How Hacks Work

[CheesySalsa 4]

How Hacks Work

In the world of cheating today there are many types of hacks and cheats with multiple ways to combat them. From simple script exploits to advanced client hooks game hacks can be three lines of codes to a whole rewrite of your OpenGL driver. With games becoming more advanced hack programs have had to keep up and become more creative. This section is meant to help understand how hacks are made and what anti-cheats are doing to combat them.

 

What is a hack?

A hack is a program that alters a games performance, usually enhancing the abilities of the player, or giving an unfair edge over others that was not intended in the game. There are thousands of ways they are made and loaded into the game, but we won’t go into too great of detail about how hackers make their hacks.

 

What is an exploit/bug/script?

A bug is a bit of code in the program that was not intended to be in the game. An exploit is a bug that can be used to gain an unfair advantage, like being invisible or seeing through a wall on a buggy map. A script is a chain of in-game commands executed by the press of a button, like jumping and crouching at the same time by pushing just one button in first person shooters. Scripts can be used to execute exploits in a game.

 

In general, exploits and scripts are greatly simpler then a hack. Why? Most exploit scripts are a few lines of the games scripting language, while a hack can have hundreds, if not thousands, of lines of code in C++ or another programming language. Exploits are also much easier to correct, since the error is in the game’s code, while with hacks the game programmers must code their own ways to protect against the hack’s method of altering the game.

Exploit Scripts

 

Lets make up a game, we will call is Ultimate Carnage. In Carnage, you can hold only one primary weapon. However, while we were playing it we somehow tricked the game into letting us pick up two primary weapons. Instead of ignoring the fluke, we tried to pick up two weapons again. We finally figured out that if you drop your primary weapon, and 6 seconds later you pick it up and another weapon at the same time and it tricks the game into giving you both. But its extremely hard to do this, so, we make an in-game script to do this for us. We write a small Config file for the game called two.cfg and set the button “f6” to execute the script. Our script could read a little like this:

Dropweapon; // Drops your weapon Wait; // Each Wait is 1 second Wait; // So we wait for 6 of them Wait; Wait; Wait; Wait; Pickup, pickup; // We use the pickup command twice to pick up both weapons.

Now, when we hit "f6" while holding a Plasma Rifle and standing over a Chain Gun, we will pick up both. This would easy for a hacker to program and a cheater to download and use. However, there are two huge negative issues for the cheater, 99.5% of all exploits are obvious, like wearing another teams skin, walking in the sky, holding multiple weapons, or being invisible. Any admin can spot them and say "Hey, they are cheating" and kick them. Also, if a bug becomes public, which means more then a handful of players know about it, the game programmers can make a patch for the issues and release it for everyone to download.

 

Hacks

There are several methods how hacks manipulate the game data to give an unfair advantage to the cheater. Below are a few methods with diagrams to help understand how hacks can alter the games data.

 

Hard Coded

This is usually the first generation of hack for a game, and the easiest to protect against for game programmers. This is good for anti-cheaters, and bad for cheaters. This style is usually hard to install on a computer when downloaded from the Internet, and usually the cheater will mess up his game files instead of correctly install the hack. See the small box inside the game program? That is where the hacker changed some of the game’s files, such as a engine.dll or main.cfg. This type of hack could be a wall hack, aimbot, or just about any of type of hack, but very easy to block.

 

 

External

We will use and external aimbot example to demonstrate. An external aimbot is the worst aimbot. It cannot aim very well, and is ineffective. Basically, a hacker creates models of players that are 1 solid color, usually one team a bright green and the other a bright red. Before running the game, they run an external program that scans the screen for that exact color. If it see the color of an enemy, lets say your team red and your enemy is green, the hack will lock your crosshairs on that color by telling Windows, "move my mouse up 7 pixels." It will stay locked until the color is lost. This is a sloppy way for a hacker to try and cheat since it will usually hinder cheater’s aim and movement. There a very few hacks around to this day that use this method.

 

 

OpenGL Hack:

This is the most popular method of map hacking. Current games are being created for OpenGL, a popular video driver which does it's rendering on the videocard rather then eating up computer resources. All games tell the driver what to draw on the screen such as walls, doors, players, and HUD displays. The OpenGL driver can also make things transparent, like windows or water. A hacker will take the OpenGL driver and modify it to draw all the walls semi-transparent, allowing players to see others through walls. They write their own OpenGL driver, and have the game load the original OpenGL driver with their modifications in their hacked OpenGL driver. So when the game starts, it loads the hacked OpenGL drivers. This type of hack can also be used in Warcraft 3 to disable fog of war. This hack is semi-hard to install, which filters out many lame players who have very little computer skills, and will probably delete or move important system files and screw their system up.

 

 

Client Hook

This is the most popular style of hack today, especially in games like Counter-Strike and Day of Defeat, though now VALVe software has stepped up and started to provide anti-cheat solutions for their games. This style works efficiently with any games that have .dll files. When the cheater goes to play, instead of launching the game.exe file, they launch a client loader, which injects code into the game’s memory. It is in the memory of the game that the hack alters information. It can convince the game to do many things. If a first person shooter, it can aim for them, make certain sprites on the map transparent, draw text or signs on players to show where they are at, and a number of other things. Games like Unreal Tournament (because of their advanced engine) are not at stake, but games like Quake III, and Half-Life are targets for Client Hooks. Client hooks are deadly when it comes to cheating because they are very easy to use (usually 1 click install and run), and very effective, giving the hacker a variety of options of what to do with their hack.

 

 

For game companies it is very hard to create a game, and then implement an anti-cheating system later. Maybe thats why Blizzard and Battle.Net just threaten everyones who has a cheat with legal prosecutions. With games that are fading into the past, dying because of games overran by cheater, developers are now realizing whither or not their product succeeds is if a player can play the game on-line without worrying about someone cheating. The future looks bright, but we still have to deal with today.

 

Information retrieved from the lost www.counter-hack that is now down, so I backed up some of their info.

Edited March 6, 2009 by super4nova