOwner is admin, so it is safe to whitelist for everyone.
- remoteExec and remoteExecCall are filtered by BattlEye's remoteexec.txt, the string analyzed by BE is formatted the same way as the following example's output:
format ["%1 %2", functionName, str params]
The following remoteexec.txt exclusion can be used to safely allow all whitelisted *_fnc_* functions taking an array as parameter to go through:!="\w+?_fnc_\w+? \[[\S\s]*\]"
Any attempt to exploit this exclusion using other RE methods like createUnit will run into "Error Missing ;" without any malicious code being executed. Mod makers should refrain from remote-executing raw commands from clients, as they require individual exclusions, and instead use *_fnc_* functions taking an array as parameter, which are covered by the above exclusion.
- As BIS_fnc_MP now uses remoteExec, there are some functions spontaneously called by the game core that require whitelisting in order to work if class Functions is set to mode = 1: