Hello folks, first this is not my review about the the BE a.k.a (BattleEye) anticheat.
I just want to show people what is going on and what is it!

THIS PART FORM REDDIT USER CALLED Douggem

Orginal reddit post Link of this post

====(Douggem post and Article)====

Battleye sends files back to the master server from your hard drive if it is
suspicious of you. It sends the whole file path and your IP address.
These are logged on the master server and kept indefinitely.

I've done a lot of reverse engineering work on Battleye.
I've been working on it since 1.204 (it's at 1.215 now for A2OA and DayZ).
If you Google my name and "Battleye decomp", you will find some of my previous decompilations and reverse engineerings of the Battleye module, as well as explanations of how certain scans work and how Battleye is able to detect common hacking techniques.
I also made a post in this subreddit maybe a month ago talking about Battleye's scans and false positives.

When Bohemia's servers were compromised and the source for DayZ standalone was stolen, Battleye's master server was compromised as well. The people that broke into it contacted me to share information on what Battleye had been doing, and sent me screenshots as proof. They found thousands of .log files with IP addresses and dates attached, that appeared to be dumps of processes and modules:

Alot of HEX CODE (advanced you dont need to see this)

Image #1[i.imgur.com]
Image #2[i.imgur.com]
Image #3[i.imgur.com]

You can see INT3/CC padding between functions and make out portions of the header,
as well as obviously see the full file path to the modules and executable.
Battleye has always sent back information to the master server, but usually only a few bytes. For example, in its module scan, it sends back the address of the memory page the detection occurred on if a detection happens:

Image #4[i.imgur.com]

If your client runs a detected piece of Arma script, it sends back the entire script expression to the master server:

Image #5[i.imgur.com]

But it's never done anything like sending back entire modules or executables until it became virtualized. And it doesn't dump the modules from memory - it reads them from disk. And while I SUSPECT that it only sends back modules that detections occur on, since I didn't have access to the logs, only screenshots, I don't know.
Last night I posted this information to a hacking forum, explaining that he was sending back files from users' disks. This morning I received a message from Bastian Suter, which is the

Conversation with BattleEye DEV. named Bastian Suter


Dear Mr XXXXXXX(if that's your real name), seeing that you tried to add me on Skype before and that you just crossed a line, I decided to directly send you a warning.

I would advise you not to associate with the individuals known as "XXXXXX" and "XXXXXXX" in any way as they are being criminally prosecuted for breaking into and stealing information/data from servers owned by Bohemia Interactive.

Should you or anyone else not refrain from sharing or posting leaked information online these persons will be included in the prosecution.

Image #6[i.imgur.com]

He's never spoken to me before this. His threat just made me want to tell people about this dumping more, though, so nice job.

Battleye is actively sending back dumps of entire files,
linked with your IP address, to the master server where they are stored indefinitely. It can send any file that it has access to, and if you run Arma as administrator, that means basically everything. It does so silently and with subterfuge: he did not add this functionality until he started obfuscating the BEClient module.

While Battleye clearly is going over the line by sending files from your hard drives back to the master server and storing them there, in actuality he's probably not stealing your nudes or your bank statements. My hypothesis is that he is only sending back modules and processes in which detections occur, which should limit the scope of what he receives. Assuming he never wants to abuse this (his anti-cheat allows the server to send arbitrary code for execution on the client, and he can send this to specific clients. He can, on the fly, execute whatever code on your computer he wants, and would easily be able to dump any files from a targeted user, or every user using this mechanism) it won't cause much harm. It's still creepy as hell, but he's probably not pilfering through your hard drive.

But it's still something I think everyone should know about, because it's pretty shady behavior overall. We all know it scans every byte of every running process, but I don't think we assumed it would be sending files back from our hard drives.

EDIT: Bastian's response on Skype:
Link of this post - my "threat" (which is actually a warning) still stands, what you and those other individuals are doing is illegal (seeing that you are a not a child you should realize that)

[4:32:51 PM] Doug: Bastian, the people that brok>e into your server broke the law. I am not breaking the law by reporting on what you are doing

[4:33:40 PM] Doug: What might be against the law is sending files from clients' computers to your master server. I'm not sure about that though it might not be.

[4:33:57 PM] Bastian: regarding the actual information, I could care less about anything you stated. This is standard anti-cheat procedure - if VAC does it it's called "advanced" (same as dynamic code execution), if BE does it it's evil.

[4:34:13 PM] Bastian: wrong, it's illegal to release leaked info, which is what you are doing
He's from Germany so take into account there may be a language barrier before you infer anything from his tone or verbiage.

Image #7[i.imgur.com]

READ THIS PART CAREFULLY

Battleye's Terms of Service:
BattlEye will never report any of Licensee's private data (documents, passwords, etc.) to other connected computers or to Licensor. BattlEye will not violate Licensee's privacy.
To be fair, it also says:

BattlEye may scan the entire memory, and any game-related and system-related files and folders on harddisk and report results to the connected game server for the sole purpose of detecting cheats.

Image #8[pastebin.com]

Battleye made an official response confirming what I have said:

Battle eye response on reddit
Battle Eye website[www.battleye.com]

====(My thoughts)====

Okey this is REALLY long documentation. But if you Google the BattleEye or just go a game community that game has The BattleEye, if there is any person that he/she know computers very well he/she comment will be bad becuase of "BE".

Second part of my thoughts:
Im not saying the "BE" is spyware (if you dont know what is spyware you can check form this link)Spyware wiki page[en.wikipedia.org] but the "BE" kind of spyware. Im not saying the "BE" is leaking you personal info, bank statements or other stuff but im not convenient about the "BE" has permission to acces you hardware info even your NUDES (sense of humour dont care serious). And the BattleEye "CAN" collect this info and sent to Master Server. And if im saying if cause thats will be REALLY BIG PROBLEM if the BattleEye get hacked by some one or just a kid, that will be problem for every single person that used the "BE".

Third and last of my thoughts:
Yes i will stop using the BattleEye cause like i said i am not convenient about this spyware crap, i done LOTS OF researchs about "BE" and i found critical infos about this spyware crap.

If you dont want to get leak of personal data stop using "BE" i know popular games using this anti-cheat but every time there is an altranative way to avoid form danger!

====(/My thoughts)====