[canadianjeff]

would it be possible to scan a clients materials temp folder and if these come back as true kick them from the server....

[canadianjeff]

HA imagine VAC actually working

[Bacardi]

When Left 4 Dead games appeared at SteamPipe time, sv_pure hasn't work (maybe since beginning). Also workshop content maybe has give some trouble back then.

What I have tested in other games, sv_pure not check inside VPK files, only loose files and signatured VPK.

Again, on other games, you can restrict with sv_pure 1 & 2 to force clients use only signature VPK files, which server allow.
- Server admin/host can also compile own custom models/files into VPK files using signature/encrypt,
with these specific VPK files player is allowed to use in this (or *these if public key is shared on other servers) server only.
It's like bypass sv_pure check, in that server.
But client need download these files itself, you can't upload from server.
And if we think what bad with this system: Admins are able to cheat in own sv_pure 2 server if they are really


I have also got and tested modified "default CS:S VPK" files, which include transparent walls and bright solid color players, it worked in sv_pure 1 and 2...
- This is not possible unless some one knows CS:S both public_key and private_key to compile signature VPK files.
Or this method has been hacked and some how override to set signature in VPK files.

But back to L4D(2), has this game sv_pure fixed yet ?

[vijayar]

Quote:

Originally Posted by Bacardi When Left 4 Dead games appeared at SteamPipe time, sv_pure hasn't work (maybe since beginning). Also workshop content maybe has give some trouble back then. What I have tested in other games, sv_pure not check inside VPK files, only loose files and signatured VPK. Again, on other games, you can restrict with sv_pure 1 & 2 to force clients use only signature VPK files, which server allow. - Server admin/host can also compile own custom models/files into VPK files using signature/encrypt, with these specific VPK files player is allowed to use in this (or *these if public key is shared on other servers) server only. It's like bypass sv_pure check, in that server. But client need download these files itself, you can't upload from server. And if we think what bad with this system: Admins are able to cheat in own sv_pure 2 server if they are really I have also got and tested modified "default CS:S VPK" files, which include transparent walls and bright solid color players, it worked in sv_pure 1 and 2... - This is not possible unless some one knows CS:S both public_key and private_key to compile signature VPK files. Or this method has been hacked and some how override to set signature in VPK files. But back to L4D(2), has this game sv_pure fixed yet ?

Thanks for your feedback. I see sv_pure set in CSGO servers so assume that they are doing what they are supposed to, if the admin has not tinkered around to bypass. I haven't set up L4D2 so cannot comment much on that ; assumed it might be the same since it is also using Source.

[Bacardi]

I looked yesterday between CS:S, CS:GO and L4D2 vpk files signatures.

Seem Orange Box games (cs:s, tf2, dod:s) has this signature system (I'm like 99% sure),
but CS:GO and L4D2 do not have signature in they vpk files.
I assume, these two games not have same system. Maybe hidden feature ? Dunno.

[canadianjeff]

pretty sure you guys are missing the point here.......... I think this L4D2 visuals aimbot from unknowncheats.me will actually send back fake sv_pure results bypassing the system 100% I know this because I have actually setup a 100% sv_pure server that tested every single file and it still passed and was allowed to play however when I opened it up in ghidra/IDA pro I noticed some new strings that really brought my attention.....
pretty sure alot of these are *cough* *cough* cheat flagged cvars???

[Bacardi]

well, can you see difference (sv_showimpacts) between server and client from log file, with this plugin example ?

PHP Code:

ConVar sv_showimpacts;

public void OnPluginStart()
{
    sv_showimpacts = FindConVar("sv_showimpacts");
    
    if(sv_showimpacts == null) SetFailState("Can't find cvar sv_showimpacts");
}


public void OnClientPutInServer(int client)
{
    if(IsFakeClient(client))
        return;

    CreateTimer(10.0, delay, GetClientUserId(client), TIMER_FLAG_NO_MAPCHANGE);
}

public Action delay(Handle timer, any data)
{
    int client = GetClientOfUserId(data);

    if(client == 0 || !IsClientInGame(client))
        return Plugin_Continue;




    QueryCookie cookie = QueryClientConVar(client, "sv_showimpacts", queryfinished, sv_showimpacts.IntValue);

    if(cookie == QUERYCOOKIE_FAILED)
    {
        LogAction(-1, -1, "%L QUERYCOOKIE_FAILED sv_showimpacts", client);
    }

    return Plugin_Continue;
}

public void queryfinished(QueryCookie cookie, int client, ConVarQueryResult result, const char[] cvarName, const char[] cvarValue, any value)
{
    if(result == ConVarQuery_Okay)
    {
        LogAction(-1, -1, "%L, %s: server=%i, client=%s", client, cvarName, value, cvarValue);
    }
    else
    {
        LogAction(-1, -1, "%L, Failed %s: ConVarQueryResult %i", client, cvarName, result);
    }
} 


[canadianjeff]

I got back some interesting results from this plugin you just made

now I am curious why SirPlease ServerRework github does not check for these convars that are clearly in L4D2 Visuals by redogg

https://github.com/SirPlease/L4D2-Co...tings.cfg#L357

Code:

// Confogl Additional
confogl_setcvars
confogl_resetclientcvars

// Client Cvar Tracking        <cvar>                <hasMin> <min>       <hasMax> <max>
confogl_trackclientcvar        "mat_hdr_level"       "1"      "2.0"       "0"      "0.0"
confogl_startclientchecking

I think they are only tracking for something called "mat_hdr_level" which is kinda stupid and I dont even think that "mat_hdr_level" is even a real convar?????

[Bacardi]

Quote:

Originally Posted by Bacardi well, can you see difference (sv_showimpacts) between server and client from log file, with this plugin example ? ...

Quote:

Originally Posted by canadianjeff I got back some interesting results from this plugin you just made

[canadianjeff]

no secrets to be had here just really pissed that SirPlease server rework never checks for these cvars...

maybe SirPlease wanted people like me to start up Ghidra and find them on our own