Page MenuHomeFeedback Tracker
Create Task
Maniphest T78558

DLL/SO Extension Signature Checks
Acknowledged, WishlistPublic
Actions

Description

DLL/SO Extension Signature Checks
This would help prevent clients tampering with extension / replaced with their own version.

2 Methods i can think of..

1st Method
SQF Code wise, seems like easiest way to add it in.
Without breaking anything...
Also allows servers to have a custom extension

"extension_name" callExtensionCheck "signature_key";
return true/false

2nd Method
In the addon config.cpp, u would need to add the
Signature Key
Extension Name (to prevent client loading up same Extension Name in a different addon directory / arma3 root)

Details

Legacy ID
3355036106
Severity
None
Resolution
Open
Reproducibility
N/A
Category
Feature Request

Event Timeline

Bohemia edited Steps To Reproduce. (Show Details)Aug 9 2014, 2:18 PM
Bohemia edited Additional Information. (Show Details)
Bohemia set Category to Feature Request.
Bohemia set Reproducibility to N/A.
Bohemia set Severity to None.
Bohemia set Resolution to Open.
Bohemia set Legacy ID to 3355036106.May 7 2016, 7:12 PM
dedmen added a subscriber: dedmen.May 7 2016, 7:12 PM
dedmen added a comment.Jul 13 2015, 10:02 PM

The Second Method sounds good... especially because configs have to be in pbos so server that dont allow third-party Mods are also semi safe from people using Extensions for bad stuff. even if i cant think of what bad stuff they could do with clientside extensions.
But... Both Methods are clientside.. And people who can tamper Extensions can also Tamper client-side pbos.
My Idea is bisigns for Dlls.. I Think that would do the Job with most of the code already there.

Senfo added a subscriber: Senfo.Mar 27 2017, 7:04 PM
dedmen added a comment.May 29 2017, 10:32 AM

This get's even more Important with the rise of Intercept and it's Plugins.

dedmen added a comment.Jun 23 2017, 2:28 AM

#chris5790 from Arma Discord got me that Idea.
This could also solve the "Battleye master Server is down and is blocking our Extensions. So we can't use ACRE/TFAR/ACE anymore"
I get messaged a couple times per month with "Battleye blocks my TFAR". I feel like the Bisigns for Extensions could completly replace the Battleye whitelisting process. If servers allow Bisigns for Hacks. We can't do much about it anyway.

dedmen added a comment.Aug 19 2017, 1:41 PM

Intercept just added that yesterday. Code-signed binary and self-signed CA certificate in PBO.
Signature get's grabbed from binary and certificate from PBO (Which is protected by bisign) and if that doesn't match Intecept denies loading the Plugin.

© Bohemia Interactive a.s. Bohemia Interactive® is a registered trademark of Bohemia Interactive a.s. All rights reserved. · Privacy Policy · Terms and Conditions