Page MenuHomeFeedback Tracker

[CRITICAL] Ability to remove structures ( trees, buildings, rocks, plants ) by deleting the .pbo files
Closed, ResolvedPublic


Everything is in the summary.

The server will not check ( yet ? ) if your .pbo are in order.

It means that you can delete the .pbo files of your choice and get a game without trees, or specific buildings, which of course is absolutely broken and make encounters even more unreliable than they are actually.

This is a critical issue wich can, and will, lead to huge exploits and should be considered like one.


Legacy ID
Steps To Reproduce
  • Go to your main DayZ standalone directory and look for a folder called addons

( Steam / steamapps / common / DayZ / addons )

  • Remove all the big pbo files ( the ones with like 270kb ) plants2_ files

( plants2_plant, plants2_tree, etc )

  • Reproduce the above step to delete a specific structure

Event Timeline

Klaus255 edited Steps To Reproduce. (Show Details)Dec 20 2013, 6:27 AM
Klaus255 set Category to category:structures.
Klaus255 set Reproducibility to Always.
Klaus255 set Severity to None.
Klaus255 set Resolution to Fixed.
Klaus255 set Legacy ID to 2472158684.May 8 2016, 2:47 PM
R834 added a subscriber: R834.May 8 2016, 2:47 PM
R834 added a comment.Dec 20 2013, 11:55 AM

Also reported at #1948

Good to know, thanks.

Melbo added a subscriber: Melbo.May 8 2016, 2:47 PM
Melbo added a comment.Dec 21 2013, 1:40 AM

This was solved in Arma 2 by setting verifySignatures = 2; in the server config. This simply does not allow people to join without those files.

Will test on our server soon and report back.

drouz added a subscriber: drouz.May 8 2016, 2:47 PM
drouz added a comment.Dec 21 2013, 3:32 PM

Why would anyone downvote this? This exploit needs to be fixed.

Should be fixed in the first new patch

Incredibly severe issue, hope this is fixed soon.

I can confirm this exploit! Should be fixed

Jcdock added a subscriber: Jcdock.May 8 2016, 2:47 PM

I can confirm this also. Pretty major one


Did it work? If so, this should be a mandatory setting for all servers

This needs to be voted up, this must be the most important issue i've seen on here so far.

+1 Needs fixing.

Managed to drop a backpack into a position between two trees where it wasn't accessible because of the trees clipping over it. We don't have tents so was trying to make a temp cache. Removed all trees, and was able to retrieve backpack.
(Trees are all back, btw.) [Didn't matter. Was hit by a server restart and character wiped on reconnect (unrelated)].

Melbo added a comment.Dec 24 2013, 2:43 AM

Well I tried to change our servers config but at the minute they are read only. I've submitted a ticked to see if either they can change it or let the owners of the server change it. Will report back tomorrow as soon as I get a reply.

Sorry for the lack of comms, this Christmas thing isn't all it's cracked up to be!

nollan added a subscriber: nollan.May 8 2016, 2:47 PM

Needs a fix asap!

Melbo added a comment.Dec 24 2013, 3:07 PM

Ok update time.

Our server provider has given us the option of setting a custom verifySignatures = option. We have set it to 2 but in the actual config it reads as verifySignatures = $$sv_pure$$; not verifySignatures = 2; as it should be. I've asked them to change it to that to test with as currently using verifySignatures = $$sv_pure$$; you are still able to join the server without the files.

Melbo added a comment.Dec 24 2013, 5:27 PM

Updated update. Setting verifySignatures = 2; still DOES NOT WORK!

I completely forgot about this but the devs need to add in the correct .bikeys for the .pbo files that the game uses.

Setting verifySignatures = 2; will stop anyone from joining your server.

Nothing we can do to stop this, devs need to go onto this ASAP so vote this up guys.

Bohemia added a subscriber: Bohemia.May 8 2016, 2:47 PM

They locked it to manage the server load. With this option enabled the servers have to check every players files individually which takes considerable power. Hope it will soon be enabled. And that everybody plays fair up till then.

dev0 added a subscriber: dev0.May 8 2016, 2:47 PM
t-s added a subscriber: t-s.May 8 2016, 2:47 PM

Well, DayZ just became unplayable coz of this :(

donlod added a subscriber: donlod.May 8 2016, 2:47 PM

thats just stupid. u are in building and just get shot from outside

Redklaw added a subscriber: Redklaw.May 8 2016, 2:47 PM

There is a way to bypass signature verification that is already going around, people are simply moving the plants / buildings PBOs back into their original folders before joining servers. Since initial asset loading is handled before server side checks and battleye are enabled, neither of these seem to catch this method.

The Bad, i dead 4 Time inside at building, headshot trhough wall -_-

fixed in #4774