Client-side / server-side pk3 requirements? (not identical?)

G0-Gerbil · 2005-09-18 21:24:51 UTC

I thought that the client mirrored exactly the server-side file required - ie when you connect to a server it sends you a list of ‘valid’ PK3 files and you boot up only accessing these PK3s - to prevent the client changing say, unifrom colours to pure red and green etc.

Anyway, I just solved a problem I had whereby me, and me alone, could not snipe. Somehow somewhere I’d downloaded a PK3 that had a replacement shaderfile that included the sniper zoomed graphics - end result was it used a solid black image and hence I couldn’t snipe.

Note this happened on every server I joined after this little beautiful PK3 was downloaded. I eventually realised it was not affecting anyone else (IE I’d spectate someone clearly sniping even though I could only see black), so today I hunted and found the offending PK3, which out of curiosity is called:

etmapcycle.f145cbbf.pk3

useful name eh?

Anyway, my question is this - assuming I’ve been playing on pure servers (which as far as I’m aware I have been), how could this happen? One of the following must be true:

The server had the PK3, and so did I. Users are not forced to download it to join / play, hence those clients without the file see fine as snipers. Those clients that have the file cannot see.
The server does not have the PK3, so no-one else is forced to download / use it (obviously). Those clients who do have the PK3 will use it however.

Now either of these situations presents the rather disturbing scenario where it’s possible to change assets locally without the server knowing / validating, or ensuring all clients are running the same asset. A dangerous cheating scenario I believe?

My question is essentially - how is this possible?

Note I tried this on both ETPro and default ET, the PK3 ‘works’ (or rather, ‘is used’ regardless).

Ragnar_40k · 2005-09-18 22:04:05 UTC

etmapcycle.f145cbbf.pk3

The real file name is etmapcycle.pk3. The number (hash?) is just appended to distinguish it from other files with the same name.[*]From the file name I guess it includes campaign fiiles. This may the reason why the file is always loaded.

SCDS_reyalP · 2005-09-18 22:57:21 UTC

Note that if you turn cl_allowdownload off, you can play without being forced to DL campaign files. Of course, if there is some other file you need, you have to turn downloads back on, and you will get them all.

Now either of these situations presents the rather disturbing scenario where it’s possible to change assets locally without the server knowing / validating, or ensuring all clients are running the same asset. A dangerous cheating scenario I believe?

Not exactly. You client will only look at .pk3 files which are on the pure list (i.e, .pk3 files matching the checksum of those known on the server). However, it is only required to have some of them (the exact rules aren’t completely clear. Some won’t be downloaded at all, other will only be downloaded if you have downloads enabled, and others won’t allow you to join unless you have the file)

There are situations where not having a .pk3 file can give you and advantage… imagine a suplemental .pk3 file which causes a particular level to have fog. If the .pk3 is optional, then people without downloads enabled won’t see the fog.

G0-Gerbil · 2005-09-18 23:26:27 UTC

Hmmm but then does this mean if I package up a PK3 file with some campaign files in it, I can deliberately stick other assets in there that, depending on the server settings (am I reading you right?) will enable me to change ingame assets locally only? I mean, this is apparently what’s happening, but I can tihnk of a whole load of ways it’d make life easier (read ‘cheat’).

SCDS_reyalP · 2005-09-18 23:53:14 UTC

No. Pure will only let you use a .pk3 whose checksum* matches the one on the server. If you have one with the same name, but a different checksum, it will not be used.

the checksum used by ET is likely fairly weak, but thats a different issue :moo:

G0-Gerbil · 2005-09-19 01:46:58 UTC

But then what train of events is leading me to have a PK3 (presumably then not on the server) which I can access and use it’s assets without causing a pure or punkbuster error? :s

SCDS_reyalP · 2005-09-19 07:52:00 UTC

As far as I can tell, you are only presuming the server didn’t have the file (and it was pure. A few foolish admins have been known to run non-pure servers).

If you have this .pk3, do its effects show up on any server you play on ? If so, this would mean the pure system is completely broken. I certainly haven’t noticed that.

G0-Gerbil · 2005-09-19 08:46:11 UTC

Well, I’ve certainly noticed it on a fair few servers. I can’t say ‘all’ because of course I don’t tend to play sniper, but I’ll re-add it and have a play over the next week when I have time and report back.
A relevant question at this time for me would be:

‘How can I tell if a server is pure?’

since if I can’t be sure I’m on a pure server, then pretty much all bets are off regarding the asset replacement I think?

SCDS_reyalP · 2005-09-19 10:02:42 UTC

pb_cvarval sv_pure (assuming PB is enabled)

You can also check sv_referencedPakNames and sv_paks on your client (when connect to a server) to see which packs the server has in use.