Just wanted to tap into the vast knowledge that exists on these forums. Background story, pb kicked a player for a hack cvar and I subsequently banned him from the server I admin (Ghostworks). He is proclaiming his innocence of course. Not being a closed-minded individual, I did wonder if there is a way that the 2.60 exploit could have been used to 'frame' an innocent player by writing a hack cvar to his config.
I am not closed-minded and I am concerned that there may be a way to 'frame' innocent gamers. A vulnerability was discovered in the game engine and was being readily exploited in ET and ETDED 2.60 exe, this is the very reason that 2.60b was created and released. The same vulnerability existed in both server and client exe files. Now we know that it was possible for hackers to obtain and change server.cfg files i.e. they had both read and write access. Since the same exploit exists in the client, I'm wondering if it would be possible for an unscrupulous admin to perform the same operation on a client. Unfortunately, such matters are beyond my knowledge, but I do deem it conceivable that in this competitive game, people will play dirty. If I was a dirty bastard with no morals, I might seek to frame members of opposing clans by getting them onto a server I have control of (scrim anyone?), exploiting a bug in the engine that gave me write access on their client, and write in some known hack cvars to their config. Food for thought isn't it?
Would this be at all possible? Note, I deem it highly likely that the player in question was indeed hacking and is doing the usual "I'm innocent" thing. However, I did think about the recent exploit and was hoping that someone here could tell me if it would be possible or not.
There are far easier ways to get a 'hack cvar' on their client, but I don't know of anyone actively framing anyone this way. While it may be possible the player somehow connected to a malicious server without knowing it and without anyone else noticing it after the fact, other than the player in question, the most likely explanation is that the player was hacking.
FWIW I have heard of people distributing their configs with with "hack cvars" in them as a "joke". If you wanted to frame someone in specific, social engineering would be the obvious way "hey check out this config from such and such l33t player!"
Of course, most of the people you find with these cvars set are using a cheat. How you handle that is up to you.
As zinx says, there isn't any reason to bring the remapshader exploit into it, that is by far the hard way for a malicious server admin to accomplish this.
Indeed, like I said, I really dont doubt that this guy was a hacker. However, there have been so many people really crying their innocence recently that I thought I would at least give a token effort towards finding out if it was possible for malicious server admins to force a cvar on a client.
You've told me yes, but there is little point since there are far easier ways of doing it. Cheers, that's pretty much all I needed to know.
I know for a fact that one of my clanmates got had.... he downloaded a cfg from a public website that is no longer available. He didn't know that a cvar can get you in trouble (he was new at the time).
I guess the bottom line is that people should be careful and look out for themselves. But you can't expect every player to know what's at stake until it's too late. pbbans.com adds people to their MBL for bad cvars.... punksbusted.com does not.
Does a cvar make someone guilty beyond doubt? NO WAY! But servers are private and you don't have to prove anything to ban someone from your server.
It's a matter of opinion. If it were me, I'd give him a chance to clean his ET up and return.
