[lol768]

> Years and years ago, I developed with a friend of mine a completely undetectable cheat for all games on the HL2 platform.

> It involved a second computer, which man-in-the-middled all network data to the client computer.

Out of interest, was there no transport level encryption to deal with here? Or did you need to do something special to capture keys on the client?

[saulr]

I believe newer Valve multiplayer games (e.g. Dota, CSGO) use Steam Networking instead of the game sending UDP itself. Packets sent with Steam Networking are encrypted[0].

Before CSGO moved to Steam Networking, the game itself encrypted the packets. I can't remember exactly when this was introduced, but it's still in place - see https://github.com/alliedmodders/hl2sdk/blob/acf932ae06b64b7...

[0] https://partner.steamgames.com/doc/features/multiplayer/netw...

[ruialmeida]

In order for your game to render other players you have to know their position, so the game server has to send them to all players.

As an example, for CSGO in the past, the server always sent all player positions from anywhere, so it was possible to create cheats to draw players anywhere in the map. They changed the way it's done, coordinates are only sent when other players are nearly visible, although distant, or close by. This limited the way that wallhacks work, it's not possible to see where players are from far away :)

What needs to be done is reverse engineer the communication protocol. If encryption is made, some kind of key to decrypt has to be somewhere in your game client. Then you can convert 3D coordinates to 2D and even draw a radar on your smartphone if you make an app.

[gpderetta]

>In order for your game to render other players you have to know their position, so the game server has to send them to all players

I know nothing about game engines, but I have always wondered why is that the case. The server could compute visibility and only send the opponent position if there is a chance the player might see it. Computing visibility server side is not cheap, but it would still be significantly cheaper than fully rendering a scene, right?

[belltaco]

Riot's Fog of War for Valorant does exactly what you describe.

https://technology.riotgames.com/news/demolishing-wallhacks-...

[ds]

That heavy lifting wasnt done by myself so I unfortunately dont have a answer for you. This was around a decade ago however, so I would not be surprised if the traffic was unencrypted.

[XMPPwocky]

Source did not encrypt network traffic until DeepBlueSea released NetShark for CS:GO.

Now it uses ICE, a 64-bit block cipher from the DES era. The key is obtained from the Steam servers over the normal Steam encrypted channel.