Page MenuHomeFeedback Tracker
Create Task
Maniphest T78558

DLL/SO Extension Signature Checks
Feedback, WishlistPublic
Actions

Description

DLL/SO Extension Signature Checks
This would help prevent clients tampering with extension / replaced with their own version.

2 Methods i can think of..

1st Method
SQF Code wise, seems like easiest way to add it in.
Without breaking anything...
Also allows servers to have a custom extension

"extension_name" callExtensionCheck "signature_key";
return true/false

2nd Method
In the addon config.cpp, u would need to add the
Signature Key
Extension Name (to prevent client loading up same Extension Name in a different addon directory / arma3 root)

Details

Legacy ID
3355036106
Severity
None
Resolution
Open
Reproducibility
N/A
Category
Feature Request

Event Timeline

Bohemia edited Steps To Reproduce. (Show Details)Aug 9 2014, 2:18 PM
Bohemia edited Additional Information. (Show Details)
Bohemia set Category to Feature Request.
Bohemia set Reproducibility to N/A.
Bohemia set Severity to None.
Bohemia set Resolution to Open.
Bohemia set Legacy ID to 3355036106.May 7 2016, 7:12 PM
dedmen added a subscriber: dedmen.May 7 2016, 7:12 PM
dedmen added a comment.Jul 13 2015, 10:02 PM

The Second Method sounds good... especially because configs have to be in pbos so server that dont allow third-party Mods are also semi safe from people using Extensions for bad stuff. even if i cant think of what bad stuff they could do with clientside extensions.
But... Both Methods are clientside.. And people who can tamper Extensions can also Tamper client-side pbos.
My Idea is bisigns for Dlls.. I Think that would do the Job with most of the code already there.

Senfo added a subscriber: Senfo.Mar 27 2017, 7:04 PM
dedmen added a comment.May 29 2017, 10:32 AM

This get's even more Important with the rise of Intercept and it's Plugins.

dedmen added a comment.Jun 23 2017, 2:28 AM

#chris5790 from Arma Discord got me that Idea.
This could also solve the "Battleye master Server is down and is blocking our Extensions. So we can't use ACRE/TFAR/ACE anymore"
I get messaged a couple times per month with "Battleye blocks my TFAR". I feel like the Bisigns for Extensions could completly replace the Battleye whitelisting process. If servers allow Bisigns for Hacks. We can't do much about it anyway.

dedmen added a comment.Aug 19 2017, 1:41 PM

Intercept just added that yesterday. Code-signed binary and self-signed CA certificate in PBO.
Signature get's grabbed from binary and certificate from PBO (Which is protected by bisign) and if that doesn't match Intecept denies loading the Plugin.

dedmen changed the task status from Acknowledged to Feedback.Jul 29 2024, 12:01 PM

1st Method

Added with allExtensions command containing signature information.

© Bohemia Interactive a.s. Bohemia Interactive® is a registered trademark of Bohemia Interactive a.s. All rights reserved. · Privacy Policy · Terms and Conditions