#1So, read it:
Hello, Steam/Valve Community.
I worked as an Anti-Cheat Team member with a few communitys a total of 5-7yrs., which controlled over hundreds of servers across CS 1.6 and CSS.. I've been playing Counter-Strike since 1.4 BETA.
I stumbeled upon this searching random things on my profile, and noticed I could actually publish guides. Considering my guide was specificially for STEAM and their CS:S/CS:GO. I decided to publish it.
I hope you enjoy the guide, and find that it helps you. Don't forget to rate! Happy Fragging!
Thank you.
-Tengauge12
-Success is peace of mind which is a direct result of self-satisfaction in knowing you made the effort to become the best that you are capable of becoming.-
Detecting Wall-Hacks
Wall-Hacks
Wall-Hacks are probably the most used cheat, most cheat programs have built in wall-hacks in some form, sometimes many forms. There are some cheats that simply change client variables to allow the player to view entities through walls ( such as Player Models ). Some even have disable key features in the map or prop_details entities. This would be boxes, Windows in dust/2 and so on.
Some wall-hack programs will cause the walls to be semi-transparent, in settable levels from almost solid to almost invisible.
Detecting Wall-Hacks
Wall-Hacks can be easily hidden, but are almost always detectable. It takes a trained eye, and alot of watching to spot a 'good' wall-hacker. Look for signs and clues as to his movement, and listen to the sounds in the game, as most wall-hackers will claim to have a very good sound system for headphones.
For Those wall-hackers that hide it well, try recording a demo of the player for several rounds, and watching it yourself in Wireframe mode. to do this, follow these directions;
- Open Console [~] ( While not connected to any servers... )
Type "playdemo NAME" replacing NAME with the name of the demo which you recorded. (or shift+F2 while in CS:S)
Wait for the demo to load. It can take a while determining how long the demo may be.
In console, type "sv_cheats 1"
In console, type "mat_wireframe 1" or "r_drawothermodels 2"
In console, type "sv_showimpacts 1" Very usual to see where bullets hit to spot no recoil.
In console, type "demoui" Which will bring up a window allowing you to slow the demo down, and skip to specific parts in the demo using the tick.
This will enable wireframe mode. This command will only work if SV_CHEATS is set to 1 in the server. You cannot set SV_CHEATS to 1 in any server you do not own or even have RCON to.
(NOTE:Do Not Attempt To turn On Wireframe In A Public Server, It Will Not Work!!!)
Anyways, now that you are watching the demo with wall-hacks, you will be able to see what the player was pointing at when he/she looks at a wall. If you notice the player looking directly at another player through the walls, several times, or following the other player when he/she moved around, then he may have been using wallhacks.
Sometimes it's much easier, sometimes much harder. For example you may have someone blatantly follow someone elses head through the wall and shoot it off the very instant he comes around the corner, bit on the other cases it is almost impossible to tell if the player is walling. If a player is lining up shots before going round the corner than this can indicate that a player is using a wallhack. If the target player is in a regular camping spot, then it may just be the player knows the map well, if the player is in a more open or unusual position then it is a strong indicator that wallhacks may be being used.
For those super-hard to detect wall-hackers, you must listen very carefully to what he can hear. See if he reacts to grenades thrown from the other side of the wall before he can see/hear them. Watch which corners and camping spots he checks, sometimes wall-hackers will only check the spots that people are in, and ignore the rest. If you see alot of behavior like this, the player is likely wall-hacking.
Please, note... Not all players who shoot through walls and get kills are wall-hackers. I shoot through walls all the time, I get a k ill from it once in a while, no big deal. If you get killed through a dorr once, there is no need to demo and ban right away.
Use your RADAR! the radar can be extremely useful when trying to decide if someone is wallhacking. If you are spectating a player who is firing through a wall you can use your radar map to tell whether there is an apposition player on the other side and whether they are being hit. switching to free-view and moving your view through the wall is ok, but remember that in the time it takes you to do that, the target player may have moved, or another player moved to that location.
ESP
ESP
ESP ( Extra Sensory Perception ): is usually bundled with other cheats. ESP basically draws a box around every player. As with a wall-hack, ESP comes in all shapes and sizes. Some of them just draw a box, red or blue depending on the team. This is a visual aid to show who to shoot at, and to see players in darker areas.
ESP will normally work through walls, so it can be used to effect of a wall-hack. In the more 'complex' hacks. ESP can be used to show a players name, their Hitboxes, what weapon they are holding, how much ammo is in their gun, if they are reloading, and so on.
Detecting No-Smoke/No-Flash Hacks
No-Flash/No-Smoke
No-Flash and No-Smoke hacks do just that. They will make a cheater immune to the effect of a flashbang and smoke grenades.
Detecting No-Smoke/No-Flash hacks
Unfortunately it is pretty hard to detect no-flash hacks these days due to the simple fact that a player not be blind at the time, but they can still hear the sound of being flashed and to determine when he can pretend like he can see again, but in the mean time of supposedly being blind he can cover him or her self. the flash effect is not the same on all computers. I have tested this by putting two computers next to each other, loading them both into a server, and using one to spectator and the other while I flashed myself. both screens went white, but the one in spectator stayed white for a good 6-8seconds longer than the player themselves.
If you noticed the player getting alot of blind kills, try to determine how blind he should be by position and distance. Now some times when people are blinded their only blinded for a split second, but still have the sound of being flashed played to them. If the player turned away last second, there is a good chance the SPECTATOR would be completely blind, while he was only partial. this differance is caused by Latency (or PING). The flash effect it not calculated by the server, it is done by the players computer. If he turned away really quick 30ms (milaseconds) before the flashbang went off, and his ping is more than 30, you would get completely blinded, but he would be half blinded. Take this into consideration when accusing a player of noflash hacking.
No-Smoke is also pretty tricky, since many people use different video settings. It is easier to see through smoke grenades with certain adjustments made in video settings. Resolution, AA, AF, Shading... It will all have an effect on just how transparent smoke seems.
Fortunately the smoke is never completely transparent, and at a certain point within the cloud your screen will almost always go soild gray. Watch for multiple kills with bursted fire through smoke. A player with a no-smoke hack will usually try to kill everyone on the other side of the smoke before it dissipates, giving him the upper hand. It he truly has a nosmoke hack, his shots will be (for the most part) on target. You can use the same demo_wireframes method here to determine this.
Detecting Speed-Hacks
Speed-Hacks
The easiest and most blatant form of hacking, usually used along side Aimbots or Wall-Hacks. Speed-Hacks will enable a player to move exponentially faster than normal speed. I am not certain how they work, as I have never coded a Speed-hack before, but I do know that most speed-Hacks have different modes.
There is 'speed' and 'aspeed';
'Speed' will cause the player to move at a preset or settable speed, ranging from 1x to up to (and beyond) 100x.
'A-Speed' is Attack-Speed. This means the Speed-Hack will only activate when the player +attack is triggered, when the player shoots. 'A-Speed' is usually used to a low settings, many 1.1x to minimize detection while giving the player a slight speed advantage. This lower setting of 1.1x can easily be misinterpreted as lag, this the hacker foes undetected.
Detecting Speed-Hacks
Speed-Hacks are almost always easy to spot. If the player gets from his spawn to the enemys spawn before the enemy has bought anything. He is probably speedhacking or just Mole if it is a WarCraft Server.
Any speedhack set higher than 1.3x is east to detect, and most speedhacks users will set their hacks for complete domination by setting it to 40x or something.
For those few 1.1x users, there is one way to see it. In your console type "cl_showpos 1". This will show your (or who you're spectating) current real-time position, as well as your velocity. If this number goes above 260 sustained while walking forward, there is a chance the user is speedhacking. Normal speed with a knife or pistol is 240, the fastest is the scout at 250, although I believe this to be different on CS:GO.
Other than that, you can watch for lag spikes from the player. Lag spikes don't mean someone is speedhacking. What I am saying is, when a player speedhacks, sometimes they will spike once every second, for about 1/4 of a second. His ping will stay steady, but his character will spike. this is one side effect of speedhacking. If you notice this when he is running, he MIGHT be speedhacking.
Detecting Aimbots
AimBots
Aimbots have their own section. There are many different kinds of aimbots I will cover, so pay attention.
The one thing every aimbot has in common is its function. aimbots are used to make aiming easier, or even completely automatic for player. Generally used in combination with other cheats mentioned above, the aimbot is the most effective and annoying hundred lines of code ever written. Actually it's probably more like a thousand lines...anyways...
Anti-Recoil
Anti-Recoil is generally categorized separately from aimbots. It is not separate, it helps with aiming, and therefore it is an aimbot.
Anti-Recoil is the most basic from of aimbot. usually used with Nospread and Vector aimbots (see below), Anti-Recoil will reduce of eliminate the recoil felt by the player. In other words, his crosshair won't move much, move downwards instead of up or not at all when he shoots.
No-Spread
No-Spread is somewhat similar to Anti-Recoil. No-Spread is almost always used with Anti-Recoil, and usually used with Vector aimbots. No-Spread limits or eliminates the inaccuracy while 'spraying' and automatic weapon. The name No-Spread comes from the fact that when use use it, it has the same results as if your crosshair did not spread apart while shooting, this increasing accuracy.
Bound Aimbot
Bound aimbots use a FOV and Hitboxes to aim. Normally this aimbot is bound to mouse1 (or the +attack function), and will automatically aim within a preset radius for a preset body part or hitbox. Generally the cheat will have settings to aim for the head, chest, stomach, arms, and legs. Head being most effective, it is also the most detectable. Most will set this to Chest or Stomach to avoid detection. The aimbot uses a FOV (or Field of View) to determine where to shoot. This is set in degrees from 1 to 180 in either direction (Note: Some cheats may use 1-360). If player sets the FOV to 180, and the Hitbox to head, every time he fires his weapon, the aimbot will take over and lock onto the heads of any enemy within that radius of 180 degrees (In any direction).
Most cheaters scared of being detected will use low FOV settings of 1-15 degrees, and set the Hitbox to anything but head. This means that when the cheater sees an enemy, he can point in the general direction and let the aimbot do its work. This generally will look like a lad from a spectator's point of view.
Automatic Aimbots
Same effect as the Bound aimbot, only the aimbot will go to work no matter what button is pressed. Because, of this, this aimbot is much easier to detect.
Vector Based Aimbot
Vector Aimbots are the most complex, and most effective form of aimbot when used properly. Usually characterized by a seemingly random shake, this is the easiest aimbot to detect.
Vector Based Aimbots use a series of algorithms, different for each weapon, which are designed to produce "Perfect Accuracy". though few people can get this result, that was this aimbots original intention. Vector Based aimbots almost always use FOV Hitbox aimbot, No-spread and anti-Recoil.
The cheat calculates and predicts where the bullets will go at any given time in a game, and moves the crosshairs accordingly. For example, if a player shoots a two rounded burst with an M4A1, the first bullet may hit dead on, but the second bullet might up 1 inch and left one inch. In the exact same situation, the Vector Based Aimbot would go down 1 inch, and right one inch for the second shot, causing it to hit the same place as the first. This is why these aimbots shake as they do.
You will notice that the shake is different for each gun and situation. If the cheater holds an M4 and crouches, there will be almost no shake at all, because if the shoots only once, that bullet will hit almost dead on anyways. However if that player were to spray his weapon, the Vector would take over and he would shake like crazy to counter the recoil and spread.
The cheater himself does not see this shake, it can only be seen by the other player in the server.
The Vector themselves are defined by a line of numbers in a config file bundled with the cheat. this config file can sometimes contain several different vectors for each weapon, designed for different purposes. some for 'spraying' M4 headshots, some for noscoping scout headshots, and so on.
The shaking is due to the No-spread hack. Why does it shakes? Simply because no-spread is handled by the server and therefore cannot be done by simply
patching bytes into CSS memory like no visual recoil. No spread is done by intensive mathematical calculations to set your view angles at the right place when fireing a certain weapon so only your view is "spreading" but not your bullets.
This is why you shake due to the no spread doing his work. Vec aimbot is just another method of aiming.
--------------------------------------------------------------------------------------------------------------------------
Detecting Aimbots
A lot goes into detecting aimbots in some cases. There are alot of factors to consider, mainly Latency (or PING), Mouse and Sensitivity.
If you have a friend record a demo of you, while you record a demo of yourself, you may be surprised how different those two demos of you will be. In the one you recorded, you will see what you say while playing, you point at a player and fire. In the other demo however, your movement will appear smoother (If you are a 'twitchy' player), and you will appear to shoot before your crosshairs are on the target. this difference is caused by latency (or PING). the higher your ping, the more time difference you will see in the person you are spectating, and in your demo.
High mouse sensitivity can cause a shaky look on another player. Personally I use a sensitivity of 7 with a simple optical mouse, so when I use a scopped weapon, my crosshairs appear to shake when I move my mouse.
To determine if this shake is because of a mouse, instead of an aimbot, you can watch how the shake reacts to certain movements and weapons. If the shake increases when the player walks or jumps, it is possibly an aimbot. Vector Based aimbots will shake extremely violently when the player jumps. However, if it does not increase. The player it not using a vector aimbot.
The mouse-shake is most noticeable when watching a player with a scoped weapon such as an AWP. The shake is only shown when the player is scoped in, and moving his mouse. AWP is the easiest though. Because, the AWP will always hit dead on if you stand still, a vector aimbot does not need to compensate or move at all. If you see shaking while a player is scoped with an AWP and standing perfectly still other than mouse movements, he is not likely aimbotting.
If you notice a player appears to mis the enemy after a swing-shot, but registers as a kill, keep in mind about the latency (or PING) difference.
A word on Recoil; If you see a player with no recoil at all, that does NOT automatically mean the player is hacking. Sometimes, depending on rates and ping, recoil than a lack of recoil for our Anti-Cheat Team to take actions.
On the other hand though, if a player shoots once, gets a headshot, but his mouse did not even move until after the shot was fired, I would be suspicious of a Bound Aimbot. If this happens multiple times, where he gets a headshot before even moving the mouse. Since the player moved before he shot, it should move at least a little before his/her shot goes off. Either he/she has the fastest hands in the west, or there is foul play at hand.
NOTE: You may notice with scoped weapons, alot of the time players will get a hit or kill without the scope being targeted. This is a result of latency (or PING) on both sides. The higher the ping, the more of the delay there will be.
Other Hacks/Methods
Other Hacks
There are a few other random hacks out there which are not worth going into depth with, but I will mention some of them.
- Full-Bright - Removed lighting from the map, so every texture is super bright. No dark corners.
White-Walls - Turns every texture in the map solid white, for easily spotting the enemy.
VEC Dodger - Used to avoid the Vector Aimbot, characterized by the player spinning rapidly.
Material Walls -Turns the textures transparent by a percentage, thus allowing you to see them through walls, which can easy be stopped by setting sv_pure on the server.
Other Methods
Observe the players overall skill in the game to help you determine if the player is cheating. Watch how they move around the map and handle their weapons. If they jump around the map easily, switch weapons well and make good use of grenades then they are most likely a good player. Although the does not mean that they do not cheat.
I hope you have found the knowledge and mental experience in catching those pesky hackers.
Always remember though, if you are uncertain of a player cheating, record a demo and watch it. I would advise you all to view demos yourself, watch them and learn from them and use the methods given above to better your learning. Practice makes perfect. So, if you have 15minutes to kill, load up one of those demos!!!
Okay, well I hope everyone learned something from this. Sure, half of it was me explaining what hacks are, but this is what the guide is for, it's for you to know. If you know how the hacks work, what exactly they do. You will be more better and accurate on spotting them.
Please, don't take criticism as a bad thing, look at it as something you may need to improve on, and thank the individuals. Don't get mad, remember it's just a game. How ever badly you may think you are, just remember. EVERYONE WAS ONCE BAD. So, just tough it up, keep your cool stay relaxed and enjoy yourself. Games are made for you to enjoy, not get angry and break your computer, or blame it on your PC, or mouse. Everything is just fine. Practice makes perfect.
Thank you.
Sursa
