Spray Crash Exploit

[lDrDooml]

Hi recently a new exploit related to the spray has been circulating, it consists of placing the spray in front of everyone so that it causes a crash in the game of the players, then I leave a video and clarify that the creator of the video has also uploaded other exploits more.

Video: thanks!

[Tsuey]

Sadly aware and I know it's getting pretty bad. Getting it fixed officially won't be easy, but community servers can at least use this plugin:

https://forums.alliedmods.net/showthread.php?t=323447

[alexiscoutinho]

I swear I thought it had been fixed when I read "- Blocked an exploit that could be used to crash servers." from the latest game patch notes. Very evil exploit... Disabling sprays seems to be the best defense so far.

[alexiscoutinho]

Do you have an idea how it works/what specifically causes the crash?

[lDrDooml]

Do you have an idea how it works/what specifically causes the crash?

It is a damaged or invalid spray that you can upload normally like any other, here is another video and in its description is the file that causes it

Video: thanks!

[alexiscoutinho]

But the bind also seems important. I tested once without the bind and only I crashed.

[lDrDooml]

But the bind also seems important. I tested once without the bind and only I crashed.

It is because the purpose is to crash the game of the players not to the server, in fact if you disable the sprays visualization you can use it anyway but with the difference that nothing will happen to you.

In other words, you just put that in and anyone who gets the spray rendered will crash.

[alexiscoutinho]

I wasn't clear above. I tested/know all of what you just said. It's just that when I tried without the bind, my friend was literally able to stare at it just fine. But I need more testing.

[lDrDooml]

I wasn't clear above. I tested/know all of what you just said. It's just that when I tried without the bind, my friend was literally able to stare at it just fine. But I need more testing.

I for my part I can confirm that it works, I clarify from now that I have only used it for the purpose of testing.

[CanadianJeff]

in my video I actually look at the spray file in a hex editor its just a bunch of FF FF FF FF FF FF

[CanadianJeff]

@Eyedolll how do you disable the render of sprays? to prevent crashing

[CanadianJeff]

my game does not seem to have that option?

[lDrDooml]

my game does not seem to have that option?

https://i.imgur.com/Z758NbY.jpeg

[CanadianJeff]

ok cool did you manage to look at my streamable that shows off the HEX EDITOR of the spray itself?

[alexiscoutinho]

I wonder if an image can actually be embedded in these broken vtfs...

[Nesciuse]

if it's useful to anyone these are some values in the header.

[Tsuey]

We'll submit a comprehensive report for this to Valve soon. Thanks for bringing the issue to our attention here.

[Tsuey]

Fixed on Feb 1 2022:

https://steamcommunity.com/games/L4D2/announcements/detail/5301301606975705899

Haven't heard about this in a few months; assumed resolved.