The Infamous Dami Returns.

Discussion in 'Trouble Shooting' started by luminoth, May 22, 2016.

  1. luminoth

    luminoth New Member

    Joined:
    Jan 5, 2015
    Messages:
    4
    Likes Received:
    1
    Recently started a server with a few friends, received a few threats from the owners of a (dead) server I used to play on.
    Just wondering if there's any truth to what he's saying. I know some of its bs, not not sure on how much though :p

    "Dami": sup br0 ddoz incoming unless $1000 usd is sent 2 de email as f0ll0ws [email protected] thx
    "Dami": ye I was given $100 usd to wipe your database mate
    "Dami": ye you see I have a great method too
    "Dami": you can try to roll back
    "Dami": but you see
    "Dami": my code will be in your database for a while before it runs
    "Dami": when you roll back, it will just launch again immediately
    "Dami": forcing a complete wipe
    "Dami": lulz
    "Dami": greatest cake in da world
    "Dami": don't ye just luv mysql procedures and the dayz server_monitor lulz so many weakpoints 0mG
    "Dami": o ye best part is the code is sent to a dec array so when you do a search in DB for code, it won't show up lulz, really simple manipulation of the hivext write function for vehicles
    "Dami": ye beacuse of the mods you're using you also have this precise snapping bullshit which compiles string to code
    "Dami": biggest mistake ever lulz
    "Dami": kk send $1000 usd and I'll only do it once
    "Dami": kk and for another $1000 usd, one time only, I will show you how to prevent these very simple exploits that don't require any remote execution lulz


    Before we had this lovely conversation I did a full back up of the server files and sql database.

    Any recommendations? :D
     
  2. Paul Johnson

    Paul Johnson Member

    Joined:
    Jul 10, 2013
    Messages:
    48
    Likes Received:
    0
    options I can think of...

    1 call the cops as that's extortion. Not sure if the amount is enough to wake the cops up or not though.
    you run the server so you got his IP, ARMA 2 GUID which you can get his STEAMID info from that.

    2 ignore him and block his GUID / IP from joining your server, you got a SQL backup plus besides, it's a DayZMod server, you can start over easily.

    3 post your message on Reddit : https://www.reddit.com/r/dayzmod/
    put his name / GUID/ IP in there too and let the community there tear his ass up.

    4 get the DISCORD app, and look for the DAYZMOD channel, join that and tell the DayZ Admins there your story so they can BAN him across all the DAYZMOD servers that are out there as well as dig up a lot of dirt on the guy which then allows them to BAN his friends too.
     
  3. ebay

    ebay OpenDayZ Guru!

    Joined:
    Jan 9, 2013
    Messages:
    828
    Likes Received:
    296
  4. luminoth

    luminoth New Member

    Joined:
    Jan 5, 2015
    Messages:
    4
    Likes Received:
    1
    Thank you very much Paul and Ebay!

    Plenty of people know of him already has a pretty bad reputation, hes in infistar's blacklist and already banned from most of the epoch forums for posting others code claiming to be his own.

    Ive never seen him join our servers as his ping would be too high. (He's in America, Server is based in Australia.)
    But ill have a look to the logs when i get a chance to double check,

    Thank you for the advice :D
     
  5. ShootingBlanks

    ShootingBlanks OpenDayZ Guru!

    Joined:
    Mar 31, 2013
    Messages:
    2,424
    Likes Received:
    336
    I see a few faults in this that would make me question the authenticity of the threat.

    Dami is in America? We dont say "mate".

    there is no [email protected] account.
    [​IMG]

    To wipe your database from a dayz server they need to be able to use a child:999 call .. which is (I believe) still available in Epoch. So, yes, it could be done. I dont see how anyone can execute any commands on your database without running child:999 as the hiveext.dll is hard coded to perform specific reads/writes except for 999 which passes custom sql. I am sure others know better than me, but I see no way that the server_monitor or any other script could translate a "dec" array into the string required to execute the sql call. So IMHO, the described method is not a valid threat. The call compile of the worldspace select 0 just reads the info into a executable code. So the Call command would have to execute a child:999 or the hiveext.dll would not pass it to the mysql server. There MUST be a child:999 string somewhere (or injected) for this to work that you could search for.

    Please anyone correct me if I am wrong.
     
  6. luminoth

    luminoth New Member

    Joined:
    Jan 5, 2015
    Messages:
    4
    Likes Received:
    1
    Thank you ShootingBlanks :D
    If I'm reading this correctly you're saying that if he has used the method mentioned, there would be away for me to find it in my database?

    This is why i love this community, so many of you always go above and beyond to help someone and are always happy to share knowledge.

    I'm not fussed if the threat is real as the server is only a week old and we only have about 15 players.
    Ive made back up, after back up of both server files and SQL while setting up the server, and the players have been notified of the threat and they don't mind rolling back if it comes to that.
     
    Last edited: Jun 3, 2016
  7. ShootingBlanks

    ShootingBlanks OpenDayZ Guru!

    Joined:
    Mar 31, 2013
    Messages:
    2,424
    Likes Received:
    336
    Yes, that is my *OPINION*. The sql must be in string format and therefore searchable and readable. .. As I said, if anyone thinks that it can be done as described, please correct me asap and let us know how it would be accomplished.
    He was affiliated with Infistar at one point I believe, co-developer of the Antihack and if you are to believe Doogem, co-copy/paster ... Of course, the source has to be taken into account ..
     
  8. ebay

    ebay OpenDayZ Guru!

    Joined:
    Jan 9, 2013
    Messages:
    828
    Likes Received:
    296
    Here is an example:
    *snip*

    This would be noticeable in object_data if you sorted by worldspace though. There would be an unusually long and out of place worldspace.

    Unfortunately, security is usually an after thought for Arma modders. There are probably similar vulnerabilities in other popular mods that no one will notice unless they are looking for them. This one is fixed if you just update to v1.0.5 though.
     
    Last edited: May 31, 2016
  9. ShootingBlanks

    ShootingBlanks OpenDayZ Guru!

    Joined:
    Mar 31, 2013
    Messages:
    2,424
    Likes Received:
    336
    I understand the method he discusses that he will put code into the worldspace which is then "call compiled". But he specifically said he was going to delete the database and it would be undetectable. THAT is what I believe is not possible. Just like the code you pasted, it will have to be in a readable string and therefore it would be simple to search the database for suspicious code.
    To completely destroy the database would require a child:999 running "drop tables" call imho, I get your code where you delete all the objects and then when the server updates occurs they will be removed from the database. Either way, the code would have to be in a readable and searchable string, Do you agree?
     
    FallingSheep likes this.

Share This Page