Meet the Cheat

TF2 | Aimbots | Nospread | Triggerbots | Crithacks | Wallhacks/ESP | Mathacks | Particle Hacks | Speedhacks | Bypassing | Refresh/Cooldown Bypass | Miscellaneous Cheats | General Exploits | Mistaken Cheats | Nonexistent Cheats | L4D | VAC

In this composition I attempt to itemise the numerous and varied cheats, hacks, exploits, and other programs that are all used for either gaining an unfair playing advantage or decreasing another player’s enjoyment in TF2 and L4D.

I feel a disclaimer is necessary at this point that ensures the reader that at no point during the creation of this document did any member of Team Interrobang use any of the cheats exhibited below. Team Interrobang absolutely does not condone cheating – rather, we condemn it – and although it has occurred to me that this document may spark interest in cheats, I am secure that such curiosity is without malicious intent. To this end, I have either deliberately omitted or artificially removed the methods for cheating plus the names of all of the cheaters, providers, cheats, and other programs depicted below; my objective was not to make a tiresome catalogue of cheats but rather to demonstrate the effects of the cheats and to provide methods for recognising those who use them.

TF2

Aimbots

Aimbots are external programs that deliberately cause the client to aim at a particular position on players – rather commonly the head. These aimbots necessitate the use of ESP or coloured models to function correctly.

There are three major paid hacks for TF2. They all offer what is essentially the same thing: an aimbot that may be set to seem human-like, wallhacks, constant crits, nospread, 2D radar, ESP, speedhacks, and a triggerbot. The humanlike-aiming is typically accomplished by combining a relatively smoothly accelerated/decelerated snap and a delay before firing.

Aimbot menu
Aimbot menu 2

The client-side menu for aimbots has quite a number of options, all easily configured in-game.

Aimbot in action
Aimbot in action 2

This is the framework for what is probably the most sophisticated paid TF2 obtainable. It doesn’t rely on colours, but rather it depends on leeching the information about players’ positions from the server itself and from there aiming as needed. Additionally, it is run through an online preloader, meaning that should there be an update to TF2, the hack will not run until it is updated and VAC secure. This loader is also used to limit subscribers to their paid time – service is simply turned off when the timer reaches zero; the hack client cannot connect to the hack servers, and so the hack will not activate. Most people who aimbot in TF2 probably use this hack.

Rivalling it is a second paid hack that is distributed via a platform named after an STD. For just $249.99, you can have lifetime access to this hack, with unlimited customer support! Seriously? Anyway, this is the hack responsible for the crosshair jittering you may see when the hacker first chooses a class.

Aimbot number two

Note the giveaway jiggling as various parameters and options are selected and enabled.

The third is very similar to the first and the second. Interestingly, it’s a favourite for those on HvH servers (hacker vs. hacker) for a couple of reasons I won’t bore readers with.

Colour aimbot readme
Colour aimbot models
Colour aimbot menu

This aimbot is colour-reliant. It can be set to bone or vector aiming: vector aim is a specific point on the graph that the aimbot will aim/fire at. For example, a vector aiming bot may only fire at the very centre of the head and will not fire if part of the head is visible but the centre is not. Multiple vector points can be run at once. Bone aiming will aim at any part of the targeted graph, and so if even just a small part of the head is visible, the aimbot will snap to that part. Vector bots are faster than bone bots and less laggy, as the bone bot must update each tick, but vector bots tend to be less accurate. This aimbot does not offer human-like aiming, which is an option with the three paid cheats, and many colour, bone, and vector aimbots are VAC detected.

Free aimbot notification
Free aimbot in effect
Free aimbot ESP

This is one hack developer’s pet project, a free TF2 multihack. It’s the most pervasive multihack available for TF2. The source code was recently released to the public, stripped of the aimbot and crithack, and it has been compiled for communal consumption. Some copies of the older version, in which the aimbot and crithack are included, still do exist but are detected by VAC. The new version is undetected and offers all that you can see in the second screenshot, including chams. Chams are multihack-driven wallhacks that do not rely on external materials; the colouring is done by the program and not by model files. Because of this, the colours used for chams can be changed on the fly or made to disappear for clean screenshots.

Here’s a video of a pretty blatant user of this aimbot:

Ten seconds into this video, after the sniper kills the spy by aimbotting with the SMG, the sniper snaps to a new target unintentionally. This is the easiest way to pin an aimbotter – the unintentional snap, after the target is killed (either by the aimbotter or by another), gives away the hack very easily. If the aimbot is bound to a key press as it usually is, failing to let go of the key after the current target is killed will result in a snap to a new target. You’ll see this several times in the video. Another method to determine this is to judge follow-through. Computer mice have weight, as do our hands, and hand muscles do not instantaneously stop the mouse. Though this is subjective, if the snap is too short to be human, and the snap ends exactly on the head without adjustment even when slowed down to greatly reduced speed, there’s a good chance it’s an aimbot. Remember that aimbots still do miss or body shot rarely, especially if the target is in the air, has his or her back turned as pyro or demo, is far away, or is moving erratically.

Nospread
lol hi nospread

Nospread hacks do just as the name would suggest they do – remove or reduce the amount of natural spread in a weapon. They are also known as norecoil hacks, though TF2 does not have recoil for weapons. They’re rather rare and generally quite obvious, particularly when the user is not a heavy. From the point of view of the nospreader, aiming is steady because the program masks the jerkiness. However, watching from demos or from spec will almost always reveal that the nospreader is shaking while firing, as the hack predicts the location of the next bullet and adjusts the reticule accordingly so that the bullet goes down the centre of what the user sees.


Examples from the user’s POV. Note that there is no visible shaking on the user’s end. Also see that in the second video, the user changes his options on the fly and then closes the window with the mouse not in the centre of the screen. As he closes the window, the game moves the view to where the mouse was. To a spectator, this looks like a pause with no movement or motion, and then a sudden snap. Look out for it.


Examples from a spectator’s POV.

Currently, all weapons but the rocket launcher, the grenade launcher, the Huntswoman, and the shotgun can be nospread hacked, though to varying degrees of utility. Detecting these hacks in-game is difficult at short distances. It helps to bait the suspected hacker to attack at a distance to give him away. Failing that, just grab the demo/go spectator/InterroCam and look for the shaking.

Triggerbots

Triggerbots are external programs that fire automatically when one is aiming at an enemy. For example, if one is sniping, one need only move the mouse and not click to fire, as the triggerbot would do the firing as soon as the mouse were over an enemy. This is separate from an aimbot because the aiming is done entirely manually, but triggerbots and aimbots go hand in hand.

And, who better to demonstrate this for us but Ezell? In this video Ezell uses a triggerbot to fire for him. The aiming is entirely his own but the bot automatically fires when the cursor is over an enemy head hitbox. These are generally caught by noticing that someone has a superhuman reaction time – he or she fires immediately when the enemy enters the crosshair. Generally, snipers that aren’t flickshotting will aim for the head. By this, I mean they will aim to place and stop the cursor on the head before firing. Triggerbotters will attempt only to move the cursor over the head and not stop it on the head, as the program will fire when appropriate. However, skilled snipers do similarly, firing themselves on instinctual and practised knowledge of hitboxes, and so the most useful sign is the tiny reaction time from crosshair to fire.

Crithacks

This is characteristically a rather obvious hack. It’s most often used with the pistol, SMG, or with melee weapons, and it can be quite deadly if hidden calculatingly. Constant crit hacks don’t really ‘force’ the game to crit. Rather they wait and ‘store’ a crit, loading them until needed. With a crithack enabled the hack very, very briefly pauses the +attack command given by the user and applies a rainbow table to the critchance function, iterating until a crit is caused – and then the +attack command is issued. Successive crits are quite easy to manage as well, as causing more damage now means a higher crit chance, meaning fewer iterations of the rainbow tables. Overwhelmingly, the end result is quite easy to detect.

Constant crits in action
Wallhacks/ESP

Wallhacks are numerous and varied – some use colours, others wireframes, and somesimply show the models through walls. It is unfortunate that just about all wallhacks will be forever undetected by VAC, as the modification of skins has legitimate purpose. We can only hope to force sv_pure and sv_consistency to ensure that the hacks are not run. Below are some examples of various wallhacks.

Wireframes r_drawothermodels wallhack

The most basic of wallhack involves enabling what we at TI use for wallhack testing – r_drawothermodels 2. This enables wireframes, and as this involves a cvar bypass it can only be done with the assistance of a bypasser. In the screenshot above, mat_fullbright 1 is also enabled. See the mathacking section for more details.

Above is a video that shows how r_drawothermodels 2 may be used to assist in detecting wallhackers. It provides a rough estimate of what wallhackers themselves see, giving reviewers a comparative tool.

perfui wallhack

Similar to this is the perfui (performance UI) occlusion tool, which lets a player see entities through damned near everything.

perfui wallhack

Perfui is comparable to r_drawothermodels but dissimilar in that anything and everything that can be wireframed is wireframed.

perfui wallhack

I daresay it’d be a bit bothersome to play with this enabled for very long, though I imagine those who do use this toggle it on and off. This cheat can be problematic for us at TI because it can be enabled without bypassing using some exploitative trickery. Once enabled in the server, the cheater need only select the occlusion tool, allowing him or her to see as you do above. A bit of an oversight on Valve’s part, no?

coloured fullbright wallhack
coloured fullbright wallhack

As you can see, some wallhacks aid in colour aimbots by using a different colour for the head. This assists colour aimbots in specifically targeting the head as they scan for a particular colour every distinct interval. See the aimbots section for more details. In addition to wallhacking people, buildings, weapons, beams, and many other items can be wallhacked.

wallhacker coloured items health ammo

Health and ammo are coloured and visible through walls.

Wallhacked, marked, and coloured intel

The intel is marked **Capture** and is wallhacked with this ESP.

Wallhacked entities

Here, all items and players are visible but uncoloured through walls.

ESP enabled
ESP version 2

ESP hacks provide more information that simply location of enemies – they can provide distance, health, weapon, name of enemy, and special conditions (übered, zoomed in, spinning up, cloaked, etc). This grants the ability to specifically target one enemy to grief or for more effective playing, as much more information is available and usable. ESP hacks require an external program whereas simple wallhacks or colour mods do not.

Excellent ESP
ESP with settings open

In these two screenshots, we can see two types of 2D radar as well as the list of available hacks and parameters for the free hacking utility (see above). Also note the ‘Picking On -> $K!||Z’ and the green box around the player $K!||Z in the first screenshot.

TF2 bone aiming esp
Hitboxes ESP

The top ESP lists the various bones, for use with bone-aiming aimbots, while the lower demonstrates the various hitboxes used in TF2.

esp wallhack spy

Cloaked spies are the most commonly wallhacked entities. Methods range from something as subtle as placing a slightly visible party hat on top of each invisible spy to the more obvious full colouring, as seen above. I’ve enlarged the 2D radar in the above picture.

The video above demonstrates some common ways to catch sniping wallhackers. The first is the obvious placing of the reticule on an enemy’s head through a wall. The second is the lack of trouble seeing enemies who are underwater. For non-wallhackers it’s almost impossible to accurately detect someone underwater. Hackers will easily see players at the most difficult of angles, giving away the hack.

The most advanced ESP/wallhacks will arbitrarily insert opaque brushes, to generate some plausible deniability. These are the hardest to catch, but with thorough scrutiny of a player (and, if possible, the assistance of other admins as cloaked bait or sniper decoys) catching wallhackers is not too problematic. Sure, a hacker might be seeking to hide his or her wallhacks, but then they do him or her little good. With sv_pure and restricted whitelists on our servers, we force clients to use the standard models and by doing so stop the majority of those who wallhack. Though doing so requires more time and skill, it can be possible to reload client-side with wallhacks enabled with the more advanced sv_pure/sv_consistency bypassers.

Wallhackers tend to gradually become quite obvious in their hacking as they consistently manage things that would appear to be impossible. Besides the more common methods of catching wallhackers, something to look out for is what I know as sonar. Sonar is a bad cheater’s attempt to locate people around him. Imagine a cliché submarine’s sonar screen and you’ll get the picture. When wallhackers spin in a short half or full circle, they have just sonared – they’ve just attempted to determine the location of lots of nearby people/buildings. Because they can see through walls, they simply do a quick turn and they then know what’s around them. Keep an eye out for it on the less linear areas of maps. Other methods to catch wallhackers involve ‘faking out’ the hackers. If the suspected wallhacker is sniping, become a sniper and approach an area that would make you visible to the hacker (a doorway or window or something of the sort). Stop just short of stepping out to visibility while carefully watching the wall behind you – if his laser dot attempts to catch you despite your not being visible, you’ve found a wallhacker. Be sure to repeat several times with a fellow admin speccing on InterroCam for best results.

Mathacks

Material hacks, often known as mathacks, are based on the same principles as wallhacks and could arguably be considered wallhacks. I’ve separated them here for clarity. Examples include the ability to see through various entities and the ability to see various entities through walls. For example, one might be able to remove the black border surrounding the scoped-in section of the sniper rifle, to remove the spawn doors from visibility, or to see sniper dots through walls to reference the position of snipers.

mathacked doors

In this case, the doors have been removed from visibility, permitting the hacker to see through the doors. Other removable items include the black border surrounding the visible area of a scoped-in rifle, doors, objects, and obstacles.

sound mathacks
sound mathacks spy

Here is an example of sound mathacking. Requiring bypassing for use on public servers, this cheat attaches the name of the sound to the source of the sound – be it footsteps, cloaking sounds, firing sounds, calls for medics, or even ambient noises (did you know that on 2fort there’s an engine behind a fence that puts out that low-pitched hum you hear near the bridge? I sure as hell didn’t know that was what was making that noise!). It functions effectively as a wallhack.

shadow boxes mathack
shadow hack through wall

Shadow hacking makes wireframes around the shadows of players. It’s similar to a wallhack but not as blatant. I enhanced the first screenshot so you can better see the boxes.

fullbright 1
fullbright 2

Fullbright – enabling this means everything’s fully bright and environmental lighting in the map is ignored. All brushes are fully lit, which makes seeing enemies much easier – particularly on a dark map (think 2fort_night or arena_sawmill). The second screenshot is of mat_fullbright 2, which doesn’t do much, but it does make Jarate clear. Quite interesting. Fullbright, when enabled, makes seeing things in water far easier. When applied specifically to player models (fullbright models), the model is highly visible regardless of the environmental lighting surrounding the player.

big head cheat 007 wtf

Ridiculous as it may appear, large hats (yes, that thing replaces the fedora) may be used to determine the locations of enemies, since they clip through walls and can thus be seen without knowing the location of the character wearing the hat. This requires bypassing to do in our servers, though, as we enforce sv_pure/sv_consistency.

Level overview cheat

Level overview: top-down representation of the map. You cannot see yourself without enabling thirdperson, but it is trivial to see enemies nearby. Worthwhile use of this cheat would really require the passing on of information to be effective, and so it’s not a cheat one really has to look out for. You can tell when someone’s using it due to his continual bumping into walls and looking down at the ground, up at the ceiling, and back again as the up-down axis has no meaning in this view. It’s more of a curiosity and I personally think it’d be amusing to see and hear someone attempt to ‘command’ à la Battlefield.

There are many types of subversive mathacks, but the ultimate result isalmost universal: to wallhack without actually wallhacking. The best way to catch these guys is really only through watching them – you’ve got to conclusively see them do something that they would not have done unless they had outside knowledge of locations of enemies or objects. Grab a fellow admin and see if you can’t force the hacker to reveal himself through cloaked spies and approaching exits but not actually leaving them, to ‘fake out’ the hacker.

Particle Hacks

Particle hacks are limited but admittedly quite intuitive. They involve modifying .pcf files and as such are blocked by sv_consistency, and so a bypasser must be used for these on our TI servers. They cannot be cached as most materials can be. Particle hacks are probably the hardest to detect of all that are listed here. They are commonly utilized to change the length/lifetime of various particle effects (e.g. the spy’s disguise effects, the trail on grenades and stickies, the visible – but not effective – size of the pyro flame, or the sparkle on crits).

Particle editor
Spy disguise particle hacked

This particle hack causes the spy’s disguise particles to remain after the one second period during which the spy disguises. The blue halo around the disguised spy in the screenshot above could be set to last indefinitely, which makes finding spies who have disguised at any point during their current life quite easy. The smoke from disguising may also be repeated, but it tends to stack and can quickly overwhelm many GPUs with a veritable mass of thick smoke – particularly when viewed up close. If the spy disguises and then cloaks, the particle will remain visible and a hacker will see the floating light/smoke particle (despite the spy’s invisibility). If the spy disguises while cloaked, the hacker will see nothing.

Pyro flame length hacked

The flamethrower particle hack is, unfortunately, nearly impossible to conclusively catch due to the rarity of an event that could absolutely only be seen through the flame of the hacking pyro and an irrefutable response by that pyro to the event.

Grenade trail length hack

This hacked particle effect for the grenade causes grenades to have a trail that lasts for as long as the grenade is live plus a small pair of rings around them. The same works for stickies, with the addition that stickies’ brief, spherical flash after they activate is usually looped and enlarged. These can be used to trace the location of the demo that fired the grenade or sticky as well as to avoid hidden enemy stickies, as they give off bright lights and have quite prominent trails that are conveniently team-coloured.

In this video, the lifetime of the particles is not particularly long, as the grenades explode quickly and the sticky trails have only been set to last only for three seconds. Some PCs may find having many particles in view demanding, and so the lifetime of particles might be restricted due to performance concerns.

Catching particle hackers that go after spies is much easier than catching those who do not have hacked spy particles. TI’s servers are sv_pure and sv_consistency enabled, which will weed out most of those who attempt to use these cheats on our servers. Generally speaking, those that have hacked the spy particles will force the spy to uncloak in the sight of the hacker by pseudo-surreptitiously following the spy until he or she runs out of cloak, after which the hacker will proceed to ‘discover’ and kill the spy. Of course, if the hacker is being a bit more barefaced, he or she will be openly shooting cloaked spies.

To catch someone using the grenade/sticky particle hack, stickies are the best bet. Grab a fellow friendly admin, have him/her set up a well-hidden sticky trap that the suspected hacker is sure to walk through, and watch from spec. If he deliberately avoids the area after multiple attempts or appears to know the location of the stickies despite their being entirely hidden, that’s something to go on.

Speedhacks

Speedhacks are almost exclusively accomplished via bypassing (see below). By enabling sv_cheats, it is possible to modify host_framerate at the client side to effectively speed up the game, allowing for fast movement. This can be done either via manual bypassing or with a program that will do all of the work for you, requiring you only to hold down one button to speedhack. The speed at which one moves is variable and depends on a couple of settings – some hacks will simply have users press + to go faster and – to slow down.

A second method hackers use to speedhack is to speed up the game process itself (hl2.exe), which causes the game client to run faster than the game server. This has the same effect as bypassing above, but it requires a bit more care and skill.

Although speedhacks are quite easily detected by vigilant admins, lag and speedhacks are easily confused - just remember that, in general, speedhackers move in simplified directions (straight lines with gentle curves) and cover more distance than they would have had their connection simply been hanging. Upon hitting a wall, they generally stop, reorient, and then zip off again. Laggers pause for a while before zipping off in an abbreviated replica of their actions on their end, with the end result being a pause and then a sped-up version of what would have been done at regular speed. Speedhackers tend not to fire their weapons while speeding about (it’s difficult enough going where you want, let alone aim properly – the exception is with heavies speedhacking, as they move at about the speed of a scout while speedhacking) but a lagger will dodge about and shoot as you’d expect of a normal player, just at accelerated speeds. The key difference is that speedhackers do not pause before their speeding. Below is a video of a classic speedhack.

Note that there is no pausing or stuttering.

This is a video of a laggy scout. Note that the lagger does not travel farther during his speed-ups/apparent teleports than he would have had he been moving without stuttering.

Bypassing

Bypassing is the general term for subverting the server’s three important cvars: sv_cheats, sv_pure, and sv_consistency. Bypassing sv_cheats lets hackers run client-side cheat cvars such as r_drawothermodels 2, perfui, or host_framerate. Another mildly seditious thing one can do with this is enable the wait command if it’s disabled (as it is on our servers), so the hacker can execute advanced scripts. Bypassing sv_pure and sv_consistency on servers makes the use of material or skin cheats feasible, such as those utilised in wallhacks or colour aimbots.

Bypasser for TF2

There are only a few flavours of bypassers, but they are effective and VAC2 proof as of now. Valve attempted to stop bypassers with the Classless Update but failed miserably. The best methods for detecting bypassing include the methods for detecting all of the other hacks. Bypassing in itself yields no advantage – it’s the available wallhacking, speedhacking, or charge/refresh hacking that are the real advantages in this instance.

Note that this common übercharge hack requires the medic to also speedhack.

Refresh/Cooldown Bypass

Just about all cool down/charge up timers in TF2 are maintained client-side – Bonk!, the Sandman, übercharge, cloak, Jarate, sniper’s rifle charge, demo’s sticky charge, and just about any other timer to be released in the future. One cannot speed up building times with bypassing, though. Recharging nearly instantly involves bypassing and then changing several cvars to force the client to speed up. Because timers are client-side, the various items recharge at the sped up rate, resulting in apparently unlimited Bonk!, Jarate, etc.

It's pretty blatant once you see it and it’s not of much concern to TI. At least two methods of speeding up charge times/cooldown times require speedhacking, and so that tends to give it away. I can only remember one hacker who we have caught doing this.

Miscellaneous Cheats

Some players choose to replace sounds client-side with louder, softer, or entirely different sounds. This can be an unreservedly innocuous action (e.g. replacing the dispenser hum with a favourite song) or one of somewhat more dubious virtue (e.g. replacing spy uncloak/cloak sounds with long, loud, and quite salient alarm sounds). This can be used to hear spies long after they've cloaked, functioning as a wallhack of sorts. For most, it's not an exact location revealer but more of a hot-cold proximity thing. In other cases, some will replace ambient or distracting sounds with silence. Most of our servers are sv_pure 1 and we no longer whitelist custom sounds, and so this is not a possible hack on our servers without some memory trickery.

Teleportation cheats involve some clever scripting that is being kept very close to the chest by those who know how to do them. One must be an engineer for this cheat, which involves attempting to build a teleporter and then by spamming a script to build/destroy/attempt to teleport. The cheat results in a teleport to what appears to be a controllable location. This cheat permits users to teleport outside the map, below/above the map, or to a specific area on the map such as the last cap point or the intel room. There are probably a dozen people who can currently perform this hack, and I presume that this number will not grow much.

A very new code is emerging that can be run to auto-backstab or auto-axtinguish people. The backstab bit involves finding various viewangles and playerdistances to determine the nearest player with his or her back turned. Once determined, the hack moves the player moves towards it and then the trigger is linked to the initialisation of the animation that raises the knife when in range. I’ve not seen it myself but it does indeed exist. Catch it by seeing if a user attacks at precisely the moment the knife is in range. As for axtinguishing, the code involves an aimbot to land the hit. If it seems impossible that a player spin as fast as he or she did to land an axtinguish, you might have something. It’s pretty much a melee aimbot that automatically switches and fires when in range of an enemy on fire.

VTF editor

See-through sprays are quite exceptional, and are already circumvented with the disablement of sprays on most of our servers. Deliberately malformed .vtf files can be used to place something of a spray-sized visual hole in the wall, but TI’s servers are well protected and this is of little to no concern.

Spoofer

Spoofing SteamIDs and Sourcemod admin power used to be a potential cheat with a hacked client, but VAC has detected this and a recent update has disabled it. It is no longer possible on our servers.

General Exploits

The number of exploits and glitches in TF2 is quite staggering and to attempt to enumerate all of them would be hubristic folly. However, I’ve compiled some of the more common and kick-worthy ones here:

  • It’s possible to kill your teammates by joining spec immediately after firing a projectile (rocket, arrow, grenade, Jarate might even work). The projectile 'belongs' to the player that fired it, and so it becomes a spectator projectile and as such is able to damage players of either team. Works best with a crithack, as individual rockets do little serious damage to teammates.
  • It’s possible to enter the enemy’s spawn as a spy on 2fort and Gravelpit. This involves co-operation from an engineer of the opposite team.
  • BLU’s interior spawn door on 2fort can be opened by members of RED team by jumping on various parts of the door. Effective only during Humiliation, and so not particularly kickworthy.
  • The interior spawn doors on 2fort can be blockaded by multiple teammates jumping on the outside of the door handles. The doors will refuse to open if done correctly.
  • There exists an exploit that allows pyros to have a near-continuous spam of compression blasts.
  • It's possible to modify the game's code to avoid being stunned by the Sandman by setting the stun chance to zero.
  • Outer spawn doors can be held open by enemies if they manage to position themselves under the door before the door closes.
  • It's possibly to use scripts to retain the effect of Bonk! indefinitely while being a civilian of a different class.
  • Players can still join the civilian class. Patched with the Classless Update.
  • It’s possible to place an indestructible sapper. Doing so is quite random, as far as I can tell, but if it can be done deliberately it is quite kickworthy.
Mistaken Cheats

We at TI do not ban on vague suspicion or on petty whim. To keep our servers clean it may be necessary to remove someone from play and check the demos later. However, to keep this to a minimum, here are some things that are commonly mistaken as hacks but are not.

Lag is a loosely-defined term for delays or stuttering in the game. Lag makes the sniper dot appear more jumpy and not placed exactly where needed for a hit. This can be mistaken for a hack by some.

Arcanus describes it best:

  • Why hits don’t register correctly - The way Team Fortress 2 does hit detection is based on the firing player’s game state. The server receives the information regarding weapons fire and interpolates backwards (as by the time the server receives the information the game’s already moved on) to see if a hit should be registered. This is most obvious when the target is moving perpendicular to the sight-line of the fired weapon and explains those annoying cases where a sniper picks you off from the battlements as you run across despite the fact that the dot never appeared on your body. Realize this works both ways, there may be times where the dot’s on your forehead, the sniper fires and a miss is registered because from his point of view there wasn’t a hit.

  • Causes of facestabs and sniping through walls - These phenomena are largely caused by lag compensation. This is a method whereby the server “rewinds” the game to see things from a laggy player’s (everyone, from the view of the server) point of view and as stated above, see if when the shot was made, the target was in the line of fire. Once again, hit determinations are done from the perspective of the player firing, not the targeted player. As a side note: The backstab hitbox is much larger than many players suspect and includes a full 180° face of the character model.

  • Game seems off while spectating - Lag compensation is not turned on while spectating so you’ll be seeing the server’s view of the game state no the player’s whose eyes you’re looking through. This is why you may suspect an aimbot when you spec the 300 ping sniper who seems to be getting hits but doesn’t look like he or she is hitting their target. There are also some recognized spectating bugs like sniper charge-meters not registering correctly.

Another incident that tends to make people cry foul is the seeming ability of some to locate enemy players from distances. I’ve always called sound a legal wallhack, as it allows those with good sound cards and raised volume to detect enemies from distances. Voice menu sounds, footsteps, firing sounds, medigun sounds, spawn door sounds, water sounds, and cloak sounds can all be heard easily by an attentive player. This is only effective to a certain degree, as unrelated noises can quickly drown out the noises needed to ‘echolocate’. However, sounds I personally find decently easy to hear are cloak sounds, spawn door sounds, and water sounds. To differentiate sound location from wallhacking, remember that hackers will manage to locate players at great distance and without uncertainty as to specific locations whereas those with raised volume will simply know a general location when nearby.

Class updates: You’re least likely to have hackers on the servers immediately after a major update. Updates bork cheat programs royally, and so new versions must be coded and released before anyone can get back to cheating. So, be a bit more lenient after an update, as new, unfamiliar stuff has been released and many cheat programs will be broken for up to a week. Do be more wary, though, during free weekends because there are obviously loads of new accounts.

If you’re carrying the intel, it’s easier for players to know if you’re about to come around a corner or something of the sort. It’s not a wallhack, as it’s just that the intel arrow points towards you.

Our servers are sv_alltalk 1, and so cloaked spies should be sure not to speak while cloaked. Doing so results in a speech bubble above one’s head, which can quickly give away position.

Admin abuse: no, Charlemagne the Stabby Ghost is not hacking. Yes, he’s supposed to be doing that.

Nonexistent Cheats

Hacks currently do not exist and most probably will never exist that make it possible to do the following:

  • Dodge flamethrower fire, backstabs, headshots, etc.
  • Shoot through/around walls or other solid objects.
  • Attack while cloaked.
  • Slay other players.
  • Make the player invulnerable, or give the player more than a standard amount of health.
  • Give the player infinite ammo/metal, or more than a standard amount of ammo/metal.
  • Make the player invisible.
  • Let a player cloak for more than the standard amount of time with the DR or invisibility watch.
  • Engage noclip.
  • Increase the damage done by specific attacks.
  • Extend the range of weapons or melee weapons.
  • Modify one’s own gravity.
  • Bunny hop (patched Oct. 31st, 2007).
  • Respawn in arena/sudden death.
  • Use a different class’ weapons, or swap them on the fly (Sasha to Natascha, etc.).
  • Have more than eight stickies out at once.
  • Build multiple buildings.
  • Walk and not swim while fully underwater.
  • Speed up taunts/taunt damage.

L4D

Rule of thumb: if a hack exists for TF2, it exists for L4D. In many cases it’s the same thing with a couple of directories and models changed. Crithacks, of course, do not exist. Here’s a short list of what’s possible:

Opacity hack/coloured items

Semiopaque objects and coloured weapons and items.

Wallhack and coloured enemies
Wallhacks, fullbright, and coloured enemies

Wallhacks, fullbright, and coloured enemies for aimbotting.

Red alarm cars

Bright red alarm cars.

Wallhacked tankable items

Red tree trunks, tank-able cars, dumpsters, forklifts, baggage carts, etc.

Clear boomer bile

Clear boomer bile (the blur effect remains, though).

Semitransparent walls

Bright yellow weapons, coloured player models, and semitransparent objects/walls.

Aimbot/ESP
Aimbot/ESP 2
Aimbot/ESP 3

ESP/aimbot/visibility/nospread enabled.

Visibility’s pretty useless in L4D but this L4D hack was essentially ported from its TF2 counterpart, where visibility is still just about worthless but tacked on nonetheless.

Additionally, all bypassing commands found in TF2 work fully in L4D.

As well as using bypassing to enable speedhacking, one can use it to remove the melee fatigue limit through changing z_gun_swing cvars. This is quite noticeable, as the player will appear to be attempting to hug enemies rather than fending them off by swinging a weapon at them.

VAC

Valve Anti-Cheat (VAC/VAC2) is the integrated software used for many Steam games. It’s used on a large number of TF2 and L4D servers, including our own here at Team Interrobang. Without going into detail about the intricacies of VAC, I’d like to ensure that all readers understand that VAC does not and almost indubitably will never detect content hacks. Content hacks are the wallhacks, mathacks, sound hacks, and particle hacks listed above.

VAC banned nub

Here’s a quote from an article on VAC:

"VAC cannot detect 'content hacks', where for example texture transparency and colour are manipulated, since they do not involve modification of any program code."

VAC functions by taking snapshots of running program source code and automatically checking the code for modifications caused by cheats. Unfortunately, the only hacks it will catch by doing this are those that run external programs: aimbot, triggerbot, constant crits, ESP, and nospread hacks. Even then, it lags behind the development of these hacks, requiring that we as admins be the front line of defense.

I do hope that I’ve managed to educate readers at least somewhat as to the varieties and functions of hacks and exploits in TF2 and L4D. This compilation is by no means complete and I encourage all of our admins to be curious and attent. I welcome queries, comments, contentions, criticisms, and all other correspondence.

TF2 | Aimbots | Nospread | Triggerbots | Crithacks | Wallhacks/ESP | Mathacks | Particle Hacks | Speedhacks | Bypassing | Refresh/Cooldown Bypass | Miscellaneous Cheats | General Exploits | Mistaken Cheats | Nonexistent Cheats | L4D | VAC



Last updated Sept 10th, 2009.
Creative Commons License
< Prev   Next >
Last Updated on Sunday, 21 March 2010 01:29
 

Valid XHTML and CSS.