The 170kb Apocalypse
I obtained a copy of a small private cheat designed to be used in LAN competition. What does that mean for the competitive scene?
I’ve written a few articles about cheating in gaming that have been quite divisive in how they were received. My opinions haven’t always gone over that well because not only do I find the idea of cheating in casual games to be a big deal, but I’ve also gone on the record and said that I find the hysteria surrounding cheating is usually embraced by socially inept hillbillies rather than balanced individuals. And even though I said I despise the idea of people cheating competitively, it seems some people aren’t able to differentiate between the two and the usual amount of threats ensued… Death threats in the case of some particularly deranged individuals, which I think kind of proved my latter point if nothing else.
And today there is cause for me to write about cheating again as two things are seemingly prevalent in the face of this new spectre facing competitive CS:S: ignorance and paranoia. I can assist with the first, but in doing so will likely contribute to the second. But that in itself isn’t always a bad thing. Just because you’re paranoid doesn’t mean they’re not out to get you, and in this case just because you’re paranoid doesn’t mean that they actually aren’t actually aimbotting you. Right now no one is above accusations, no one can be proven guilty and no one can prove their innocence. It is gaming McCarthyism.
I am of course writing about the fabled “Ventrilo.exe” cheat, the scene’s dirty secret that has been coming more and more into the foreground each day. Even people who do not know what it is, or have never seen it in action, are talking about it in the same exaggerated way a child might talk about their father. Amongst all the myths and bullshit there are a few people that do know what they’re talking about and they will tell you the following…
Ventrilo.exe is a sophisticated aimbot, designed to be virtually undetectable with the naked eye and is for use not only in online competitive play but actually for use at LAN. It works by simply “assisting” the aim. You have to be close to the head or otherwise it will simply just move a little closer for you. But get it close and it will do the rest, something of a revolutionary approach to how aimbots usually work. It was coded by an American cheat maker, who then sold the code and “rights” to distribute the cheat commercially to a German website. Unlike most private hacks designed to bypass league anti-cheats and avoid detection it does not require a client to log-in to for the regular updates, nor does it require a subscription fee. The people who originally bought it made a one off payment and were sent a small archived file that had to be activated with a key that was only available from the site. But for a one off payment you had a permanent access to the hack. It is small, only two files… One is a harmless looking .exe for “ventrilo” (incidentally it can be renamed and still functions, but it was called this obviously to avoid detection even if someone was executing it right in front of you) and a .dll file. It is 170kb in size, small enough to fit on a mouse or keyboard memory and this is the “recommended” method of taking it to LAN for use.
The distribution model is what has caused the problems we are now facing. You see, if someone actually wants to cheat competitively in leagues, then they need to pay a monthly subscription fee, download a client and log-in each time they want to bust out the privates. The only way someone else can use the cheats is if they have the client and the log-in and even then most private hack sites will suspend accounts for multiple IP usages as it cuts into their profit margins. With this cheat being so small and requiring absolutely none of these things it has been e-mailed, MSN’d and hotlinked all over the place. It’s been around for a while, but it was only in the hands of a select few. Now it is become more and more readily available, people who have just chanced upon it are selling it themselves claiming to be behind it all. It has been replicated in the BENELUX scene to the point where there are probably more players with access to it than not and it is getting worse with each passing moment.
The reason that the cheat is so fabled is the fact that it is close to undetectable and so subtle in what it does that even people that have used it will tell you at times they are uncertain it is even running. For anyone thinking it is just another aimbot, the kind you may have seen used on public servers, all snap and no smooth… Well, think again. It has such a small FOV and moves so smoothly the motion you would struggle to notice it even if you were looking for it and it isn’t even always conclusive when slowed down on POV demos. STV demos certainly cannot capture it when it is being used. It is VAC2 proof – but then again, what isn’t these days? – and at the moment is known to bypass most major league anti-cheats provided it is already running when the anti-cheat is started. No-one has even conceived that people would cheat at LAN, but since as the aimbot has no menu or any kind of interface – it runs solely off the numpad keys – it is not inconceivable that you wouldn’t notice someone running it at a LAN and I am told by a number of supposedly reliable sources that this has already gone on.
As part of researching this article I spoke to several people in the cheating community that I know. They don’t always like to go on the record, they certainly don’t like opening up to me knowing I’m a journalist and they especially don’t like anyone making a contribution to trying to stop their business. Ultimately that is what it has become… People used to code cheats for the kudos. There was no commercial angle. But as the demand has increased, along with the money to be won in competitions, coupled with an increase in ability amongst the cheat coders means that there is now money to be made from other people’s dishonesty and desperation. For the purposes of this article I managed to get some to go on the record and give some statements about just what the competitive community is facing.
George “geo” De Ath will be well known to a lot of people across 1.6 and CS:S. He has coded cheats, used cheats and makes absolutely no bones about it. He told me the following:
“It’s not a new idea. I’d say about 50% of aimbots could be tweaked to be used at LAN anyway and I’m surprised that it hasn’t been done before. I know about this ventrilo.exe and I get people asking me about it a lot. It has other names, including win.exe, and it’s been around for a while now. I also hear that <name snipped> has been using it. Well, gratz to him… Free money I guess. Be under no illusion though a LAN-hack would be easy to use and its use could be perfected in a week to the point where you could go to LAN and win.”
Another colleague, wanting only to be known as “Jurgi” said:
“This cheat right now is the most popular because more and more people want to go to LAN and play well because it has many rewards. Maybe you get into a better team, maybe you win some money, maybe you get a sponsorship. It works because no one sees it coming. Who would expect someone to aimbot at LAN? And people do and are and most admins know nothing about it. I have sold this cheat and the people that buy it come from all levels of the game. They will never be named though because when it does get detected it will have to change and we know those players are likely to be repeat customers of the next, better, undetectable cheat. Whatever the scene thinks of us as cheaters, or makers of cheats, it is just business. Most don’t play the game. Because it is business we have to keep our clients details anonymous.”
And one of the long standing former moderators of MPC.de cheating forums told me:
“This cheat is ridiculous. It is so good your own eyes don’t even know if it is happening or not. But the worst thing that could happen now is for it to be in the public domain. I want to say that for me and many others like me the idea of cheating online is something that you do for fun. Others enjoy the idea of coding something for release into the community and getting some recognition for that. But that is all online and that is where it should stay. Even for a cheater like myself the idea of people cheating at LAN is distasteful. People pay a lot of money to attend, take time off work and there’s a lot at stake. I hope they find a way to stop it because that is wrong in my eyes. It is going to be a huge problem in the scene very soon. I personally would not distribute this cheat for that reason.”
And a huge problem it could well be. LAN performance is the benchmark of the whole competitive gaming scene. The players that have “done it at LAN” rightly bask in the accolades as being amongst the best. The players that want to make a reputation for themselves know that they have to do it in front of other people. LAN is perceived as the one truly legitimate gaming arena. Yet with this cheat that notion is over and there is no doubt in my mind that it has already been blown wide open because people simply didn’t see it coming.
I may have been flippant about cheating outside of competitions and I still stand by that. If there is nothing at stake except bragging rights then people really need to put that in perspective. Yet the ramifications right now for CS:S across Europe if leagues and tournament organisers do not get wise to what is going on are huge. And I don’t want that and don’t want to be part of the problem as opposed to the solution. With the busy Summer Season of LANs around the corner I want people to be aware of what is happening and let’s actually see what we can do to prevent this becoming the final nail in the coffin in a scene that right now is in a near terminal decline. I want to keep LAN legit as much as anyone else out there.
It will require some out the box thinking though and I have already heard rumblings of a coalition of competition organisers coming together to discuss just what can be done. Certainly it isn’t practical to simply scan everyone’s computers at an event. There isn’t the man power and it is pointless anyway if it can be hidden on a mouse, a keyboard or any USB device. It can be called anything and there is nothing obvious about its usage that would immediately arouse suspicions. Even retroactive punishment isn’t a viable solution because it can be disguised, toggled and can’t be seen on STV or even on POV demos sometimes. With Source being so random anyway, it would certainly take a lot of scrutinising to find evidence of the “smoking gun” variety.
But let’s at least try and do something other than wallow in paranoia and accusations, both of which are on the increase. Since even mentioning I know about the cheat I have been inundated by requests to send it for “testing purposes” and they have come from names that you would probably find surprising, yet friendship or journalistic ethics would prevent me from ever divulging the whos or the whens. Needless to say I am not contributing to this spreading more than it has and such requests will fall on deaf ears. Even taking all that into consideration though the truth is right now most people are legitimate and people slinging about accusations, especially when they clearly know nothing about the mechanics of the cheat, is not going to help. We’re at a point where we can actually prevent this going into meltdown and I’m happy to give my thoughts and anything else to those people who actually want to do something about it. You can’t stop people using it 100% but we need to increase the risk of getting caught. As an old friend from the Royal Marines told me “An ostrich with its head in the sand for too long invariably gets fucked in the arse.” Let’s not be that big bird this time around…