Forum

Quoted from Casual

[…]Hacks exist, they don’t use the neat plugin interface. Getting your dll into the game process isn’t rocket science (and before you ask, VAC can’t and won’t do anything against it simply because it’s a valid feature of windows itself. Example: every overlay ‘injects’ itself somehow into the game, xfire, steamoverlay, mumble, fraps, ….).

Yes, that’s just because VAC sucks, though, and relies too much on files signatures. It’s true that people don’t seem to realize that it’s as easy to make a cheat as a client side plugin.

Quoted from skeej

[…]

You don’t have to, if you’d consider something like this:

– Imaginary ETF2L rule 1.284284179
ETF2L matches have to be played on a server with DBlocker installed, unless both teams agree not to use it, or both teams fail to provide a server with DBlocker installed.

Doesn’t fix everything, does fix something.

I had a slightly changed sounds file as my TF2 crashed while I was recording with the PLDX tool, so I had no announcer sounds ingame. DBlocker kept kicking me. No thanks.

Quoted from Buffalo Bill

[…]

I had a slightly changed sounds file as my TF2 crashed while I was recording with the PLDX tool, so I had no announcer sounds ingame. DBlocker kept kicking me. No thanks.

You’re not supposed to play with custom files in the first place, it should be against the rules as sv_pure is supposed to prevent that, but it doesn’t or didn’t. Otherwise, I could as well say:

“I had slightly changed my walls to be transparent, so I could see through them. DBlocker kept kicking me. No thanks.”

Quoted from broesel

Uuuuh, what if Valve just adds a check while connecting to a server whether the client is running -insecure or not? (Only while VAC is enabled on the server to still preserve the possibility of testing unsigned plugins)

Or could that also be circumvented with a plugin?

I think it already checks for that, but the plugin makes the server think otherwise.

Quoted from konr

Although you saying it’s Valve’s fault and therefore your spoonfeeding is okay is rather stupid. Sure they should care more and reply to emails etc. but you sound like a bitter idiot that’s trying to get back at them by trying to make people attempt to cheat, or something. Just because an exploit is there, it doesn’t mean an AC admin of all people should tell everyone about it.

I am a firm believer in full disclosure. Valve has not listened or cared in the past when notified of exploits which have not been exploited on a large scale. Time has shown that the only way to get them to do anything is to get everyone to exploit the living hell out of it.

https://en.wikipedia.org/wiki/RFPolicy

Quoted from Snyyppis

This was a good move from your part.

Actually, this was a ridiculously stupid move that I made under pressure from others (but that’s not an excuse).

Ratehacks are easily detectable programatically using the contents of your demo alone. By looking at each frame, we can see the actions performed within that frame as individual entities. Not only that, but we can even sometimes see how the actions performed relate to each other. Thus: ratehack detection. There’s no way you can avoid it, so why not reveal the method?

you guys dont know shit

Quoted from octochris

[…]

Actually, this was a ridiculously stupid move that I made under pressure from others (but that’s not an excuse).

Ratehacks are easily detectable programatically using the contents of your demo alone. By looking at each frame, we can see the actions performed within that frame as individual entities. Not only that, but we can even sometimes see how the actions performed relate to each other. Thus: ratehack detection. There’s no way you can avoid it, so why not reveal the method?

But if it can be avoided, full disclosure just gives the people who make hacks more information on how to avoid detection.