Page MenuHomeFeedback Tracker

Major Engine Vulnerability > RPC Spoofing/Modded RPC's
New, NormalPublic

Description

Over the past 6+ months, Since Mid February, I have been harassed by a hacker. The hacker started off with the "weather hack", editing weather sounds/effects, Spawning Grenades on players, deleting characters & bases. The hacker is now causing servers to freeze, maxing out machine ram/causing a ram leak in DayZServer.exe upon him connecting. The hacker does not need to fully connect for this to cause a crash, only the "Character" name is shown, no ID or any other identifiers are shown...EX:

19:13:00.226 Players: 25 in total
19:13:03.995 [Login]: Adding player Crystal (198976838) to login queue at position 0
19:13:03.995 [LoginMachine]: Add player Crystal (198976838)
19:13:03.995 [StateMachine]: Player Crystal (dpnid 198976838 uid ) Entering AuthPlayerLoginState
19:13:03.995 Server: SetClientState dpid=198976838 id=0 name=Crystal CREATED -> CONNECTED
=======================================================
-------------------------------------------------------
Time: 19:13:04
Exception code: C0000005 ACCESS_VIOLATION at B2C4F92F

We have also seen him spoofing players Steam64ID/GUID/BI ID's.
We have gone through all routes of trying to fix this ourselves but its clear that this is an engine level vulnerability, not a mod, script, or server vulnerability.
This is now my 4th ticket about this hacker and the engine vulnerability he is abusing, 2nd public ticket as my newest private ticket hasnt had a response/comment from a dev or @Geez since it was made on July 27th. That is just not acceptable when there is a vulnerability in DayZ's engine as serious as this.

This is my last attempt to get this fixed, I cannot continue forward constantly being harassed by a hacker who is abusing a vulnerability that I cannot fix. My servers are the LEAST of my worries right now, because if this isn't fixed soon, I will need to shutdown my servers and the hacker will move on to find the next community to destroy. I have spent the past 6+ years supporting this game but now, due to this vulnerability, I have no choice but to move on.

As always let me know if you need information, if you would rather respond to my private ticket here is the link: https://feedback.bistudio.com/T159913

Details

Severity
Major
Resolution
Open
Reproducibility
N/A
Operating System
Windows 10
Operating System Version
Windows Server
Category
Engine
Steps To Reproduce
  1. Hacker Joins
  2. Server Crashes/Freezes/Ram Leaks
  3. Repeat until server/community is dead. :(

OR

  1. Hacker Joins
  2. Weather Hack(Loud rain/thunder noise/freezing to death)
  3. Repeat until server/community is dead. :(

There's probably a LOT more the hacker can do with this RPC Vulnerability. PLEASE GET IT FIXED!

Additional Information

-We have tried asking if you need more information but we never get a response.
-Several DayZ Modders and outside CS Majors have concluded this is an engine vulnerability.
-The fate of the game rests in this getting resolved.

Note: The hacker will probably be posting here & making fun of this attempt to get this vulerability fixed....probably because he knows it may never be fixed.

Event Timeline

Modern is a DDOSer, I wouldn't help him or listen to him bohemia. My servers have gotten DDOSed by Modern multiple times sadly it's not easy to prove but we know it was him.

isxlow added a subscriber: isxlow.Aug 23 2021, 3:16 AM

The issue is that there have been too many hackers allowed to take advantage of this game and the proof positive are the ID10Ts like the above comment. Their only goal is to hurt the player base period. The pettiness of one or two players (hackers) who dont like something ruining it for 100's if not 1000's of players is in it self hateful.

Fix the issues they are abusing so many of us who do play can.

Modern is a DDOSer, I wouldn't help him or listen to him bohemia. My servers have gotten DDOSed by Modern multiple times sadly it's not easy to prove but we know it was him.

Completely false and fabricated excuse by the hacker.

Modern is a DDOSer, I wouldn't help him or listen to him bohemia. My servers have gotten DDOSed by Modern multiple times sadly it's not easy to prove but we know it was him.

Completely false and fabricated excuse by the hacker.

Not the hacker but okay lol. Hope your servers continue to get what they deserve for being a toxic cyst.

Geez added a comment.Aug 23 2021, 1:22 PM

Please refrain from flaming each other in the comment section and keep the discussion relevant to the topic.

Regards,
Geez

As a player from Arma2 DayZ Mod to DayZ Standalone.. I have enjoyed my time playing DayZ on "The Wall". I would hate to see DayZ lose a valuable community. I don't know the exploiters issues with the "The Wall" and I don't care. If "The Wall" falls, these exploiters will just move on to another community and kill them one by one.

Due to the delay in patching this and other exploits, my fear is BiStudios doesn't have the ability to patch them.

Thanks for your time....

Exploiters created Admins........

MarioE added a subscriber: MarioE.Aug 25 2021, 11:58 AM

He is attacking almost every popular server, not just the server of the creator of this issue.

MarioE added a comment.EditedAug 25 2021, 12:00 PM

His main way of messing with servers is exploiting RPCs and sending them with spoofed player identities. when he does it, players get often kicked in mass and then they can't log in because they get this warning


for example in that instance, every player got uncon at the same time

as well, these attacks have been happening for months.

So glad I switched to PS4.

It's a vulnerability on PS4 as well, just no one has bothered to exploit it.

CosmoDayZ added a subscriber: CosmoDayZ.EditedAug 27 2021, 2:16 PM

His main way of messing with servers is exploiting RPCs and sending them with spoofed player identities. when he does it, players get often kicked in mass and then they can't log in because they get this warning


for example in that instance, every player got uncon at the same time

I got this same message playing on 1.13 EXP on 8/26/2021 around 8:30pm - 8:38pm (PST) there was only 2 other players on at the moment. I remember driving and getting alot of lag and D-sync then i crashed my car into a something that wasn't there, couldn't get out of the car or do anything. so i waited until i was kicked and tried joining back and got the same message you showed in your screenshot and once i was able to log back in, The car was facing the other direction on the road into a fence, Not sure if this was a exploit someone did or just pure server lag with my internet lagging at the same time.

@Geez I feel like you should look into this happening on EXP if it's even logged?

very disappointed that theres been no response from devs on this. :(

This comment was removed by modernkilla82.
p4k1tz added a subscriber: p4k1tz.Jan 27 2022, 7:04 PM