[L4D2] Exploiting Death Timer Detection?????

[CanadianJeff]

could such a thing be added into LIL AC

https://forums.alliedmods.net/showthread.php?p=2753818

[J-Tanzanite]

Could you explain in more detail what this is about?

[CanadianJeff]

how is this not self explained??????

when an infected player dies start a timer

when they respawn again say time elapsed (example BOB RESPAWNED IN 22 SECONDS)

stop the timer and reset it back to 0 rinse and repeat

EDIT

if said player gets to become the tank stop the timer on that player

[azalty]

J-Tanzanite probably doesn't play L4D2, so do I. I wasn't even aware that this exploit existed. I am not even aware of how the infected game mechanics work.

We don't want to let cheaters play, we want to be sure of what we do, and make sure not to ban any innocent.

[CanadianJeff]

people are finding ways to skip the timer well they are dead allowing them to spawn again almost instantly and I want it stopped

[theletterjwithadot]

Isn't this what you are looking for?

[J-Tanzanite]

Azalty is completely right; I don't play L4D2, hence why I don't know the game mechanics or limitations players are supposed to have, this if why I asked for more details.

---

people are finding ways to skip the timer well they are dead allowing them to spawn again almost instantly and I want it stopped

Oh I see, so that's what's going on.

Isn't this what you are looking for?

So I guess that's how it's done... Probably the solution @CanadianJeff needs :)

---

Honestly, with how long this issue was quiet, I was about to close it due to lacking more information and replies... Good I waited a day extra :P

[CanadianJeff]

@theletterjwithadot

that is not how they are doing the exploit that patch prevents people from going into spec mode and skipping the death timer which only applies on ZONEMOD servers but does not actually apply to vanilla servers or my server

and yes I have that plugin on my server and they are still able to spawn before the timer is up hence why I want a detection plugin created

im not really looking to talk about this exploit I just want it !@#$ing stopped is that too much to ask

[J-Tanzanite]

Language, please... :(

Unfortunately, yes; that is too much to ask. If you want to get something new (and unheard of, for the developers) added to a project, you do kinda have to talk about it to explain the situation properly... Otherwise, we won't be able to add exactly what you're asking for.

Keep in mind, we cant just add something blindfolded, untested and hope it only catches cheaters/exploiters and doesn't affect legit players. We do have to understand the situation properly before doing anything.

---

Now, I can think of a bad way to fix this.

1. When an infected player dies, start a timer for how long it's supposed to take before they can respawn (I need to know if the time it takes is hardcoded (always the same value) or if it's dynamic and changes).
2. If they spawn before the timer, block their input until the timer is over.

Doing this would work, and shouldn't (theoretically) affect legit players, as they wouldn't respawn before the timer anyway. And players who do exploit the timer, would be frozen for a little while before they are allowed to move again.

It's not an elegant patch, as they would still be able to respawn before they are supposed to (Since I don't know exactly how the exploit is done, I can't block it). But when they do, they'd be stuck for a little while, making the exploit useless.

I'm not sure I would add this directly to Lilac, since you're the first (and only) person I've met who has asked for this... So I would probably just have this be a separate plugin.

[CanadianJeff]

the time it took you to write all that could have had this done and implemented by now which just proves my point no one wants to see this exploit fixed or detected

no one else is talking about it because they dont want to see it fixed

[kol00]

im not really looking to talk about this exploit I just want it !@#$ing stopped is that too much to ask

the time it took you to write all that could have had this done and implemented by now [..]

What a crap attitude to have. Nobody is talking about it because it probably affects a small amount of players. IMO it is outside the scope of this plugin.

J-Tanzanite does a fantastic job offering up time to provide an open source plugin for common exploits that Valve refuses to address. Demanding things that you deem to be critical and think are easy to implement won't get you far.

[J-Tanzanite]

I think me talking to you about this (despite how rude and impatient you've been) to clear things up and getting feedback for my bad suggested fix, is proof of me wanting to get this fixed... If I didn't care, I would have closed this long ago... Instead of keeping this issue open for two months and responding to you now...

Plus, again, I don't play L4D2, so my only way to get useful and necessary feedback about this exploit is through you - since you're the only one who seems to know about it (That I know of).

The fact I can't just magically button smash my keyboard and produce a perfect patch with a plugin without any testing or confirmation from you, doesn't mean I don't want to fix it. But your attitude is actually so awful, that you're kinda shooting yourself in the foot... :/ And despite that - I'm still willing to help.

I still need to know how long the respawn timer is tho... Still need a reply about that... I'll see if I can get anything done today, although I doubt the plugin will work, since I literally can't test it (Don't have L4D2, and I don't have a server to test with).

[theletterjwithadot]

@theletterjwithadot

that is not how they are doing the exploit that patch prevents people from going into spec mode and skipping the death timer which only applies on ZONEMOD servers but does not actually apply to vanilla servers or my server

and yes I have that plugin on my server and they are still able to spawn before the timer is up hence why I want a detection plugin created

im not really looking to talk about this exploit I just want it !@#$ing stopped is that too much to ask

Correct me if I'm wrong but, what you're saying is that there is an exploit where players can spawn their SI even before the respawn countdown ends on L4D2?

What do you mean by vanilla servers? Valve L4D2 servers? I have the plugin set to load on all match modes and normal versus too and have never encountered such an issue where the player can spawn before the spawn timer is up.

This feels more like a 3rd party cheat program that was used rather than an exploit, unless you could show a proof of concept of how the exploit was executed? Maybe that would help?

[CanadianJeff]

@theletterjwithadot

as clearly stated on ALLIEDMODDERS by Marttt

"ITS AN SV_CHEATS BYPASS"

do people like...... not read?????????

im pissy about this because almost every versus lobby I joined for the past week alone seems to have aimware/esp players in them and its getting almost unbearable to enjoy the game anymore

so I attempt to setup my server but they still manage to spawn jockey on top of players (probley via lag switching) and this skipping of the death timer

[theletterjwithadot]

Wow. You must be so far up your ass that you don't seem to even know what you're talking anymore.

Firstly, in your AlliedModders thread, JLmelenchon and not Martt said that it's "Probably just a sv_cheats bypass if it is official." He was just throwing an assumption. He didn't say it IS an sv_cheats bypass

To which you replied "I would imagine that is the case but if it is a sv_cheats bypass they would need to execute a command on the server where my other plugin would detect such a thing......"

Secondly, maybe get your head out of your ass and go fix it yourself, since you seem to be most knowledgeable about this issue and shooting down anyone that's trying to help you out.

Reading doesn't mean understanding. Which you have clearly proven.

[CanadianJeff]

well I guess the only take away from this is to stop playing left 4 dead 2 because clearly EVERYONE (including this new last stand update team) wants to see it burn to the ground

can only cross fingers and toes that back 4 blood and its "STATE OF THE ART" anticheat will put an end to this AIMWARE/ESP trash

gonna unstar and remove this anticheat plugin from my server as it was hardly doing anything useful

atleast for the time being SMAC (Sourcemod Anticheat) seen here https://github.com/Silenci0/SMAC even with its false positives has been semi decent

[SirPlease]

I think me talking to you about this (despite how rude and impatient you've been) to clear things up and getting feedback for my bad suggested fix, is proof of me wanting to get this fixed... If I didn't care, I would have closed this long ago... Instead of keeping this issue open for two months and responding to you now...

Plus, again, I don't play L4D2, so my only way to get useful and necessary feedback about this exploit is through you - since you're the only one who seems to know about it (That I know of).

The fact I can't just magically button smash my keyboard and produce a perfect patch with a plugin without any testing or confirmation from you, doesn't mean I don't want to fix it. But your attitude is actually so awful, that you're kinda shooting yourself in the foot... :/ And despite that - I'm still willing to help.

I still need to know how long the respawn timer is tho... Still need a reply about that... I'll see if I can get anything done today, although I doubt the plugin will work, since I literally can't test it (Don't have L4D2, and I don't have a server to test with).

I admire your patience and attitude, but don't bother with this. CanadianJeff is a spoiled child and seems to not care for anyone else's opinion but his own, he's even been banned from the AlliedModders discord for his behaviour and delusional comments.

The issue he's reporting might exist and it might not, but in my 11 years of experience with Left 4 Dead 2 I've never seen anyone actually use this or anything similar. Don't let it get to you.

[CanadianJeff]

SirPlease is a selfish prick that doesnt like to give credit where credit is due I found exploits in a plugin that was being used and shared on his very own github page and he turns around and does not even credit me instead credits someone else

SirPlease is also the very group where people who like to join other peoples servers and use said exploits I have a long list of about 6000 people all members of this SirPlease group who all use lag switches wallhacks aimbot hacks etc

seems to be a trend with the left 4 dead 2 community

me and some dude named Dustin several years ago found out that the helms deep reborn workshop addon started to include malware inside of the addon files but only a few months after we found the malware some dude name Jaiz took all the credit

SirPlease barely has maybe 7000 hours played on L4D2 well I have over 17,000 and have friends with close to the same

[CanadianJeff]

Left 4 Dead 2 is basically lost the the aimware/esp using Lewd4Dead weebs

dont even know why I even bother with this trash anymore

just now joined a random public OFFICIAL VALVE server 3 people using aimbot all from the SirPlease group

[azalty]

In order for you guys to stop acting like morons, I'll fix that.

You know what? I am a Aimware user too. I'll try to replicate this, though last time I checked, it wasn't a feature in that cheat.

If it's a sv_cheats bypass: Enable the cvar part of lilac, it bans players that have a sv_cheats that differs from the server's value

If it's another exploit, the part we want to look at is those 2 hidden cvars:

z_ghost_delay_max z_ghost_delay_min

According to the AM forum, these are default cvars, and I assume the respawn time is a random integer between these two

Fix: create a global handle for each players (which is null). Create a timer when a player is infected that lasts for z_ghost_delay_min (or this cvar's value - 0.1 to prevent time problems and similar things).

If a player respawns and his global handle timer isn't null, this means the timer is running, and the player used an exploit.

We could also do it by storing a global variable for each player that is just the timestamp at which the player was infected. When the player respawns, check if (clientVar + cvarIntValue - 1) > GetTime() and ban/take actions if that is the case.

I could write this, or @J-Tanzanite could, but I think they have enough of your behavior.

The reason I'm proposing to do that is that it could help others. Ofc, you'll have to test it and show us if it works or if it doesn't.

[CanadianJeff]

oh I will test it

also thanks for stepping forward and helping its not like I see SIRPLEASE himself fixing this issue because it does not exist on his servers but DOES exist on other peoples servers and vanilla valve servers

[J-Tanzanite]

So... This has probably been the most interesting and hilarious issue I've ever had on Github. I never expected to see this much chaos or drama in SUCH a short time span. xD

Don't get me wrong, I'm not upset or anything, I'm just bewildered ._. Also, for the record, I know that when people get upset or angry, they'll tend to say or do things they don't mean. Hence why I'm not upset at anyone here; everyone gets upset every once in a while, not much you can do about it.

But the drama at the end... That took my by surprise xD But could we all just agree to stop calling each other names? Please, it's not productive, and doesn't help the situation. :)

---

As for the issue itself; Yeah, it makes sense that @azalty would look into patching it, since he can investigate this (Has a cheat, is familiar with the game (More than me at least) and probably has a server).

And:

I could write this, or @J-Tanzanite could, but I think they have enough of your behavior.

I admire your patience and attitude, but don't bother with this [...] Don't let it get to you.

Don't worry, I don't take these things personally. And I haven't had "enough" with anyone, like I say above - these things happen. :)

But yeah, it makes sense that you @azalty do this. Still unsure if this should be in Lilac itself, try making it a separate plugin, and if enough people want it implemented, I could accept a PR for it :)

[azalty]

@J-Tanzanite I have a csgo server, I'm not familiar at all with L4D2. I might have played like 2h maximum

If you find any info about this exploit, please ping me

I think I'll write an experimental method and I'll need people to test it. I honestly have no idea of how to pull it off. If anyone can provide a test server, or can try to replicate it, it would be very useful

[Psykotikism]

This was an interesting shitshow to read (specifically just canadianjeff's comments).

Very often he finds some "exploit" to bitch about that nobody else has even heard of. You can't even shield it with the "The Last Stand Update from September 24, 2020 introduced this exploit" excuse because a lot of the time he makes a bold claim that the exploits he reports have been around for a long time.

You know your social and communication skills suck when you can't even properly explain how the exploit is done and have to resort to condescending and rude remarks just to have some kind of response.

Pathetic but hilarious.

@J-Tanzanite @azalty Feel free to reach out to me or anyone else in the L4D/L4D2 community if you have any questions regarding game mechanics. They're pretty basic and don't require a degree from Harvard to explain, despite how canadianjeff might make it seem that way.

[SirPlease]

Things to keep in mind:

1.

z_ghost_delay_max z_ghost_delay_min

According to the AM forum, these are default cvars, and I assume the respawn time is a random integer between these two

2.

z_ghost_delay_minspawn : this Convar controls the bare minimum of ghost time, the fewer players are on the team, the less time a player remains dead. So if a team isn't full, the infected will not have full timers.

3.

Team switches/new players joining. This will not only affect the spawn timers, but it will also force you add more and more checks when tracking.

4.

This one is related to what CanadianJeff posted in his initial thread, saying that the plugin he's referring to in the thread prevents players from skipping the deathtimer by switching to spectator mode, which isn't possible on vanilla servers. Players are able to skip part of their deathtimer by default, when players enter a "frozen" state after dying they linger for a bit until they get told what their remaining spawn timer is, you can shorten the length of this frozen state by pretty much doing anything (Pressing jump/reload/attack, etc)

---

In conclusion, there's "tons" of stuff factoring into this, and unless you're seeing players being able to spawn immediately or having noticeably more spawns than the rest of their teams, I once again have to come to conclusion that this is not a cheat. It's an exploit at best, and even that is a stretch. (Unless pressing basic buttons while dead is of course something that shouldn't be possible)

[CanadianJeff]

@azalty

you said you have a copy of AIMWARE??????

as I do NOT have a copy of AIMWARE/ESP I would be honored to see how much of it is actually detected with LILAC/SMAC running on a L4D2 server

I have 0 intentions on giving the AIMWARE/ESP devs a single penny from my pocket to try out hacks designed for 12 year olds seeing that I have managed to play L4D2 for well over 15000 hours without the need of 3rdparty trash software I see no reason to buy it now

and if the answer is no you do not wish to be bothered with it..... well like I said................ L4D2 and its garbage community can just go ahead and rot

they are soooooooooooooooooooooooo desperate for new players the game has gone on sale for $2 atleast 8 times in the past year alone and each time it does it just gets flooded with cheaters

just cant imagine a bunch of try hards saying that a game thats valued for under $5 has no cheaters on it just blows my mind

[theletterjwithadot]

@theletterjwithadot

you said you have a copy of AIMWARE??????

as I do NOT have a copy of AIMWARE/ESP I would be honored to see how much of it is actually detected with LILAC/SMAC running on a L4D2 server

I have 0 intentions on giving the AIMWARE/ESP devs a single penny from my pocket to try out hacks designed for 12 year olds seeing that I have managed to play L4D2 for well over 15000 hours without the need of 3rdparty trash software I see no reason to buy it now

and if the answer is no you do not wish to be bothered with it..... well like I said................ L4D2 and its garbage community can just go ahead and rot

they are soooooooooooooooooooooooo desperate for new players the game has gone on sale for $2 atleast 8 times in the past year alone and each time it does it just gets flooded with cheaters

just cant imagine a bunch of try hards saying that a game thats valued for under $5 has no cheaters on it just blows my mind

It isn't me that that spoke about aimware, it's azalty.

do people like...... not read????????? - @CanadianJeff

[azalty]

@CanadianJeff I do not care about your opinion on Aimware or on the game. We're here to fix a potential exploit, so please keep these kind of things for yourself.

Also please open this issue. Else, if someone else wants to open a fresh new issue that describes better the problem, do it :)

@SirPlease thanks a lot for these infos. Is it possible for players to respawn in less time than the min value the cvar is set to?

I would also really like a recording of a player being infected and respawning (as well as one where you press a key to exit that "frozen" state, to see if it actually removes some time, and wether or not the respawn timer starts when you die or when the time left is displayed)

That's a lot of info, but the more we have, the better we'll understand how it works and how to fix it.

[azalty]

z_ghost_checkpoint_spawn_interval : 30 : Interval for spawning special zombies while survivors are in the checkpoint

z_ghost_finale_spawn_interval : 20 : Interval for spawning special zombies during the finale

found that there: https://github.com/Stabbath/L4D2-Decompiled/blob/master/Misc%20Stuff/commoncvars.txt#L478

[CanadianJeff]

so an aimware user is thanking a community owner full of aimware users............ again why am I not surprised by this?????????

also the cvars of

z_ghost_delay_min z_ghost_delay_max

are hardly a secret in fact they are ignored all together based on the number of human players there are in the match

for example if you set both min and max to 14 you might have a spawn timer of 3 seconds if you are playing solo infected

here are the cvars on MY server

sm_cvar z_ghost_checkpoint_spawn_interval
[SM] Value of cvar "z_ghost_checkpoint_spawn_interval": "30"
sm_Cvar z_ghost_finale_spawn_interval
[SM] Value of cvar "z_ghost_finale_spawn_interval": "20"
sm_cvar z_ghost_delay_min
[SM] Value of cvar "z_ghost_delay_min": "20"
sm_cvar z_ghost_delay_max
[SM] Value of cvar "z_ghost_delay_max": "30"

find z_ghost_
"z_ghost_checkpoint_spawn_interval" = "30"
 game cheat
 - Interval for spawning special zombies while survivors are in the checkpoint
"z_ghost_delay_max" = "30"
 game cheat
"z_ghost_delay_min" = "20"
 game cheat
"z_ghost_finale_spawn_interval" = "20"
 game cheat
 - Interval for spawning special zombies during the finale
"z_ghost_spawn_in_start" = "0"
 game cheat
 - Allow ghosts to materialize while players are in the start area
"z_ghost_spawn_interval" = "60"
 game cheat
 - Interval for spawning special zombies
"z_ghost_speed" = "450"
 game cheat replicated
"z_ghost_travel_distance" = "1000"
 game cheat
 - Ghosts this far away from survivors in travel distance can materialize regardless of linear distance from survivors

status
hostname: SirPlease SEA #1
version : 2.2.2.0 8267 secure  (unknown)
udp/ip  : 127.0.0.1:27174 [ public same ]
os      : Linux Dedicated
map     : c9m1_alleys
players : 0 humans, 0 bots (4 max) (not hibernating) (unreserved)

# userid name uniqueid connected ping loss state rate adr
#end

[azalty]

for example if you set both min and max to 14 you might have a spawn timer of 3 seconds if you are playing solo infected

why do you complain that people are exploiting if this is a normal feature? It still looks broken to me. Min and max being the same value could be the cause?

so an aimware user is thanking a community owner full of aimware users............ again why am I not surprised by this?????????

I have honestly enough of your bullshit. Dev this anticheat method yourself, I'm out. btw yes I have aw, but that doesn't mean I still use it, and if I do, it's often to test anticheats if you want my opinion, cheating in HvH isn't a bad thing, as long as cheaters play with cheaters

I don't even know this guy.

Anyways, this isn't a place to debate about that. If you have any other fix idea, send it, someone (maybe me) might take a look and write a method. In the meantime, I won't be searching anymore.

[J-Tanzanite]

Sigh... I'm locking this issue. Wish it didn't have to come to this, but it seems this has to be done.