BASH: Episode 26 (Haxer!)

In this week's BASH webcast, we bring you an episode on the scourge of on-line gaming, the Haxer!

Ben (a.k.a BubbaGump) joins me to co-Host this episode. You will all remember Ben from Episode 20 on Rise of the Resistance. Ben resides in Melbourne, Australia and we hope he will be joining us more often in the future.

In the episode we attempt to define cheating and hacking. We come up with the following:

Hacking, in fps-gaming, consists of gaining a competitive advantage in the game by modifying game files and thus altering the game's software code. Cheating, while not as blatant as hacking, can be thought of as the exploitation of flaws or bugs in the gaming software or the configuration of client-side game variables counter to the instructions set forth by the administrator of the gaming server.

The most powerful hacks are known as client-side hooks. These cheats inject hacked code right into the game executable. They do this by using a "loader" program that finds the game and loads the hack, also known as a "client side hook" (DLL) right into the game. Once the hook is in place the hack has access to all sorts of information the server sends the player (location of other players is the most interesting information). Client side hooks allow:

a) AIMBOTS - these hacks use player data from the server download data stream (snaps) to adjust mouse x,y coordinates. They target the nearest enemy hitbox and result in very, very accurate fire. If you have a high snap/maxpackets setting or good ping - you will get incredible hit registration resulting in a high number of kills.

b) WALLHACKS - these hacks allow you to see enemy players even through walls - an incredible tactical advantage. Of course wallhacks rely on intercepting the download data stream.

Additional hacks/cheats include video card hacks that can clear up fog in a game, scripts that allow you to zoom in (without using a sniper rifle) and auto-fire a Garand!

By any definition, currently, there is a blatant flouting of the gaming moral code going on at msxsecurity.com. This site is notorious for selling game hacks - including those for CoD2. Here is a video showing their wares:

A Belarussian, Maz is the leader of this piratical crew of coders. They do have a sense of humor, judging by their Forum avatars, but is a sense of humor what got them into hacking?

Maybe it's money?

Check out what he was offering as far as compensation back in 2005!

if you have a firm grasp on d3d and C++ then give maz a ring on IRC. You will reap the lucrative benefits of 40% income for every hack that you successfully create. Typical income should be ~50$ a day but in some cases much higher. It will be your responsibility to continually update your hack based on user input. If you don't update your hack and it gets detected, obviously the money is going to stop coming in. Anyone serious should contact me through some means and let me know there (sic) expectations.

At $50/day you're not going to find too many Silicon Valley C++ superstars signing up...but if you're living in Mumbai, or Belarus...you might consider it. To combat these black hat gamers, an online petition has started up to attempt to reign in folks who make money from selling on-line gaming hacks.

Check out this post: pen-is-mightier-than-hack

Also in the program this week, we mention this story about hackers/cheaters caught in China: you-cheat-you-bleed.html

What are the solutions to finding hackers?

Obviously, PunkBuster, brought in at version 1.2 of Call of Duty 2, is one. Certainly there are a lot of people banned from gaming due to PunkBuster, look at the list here: punksbusted.com

However, PB may not be as effective as you may think. Many savvy server administrators simply record players suspected of cheating in "Spectate" mode and play it back. The best way to view the video is to play it back in Developer mode (~ developer 1 - Turns developer mode on). This allows you to not only view the suspected-cheater but also allows you to see all the players in the game simultaneously.

The gaming community can do a great deal to slow down cheating. Check out this site in Australia: allseeingcow.com

Spotting a cheater:

- look for people shooting through fog (graphic card no fog cheat)

- look for people getting lots of headshot kills (aimbot)

- look for players rounding corners and firing accurately at people on the other side indicative of a wall hack. Or for that matter staring at players through seemingly transparent walls.

- look for players firing accurately through bushes (wall hack)

- look for players finding map seams (map exploit).

- look for players firing bolts/rifles as though they were automatics (scripting hacks)

BTW: If you cheat on-line, we want to talk to you here on BASH and find out what makes you tick, send your GUID and your email to: jockyitch@devil-dogz.com.