A question on CVAR Detection.

Jonzky · **Author**

I have a question on the potential of detection in this case. The main cheat/hack that people are using now generates random CVARs but they all follow the same trends.

Code:

"azxcasdfewxreqcvar","10      ",,,,,,,,,,,,"DEMO",,"SERVER_CAN_EXECUTE","CLIENTCMD_CAN_EXECUTE",,,""

(The CVAR name has been edited to potentially protect the identity of the person who provided me with it.

All of the CVARs it uses (20+) are flagged as 'DEMO', I am not sure of the reason for this but I assume its deliberate.

Do you think there is any-way/possibility of detection? Though this question is not directly aimed at SMAC its in the same field.

GoD-Tony · 06-17-2011 , 13:43 Re: A question on CVAR Detection.

Quote:

Originally Posted by Jonzky

All of the CVARs it uses (20+) are flagged as 'DEMO', I am not sure of the reason for this but I assume its deliberate.

Do you think there is any-way/possibility of detection? Though this question is not directly aimed at SMAC its in the same field.

I haven't done much research on the Cvar detection stuff, but I don't think it would be possible to query a client's Cvar unless you know the name of it. Even just to check if it exists.

psychonic · 06-17-2011 , 14:02 Re: A question on CVAR Detection.

Quote:

Originally Posted by GoD-Tony

I haven't done much research on the Cvar detection stuff, but I don't think it would be possible to query a client's Cvar unless you know the name of it. Even just to check if it exists.

I believe this to be correct.

There is no way to see client convar flags.

The only convars that a server knows exist on a client are the ones that the client sends values of to the server, either on connect (FCVAR_USERINFO) or in the result of a convar query (only exists if ConVarQuery_Okay or ConVarQuery_Protected, and no value comes with the latter).

The server will also assume that any cvar with FCVAR_REPLICATED will exist on the client.

I don't think that any of this would help with that problem.

Jonzky · 06-26-2011 , 06:41 Re: A question on CVAR Detection.

Ok thanks for the help. I'd assume then lua-based ACs that are able to detect things like the hooks being added and files being included would be needed here. The only bad thing is that any publicly available (lua) AC can be easily bypassed.

Sorry for the delayed response, had a crazy week of exams.

Zephyrus · 06-26-2011 , 12:06 Re: A question on CVAR Detection.

L 06/26/2011 - 17:58:22: Bad CVar response: DsT Zephyrus (ID: STEAM_0:1

508232 | IP: 91.82.147.16

has convar "sv_gravity" set to value "800" (should be "100") when it should equal.

got baned from my own server on a minigame map, only me, nobody else

**KyleS** · 06-26-2011 , 15:17 Re: A question on CVAR Detection.

Quote:

Originally Posted by Zephyrus

L 06/26/2011 - 17:58:22: Bad CVar response: DsT Zephyrus (ID: STEAM_0:1

508232 | IP: 91.82.147.16

has convar "sv_gravity" set to value "800" (should be "100") when it should equal.

got baned from my own server on a minigame map, only me, nobody else

https://forums.alliedmods.net/showthread.php?t=159641

You're not alone