CategoryCSHacks
Oldest known version of this page was edited on 2005-11-21 22:43:36 by Ike []
This section describes the different types of cheats available for Counter-Strike, how they operate and how to tell when they are being used. While many single hacks may differ, they are always relatively simple, these simple hacks are however often combined into so called "multihacks" which usually include an aimbot, a wallhack and other features packaged in one handy executable.
Some of these cheats are freely downloadable from a website, sometimes even advertised by the cheat in-game with or without the cheater noticing it. Other cheats are private, although often enhanced versions of public cheats, maintained to stay undetected by anti-cheats. Due to their nature, private cheats are not normally available to anti-cheat coders which makes it very hard for them to know how to detect them. Some public hacks are released but receive so little attention that they slip by the radar of anti-cheat authors and these public hacks become just as useful to cheaters as private cheats.
While many cheats are released by the authors simply to get attention or a desire to share what they've created, a common reason why public hacks are released is to have the hack gather passwords and potentially other sensible data for the author, see also: e-mail phishing.
Wallhacks and ESP
Wallhacks — Makes walls and sometimes entities semitransparent to allow the user to see through walls.
ESP — Extrasensory Perception, or Expanded Perception, draws player’s hit-boxes and information such as status, class, names, health and current weapon on the screen or make them more audible, allowing the cheater to see through walls.
Spiked models — Long 'spikes', visible through walls, announce the presence of another player on the computer of a cheater.
These are the simplest to implement since a few changes, or sometimes even bugs in the graphics cards drivers, can lead to the ability of a player to see other players through walls. XQZ offered an alternative to this: a ball floating above all players that was visible through walls, even if the players themselves were hidden. But this so called "ballhack" gave the players less information, especially about the armament or the heading of enemies, and thus was not very popular. Wallhacks can even be so simple that the addition of two lines of code in an OpenGL wrapper is enough to facilitate a wallhack.
Usually, wallhack users can eventually give themselves away by acting illogically when viewed naturally, but very straightforward when observed with a wallhack. Additionally, certain effects of being able to see through walls, such as pre-aim that seems almost indistinguishable from an aimbot, can be detected server-side. Wallhacks and other similar cheats which use visual cues are impossible to hide when playing over a LAN when other players can see the cheater’s monitor.
Aimbots
Aimbots use the computer’s accurate knowledge of the enemy’s figure and aligns, and shoots automatically. Aimbots usually aim at the head, but some hacks have adjustable vectors to aim at different parts of the enemy body. Some have randomizing algorithms intended to make the identification of an aimbot user harder by spectators observing the player. In their most basic form, aimbots facilitate hitting the enemy player more accurately. However, that is where the similarities stop.
XQZ’s early, relatively primitive aimbot would be bound to a button on the keyboard or a mouse, and as long as the button was pressed, the aimbot would take care of properly aligning the crosshair on the head (or if necessary, a different body part). This button could be the same button as the fire button and thus could enable the aimbot to only aim while firing. But this gave away its presence to an alert observer by its tendency to "slave" (the all-too-proper, inhuman following of the motion of an enemy player).
Early OGC’s aimbot portion was already much more advanced, and could be configured in a variety of ways. Auto-aiming allowed automated proper aiming and slaving. Auto-shot was another feature, where the bot would automatically cause the player avatar to fire their weapon if the aimbot locked up. It could be configured freely with an aimbot FOV (field of view). XQZ style aiming could also be employed.
Later versions of OGC’s aimbot portion allowed for punctual aiming, where one hit of a button (commonly the fire button) would merely result in one single adjustment of aim, without any form of "slaving".
Modern, so called "LAN-Proof" cheats implement what is called charged aiming which is yet another improvement over punctual aiming. Punctual aiming mode is only active (charged) when a specific button is pressed shortly before the aiming is needed, and firing in turn empties this charge. While this may be inconvenient, it allows anyone at a tournament to briefly check the suspected cheater’s game for any inconsistencies, only to find nothing.
Some highly advanced and private aimbots do not even bother to move the crosshair as they are proxies and work on the network level. While essentially charged aimbots with a small FOV, the hits appear to be the result of an overabundance of luck rather than anything magically moving the crosshair. The advantage of this is to make nospread (see below) cheats less obvious and thus increase the effectiveness of them while only minimally affecting stealth.
LAN-Proof aimbots
The first well known aimbot, XQZ, was specifically designed to work at LAN parties where other players could look over the shoulders of the cheater. A modern cheat is a highly sophisticated tool with the potential employed relatively undetected at a LAN party, making what most casual cheaters and anti-cheaters know as cheats (especially the infamous OGC) look like children’s toys.
Many modern stealthy aimbots employ 'charging', where only a subtle key combination (e.g. shift + the key to buy ammo, or strafe left and right at the same time) would load the aimbot for a brief time and only for a few bullets. Even if a tournament administrator were to replace the cheater in order to look for anything suspicious, they would find nothing, for they would not know the subtle key combination to charge the aimbot. A series of occurrences of people apparently using their "timeleft" key to charge their bot has eventually made observers dub this type of aimbot Timeleft cheat.
Furthermore, a stealthy aimbot is configured to use only a small FOV (field of view), forcing the cheater to actually move their mouse to aim the crosshair sufficiently close to the position of the enemy. By relying on the cheaters normal reactions for the initial part of aiming the cheat becomes more natural looking and harder to detect but still allows the cheater dead-on accuracy once activated. Alternatively an aimbot can be configured to be charged for auto-aim and auto-fire only when a player is in dire situations. Furthermore, well made stealthy aimbots don't slave - they are aimed and fired the instant the mouse button is pressed, and do not move again until the mouse is pressed a second time. Even an experienced observer trying to verify if mouse and screen movements correlate would have a tough time seeing anything out of the ordinary, with the cheating being almost indistinguishable from a skilled player with good aim and reflexes.
There are rumors about a few exclusive and private aimbots which appear to work with a proxy-type lucking technique rather than actual aiming, to make the screen’s movement even less visible. The mouse would be dragged near the enemy, and upon pressing the fire button, the bullet magically hits the head of the target despite the crosshair not being directly on top of it. While this would be very obvious with large FOVs, it would be almost impossible to notice with sufficiently small FOVs due to Counter-Strike’s often inaccurate weapons and inexplicable hits/misses, which do not make such hits seem impossible, except for their extreme frequency.
There is a rumor amongst some Counter-Strike players is that it would be possible to insert a small hack into the memory of a mouse, which would be executed upon being plugged into the USB connector of the computer. This would allow cheaters to cheat even in tournament situations where they may use nothing but their own keyboard and mouse on a secure machine. The lack of such programmable mouse memory and the lack of evidence of an operating system exploit which would allow this almost certainly confirms this story as nothing but an urban legend but it serves as a good illustration of the paranoia widespread cheating has inflicted on the gaming community.
No-Recoil and no-spread
Essentially the same thing, no-recoil and no-spread attempt to reduce the inaccuracy of weapons when firing. No recoil describes the automated compensation of recoil on the vertical axis, while no spread tries to compensate the horizontal spread of the weapon. As the recoil and spread of gunfire in Counter-Strike is pseudo-random, it can be reverse-engineered and predicted, allowing a cheat to compensate for inaccuracy.
The different names for no recoil and no-spread are mostly historical. No-recoil is much older and could be performed by protohacks - all that was necessary was to move the aiming reticle downwards in a distinctive way to accommodate for the vertical recoil of the weapons. No spread is by comparison, a relatively recent invention that can accurately predict the deviation and compensate for any inaccuracy, making all bullets hit exactly the same spot.
While both variants can be used independently, some older, slaving aimbots make the use of at least a no-recoil cheat a necessity, thus effectively making them part of the aimbot itself. Even with modern, punctual/charged aimbots it is very common to utilize no-spread if stealth isn't as important as performance. More stealthy, chargeable aimbots usually link the spread-suppressing factor to the charge and state of the aimbot. This prevents any stray, unaimed shots at a wall from giving away the presence of a no-spread cheat. They may also only remove the spread from the first 3-5 shots, or even only the first two bullets fired from a gun. However, they can eventually be detected by observers from subtle, rapid movements of the crosshair and are thus often disabled completely when stealth is paramount, like at LAN parties.
Speedhacks
Speedhacks change the computer’s perception of time and lets the cheater act extraordinarily fast. Most of the time they are found in combination with other cheats. Speedhacks can offer high time rates to clean out maps within seconds, or very slightly increased time rates to subtly improve the performance of an aimbot. Any client with a speed hack installed will find that their in-game movement and weapon rate-of-fire are far faster than other players. Like no-recoil, a timehack (or speedhack) is most often used in combination with an aimbot. Depending on the rate of time acceleration, a timehack can be used to rush to the enemy team’s spawn point and kill all enemy players within the first seconds of a round, or it can be used with a very low time acceleration (e.g. a rate of 1.1 or 1.2) to improve total damage over time of weapons. A timehack with a low time acceleration can also be used to reduce the time required to reload weapons.
While timehacks are often disabled when stealth is paramount, in laggy Internet play, very small accelerations are near impossible to detect without dedicated timing or software.
Examples of exploiting the configuration files
ex_interp — Changing the "ex_interp" variable changes the interpolation time. Half-Life’s network code interpolates the movement of the last N (N being the value of the ex_interp variable, defaulted to 100ms), thus the actual movement of an enemy player is seen N milliseconds later than when it actually arrives at the server. The result was that immobile players often got the impression of being shot before they even saw the shooter running around the corner. Since version 1.6 this command has become an acceptable configuration change due to changes in how the games network code handles this variable.
gl_monolights — was a quick way to make all the walls uniformly bright, taking away all shadows. This resulted in a visibility advantage for the player using this exploit. In recent versions of Counter-Strike this command has been completely disabled..
Examples of map exploitation
One well known map exploit is on the map de_dust at the Counter-Terrorist spawn point. By having two players on top of certain boxes, then crouch-jumping on top of each other, it is possible to break the "ceiling" of the map and walk on "air" (since the top boundary of that map represents the sky). This is commonly known as "skywalking"
[It should be noted that ‘cheating’ can be subjective, way back when sky walking was possible on de_dust it was generally accepted as something fun, lighthearted, and of no threat. Not to say that there weren’t servers that did not allow it, there were. A much better example of map exploitation would be with the new version of cs_assault released for CS:Source, where you can climb up top of the sky scrapers, and look through one-side-textured walls. This is an example that is clearly past the grey line that map exploitation can be shrouded in.]
Examples of data file cheats
Replacing player skins with brighter colored ones which are easier to spot at a distance or in darker areas of the maps.
Replacing sounds of silenced weapons by their normal counterparts, making them more audible.
Currently, the Half-Life engine and the Source engine both prevent those sensitive data files from being altered in such ways. This means it is only possible to use maliciously altered data files online when combined with an executable cheat that suppresses the engine’s own integrity check.
Methods of creating cheats
Replacing client.dll and datafiles
One of the first type of cheats that appeared for Counter-Strike were the so called headshot scripts. They utilized an altered client.dll that offered additional functions to scripts, therefore a script written in extended CS script replaced the more common mouse/keyboard bindings for attacks.
Similarly, data file cheats exchanged data like sound files, but mostly models for variations that imposed some sort of drawback for the enemies of the cheater, like, louder silenced weapons or player models that were visible through walls and doors due to spikes, or in the dark due to luminous / brightly colored textures.
Neither of the two types of cheats are considered effective at this time. Regular aimbots prove to be far more powerful than headshot scripts, and client.dll, like player models / sound file changes are restricted as servers are provided checksums by clients and can choose to disconnect them if they differ from the checksum values on the server. Although theoretically a new generation of hacks could fake checksums or filesystem calls.
Hooks
Client Hooks make use of the fact that any system that employs Dynamically Linked Libraries allows the relatively easy replacement and/or redirection of function calls within those libraries. These systems include Linux, FreeBSD, Mac OSX, Windows, and just about every other modern operating system.
The reason why Counter-Strike is considered to be vulnerable to this attack is, because the mod is itself a separate entity from the Half-Life engine, and the two parties communicate to each other with easily-intercepted DLL calls. Most people consider this a special weakness of the Counter-Strike architecture that is not directly applicable to all games. However, few contemporary games are one monolithic executable, and almost all of them are utilizing DLL calls for various purposes - if not just driver calls.
The source of the loaddll library, written by the author of the original OGC was eventually released into open source, and lead to a multitude of OGC-like cheats that utilized the same facility to wedge itself between the game’s engine and the mod’s game logic.
The same thing may also have lead to the relative hook-proofness of current anti-cheats. VAC appears, and C-D even claims to be able to detect client hooks reliably, although there has been a history of hooks which managed to work without being detected by either one or both.
Amongst the first aimbots were color based aimbots, known to exist only for relatively early versions of Counter-Strike. They colored either team in its distinctive color (e.g. bright green or bright red) and would automatically fire on any pixel with this color. Since they could sometimes been foiled by using multi-colored logos, they did not have much success. A key was pressed to switch from auto-aiming at one team to the other.
Driver manipulation
Beginning with XQZ, Counter-Strike has had a long tradition of being susceptive to altered drivers. As any modern computer game, Counter-Strike makes heavy use of Win32 infrastructure - Windows API, DirectX for input, networking and sound, and the ability to use either Direct3D or OpenGL for the graphics. Theoretically, each one of these components could be manipulated to gain an unfair advantage. Although almost all drivers could be used, in practice, almost exclusively OpenGL and DirectX infrastructure, and more rarely, mouse drivers are manipulated.
Cheating-Death, unless disabled properly by specialized support hacks, generally detects replaced OpenGL drivers, VAC at one time banned users with a certain ASUS graphics card because the drivers replaced the normal DLL supplied with Windows during installation. Coincidentally, certain ASUS drivers at some point also allowed for wallhacks without requiring any additional drivers. Such False positives have seriously harmed the efforts of the ban-them-all proponents. VAC currently does not detect these cheats, which are the easiest to create.
Driver manipulations are especially nasty to detect, as basically every file on the computer could be part of a legitimate driver or a cheat. Therefore it is essentially impossible for both a Lan-Party admin or an anti-cheat tool to detect such a cheat, even when being freely available to search the suspected cheater’s computer.
Proxies
There are no known public cheats that utilize proxies, and thus are never detected. But some people suspect that proxy-like cheats exist, which could allow a cheater to remain safe from both visual detection on a lan-party, and known client- and server-side anti cheat mechanisms.
Proxies are exclusively aimbots and are giving themselves away by not having the crosshair correlate to the position of the actual impact. With small FOVs however, these cheats can be both extremely stealthy and effective even in lan play, as hits can easily be attributed to Counter-Strike’s relatively inaccurate weapons, so called lucking.
Information largely thanks to Wikipedia.
Page view:
Types of Cheats Associated with Counter-Strike:
This section describes the different types of cheats available for Counter-Strike, how they operate and how to tell when they are being used. While many single hacks may differ, they are always relatively simple, these simple hacks are however often combined into so called "multihacks" which usually include an aimbot, a wallhack and other features packaged in one handy executable.
Some of these cheats are freely downloadable from a website, sometimes even advertised by the cheat in-game with or without the cheater noticing it. Other cheats are private, although often enhanced versions of public cheats, maintained to stay undetected by anti-cheats. Due to their nature, private cheats are not normally available to anti-cheat coders which makes it very hard for them to know how to detect them. Some public hacks are released but receive so little attention that they slip by the radar of anti-cheat authors and these public hacks become just as useful to cheaters as private cheats.
While many cheats are released by the authors simply to get attention or a desire to share what they've created, a common reason why public hacks are released is to have the hack gather passwords and potentially other sensible data for the author, see also: e-mail phishing.
Examples of executable cheats
Wallhacks and ESP
Wallhacks — Makes walls and sometimes entities semitransparent to allow the user to see through walls.
ESP — Extrasensory Perception, or Expanded Perception, draws player’s hit-boxes and information such as status, class, names, health and current weapon on the screen or make them more audible, allowing the cheater to see through walls.
Spiked models — Long 'spikes', visible through walls, announce the presence of another player on the computer of a cheater.
These are the simplest to implement since a few changes, or sometimes even bugs in the graphics cards drivers, can lead to the ability of a player to see other players through walls. XQZ offered an alternative to this: a ball floating above all players that was visible through walls, even if the players themselves were hidden. But this so called "ballhack" gave the players less information, especially about the armament or the heading of enemies, and thus was not very popular. Wallhacks can even be so simple that the addition of two lines of code in an OpenGL wrapper is enough to facilitate a wallhack.
Usually, wallhack users can eventually give themselves away by acting illogically when viewed naturally, but very straightforward when observed with a wallhack. Additionally, certain effects of being able to see through walls, such as pre-aim that seems almost indistinguishable from an aimbot, can be detected server-side. Wallhacks and other similar cheats which use visual cues are impossible to hide when playing over a LAN when other players can see the cheater’s monitor.
Aimbots
Aimbots use the computer’s accurate knowledge of the enemy’s figure and aligns, and shoots automatically. Aimbots usually aim at the head, but some hacks have adjustable vectors to aim at different parts of the enemy body. Some have randomizing algorithms intended to make the identification of an aimbot user harder by spectators observing the player. In their most basic form, aimbots facilitate hitting the enemy player more accurately. However, that is where the similarities stop.
XQZ’s early, relatively primitive aimbot would be bound to a button on the keyboard or a mouse, and as long as the button was pressed, the aimbot would take care of properly aligning the crosshair on the head (or if necessary, a different body part). This button could be the same button as the fire button and thus could enable the aimbot to only aim while firing. But this gave away its presence to an alert observer by its tendency to "slave" (the all-too-proper, inhuman following of the motion of an enemy player).
Early OGC’s aimbot portion was already much more advanced, and could be configured in a variety of ways. Auto-aiming allowed automated proper aiming and slaving. Auto-shot was another feature, where the bot would automatically cause the player avatar to fire their weapon if the aimbot locked up. It could be configured freely with an aimbot FOV (field of view). XQZ style aiming could also be employed.
Later versions of OGC’s aimbot portion allowed for punctual aiming, where one hit of a button (commonly the fire button) would merely result in one single adjustment of aim, without any form of "slaving".
Modern, so called "LAN-Proof" cheats implement what is called charged aiming which is yet another improvement over punctual aiming. Punctual aiming mode is only active (charged) when a specific button is pressed shortly before the aiming is needed, and firing in turn empties this charge. While this may be inconvenient, it allows anyone at a tournament to briefly check the suspected cheater’s game for any inconsistencies, only to find nothing.
Some highly advanced and private aimbots do not even bother to move the crosshair as they are proxies and work on the network level. While essentially charged aimbots with a small FOV, the hits appear to be the result of an overabundance of luck rather than anything magically moving the crosshair. The advantage of this is to make nospread (see below) cheats less obvious and thus increase the effectiveness of them while only minimally affecting stealth.
LAN-Proof aimbots
The first well known aimbot, XQZ, was specifically designed to work at LAN parties where other players could look over the shoulders of the cheater. A modern cheat is a highly sophisticated tool with the potential employed relatively undetected at a LAN party, making what most casual cheaters and anti-cheaters know as cheats (especially the infamous OGC) look like children’s toys.
Many modern stealthy aimbots employ 'charging', where only a subtle key combination (e.g. shift + the key to buy ammo, or strafe left and right at the same time) would load the aimbot for a brief time and only for a few bullets. Even if a tournament administrator were to replace the cheater in order to look for anything suspicious, they would find nothing, for they would not know the subtle key combination to charge the aimbot. A series of occurrences of people apparently using their "timeleft" key to charge their bot has eventually made observers dub this type of aimbot Timeleft cheat.
Furthermore, a stealthy aimbot is configured to use only a small FOV (field of view), forcing the cheater to actually move their mouse to aim the crosshair sufficiently close to the position of the enemy. By relying on the cheaters normal reactions for the initial part of aiming the cheat becomes more natural looking and harder to detect but still allows the cheater dead-on accuracy once activated. Alternatively an aimbot can be configured to be charged for auto-aim and auto-fire only when a player is in dire situations. Furthermore, well made stealthy aimbots don't slave - they are aimed and fired the instant the mouse button is pressed, and do not move again until the mouse is pressed a second time. Even an experienced observer trying to verify if mouse and screen movements correlate would have a tough time seeing anything out of the ordinary, with the cheating being almost indistinguishable from a skilled player with good aim and reflexes.
There are rumors about a few exclusive and private aimbots which appear to work with a proxy-type lucking technique rather than actual aiming, to make the screen’s movement even less visible. The mouse would be dragged near the enemy, and upon pressing the fire button, the bullet magically hits the head of the target despite the crosshair not being directly on top of it. While this would be very obvious with large FOVs, it would be almost impossible to notice with sufficiently small FOVs due to Counter-Strike’s often inaccurate weapons and inexplicable hits/misses, which do not make such hits seem impossible, except for their extreme frequency.
There is a rumor amongst some Counter-Strike players is that it would be possible to insert a small hack into the memory of a mouse, which would be executed upon being plugged into the USB connector of the computer. This would allow cheaters to cheat even in tournament situations where they may use nothing but their own keyboard and mouse on a secure machine. The lack of such programmable mouse memory and the lack of evidence of an operating system exploit which would allow this almost certainly confirms this story as nothing but an urban legend but it serves as a good illustration of the paranoia widespread cheating has inflicted on the gaming community.
No-Recoil and no-spread
Essentially the same thing, no-recoil and no-spread attempt to reduce the inaccuracy of weapons when firing. No recoil describes the automated compensation of recoil on the vertical axis, while no spread tries to compensate the horizontal spread of the weapon. As the recoil and spread of gunfire in Counter-Strike is pseudo-random, it can be reverse-engineered and predicted, allowing a cheat to compensate for inaccuracy.
The different names for no recoil and no-spread are mostly historical. No-recoil is much older and could be performed by protohacks - all that was necessary was to move the aiming reticle downwards in a distinctive way to accommodate for the vertical recoil of the weapons. No spread is by comparison, a relatively recent invention that can accurately predict the deviation and compensate for any inaccuracy, making all bullets hit exactly the same spot.
While both variants can be used independently, some older, slaving aimbots make the use of at least a no-recoil cheat a necessity, thus effectively making them part of the aimbot itself. Even with modern, punctual/charged aimbots it is very common to utilize no-spread if stealth isn't as important as performance. More stealthy, chargeable aimbots usually link the spread-suppressing factor to the charge and state of the aimbot. This prevents any stray, unaimed shots at a wall from giving away the presence of a no-spread cheat. They may also only remove the spread from the first 3-5 shots, or even only the first two bullets fired from a gun. However, they can eventually be detected by observers from subtle, rapid movements of the crosshair and are thus often disabled completely when stealth is paramount, like at LAN parties.
Speedhacks
Speedhacks change the computer’s perception of time and lets the cheater act extraordinarily fast. Most of the time they are found in combination with other cheats. Speedhacks can offer high time rates to clean out maps within seconds, or very slightly increased time rates to subtly improve the performance of an aimbot. Any client with a speed hack installed will find that their in-game movement and weapon rate-of-fire are far faster than other players. Like no-recoil, a timehack (or speedhack) is most often used in combination with an aimbot. Depending on the rate of time acceleration, a timehack can be used to rush to the enemy team’s spawn point and kill all enemy players within the first seconds of a round, or it can be used with a very low time acceleration (e.g. a rate of 1.1 or 1.2) to improve total damage over time of weapons. A timehack with a low time acceleration can also be used to reduce the time required to reload weapons.
While timehacks are often disabled when stealth is paramount, in laggy Internet play, very small accelerations are near impossible to detect without dedicated timing or software.
Examples of exploiting the configuration files
ex_interp — Changing the "ex_interp" variable changes the interpolation time. Half-Life’s network code interpolates the movement of the last N (N being the value of the ex_interp variable, defaulted to 100ms), thus the actual movement of an enemy player is seen N milliseconds later than when it actually arrives at the server. The result was that immobile players often got the impression of being shot before they even saw the shooter running around the corner. Since version 1.6 this command has become an acceptable configuration change due to changes in how the games network code handles this variable.
gl_monolights — was a quick way to make all the walls uniformly bright, taking away all shadows. This resulted in a visibility advantage for the player using this exploit. In recent versions of Counter-Strike this command has been completely disabled..
Examples of map exploitation
One well known map exploit is on the map de_dust at the Counter-Terrorist spawn point. By having two players on top of certain boxes, then crouch-jumping on top of each other, it is possible to break the "ceiling" of the map and walk on "air" (since the top boundary of that map represents the sky). This is commonly known as "skywalking"
[It should be noted that ‘cheating’ can be subjective, way back when sky walking was possible on de_dust it was generally accepted as something fun, lighthearted, and of no threat. Not to say that there weren’t servers that did not allow it, there were. A much better example of map exploitation would be with the new version of cs_assault released for CS:Source, where you can climb up top of the sky scrapers, and look through one-side-textured walls. This is an example that is clearly past the grey line that map exploitation can be shrouded in.]
Examples of data file cheats
Replacing player skins with brighter colored ones which are easier to spot at a distance or in darker areas of the maps.
Replacing sounds of silenced weapons by their normal counterparts, making them more audible.
Currently, the Half-Life engine and the Source engine both prevent those sensitive data files from being altered in such ways. This means it is only possible to use maliciously altered data files online when combined with an executable cheat that suppresses the engine’s own integrity check.
Methods of creating cheats
Replacing client.dll and datafiles
One of the first type of cheats that appeared for Counter-Strike were the so called headshot scripts. They utilized an altered client.dll that offered additional functions to scripts, therefore a script written in extended CS script replaced the more common mouse/keyboard bindings for attacks.
Similarly, data file cheats exchanged data like sound files, but mostly models for variations that imposed some sort of drawback for the enemies of the cheater, like, louder silenced weapons or player models that were visible through walls and doors due to spikes, or in the dark due to luminous / brightly colored textures.
Neither of the two types of cheats are considered effective at this time. Regular aimbots prove to be far more powerful than headshot scripts, and client.dll, like player models / sound file changes are restricted as servers are provided checksums by clients and can choose to disconnect them if they differ from the checksum values on the server. Although theoretically a new generation of hacks could fake checksums or filesystem calls.
Hooks
Client Hooks make use of the fact that any system that employs Dynamically Linked Libraries allows the relatively easy replacement and/or redirection of function calls within those libraries. These systems include Linux, FreeBSD, Mac OSX, Windows, and just about every other modern operating system.
The reason why Counter-Strike is considered to be vulnerable to this attack is, because the mod is itself a separate entity from the Half-Life engine, and the two parties communicate to each other with easily-intercepted DLL calls. Most people consider this a special weakness of the Counter-Strike architecture that is not directly applicable to all games. However, few contemporary games are one monolithic executable, and almost all of them are utilizing DLL calls for various purposes - if not just driver calls.
The source of the loaddll library, written by the author of the original OGC was eventually released into open source, and lead to a multitude of OGC-like cheats that utilized the same facility to wedge itself between the game’s engine and the mod’s game logic.
The same thing may also have lead to the relative hook-proofness of current anti-cheats. VAC appears, and C-D even claims to be able to detect client hooks reliably, although there has been a history of hooks which managed to work without being detected by either one or both.
Amongst the first aimbots were color based aimbots, known to exist only for relatively early versions of Counter-Strike. They colored either team in its distinctive color (e.g. bright green or bright red) and would automatically fire on any pixel with this color. Since they could sometimes been foiled by using multi-colored logos, they did not have much success. A key was pressed to switch from auto-aiming at one team to the other.
Driver manipulation
Beginning with XQZ, Counter-Strike has had a long tradition of being susceptive to altered drivers. As any modern computer game, Counter-Strike makes heavy use of Win32 infrastructure - Windows API, DirectX for input, networking and sound, and the ability to use either Direct3D or OpenGL for the graphics. Theoretically, each one of these components could be manipulated to gain an unfair advantage. Although almost all drivers could be used, in practice, almost exclusively OpenGL and DirectX infrastructure, and more rarely, mouse drivers are manipulated.
Cheating-Death, unless disabled properly by specialized support hacks, generally detects replaced OpenGL drivers, VAC at one time banned users with a certain ASUS graphics card because the drivers replaced the normal DLL supplied with Windows during installation. Coincidentally, certain ASUS drivers at some point also allowed for wallhacks without requiring any additional drivers. Such False positives have seriously harmed the efforts of the ban-them-all proponents. VAC currently does not detect these cheats, which are the easiest to create.
Driver manipulations are especially nasty to detect, as basically every file on the computer could be part of a legitimate driver or a cheat. Therefore it is essentially impossible for both a Lan-Party admin or an anti-cheat tool to detect such a cheat, even when being freely available to search the suspected cheater’s computer.
Proxies
There are no known public cheats that utilize proxies, and thus are never detected. But some people suspect that proxy-like cheats exist, which could allow a cheater to remain safe from both visual detection on a lan-party, and known client- and server-side anti cheat mechanisms.
Proxies are exclusively aimbots and are giving themselves away by not having the crosshair correlate to the position of the actual impact. With small FOVs however, these cheats can be both extremely stealthy and effective even in lan play, as hits can easily be attributed to Counter-Strike’s relatively inaccurate weapons, so called lucking.
Information largely thanks to Wikipedia.
Powered by Wikka Wakka Wiki 1.1.6.0∞
Latest Topics
-
Counter Hack 
News Archive- About Us
- The Staff
- Articles
- Interviews
- Public Opinion
- FAQ
- Contact
- Forums
- CH Clan Directory
- Anti-Cheat Resources
- Submit Demo
- Our Steam Banlist
- Anti-Cheat Downloads
- Anti-Cheat Information
- Hacks Dictionary
- Types of Hacks
- How Hacks Work
- How to Ban Cheaters
- Cheats & Hacks
- America's Army
- Battlefield
- Battlefield 2
- Call of Duty
- Call Of Duty 2
- Diablo II
- Half Life
- Half Life II
- Medal of Honor
- Quake III
- Warcraft III
- World of Warcraft
- Unreal Tournament
- Recent Changes
