Also, the string that says that your key isn't valid isn't terminated (ie. They didn't put any \0's after it...) properly, which hides it from your general string search. (Intentional or just bad programming, I don't know!)
(Which is really the wrong way to go about it, in hindsight.)
Also, they wouldn't see the gritty details about that little vulnerability, as it isn't public, MrMedic. (And the offsets were for ArmA 1 as well.)