Page MenuHomeFeedback Tracker

BattlEye scripts.txt issues
New, WishlistPublic


BattlEye scripts.txt not working for files >= 10238 bytes

The number is mysteriously close to 10240 bytes (10 * 2^10 bytes = 10 KiB).

I ran a test with file sizes between 10 bytes and 30 KiB.

scripts.txt did not detect anything between in the [10KiB, 30KiB] range.



Legacy ID
Steps To Reproduce

Put the following two files in your Arma 3 directory.


Both files are identical (10224 bytes in length)

So now you have:

Case 1:

strlen("\Arma 3\x.sqf") = 13 bytes

13 bytes (from path) + 10224 bytes (from content) = 10237 bytes

Case 2:

strlen("\Arma 3\xx.sqf") = 14 bytes

14 bytes (from path) + 10224 bytes (from content) = 10238 bytes

Setup a dedicated server, with BattlEye scripts.txt filter:

1 "hello_world"

Join the server, and run (from debug console):

  • execVM "x.sqf";
  • execVM "xx.sqf";

Notice how scripts.txt does not detect execution of the "xx.sqf" script.

Additional Information

I noticed this while trying to troubleshoot as to why scripts.txt was not detecting anything from this hack:

At first I thought maybe there was something in the script itself that caused scripts.txt to ignore it. However, it seems that it's purely based off how big the file is.

Event Timeline

micovery edited Steps To Reproduce. (Show Details)Nov 24 2014, 7:55 AM
micovery edited Additional Information. (Show Details)
micovery set Category to Multiplayer.
micovery set Reproducibility to Always.
micovery set Severity to None.
micovery set Resolution to Open.
micovery set Legacy ID to 185504733.May 7 2016, 7:52 PM
micovery added subscribers: Killzone_Kid, micovery.

@Killzone_Kid, I see you changed the title of the report. Is the title public?

Were you able to reproduce this? I tried on two different client machines, and scripts.txt did not detect anything in the big files.

Seems like a pretty bad security exposure ... unless I am doing something wrong with my scripts.txt, or some other BE configuration?

I don't know who else knows about this, but hackers out there seem to be inadvertedly making use of the this hole when releasing their hacks as a single large sqf file.

BIS devs ... anyone? crickets, crickets, chirp, chirp.

Yes, when related to another ticket, the title of hidden tickets gets emailed. I haven't tried the repro, sorry.