[HN Gopher] Game Hacking - Valve Anti-Cheat (VAC)
___________________________________________________________________
Game Hacking - Valve Anti-Cheat (VAC)
Author : LorenDB
Score : 78 points
Date : 2025-06-18 17:19 UTC (5 hours ago)
(HTM) web link (codeneverdies.github.io)
(TXT) w3m dump (codeneverdies.github.io)
| sim7c00 wrote:
| nice write up! clear and informative. i was surprised to learn
| they roll it all in user mode, even though its not unbeatable its
| pretty good anti cheat, especially considering no kernel stuff
| (which can take shady or impractical turns for some other anti
| cheat ..)
| duskwuff wrote:
| > To be continued
|
| Unfortunately, doesn't look like the followup post (about
| analyzing the VAC DLLs) has been written.
| SirFatty wrote:
| Maybe Valve sent Moose and Rocco to have a conversation with
| the author (Caddyshack reference).
| delusional wrote:
| > Being banned from all "GoldSrc" games
|
| This isn't true, or at least it wasn't back in the day. The logic
| Valve seemed to follow was that VAC was "engine" bans. If you got
| banned in a GoldSrc game, you'd be banned in all games using that
| engine, but you'd be allowed to continue playing source games.
| The same was also true in the opposite case.
|
| More importantly, this meant that getting banned in Modern
| Warfare 2, wouldn't get you banned in any other game, since no
| other games were released on that engine.
| eGQjxkKF6fif wrote:
| It would show on people's accounts though and in in Counter-
| Strike scrims and matches if somebody had a VAC ban on their
| record/profile you just kicked them if you could and found a
| new team to play.
|
| So while engine specific, people still judged you, especially
| in pubs (public servers)
|
| Been a _long_ time since I've played. Fucking cheaters.
| bob1029 wrote:
| I am not a fan of the signature-based techniques used by VAC, et.
| al.
|
| I've lost a few steam accounts to accurate but unintended (i.e.,
| not actually cheating) detection of debugging tools attached to
| totally unrelated processes on the same machine. Having anything
| open like cheat engine or Tsearch while you join a lobby is a
| guaranteed ban no matter what. Ethical hacking and malicious
| hacking are indistinguishable from the perspective of this kind
| of machine-wide blind signature detection.
|
| Statistical techniques can dramatically reduce false positives in
| cases like this. If someone at Valve had taken 10 seconds to
| review my stats during the detected interval, they should have
| been able to conclude I was not a threat to fair play.
| psini wrote:
| I understand the sentiment but I can't bring myself to think
| valve is to blame or should be doing more. Getting a case of
| "Yes officer, I have an NO2 bottle in my trunk, but what it is
| plugged to is not actually the air intake for my car but
| something entirely unrelated, if you just take 2 hours to dig
| around and take it apart you'll also realize this"
| MaxikCZ wrote:
| Thats such a bad example. Ofc you can carry NO2 bottles
| plugged into something, if its not air intake of your car,
| and investigation should happen finding you not guilty.
| mystified5016 wrote:
| When you're accused of breaking the law, your accuser must
| _prove_ you have broken the law. If they cannot, there are
| actions you can take to recoup your damages.
|
| Valve can ban you for any or no reason with no means of
| recourse or refund.
|
| Totally the same thing, yeah.
| kube-system wrote:
| You're right that they're not the same thing. The
| government has a legal monopoly on the use of force. Valve
| sells games.
| qualeed wrote:
| > _If someone at Valve had taken 10 seconds to review my stats_
|
| It seems super reasonable when it's a one-off thing for your
| own account. When you think about making it into policy and
| scaling it up to 1000s of interactions, it quickly becomes
| unreasonable.
|
| > _Statistical techniques can dramatically reduce false
| positives_
|
| For a period of time, anyways. Until the statistics get gamed
| by the cheaters (e.g. adjust accuracy of your auto-shoot from
| 100% to 85% or whatever).
| stoorafa wrote:
| Computation isn't likely prohibitive when using the bedrock
| of predictive models, linear regression, especially w some
| optimization. Could also vary observation time so you only
| need a prediction once every ten minutes or whatever
|
| The real issue is the cost of false positive detection of
| cheating is negligible since the vast majority of positives
| are probably true positives--it's the cost of doing anti-
| cheat business (minimal)
|
| But yes cheats would be modified to just below thresholds of
| detection
| qualeed wrote:
| > _Computation isn't likely prohibitive when [...]_
|
| I think this might be in reply to my first comment about
| scaling? If so, I just want to clarify that I was thinking
| more along the lines of scaling the customer service/ban
| appeal side rather than infrastructure.
|
| If, for example, every ban had a component of someone at
| Valve taking 10 seconds to review in-game stats at the time
| of the ban, and then making a determination of whether or
| not those stats seem reasonably non-cheater-ish (pretty
| hard policy question in itself), the process would slow to
| a crawl.
| bob1029 wrote:
| > adjust accuracy of your auto-shoot from 100% to 85% or
| whatever
|
| Sure - looking at K/D, accuracy, etc., is an important factor
| in a statistical model.
|
| Statistics can also include: Map name, player transform on
| the map, keyboard and mouse events, GPU utilization, audio
| playback events, etc. These are all very high information
| time domain signals that can be correlated with the same from
| any other player.
|
| After a certain point, I don't think it matters if it is
| publicly known what your signals are. The amount of
| information becomes overwhelming in aggregate. You can impose
| the curse of dimensionality on the cheater.
| qualeed wrote:
| > _Statistics can also include: Map name, player transform
| on the map, keyboard and mouse events, GPU utilization,
| audio playback events, etc. These are all very high
| information time domain signals that can be correlated with
| the same from any other player._
|
| I don't think these are the type of stats the parent was
| referring to when they said " _If someone at Valve had
| taken 10 seconds to review my stats_ ".
|
| But sure, those are all examples of statistics to start
| logging, analyzing, and cross-referencing. (I would argue
| most of the statistics you listed are of little to no use
| in identifying false-positives (or good cheaters), but I
| understand the point you're making with those examples.)
|
| It would maybe reduce the false positive rate by some
| amount at an increased monetary (and complexity) cost to
| themselves. I think it would be well past the point of
| diminishing returns though. Setting up all the
| infrastructure, policy, processes just to reduce false-
| positive rates by a few percent, maybe?
|
| I think I'll stand by "that's unreasonable" and "cheaters
| will game the statistics".
| handoflixue wrote:
| You could just do a basic automated review of stats. If
| someone has a 50% win rate and a 20% accuracy, they're
| probably not cheating - what's even the point of cheating if
| you don't win more often than chance?
| black3r wrote:
| signature detection can also make a false positive if running
| under Wine or in a VM (that's for example why you can't play
| League of Legends or Valorant with GeForce Now anymore since
| Riot revealed their new anti-cheat...)
| invokestatic wrote:
| Actually, VAC handles Cheat Engine and the like very well. You
| won't get banned for simply having them open, only for having
| them attached to the game, which I think is reasonable.
| eGQjxkKF6fif wrote:
| When VAC was originally introduced, CPUs only had 32bit
| architecture, not that 64bit hindered anything; but you could
| inject cheats in a near infinite amount of way, or have cheats
| read from memory directly, or have cheats do things especially
| through video drivers. Hell, glitching your nvidia drivers and
| setting things like Negative LOD Bias would allow you to see
| through textures in some cases (wall hacks)
|
| It's been a cat and mouse game since the dawn of gaming and
| e-sports.
|
| Fun fact: CS 1.6 competetive had what was called "Organner" when
| teams switched over from CAL to CEVO (first paid e-sports online
| league) and as well as ESEA which is acclaimed for its anti-
| cheats; the pro players you see/saw such as n0thing, summit-1g
| (not saying he did cheat, he wasn't pro in CS1.6, 1g was a pug
| team that meant 1st generation and a lot of us were in it) -- but
| everybody in the pro scene around that did cheat, or had cheaters
| on their team.
|
| n0thing was banned from CAL rigorously for cheating in CAL-
| Premier and rejoined with complexity after ringing for other
| teams in CS1.6 matches (ban evading). he's admitted to cheating
| in CS 1.6, and found fame with Counter-Strike 1.6'd Evil Geniuses
| organization which encompanied the old compLexity roster.
|
| These dickheads went on to make fortunes; not to say that they
| weren't good in their own respects, but people such as n0thing
| openly admit, and will admit if you ask them on the stream if
| they cheated in 1.6 to get to where they're at.
|
| You could inject cheat codes through your mouse drivers at LANs
| and if you set a low FOV aimbot, it was undetectable: IE triggers
| when you aim at their chest, aims up to hit the head; and had
| advanced net code modifiers to land bullets in places you weren't
| aiming all together.
|
| Knowing this, completely ruined the pro scene and wanting to
| watch these matches and personalities all together. To know how
| many legitimate players out there were passionate about these
| games, looking to go pro, and really enjoy competing at the
| highest levels couldn't because the skill gap was so significant,
| and then even more so because pro players had undetectable
| cheats.
|
| Still to this day it is virtually impossible to detect hacks,
| however games such as DotA2 make it signifcantly harder to cheat
| by only sending frames/updates when it should; rather than old
| games sending all player data. I believe Valorant has a decent
| system but all in all; I helped run the leagues and the level and
| problem at which cheating was occurring, was known about, and not
| being able to prove what you know, would make you SICK if you
| ever enjoyed competing in e-sports.
| henrebotha wrote:
| Yet another reason why fighting games are the superior
| competitive scene. The only "cheat" you could realistically see
| at an offline event is macros, and the chances of a macro
| increasing your win rate are slim to none. And there are so, so
| many good offline events. Online there are more potential ways
| to cheat, but nobody really cares. Just blacklist the player
| and move on.
| eGQjxkKF6fif wrote:
| Fucking agreed. But if you check out street fighter on
| youtube with 'Street Fighter mike ross tool assisted'
| https://www.youtube.com/watch?v=pWS3Kq5p77k
|
| You can inject cheats directly in to the Xbox's back then
| directly through the fight sticks
|
| You'd know though if somebody was cheating so not sure how
| crazy the SF scene had cheats but check out tool assisted;
| when I originally saw it I just put my head down
| nyanpasu64 wrote:
| Reminded of the Super Pichu story where someone modded his
| ISO of Melee to increase Pichu's stats during a Melee
| tournament.
| Hikikomori wrote:
| Csgo added it a few years ago as well. Works in fps games with
| simple maps.
| garrettjoecox wrote:
| Years ago for educational purposes I decided to venture down
| understanding how easy/difficult it was to create a hack for
| Counterstrike.
|
| After just a few hours of watching YouTube tutorials and
| translating what I could grasp from C/C# into JavaScript (the
| only language I knew at the time), I had a working Node.js
| executable that edited memory offsets (using data from
| hazedumper[1]), letting me see enemies through walls and auto-
| fire as soon as they entered my crosshair.
|
| I obviously only tried it out on an alt steam account for fear of
| the infamous VAC ban, but no such ban happened. I only toyed with
| it for a few weeks as I then grew disinterested but that
| definitely left a sour taste in my mouth for the "effectiveness"
| of VAC if a script kiddie like me at the time could throw
| together something custom in just a few hours, I'm sure it'd be
| much easier now with ChatGPT...
|
| [1] https://github.com/frk1/hazedumper
| SteveNuts wrote:
| I'll never understand what people actually get out of cheating
| in games. I'll admit I've tried it a few times just for giggles
| (way back in the Age of Empires II/MSN Gaming Zone days), but
| the novelty quickly wears off and then it's just not even fun
| anymore.
|
| There must be some very interesting psychology behind this.
| eszed wrote:
| My perception of the psychology is a malformed competitive
| drive. Competition is fun! But when it gets someone to the
| place of "Must win _at all costs_ " it can be life-
| destroying. For the video game cheats, I think it starts out
| as "Must beat the other players", but then that gets (mostly)
| boring once they are actually are beating the other players,
| and it shifts to "Must beat the anti-cheat system."
| Workaccount2 wrote:
| For a lot of them, they aren't cheating, they are
| compensating for bad teammates, bad servers, other cheaters,
| bad hit reg, bad sound effects, bad whatever they can dream
| up.
|
| Cheating is "this is my actual skill level if there wasn't so
| much bullshit happening to me"
|
| Of course this is all a lie, but it's what they tell
| themselves.
| Nextgrid wrote:
| In games where available weapons/gear depends on some global
| "level", this could be a way to get your desired weapons
| without having to grind for weeks/months. I guess a silver
| lining of "pay to win" games is that you can now pay to avoid
| that.
|
| I remember trying to hack the levelling-up mechanism on
| Crysis 2 - it worked by sending your post-game stats (client-
| side) to a master server, so editing those stats in memory
| before that happens would work (there seems to be no tracking
| of stats on the game server side - even though they could've
| had the _game_ server relay that to the master server).
|
| Memory is fuzzy but I think I managed to level up to a stage
| where I got the weapons I wanted. For my defense this kind of
| "cheating" only "cooked the books" on the leaderboards and
| did not give me any actual advantage in-game.
| endemic wrote:
| > There must be some very interesting psychology behind this.
|
| It feels good when you win! If you cheat, that just means
| you're smarter than the other player.
| ipsento606 wrote:
| even if everyone only tried it for a week, that still means
| there will always be a certain number of cheaters in games,
| because new players are always joining
| kevingadd wrote:
| One anecdote: I "cheated" at EVE Online by writing an
| elaborate set of modding tools. Most of it was automation for
| really finicky tedious stuff like drone management, or
| automation for things like broadcasting your current target
| to other players in your party. I also hacked in workarounds
| for bugs in the official client. It enhanced my experience
| with the game a lot. On the other hand, lots of players were
| just botting.
|
| I also maintained a browser addon for a while that had 100k+
| weekly active users that added various features to a browser-
| based game. Eventually that game had such bad problems with
| botting and cheating that they had to introduce an anti-cheat
| system, and we basically got into a little arms race for a
| year or so where they'd add a new detection system and I'd
| circumvent it. Similar to the EVE Online modding it was
| things like workarounds for bugs in the game, improved UI,
| keyboard shortcuts, etc. Eventually they drew a line in the
| sand and said anyone using addons of any kind would get a
| permanent ban, so that was that.
|
| I think the vast majority of cheaters are just in it to ruin
| other people's fun but sometimes people are violating ToS for
| a better or different experience with the game. It's
| unfortunate that the prevalence of malicious cheating means
| that anti-cheat technology also has to basically ban modding
| for fun.
| bravetraveler wrote:
| I, _quite literally_ , got a career! Started as a technical
| curiosity, gave me in-roads to very weird corners of the
| internet. Got to know many professionals I wouldn't have,
| otherwise.
|
| Ultimately served as the most effective networking I _ever_
| did.
| mschuster91 wrote:
| > I only toyed with it for a few weeks as I then grew
| disinterested but that definitely left a sour taste in my mouth
| for the "effectiveness" of VAC if a script kiddie like me at
| the time could throw together something custom in just a few
| hours, I'm sure it'd be much easier now with ChatGPT...
|
| The thing is, VAC doesn't immediately ban you. Or anyone else.
| It's looking for suspicious patterns across hundreds if not
| thousands of players and collecting evidence over weeks if not
| months to make sure they got relatively low false-positive
| rates and don't end up banning people for a Windows update gone
| wrong... and additionally, it raises the iteration time for
| cheat developers as well, and that's the true point. Show
| cheaters immediately that they're spotted and the only thing
| you enter is an immediate arms race.
|
| Your way of writing a cheat was probably detected but since _no
| one else_ used it, VAC didn 't trigger.
| Ekaros wrote:
| I haven't followed recently, but what I have understood is
| that clear known old public hacks can result immediate ban.
| For newest hacks they will gather cohort and then do them in
| wave. Thus making it harder to evade detection or notice what
| exactly was detected this time.
| david422 wrote:
| Blizzard's battle.net used to do that. They'd ban in waves. I
| imagine immediate bans would make it much easier for cheat
| authors to figure out which cheats were detectable and which
| weren't.
| snickerdoodle12 wrote:
| Remote Code Execution like loading DLLs from a server and
| executing them sounds like malware.
| rvnx wrote:
| It's "just" an automatic update, like Chrome, etc.
|
| It's one entry-point among others for RCE. If tomorrow NSA
| wants to gather any files on your computer, all they need to do
| is to ask Google to push an update for you through Google
| Omaha.
|
| https://epic.org/wp-content/uploads/privacy/nsa/foia/NSA-Goo...
|
| Google and NSA have a "partnership".
|
| Valve could also have such partnership in theory, through VAC,
| though unlikely in practice.
| gruez wrote:
| >If tomorrow NSA wants to gather any files on your computer,
| all they need to do is to ask Google to push an update for
| you through Google Omaha.
|
| They could in theory, but has this actually happened in
| practice? Pushing a rogue update isn't exactly a novel idea,
| but despite decades of government document leaks and APTs
| being analyzed, there's scant evidence that any government
| pressured a company to push a rogue update. Same goes for
| other threat models like "government pressuring CAs into
| issuing a certificate".
| the8472 wrote:
| For CAs that'd likely get them kicked out of browser trust
| stores if someone detects it. And if it becomes known that
| a corporation pushes government-malware updates then that
| corporation would lose trust too.
|
| So playing that card means moving the entire planet into a
| lower-trust equilibrium where everyone has to defend
| against that. In a better-coordinated world the conclusion
| from that would be "let's not do that", alas on this Earth
| TLAs have shown that they're willing to burn the commons,
| forcing a response like RFC 7258.
| andrecarini wrote:
| I'm really curious about this but searching for "Google
| Omaha" doesn't return anything related and the linked FOIA
| request is... just a request, which I assume anyone can write
| whatever they want in the request.
| gruez wrote:
| The request itself isn't very damning either. It just make
| references to vaguely worded "partnerships", and apparently
| uses that to imply that Google is handing over data. Even
| if we take that at face value, it says nothing about OP's
| claim, which is that NSA can ask google to serve backdoored
| updates.
| snickerdoodle12 wrote:
| I get chromium & firefox from my distro's repos
| tonyhart7 wrote:
| how is this any different than the Google sells your data to
| Ads centre????
| phoronixrly wrote:
| The other day I mentioned that it's not OK for games to be
| proprietary software and/or use unethical software like DRM
| (which tbh anti-cheats are as well). I got accused that I
| wanted game developers to starve to death.
| altruios wrote:
| that's where you turn and say: well, the game developer
| executives however...
|
| In all seriousness, DRM/anti-cheats => rootkits/rats. Don't
| fall for it. Demand better.
| AndriyKunitsyn wrote:
| Can't say for DRM, but there's much bigger demand to play a
| multiplayer action game without experiencing cheating than
| demand for a similar game that's not a rootkit. Cheaters
| are nasty. Devs make rootkit anti-cheats simply because
| there's no better alternative, not because they're evil.
| altruios wrote:
| We need to define nebulous terms like 'better'... to a
| company that's synonymous with what is 'cheapest' to
| their bottom line. To a player, that's a more effective
| anti-cheat.
|
| To my understanding, the latter is much more effectively
| solved server-side, but is more costly for the company to
| run.
|
| I'd rather play a game with server-side anti-cheat than
| player-side-anti-cheat.
| zeta0134 wrote:
| I'll chime in here as a game developer: my upcoming release
| will be an NES cartridge[0] and probably a Steam app. I'll be
| adding no DRM, because I generally trust that folks that
| weren't going to pay aren't going to be converted by its
| presence, and that honest folks want to support my work.
| Whether the storefronts I release on add their own is up to
| them, and frankly I don't care.
|
| Separately though, anti-cheat is another ball of wax
| entirely, and I have extremely mixed feelings in this field.
| Generally I favor "cheat detection should be serverside,
| don't trust the client" from a general security perspective,
| but... I can totally see a valid case in there, somewhere,
| for more rigorous clientside checks. Somewhere along that
| line though is rootkits and malware, and... well, no, please
| tell me up front that you loaded your game engine with these
| things so I can save my money and purchase something else,
| thanks.
|
| [0] Using a custom mapper, which will help initially to
| discourage low-effort bootlegs at the very least. It's open
| source though, and will not be too difficult to add to
| emulators, at which point the dumped ROM should play fine on
| them.
| Sohcahtoa82 wrote:
| > Generally I favor "cheat detection should be serverside,
| don't trust the client" from a general security
| perspective, but... I can totally see a valid case in
| there, somewhere, for more rigorous clientside checks.
|
| Yeah...
|
| The simple fact is, it's simply not possible to have
| completely server-side cheat detection simply because
| you'll be relying _purely_ on heuristics which could very
| well be wrong. It 's just not going to be possible to tell
| the difference between a cheater and a really good player.
|
| For any cheat detection to work, it has to be client-side.
| zeta0134 wrote:
| And the counter is fairly straightforward: any client-
| side cheat detection has been broken. You can't trust the
| client. It doesn't work, your server just thinks it works
| because it's lying to you now.
|
| Client-side cheat detection can work for tournaments, but
| it's way simpler there: the tournament provides the
| hardware, and the players aren't permitted to install
| anything. This doesn't irritate me quite as much from a
| security perspective of course, because I am not about to
| log into my banking site on the presumably insecure
| tournament device. It's also imperfect: a sufficiently
| motivated pro player might bypass whatever locks you
| installed on the thing, especially if they get to spend
| any time with that device unmonitored.
|
| Even better than that, tournaments have a way better
| cheat detection method anyway: point a camera at the
| player's hands. It's suddenly really, _really_ obvious if
| they 're cheating!
| dathinab wrote:
| now think about in kernal anti cheat doing that ....
| keyringlight wrote:
| I'm surprised there haven't been more events of mods and tools
| being used as trojans. For all the concern about anti-
| cheat/DRM, PC gamers seem very selective over what sources of
| code they're running on their computers they scrutinize.
| There's an awful lot of users with "just enough" levels of
| knowledge where I think a tempting enough release with the
| right timing for a hot game could get a lot of installs.
| charcircuit wrote:
| What do you mean? There have been ton of stealers and RAT
| mods for games (and even for normal mobile apps too). It's
| absolutely a problem and a ton people fall victim to them.
| jmuguy wrote:
| Arriving at college back in 2001 my roommate and I setup a CS
| server. A lot of the freshman were getting their own computers
| for the first time, and had not ever played computer games before
| so we basically kickstarted a CS community. I think it took about
| a month before a lot of them started cheating. It is kind of
| ridiculous how much of a plague cheating is on competitive
| gaming. Back then we would just observe the players and then ban
| their IPs. Which was luckily enough given how the campus network
| worked.
| rimunroe wrote:
| Back in 2000-2005 I was very active in a community centered
| around 20 or so modded Counter-Strike servers which I volunteered
| as an admin on. We were generally good about having at least one
| admin on each server at any given time to deal with cheaters.
| Occasionally someone wouldn't be around though.
|
| There was a period of time lasting about a month or two where a
| player with a name like BELT SANDER or ANGLE GRINDER or TABLE SAW
| hung around. They were pleasant and unremarkable, but they
| frequently used new Steam accounts and switched IPs.
|
| This person definitely wasn't supposed to be an admin, but if
| they were around when someone was cheating and no actual admins
| were there, they'd somehow elevate their own permissions and ban
| the offending player. We tried to figure out what was happening
| and to see if we could somehow stop them, but we never did manage
| it. They were somehow gaining rcon access to the host server.
| After a while we just shrugged our shoulders. They didn't seem to
| be harming anything, other than our peace of mind about our
| security. Overall they were actually really helpful for stopping
| late night/early morning disruptions.
| malwrar wrote:
| I used to write cheats for CSS & other Source games. Not sure
| if the original CS would have the same vuln, but iirc you used
| to be able to use an INetChannel::ReceiveFile function with
| path traversal to grab the server config. There were a few cool
| hacks around the file path filtering logic they added in my era
| that (combined with ::SendFile) enabled a fun period of
| arbitrary RCE on Source servers.
|
| I knew one person who made a wormable payload for a game I
| won't disclose which used that method. The methods are in
| engine.dll so it's symmetric, clients would infect servers,
| which in turn infects more clients, etc. Around then was when I
| decided to start gaming from a VM lol.
| hnlmorg wrote:
| > Around then was when I decided to start gaming from a VM
| lol
|
| How?
|
| Maybe I'm getting my dates mixed up but CS was released in
| the late 90 / early 90s and consumer virtualisation wasn't
| nearly good enough to game in for another 10 years.
|
| Consumer CPUs didn't have virtualisation extensions and GPU
| paravirtualisation wasn't available either in the early
| 2000s.
|
| VMWare wasn't even any good for just running Windows 2000 (I
| mean, it was seriously impressive tech for its time, but it
| was dog slow even for just basic basic things). So you'd be
| stuck with Xen for anything serious. And that wasn't trivial
| to get set up back then.
|
| Plus given the lack of drivers for virtualised hardware like
| soundcards and network interfaces, you'd likely be stuck with
| full fat emulation for those devices.
| debugnik wrote:
| They said Counter Strike: Source, that's 2004-2013. I'm
| still curious though, if it worked at all performance must
| have been awful.
| cyberax wrote:
| VMWare supported OpenGL passthrough well enough for the
| early Source games.
| hnlmorg wrote:
| Ahhhh, that makes a lot more sense. Thanks
| WilcoKruijer wrote:
| This exploit has its origin in the Quake engine. I remember
| exploiting the same thing in CoD4 (2007) and I believe even
| the release version of Black Ops I was vulnerable. It was
| known as the 'q3dirtrav' vulnerability.
| ZeWaka wrote:
| Interesting, a friend of mine did that in GMod, leading to
| the infamous 'cough' virus. (Yes, all the 'journalism' around
| this is wrong, and it's not the person commonly blamed for
| it).
| CobrastanJorji wrote:
| I love this story. Feels like a modern take on one of those old
| "hidden master" stories where offending the quiet old man turns
| out to be a disastrous idea.
| koakuma-chan wrote:
| Can you even get a VAC ban these days? I feel like it just
| destroys your trust factor but doesn't actually ban you, and to
| be honest that seems to be pretty effective for isolating honest
| players from cheaters.
| jokoon wrote:
| I stopped playing because I felt I could not trust other players,
| I was getting too paranoid. There were not that many blatant
| cheaters, but with closet cheaters, it's now very difficult to
| know if your opponent is better than you or cheating in subtle
| ways. It's a grey zone.
|
| I guess it's the combination of a frustration of losing matches
| and the constant suspicion. I was constantly trying to probe
| things and watching replays, it ruined the game because I was
| always focusing on cheating.
|
| Ultimately, I think most CS players don't really care about
| subtle/closet cheaters, so as long as they don't feel it, it's
| fine, the game keeps its high player count, so it's a good facade
| and valve is happy with that.
|
| CS is a game I can really enjoy, until I couldn't anymore.
| doublerabbit wrote:
| Was part of a hacking scene that used to exploit C&C Red Alert 2,
| YR.
|
| Fun times were had as a script kiddie spawning the president and
| placing it in an IFV and just go demolishing the other players
| base with this fancy laser. But hey, I was 15 at the time.
|
| Habbo Hotel too, being part of a "mafia" with a habbo multi
| hacker app; the flicker glitch that made your character blink
| causing lag. That and placing furni in rooms in the walls using
| ArtMoney filters. I discovered perl while messing with MSN bots;
| I miss those ages.
|
| Others include NeoPets and Flash game hacking including RCEing
| the Money Tree claiming the loot before anyone else. Then I
| discovered IRC and Rx/PHAT botnets infecting via Windows 98
| DCOM/NetSend exploits.
|
| Tried it at school and next thing two of the colleges rejected my
| application, parents called and banished from using any computer
| in secondary school for the next two years. The college I went to
| was polytechnic but the couple of the lecturers I had noticed my
| skill and homed me on a different path than being a BlackHat.
|
| My moral compass kicked in and even now it's an itch I really
| want to scratch nowadays but PenTesting/CyberSecurity are too
| "prestigious" that the only chance is to fall in to.
|
| So I've been an Sys/Unix Admin for past 18 years watching the
| world burn. I was using Linux when the kernel was at version 2
| and Xorg was XFree86.
|
| Luckily FreeBSD 8 gave me some fresh air and I've been using it
| ever since. I'm 36.
___________________________________________________________________
(page generated 2025-06-18 23:00 UTC)