IW4x - "Anti CFG" Servers - A Personal Reverse Engineering Experience

I am not a trick shotter. All of this happened by accident one day when I was testing something unrelated. I joined a TS server by pure coincidence.

I was curious about the name of the server; it said “Anti CFG”. I have been a developer of IW4x for almost a year and a half up until that point, so it’s safe to say I know a thing or two about the engine. However, the “Anti CFG” terminology intrigued me because it did not match any known technical term from the IW4 engine. I thought about it for a bit and then had an idea.

Trick shotting, as we know it, does not exist anymore. People have probably been faking clips since the first MW2 client came out, and bots could be controlled via GSC mod menus. By placing bots around the map and making them passive, one could efficiently grind for fake clips. People then took it a step further by increasing the bullet penetration of their sniper rifles. It is now possible to hit impossible shots against bots that are either passively roaming around the map or staying in place. Virtually every clip has been achieved by doing something similar. Then again, I do not watch any TS-related content. I don’t think it’s a good investment of anyone’s free time.

What if this “CFG” was yet another technique used to fake clips more efficiently? It turned out that it was indeed the case.
Then I struck gold. The server would kick anyone that was using a special console command like vstr
or wait.

I pondered over it. These people had basically been faking everything up until this point, so why draw the line at a console command, which is just another trick like infinite bullet penetration, among other things? This reminded me of an interaction I had with a trick shotter. He wanted infinite bullet penetration and extended “server time” (a match that lasted more than 10 minutes) but did not want the actual server HUD to display the extended time, preferring instead the “original countdown”. This showed the lengths to which trick shotters would go to fake their clips and obscure the truth.

Perhaps people don’t care. They want to watch clips that look cool, and the use of cheats doesn’t matter to them. In fact, it’s easy to spot when “easy wall bangs” are enabled, and similarly, spotting a CFG user isn’t difficult. But if viewers don’t care about authenticity, why ban CFG users?

Returning to the Anti CFG server, I saw it as a personal challenge: how could I use the vstr command without getting caught? My interest wasn’t in hitting a clip; I simply wanted the vstr command to execute a ‘say’ command that typed “Hello” in the chat.

Wondering about the intelligence of the server owners, I asked myself if they had gone to great lengths to reverse the game engine in order to smartly catch “scripters”. Lacking a concrete answer, I made an educated guess: No. This was probably done through a GSC script. This assumption significantly reduced the number of potential methods to track. I sought a function that might relay to the server when a player used a specific console command.

The function turned out to be notifyOnPlayerCommand.

I then opened my Ghidra database and sought answers within the engine. I discovered that in the CL_CheckNotify function, another function named CL_ShouldSendNotify was called. This latter function would check if the invoked command was ‘exec’, ‘map’, or ‘cmd’. If it was, the client would not notify the server. I decided to expand this list of whitelisted commands to include “vstr” and “wait”. It worked; I could now “cheat” on these “Anti CFG” servers.

Conclusions: I don’t fully understand the hobby of trick shotting, so if people find this article and use it to “cheat”, I’m indifferent. The community is awash with faked clips. “vstr” is just another trick they employ.

To bypass this Anti CFG check, use the latest IW4x version and launch it with the -disable-notifies command line argument.

Example with command prompt: iw4x.exe -disable-notifies

This command will automatically block the ‘vstr’ and ‘wait’ notifications from being sent to the server. I had incorporated this feature as the default behaviour at one point, but upon request, I removed it, instead adding the command line argument as an option. Given that IW4x is open source, people noticed my discovery immediately and presumably made use of scripts. With the command line argument easily added to IW4x via the command prompt, I believe this check has been rendered ineffective.

Reversing a game with a purpose, driven by my aversion to server owners dictating my actions, made the experience fun for me. I only needed 30 minutes to find a solution to this challenge.

1 Like