Here's some fun facts about source engine's demo system:
* There is no CRC checking against corrupted demo files (not that it matters, CRCs can be recalculated).
* Only 'real' existing convar changes & commands will be recorded, aliases are not recorded (the alias command itself, however, is)
* On demo playback all commands are played back, no checks are done.
This creates several fun opportunities:
Record a demo and enter some placeholder commands (such as
echo aaaaaaaaaaaaaaaa
), open the .dem file with a 'good' text editor (or hex editor), notepad++ should be fine. VERY IMPORTANT! NEVER INSERT OR ADD EXTRA CHARACTERS, ONLY REPLACE EXISTING CHARACTERS! (since demo files are read sequentially this will break demo playback once it reaches your edit ;).
Ctrl-f for your placeholder, press the 'insert' button on your keyboard to turn your insertion cursor into an overwriting cursor (this prevents accidentally inserting characters) and overwrite your placeholder with whatever you want the person viewing this demo to execute. Write '
quit//
' (double slash comments out the rest of the placeholder space) and the person viewing the demo will instantly close their tf2.
If this is all too complex for you, you can get a similar effect by just entering these commands while recording:
sv_cheats 1; thirdperson
. Since we're on an online server, cheats won't turn on and thirdperson is denied. However the person playing back the demo is not in a server! Their TF2 client will happily turn on sv_cheats 1 and go thirdperson! A list of all cheat cvars that can be potentially be exploited like this can be found here: http://pastebin.com/pcNmEqq2
This approach does not let you use commands like quit as they would close your own TF2.
TL;DR: Make your config.cfg read-only before watching a POV from untrusted source to prevent any lasting damage.
Have fun!
Here's some fun facts about source engine's demo system:
* There is no CRC checking against corrupted demo files (not that it matters, CRCs can be recalculated).
* Only 'real' existing convar changes & commands will be recorded, aliases are not recorded (the alias command itself, however, is)
* On demo playback all commands are played back, no checks are done.
This creates several fun opportunities:
Record a demo and enter some placeholder commands (such as [code]echo aaaaaaaaaaaaaaaa[/code]), open the .dem file with a 'good' text editor (or hex editor), notepad++ should be fine. VERY IMPORTANT! NEVER INSERT OR ADD EXTRA CHARACTERS, ONLY REPLACE EXISTING CHARACTERS! (since demo files are read sequentially this will break demo playback once it reaches your edit ;).
Ctrl-f for your placeholder, press the 'insert' button on your keyboard to turn your insertion cursor into an overwriting cursor (this prevents accidentally inserting characters) and overwrite your placeholder with whatever you want the person viewing this demo to execute. Write '[code]quit//[/code]' (double slash comments out the rest of the placeholder space) and the person viewing the demo will instantly close their tf2.
If this is all too complex for you, you can get a similar effect by just entering these commands while recording: [code]sv_cheats 1; thirdperson[/code]. Since we're on an online server, cheats won't turn on and thirdperson is denied. However the person playing back the demo is not in a server! Their TF2 client will happily turn on sv_cheats 1 and go thirdperson! A list of all cheat cvars that can be potentially be exploited like this can be found here: http://pastebin.com/pcNmEqq2
This approach does not let you use commands like quit as they would close your own TF2.
TL;DR: Make your config.cfg read-only before watching a POV from untrusted source to prevent any lasting damage.
Have fun!
here you go anti cheat team sadly all my demos crash, fuck valve of course
here you go anti cheat team sadly all my demos crash, fuck valve of course
any anticheat team can easily check for this lol
any anticheat team can easily check for this lol
Foxany anticheat team can easily check for this lol
Well you could make their job harder by binding all keys to include "sv_cheats 1; thirdperson", eg
bind mouse1 "+attack; sv_cheats 1; thirdperson"
etc.
The solution to view this demo is to enter this before viewing the demo:
alias sv_cheats; alias thirdperson
(same trick movie makers user to stop crossairs changing).
So in the end it's easily preventable.
[quote=Fox]any anticheat team can easily check for this lol[/quote]
Well you could make their job harder by binding all keys to include "sv_cheats 1; thirdperson", eg [code]bind mouse1 "+attack; sv_cheats 1; thirdperson"[/code] etc.
The solution to view this demo is to enter this before viewing the demo: [code]alias sv_cheats; alias thirdperson[/code] (same trick movie makers user to stop crossairs changing).
So in the end it's easily preventable.
Or you could just, you know, have a league-wide rule that says that intentionally corrupting your demos is against the rules.
Or you could just, you know, have a league-wide rule that says that intentionally corrupting your demos is against the rules.
mage24365Or you could just, you know, have a league-wide rule that says that intentionally corrupting your demos is against the rules.
Consider a corrupted demo as a 'missing demo' and apply the rules for not being able to provide a POV. No need for new rules.
[quote=mage24365]Or you could just, you know, have a league-wide rule that says that intentionally corrupting your demos is against the rules.[/quote]
Consider a corrupted demo as a 'missing demo' and apply the rules for not being able to provide a POV. No need for new rules.