Need Help Sv_pure 1 with a proper whitelist (NEED SOMEONE TO TEST WHITELIST)

[Stachekip]

Edit: Whitelist needs testing. If anyone can quickly test this on a server and let me know if it works, please do so.

I don't disapprove of sv_pure 1 because it stops people from using undetected wallhacks and replacing the Spy decloak sound. The problem with it is that no one makes a proper whitelist for their servers, meaning people can't even use skins that don't give an advantage over others(such as viewmodels, certain player models, and the health meter).

I think the servers should have a whitelist that allows all skins EXCEPT ones that can produce wallhacks and replace the Spy decloak sound.

This is the whitelist:

Whitelist
{
Whitelist
{
    //
    // 3 modifiers are allowed on file specifications:
    //
    //    from_steam        - only check the Steam cache for the
 
file (ignore anything on disk)
    //    allow_from_disk        - allow the file to come from disk
    //    check_crc        - used with allow_from_disk - server does
 
CRC checks on the client's file to make sure it matches
    //
    //    The default modifier on all files is allow_from_disk.
 
Thus, all files can come from disk and don't need CRC checks unless
    //    allow_from_disk can be set at the same time as check_crc.
 
Use the + character in between them to signify this:
 
allow_from_disk+check_crc.
 
 
    //
    // Three types of file specifications:
    //
    //    1. directory\*.*    - refers to all files under the
 
directory
    //    2. directory\...    - refers to all files under the
 
directory and all directories under that (recursively)
    //    3. directory\filename    - refers to a single file
 
 
    //
    // By default, when in pure server mode, most content file types
 
are only allowed to come from Steam.
    //
    materials\...            from_steam
    models\...            allow_from_disk
    sound\...            allow_from_disk
 
 
    //
    // Allow custom player models. Don't do CRC checks on them
 
because the clients may all
    // have different custom models and the server won't have them
 
all.
    //
    models\player\...        allow_from_disk
    materials\models\player\...    allow_from_disk
 
 
    //
    // Allow custom spray decals.
    //
    materials\temp\...        allow_from_disk
    materials\vgui\logos\...    allow_from_disk
    materials\vgui\logos\ui\...    allow_from_disk
 
 
    //
    //Unblocked content:
    //
    materials\models\buildables\... allow_from disk
    materials\models\player\...    allow_from_disk
    materials\models\weapons\...    allow_from_disk
    materials\models\items\...      allow_from_disk
    materials\models\flag\...      allow_from_disk
    materials\console\...          allow_from_disk
    materials\particle\...          allow_from_disk
    materials\Particles\...        allow_from_disk
    materials\sprites\...          allow_from_disk
    materials\props\...          allow_from_disk
    materials\Effects\...          allow_from_disk
    materials\signs\...            allow_from_disk
    materials\HUD\...              allow_from_disk
    materials\Tile\...              allow_from_disk
 
    //
    //Blocked Content:
    //
    sound\player\footsteps\...                    from_steam
    sound\player\spy_uncloak.wav              from_steam
    sound\player\spy_cloak.wav                from_steam
    sound\player\spy_disguise.wav            from_steam
    sound\player\spy_uncloak_feigndeath.wav    from_steam
    materials\Effects\sniperdot.vtf            from_steam
    materials\Effects\sniperdot_blue.vtf      from_steam
    materials\Effects\sniperdot_red.vtf      from_steam
    materials\HUD\scope_sniper_ul.vtf          from_steam
    materials\HUD\scope_sniper_ul_dx80.vtf      from_steam
    materials\water\...                      from steam
    materials\wood\...                        from_steam
    materials\concrete\...                    from_steam
    materials\metal\...                      from_steam
    materials\nature\...                    from_steam
 
}

 

[Shiny Charizard]

How about the footstep noises?

Potentially abusable (track others easier) so he left it out

 

[Stachekip]

How about the footstep noises?

Already blocked by the whitelist. C:

I think this is a very good whitelist. It blocks everything people can replace to cheat, and as I said before, it was created by a huge group of users brainstorming the perfect whitelist.

 

[Steak]

i would ask for a double check from like allied modders or the server forums from steam

 

[ModSe7en]

Already blocked by the whitelist. C:

I need to read more. This really needs to be in. Right now.

 

[Stachekip]

i would ask for a double check from like allied modders or the server forums from steam

Not entirely sure what you mean.

 

[Steak]

asking one friend and a handful of people on one gaming site is not the type of proof im sure bott would take as conclusive i was suggesting to go check with some of the more technical forums relating to whitelists

 

[Shiny Charizard]

asking one friend and a handful of people on one gaming site is not the type of proof im sure bott would take as conclusive i was suggesting to go check with some of the more technical forums relating to whitelists

You never heard of Shugo, have you?

 

[Steak]

reguardless of who he may be 1 person is never going to beat the collective knowledge of a large group of informed people

 

[Shiny Charizard]

reguardless of who he may be 1 person is never going to beat the collective knowledge of a large group of informed people

It's not a good idea to use the word "never", because this statement historically has been wrong at times :3

 

[Steak]

1 person is never going to be smarter then the collective

 

[Shiny Charizard]

1 person is never going to be smarter then the collective

t..

It's not a good idea to use the word "never", because this statement historically has been wrong at times :3

Back on topic:

The whitelist was created from an entire Steam forum thread brainstorming the perfect whitelist. It doesn't use the method I did(blacklisting), and basically does exactly what I did with my blacklist. It blocks the same things(Spy sounds, sniper scopes, etc.) but also blocks map materials.

 

[Stachekip]

People need to look at it before I put it in. If there is a problem with it, it will take a reboot to load a new one.

Doesn't the whitelist also update at map change?

 

[Shugo]

Okay, so Stachekip has been begging me to weigh in on this to help convince you guys to adopt a better pure whitelist. After reading over the thread, it seems Steak doesn't trust me and I'm usually not one to throw my credentials around, but I have worked with Valve on a few occasions; my work has been included in updates in the past. I'm also a respected Facepunch member and TF2 modder. I'm also a developer for TF2B. I've been pulling TF2 apart for years and I run my own fairly popular server which has had zero cheater problems throughout the two-ish years it's been running and I run sv_pure 0, not this silly sv_pure 1 crap; sv_pure is for paranoid people and tournaments...and I'll explain exactly why:

-The default whitelist is shit; stop using it immediately. Valve has only updated it once in the entire four and a half years that TF2 has been out, and it still sucks. You have to realize that Valve is pretty poor at coding and cleaning up their own game; I have an enormous list of things that I've been begging Valve for years to fix, and some of the things on that list are bugs from 2007. As much as I love them, Valve is one of the worst clean-up developers in history. They fix only the integral bugs and leave the rest for another day (i.e. never).

-The whitelist that Stachekip proposed is as perfect as it gets, and should dispell all possible mod-based exploit fears.

-Blocking sound mods that supposedly give an advantage is dumb; a serverside script already controls the sound volume for every sound in the game. The only sounds that a user can modify are clientside sounds, i.e. sounds that your own weapon makes, not sounds that other people make in the in-game world. Blocked sounds under sv_pure 1 still play anyway, albeit garbled and ironically possibly louder due to corruption. I always see people whine about sound mod advantages, and every time those are people who have never actually tried to do it themselves. It doesn't work.

-Valve killed the ignorez exploit many updates ago; basic mathacks no longer work without further hacking (which is beyond sv_pure's control).

-Even if they did work, your existing default whitelist actually provides for mathacks anyway, because it allows for custom player models/materials:

        models\player\...                      allow_from_disk
        materials\models\player\...    allow_from_disk

-The sv_pure whitelist is reloaded on every map change; you do not need to stop and restart the entire server just to implement a whitelist edit.

And there you have it. Sv_pure 1 is a broken piece of shit and has been ever since its inception. It was implemented with good intentions, but ultimately the only pure level that works is sv_pure 2, and that's only intended for tournaments these days. Ignorez as an exploit is dead; the game engine now has an internal blacklist that disallows ignorez on all files relevant to mathacking. There are actual hacks that can get around it, but sv_pure can't deal with those. If people really want to cheat on your servers, they will. Sv_pure does nothing against real cheaters; only vigilant admins with a swift banhammer can.

 

[Bottiger]

-Blocking sound mods that supposedly give an advantage is dumb; a serverside script already controls the sound volume for every sound in the game. The only sounds that a user can modify are clientside sounds, i.e. sounds that your own weapon makes, not sounds that other people make in the in-game world. Blocked sounds under sv_pure 1 still play anyway, albeit garbled and ironically possibly louder due to corruption. I always see people whine about sound mod advantages, and every time those are people who have never actually tried to do it themselves. It doesn't work.

Ok I confirmed that the maximum volume is controlled by tf2.

-Valve killed the ignorez exploit many updates ago; basic mathacks no longer work without further hacking (which is beyond sv_pure's control).

-Even if they did work, your existing default whitelist actually provides for mathacks anyway, because it allows for custom player models/materials:

        models\player\...                      allow_from_disk
        materials\models\player\...    allow_from_disk

Yes I know ignorez stops you from making players seeable through walls. But what about making the walls themselves transparent? And you can also remove the sniper scope right?

 

[Shugo]

Yes I know ignorez stops you from making players seeable through walls. But what about making the walls themselves transparent? And you can also remove the sniper scope right?

Doesn't work that way. You just end up with black walls. The people who added the level textures to the whitelist are too paranoid.

You can remove the sniper scope though, yes. But! There are multiple ways to remove it. The obvious method is making the scope texture invisible, which can be blocked by sv_pure 1. However, you could also modify the HUD script to remove the scope, which is not protected by sv_pure 1. Hell, I use modified scripts myself to defeat sv_pure 1 on loads of servers; the folder for sprays is almost always allowed, so I just modify my scripts to point to custom textures that I put in the sprays folder. Not for malicious purposes, of course - I just want custom kill icons in my HUD, lol.

You can defeat sv_pure 1 with this method for a lot of things, actually, which is why I don't even bother with sv_pure 1 on my own server. sv_pure 0 is a lot less trouble. If anyone out there is cheating with the small advantages that you can still get away with without 'real hacking', then I don't notice it and honestly I don't give a damn. It's a public server on an f2p game; nothing anyone does there matters. It's not a tournament with prizes on the line.

 

[KinCryos]

Ok I confirmed that the maximum volume is controlled by tf2.

does that mean that Valve forgot to set a volume for the Frying Pan noises? regarding that problem, is there a way to make a plugin lower the volumes of the wavs in sound/weapons/pan or would it be easier to make that directory allowed in the whitelist?

 

[Bottiger]

There are some text files in tf/scripts called game_sounds.... They seem to control the volume of certain actions though I'm not sure how they work.

 

[Shugo]

They're actually quite simple to mess with. Just find the script related to the type of sound you're trying to change (i.e. game_sounds_weapons), do a ctrl+f for the sound you're trying to change, and then change "volume". Multiple sounds for the same action are grouped together, so for example, all four of the frying pan player hit sounds are grouped together under "FryingPan.HitFlesh". Modifying attributes for "FryingPan.HitFlesh" will change how all four of the hit sounds associated with it act in-game.

Do note that editing these scripts will have different effects depending on if you edited them serverside or clientside. Clientside edits will only work for sounds produced by yourself, i.e. the sounds that your first-person weapon makes or lines that your own character says. It will not affect sounds made in the 'world' unless the serverside script has been edited (which I don't suggest messing with unless you know what you're doing [and you will have to re-re-re-re-implement the changes every time an update hits]). So while you can lower the volume of the frying pan noises for yourself, other people's frying pans will still be as loud as they normally would be. This is why modifying world sounds for a volume advantage, like footsteps or cloaking noises, is pointless; the serverside script is enforced for all world sounds even without sv_pure.

This is getting a bit off-topic though...

 

[Perseus Dash Jackson]

Well...you know...this wouldn't be awful....

 

[Stachekip]

I would like for someone to test the whitelist out on a server to ensure it works properly. The last version of the whitelist apparently caused crashing, and I want to make sure that I've eliminated this issue.