[Gods of Gaming]
Would you like to react to this message? Create an account in a few clicks or log in to continue.

[Gods of Gaming]


 
HomePortalSearchLatest imagesRegisterLog in

[Gods of Gaming] :: Trash :: Trash
 

 Spotting a Hacker for Dummies.

Go down 
AuthorMessage
Ashlock
Uber Nub
Uber Nub



Posts : 7
Join date : 2008-05-08

Spotting a Hacker for Dummies. Empty
PostSubject: Spotting a Hacker for Dummies.   Spotting a Hacker for Dummies. I_icon_minitimeSat May 10, 2008 6:32 am
SPOTTING HACKERS TUTORIAL

Every single day of the year here at Gods of Gaming, we ban people. We ban them for being racist; We ban them for being disrespecting our servers or us. We also ban alot of people for cheating in our servers.

We have an Anti-Cheat Team of highly experienced and talented individuals whose sole purpose is to determine if a player is cheating or not. this team goes through several demos daily, taking time out of their day to make sure our servers are clean, fun, and a cheat free place to play.

Unfortunately the demos they watch are not always conclusive. Either the demo does not show the cheaters SteamID, or the person being recorded is not actually cheating. I will not blame anyone for this, as everyone makes mistakes. The reason for these mistakes is our guest admins are not trained in cheat detection as our Anti-Cheat Team is. My hope is that this document will show our admins, and players alike, the best methods for detecting cheaters.

The Cheats

There are many different forms of cheats or 'hack' for Counter-Strike and CS:S, some are easier to detect than others. In order to determine if a player is cheating, it is best to know what the different cheats actually do. Take Notes!

Wall-Hacks

Wall hacks are probably the most used cheat. most cheat programs have built in wall-hack in some form. somtimes many forms. There are some cheats that simply change client variables to allowe the player to view entities through walls ( such as Player Models). Some many disable key features in the map or prop_details entities. This would be boxes, Windows in dust/2 and so on.

Some wall-hack programs will cause the walls to be semi-transparent, in settable levels from almost solid to almost invisible.

ESP

ESP ( Extra Sensory Perception ) is usually bundled with other cheats. ESP basically draws a box every player. As with a wall-hack, ESP comes in all shapes and sizes. Some of them just draw a box, red or blue depending on the team. This is a visual aid to show who to shoot at, and to see players in darker areas. ESP will normally work through walls, so it can be used to effect of a wall-hack. In the more 'complex' hacks. ESP can be used to show a players name, their Hitboxes, what weapon they are holding, how much ammo is in their gun, if they are reloading, and so on.

No-Flash/No-Smoke

No-Flash and no-smoke hacks do just that. They will make a cheater immune to the effect of a flashbang and smoke grenades.

Speed-Hacks

The easiest and most blatant form of hacking, usually used along side Aimbots or Wall-Hacks. Speed-Hacks will enable a player to move exponentially faster than normal speed. I am not certain how they work, as I have never coded a hack before, but I do know that most speed-Hacks have different modes. There is 'speed' and 'aspeed'. 'Speed' will cause the player to move at a preset or settable speed, ranging from 1x to up to (and beyond) 100x. 'A-Speed' is Attack-Speed. This means the Speed-Hack will only activate when the player +attack is triggered, when the player shoots. 'A-Speed' is usually used to a low settings, many 1.1x to minimize detection while giving the player a slight speed advantage. this lower setting of 1.1x can easily be misinterpreted as lag, this the hacker foes undetected.

AimBots

Aimbots have their own section. There are many different kinds of aimbots I will cover, so pay attention.

The one thing every aimbot has in common is its function. aimbots are used to make aiming easier, or even completely automatic for player. Generally used in combination with other cheats mentioned above, the aimbot is the most effective and annoying hundred lines of code ever written. Actually it's probably more like a thousand lines...anyways...

Anti-Recoil

Anti-Recoil is generally categorized separately from aimbots. It is not separate, it helps with aiming, and therefore it is an aimbot.

Anti-Recoil is the most basic from of aimbot. usually used with Nospread and Vector aimbots (see below), Anti-Recoil will reduce of eliminate the recoil felt by the player. In other words, his crosshair won't move much, move downwards instead of up or not at all when he shoots.

No-Spread

No-Spread is somewhat similar to Anti-Recoil. No-Spread is almost always used with Anti-Recoil, and usually used with Vector aimbots. No-Spread limits or eliminates the inaccuracy while 'spraying' and automatic weapon. The name No-Spread comes from the fact that when use use it, it has the same results as if your crosshair did not spread apart while shooting, this increasing accuracy.

Bound Aimbot

Bound aimbots use a FAV and Hitboxes to aim. Normally this aimbot is bound to mouse1 (or the +attack function), and will automatically aim within a preset radius for a preset body part or hitbox. Generally the cheat will have settings to aim for the head, cheat, stomach, arms, and legs. Head being most effective, it is also the most detectable. Most will set this to Cheat ro Stomach to avoid detection. The aimbot uses a FOV (or Field of View) to determine where to shoot. This is set in degress from 1 to 180 in either direction (Note: Some cheats may use 1-360). If player sets the FOV to 180, and the Hitbox to head, every time he fires his weapon, the aimbot will take over and lock onto the heads of any enemy within that radius of 180 degrees (In any direction).

Most cheaters scared og being detected will use low FOV settings of 1-15 degrees, and set the Hitbox to anything but head. This means that when the cheater sees an enemy, he can point in the general direction and let the aimbot do its work. This generally will look like a lad from a spectator's point of view.

Automatic Aimbots

Same effect as the Bound aimbot, only the aimbot will go to work no matter what button is pressed. Because, of this, this aimbot is much easier to detect.

Vector Based Aimbot

Vector Aimbots are the most complex, and most effective form of aimbot when used properly. Usually characterized by a seemingly random shake, this is the easiest aimbot to detect.

Vector Based Aimbots use a series of algorithms, different for each weapon, which are designed to produce "Perfect Accuracy". though few people can get this result, that was this aimbots original intention. Vector Based aimbots almost always use FOV Hitbox aimbot, No-spread and anti-Recoil.

The cheat calculates and predicts where the bullets will go at any given time in a game, and moves the crosshairs accordingly. For example, if a player shoots a two rounded burst with an M4A1, the first bullet may hit dead on, but the second bullet might up 1 inch and left one inch. In the exact same situation, the Vector Based Aimbot would go down 1 inch, and right one inch for the second shot, causing it to hit the same place as the first. This is why these aimbots shake as they do.

You will notice that the shake is different for each gun and situation. If the cheater holds an M4 and crouches, there will be almost no shake at all, because if the shoots only once, that bullet will hit almost dead on anyways. However if that player were to spray his weapon, the Vector would take over and he would shake like crazy to counter the recoil and spread.
The cheater himself does not see this shake, it can only be seen by the other player in the server.

The Vector themselves are defined by a line of numbers in a config file bundled with the cheat. this config file can sometimes contain several different vectors for each weapon, designed for different purposes. some for 'spraying' M4 headshots, some for noscoping scout headshots, and so on.

Other Hacks

There are a few other random hacks out there which are not worth going into depth with, but I will mention some of them.

Full-Bright - Removed lighting from the map, so every texture is super bright. No dark corners.
White-Walls - Turns every texture in the map solid white, for easily spotting the enemy.
VEC Dodger - Used to avoid the Vector Aimbot, characterized by the player spinning rapidly.

Now... How do I spot a hacker?

This is a tough subject, so you will be reading for a while here. Detecting cheats is not an exact science. If it were, we wouldn't need an Anti-Cheat Team.

Detecting Wall-Hacks

Wall-Hacks can be easily hidden, but are almost always detectable. It takes a trained eye, and alot of watching to spot a 'good' wall-hacker. Look for signs and clues as to his movement, and listen to the sounds in the game, as most wall-hackers will claim to have a very good sound system for headphones.

For Those wall-hackers that hide it well, try recording a demo of the player for several rounds, and watching it yourself in Wireframe mode. to do this, follow these directions;

1. Open Console [~] ( While not connected to any servers... )
2. Type "playdemo NAME" replacing NAME with the name of the demo which you recorded. (or shift+F2 while in CS:S)
3. Wait for the demo to load. It can take a while determining how long the demo may be.
4. In console, type "sv_cheats 1"
5. In console, type "mat_wireframe 1" or "r_drawothermodels 2"


This will enable wireframe mode. this command will only work is SV_CHEATS is set to 1 in the server. You cannot set SV_CHEATS to 1 in any server you do not own or even have RCON to. Do Not Attempt To turn On Wireframe In A Public Server, It Will Not Work!!!

Anyways, now that you are watching the demo with wall-hacks, you will be able to see what the player was pointing at when he/she looks at a wall. If you notice the player looking directly at another player through the walls, several times, or following the other player when he/she moved around, then he may have been using wallhacks. Send the demo to NOT AVALIBLE

Sometimes it's much easier, sometimes much harder. For example you may have someone blatantly follow someone elses head through the wall and shoot it off the very instant he comes around the corner, bit on the other cases it is almost impossible to tell if the player is walling. If a player is lining up shots before going round the corner than this can indicate that a player is using a wallhack. If the target player is in a regular camping spot, then it may just be the player knows the map well, if the player is in a more open or unusual position then it is a strong indicator that wallhacks may be being used.

For those super-hard to detect wall-hackers, you must listen very carefully to what he can hear. See if he reacts to grenades thrown from the other side of the wall before he can see/hear them. Watch which corners and camping spots he checks, sometimes wall-hackers will only check the spots that people are in, and ignore the rest. If you see alot of behavior like this, the player is likely wall-hacking.

Please, note... Not all players who shoot through walls and get kills are wall-hackers. I shoot through walls all the time, I get a k ill from it once in a while, no big deal. If you get killed through a dorr once, there is no need to demo and ban right away.

Use your RADAR! the radar can be extremely useful when trying to decide if someone is wallhacking. If you are spectating a player who is firing through a wall you can use your radar map to tell whether there is an apposition player on the other side and whether they are being hit. switching to freeview and moving your view through the wall is ok, but remember that in the time it takes you to do that, the target player may have moved, or another player moved to that location.


Detecting No-Smoke/No-Flash hacks

Unfortunately it is pretty hard to detect no-flash hacks these days due to the simple fact that a player not be blind at the time, but they can still hear the sound of being flashed and to determine when he can pretend like he can see again, but in the mean time of supposibly being blind he can cover him or her self. the flash effect is not the same on all computers. I have tested this by putting two computers next to each other, loading them both into a server, and using one to spectator and the other while I flashed myself. both screens went white, but the one in spectator stayed white for a good 6-8seconds longer than the player them selfs.

If you noticed the player gettings alot of blind kills, try to determine how blind he should be by position and distance. Now some times when people are blinded their only blinded for a split second, but still have the sound of being flashed played to them. If the player turned away last second, there is a good chance the SPECTATOR would be completely blind, while he was only partial. this differance is caused by Latency (or PING). The flash effect it not calculated by the server, it is done by the players computer. If he turned away really quick 30ms (milaseconds) before the flashbang went off, and his ping is more than 30, you would get completely blinded, but he would be half blinded. Take this into consideration when accusing a player of noflash hacking.

No-Smoke is also pretty tricky, since many people use different video settings. It is easier to see through smoke grenades with certain adjustments made in video settings. Resolutiomn, AA, AF, Shading... It will all have an effect on just how transparent smoke seems.

Fortunately the smoke is never completely transparent, and at a certain point within the cloud your screen will almost always go soild gray. Watch for multiple kills with bursted fire through smoke. A player with a no-smoke hack will usually try to kill everyone on the other side of the smoke before it dissipates, giving him the upper hand. It he truly has a nosmoke hack, his shots will be (for the most part) on target. You can use the same demo_wireframes method here to determine this.

Detecting Speed-Hacks

Speed-Hacks are almost always easy to spot. If the player gets from his spawn to the enemys spawn before the enemy has bought anything. He is probably speedhacking or just Mole if it is a WarCraft Server.

Any speedhack set higher than 1.3x is east to detect, and most speedhacks users will set their hacks for complete domination by setting it to 40x or something.

For those few 1.1x users, there is one way to see it. In your console type "cl_showpos 1". This will show your (or who you're specing) current real-time position, as well as your velocity. If this number goes above 260 sustained while walking forward, there is a chance the user is speedhacking. Normal speed with a knife or pistol is 240, the fastes is the scout at 250 (Yes, as I have even said on the server considering the scout is my favorite and best weapon. YOU GO FASTER WITH A SCOUT THAN YOU DO A KNIFE!.}

Other than that, you can watch for lag spikes from the player. Lag spikes don't mean someone is speedhacking. What I am saying is, when a player speedhacks, sometimes they will spike once every second, for about 1/4 of a second. His ping will stay steady, but his character will spike. this is one side effect of speedhacking. If you notice this when he is running, he MIGHT be speedhacking.


Author: Ashlock
Creation: April 24, 2008
Back to top Go down
 
Spotting a Hacker for Dummies.
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
[Gods of Gaming] :: Trash :: Trash-
Jump to: