General Discussion

General DiscussionDoes Dota 2 even have hackers??

Does Dota 2 even have hackers?? in General Discussion
robert

    I know for a fact it's nearly impossible to hack or cheat online games cause you'll mostly likelly get caught and eventually ban...but I saw some vids about hackers in Dota 2 not sure if it's even a true..here's the vid I saw in YouTube
    https://m.youtube.com/watch?v=BgM7_0F1CAI

    meow maniac

      Yeah.

      Wintersun

        I'm Mr. Meeseeks! Look at me!

        Afaik there are a few scripts which allow you cheating. For example this techies script, detonating remote mines as soon as an enemy hero is in range. It also only blows up as many mines as needed.

        Other scripts will allow you to instantly hex/silence enemy heroes in a customized range..making it almost impossible for certain heroes to gank you!

        < blank >

          I'm so h4Xx0r_1337

          Chaoshype

            Since everything is server-side, there's nothing to hack really.
            However, there are scripts for heroes (Techies, you know), there are scripts for Invoker (where one key press will trigger the next 2 abilities) and also few other heroes.

            faw

              "HACKERS" i love how ppl throw around that word

              meow maniac

                faw, a hacker is just someone that finds a clever way to do something.

                http://tmrc.mit.edu/hackers-ref.html

                < blank >

                  Life hacks?

                  TripleSteal-

                    scripts do exist, but I wouldnt call them hacks, tbh

                    meow maniac

                      there's a script that reveals the position of every enemy on the map. it's currently priv8

                      Lucifer Morningstar

                        Scripts are one thing, some people find way to manipulate gold/map while not being in lobby. Those are hacks, but you never see those unless you are on some kind of low mmr shadow server where no one actually cares about game. So I think there is nothing to worry about.

                        Comrade Squirrel

                          Well certain scripts do offer a huge advantage to most players (in pub games atleast)

                          the realm's delight

                            yes there are hacks like map hack (pretty rare) and stuff that lets you know when the enemy has vision on you
                            then there are scripts like meepo fast sheep dagon ethereal blink comboes etc all kinds of stuff

                            @WagaGaming

                              There are as others suggested scripts that can give unfair advantage, but I must say that it hasnt happened even once in the multitude of games that I play that I see someone actually use it. I do know it happens though, I think its mostly bad players wanting to cheat for unfair advantage.

                              Този коментар е бил редактиран
                              arin

                                today on dotabuff, script users are now officialy hackers

                                arin

                                  waga post

                                  lm ao

                                    I think I once played against a Phase Boots Meepo

                                    robert

                                      Feelsgoodman to be replied by waga...thx for all your opinion guys

                                      Този коментар е бил редактиран
                                      @WagaGaming

                                        haha, i dont come look here often enough :) its a nice forum

                                        bum farto

                                          You used to, then you became to famous for us.

                                          Chaoshype

                                            Hold on guys, gotta tell my dad that Waga was here.

                                            < blank >

                                              Fame changes people, it makes them to Kanye Wests FeelsBadMan

                                              robert

                                                Fame is good thing first but eventually it's changes people

                                                Wintersun

                                                  @waga

                                                  give me some fame too, lets 1v1 mid ez Pudge

                                                  Rocket

                                                    there is a bug (don' know if it got patched) which worked as a map hack. something to do with when the match for observers is loaded, the server sends out all the position info. there's a couple of videos showing impossible sunstrikes (i don't mean unlikely ones - ones which would take till the end of the universe to happen by chance :) )

                                                    very much doubt you'll come across someone using it though unless you are in the shadow pool....;)

                                                    scraps

                                                      Since everything is server-side, there's nothing to hack really.

                                                      as a server engineer, I really wish this were true, or that security was that simple.

                                                      conceptually, there's nothing stopping you from performing a man in the middle attack.

                                                      When you click to move your hero, the game client is sending a message to the game server to the effect of "I'm moving to X, Y". The game server is sending the client messages continuously, like "Tide is at X,Y with direction D", or "Void started his attack animation". You could in theory create a program that sat in the middle of this communication channel (a proxy server) and modified this communication stream; it could send messages on behalf of the client, for example, or it could display to the user messages that the server is sending to the client that the client normally doesn't display.

                                                      Here's a program that uses this very technique to provide a translation service inside of the game: https://github.com/patriksletmo/Dota2Translator

                                                      The addon works by intercepting network traffic, parsing the data stream for incoming chat messages which are then in turn translated using Google Translate into which ever language you choose. The results can be displayed within the application or integrated into the game client using a DirectX 9 overlay which is automatically scaled to match the current display resolution.

                                                      It doesn't send messages back to the server, but there's (in theory) nothing preventing that from happening. (also I haven't used it because it looks like a pain in the ass to install.)

                                                      It cuts both ways, though. You could send a message to the server, but there's no guarantee that the server will accept it. There are a variety of ways to confirm or deny the authenticity of a message. Even if the server thought the message was authentic, its contents could be suspicious, inasmuch as the message corresponds to an action that a human couldn't logically perform.

                                                      So for the Techies hack for example: client receives a message that enemy hero is at some position X,Y, we know we have a mine at that X,Y location, we send a detonate message at X,Y and all the mines at that location blow up. That's a super simple MITM program. At the same time, your client is sending to the server, at all times, the location of your viewport; the server knows what you can and can't see. The server could know, for example, that you're sending a message performing an action that is outside of the player's viewport, which a human is incapable of doing, and flag you as cheating and ban you. There's simply no guarantee, when you send a message, that the server will accept it. There are various techniques for confirming or denying the validity of a message; the server might have a way of figuring out that the message comes from a third party and deny it.

                                                      You could play this cat and mouse for a very, very long time, but it's worth remembering: they have professional engineers that are paid to work to fight you. If you were sufficiently skilled enough to outsmart them, you would have to posses security knowledge that would be more profitable to use elsewhere (e.g.: on the other side of the table, working in anti-cheat at Valve, or in securities elsewhere). So really, for people capable of doing such a thing, the value proposition of write cheat programs is ... quite poor. If you could write such programs, you would have to chose between: cheating at dota or putting them to legitimate use and having a pretty good career. It seems like a seriously shitty way to use those skills.

                                                      Fun fact: I wrote a client-server game once and showed it to a handful of friends that work in security and it was so poorly engineered that they found ways to cheat at the network level almost immediately.

                                                      I would bet money that some form of cheats exist (and by extension, yes, dota hackers do exist), but I would also bet money that most are detectable by some means and that you're at a significant risk of getting caught if you use them. I would also bet money that the likelihood that you have encountered a cheater in one of your games is nearly zero.

                                                      also it's worth repeating here: do not make posts or links to websites containing game cheats or malicious programs, including making posts that exploit other forum visitors on the website. If you post a link to an actual hack or cheat in this thread it's instant banerino, so don't.

                                                      Pawner

                                                        Of course:

                                                        Since everything is server-side, there's nothing to hack really.

                                                        This isn't true, don't spread false information. You can't make a maphack since the server doesn't give you information about units you shouldn't see. You can't modify speed/damage, force 100% crits and so on. However, nothing stops you from developing a program that would instantly cast Axe's / Necro's ulti when someone's HP is below threshold. Nothing stops you from developing a program that would instantly hex someone performing an initiation as seen in the video I linked.

                                                        Този коментар е бил редактиран
                                                        Rocket

                                                          @pawner - what's this if not a map hack....https://www.youtube.com/watch?v=IqsOkAaa4Ok

                                                          Tywin

                                                            'Since everything is server-side, there's nothing to hack really'.

                                                            ... I think we found a winner for the must retarded comment on dotabuff 2016, can we get a round of applause for Chaoshype please ladies and gentlemen!

                                                            faw

                                                              faw, a hacker is just someone that finds a clever way to do something.

                                                              http://tmrc.mit.edu/hackers-ref.html

                                                              meow maniac

                                                                faw, that's what a hacker is and i'm speaking as someone that's reversed engineered software for a scene release group, written malware and developed exploits for the linux kernel

                                                                Chaoshype

                                                                  * Insta hex hacks and ulti hacks are client-side actions.
                                                                  * Literally, all factors such as health, gold and items are controlled by the server.
                                                                  * Scripts/macros are not hacks, they are exactly what their name says.
                                                                  * Keep your shit to yourself.

                                                                  Този коментар е бил редактиран
                                                                  Chaoshype

                                                                    Literally, people here should have a "Are you a dick to other people?" quiz before they'll allowed on the forums but in that case 50% wouldn't be here.

                                                                    the realm's delight

                                                                      its a nice forum

                                                                      yes it is :horse:

                                                                      TripleSteal-

                                                                        so much kappa in one thread

                                                                        faw

                                                                          piss monger script kiddie confirmed

                                                                          JukePlz

                                                                            @Scraps:

                                                                            No, you can't MITM without spoofing the players IP adress, and the server doesn't expose it to you so what you describe can't be done for practical pourposes except for your own packets.

                                                                            Also, you talk about techies and the server knowing your viewport as an example but the detonate target skill can also be targeted at the minimap, and let's not forget anything to do with the viewport or mouse position can't be extrictly enforced because of lag and false positives.

                                                                            --------------------------------------------------

                                                                            OT: There are full-fledged maphacks available because the server sends back fullupdate packets containing the position of all heroes when you spoof a reconnect request. Until this is fixed and fullupdates are limited to disconected clients and time limited then it's posible to create working maphacks.

                                                                            scraps

                                                                              No, you can't MITM without spoofing the players IP adress

                                                                              kek ok m8 yeah you have to spoof "the player"'s IP to sniff your own traffic, good one. you are the player.

                                                                              except for your own packets.

                                                                              4head that's exactly what I said, you're intercepting the traffic between your own game client and the game server. Analyzing other players' traffic was never in question.

                                                                              Този коментар е бил редактиран
                                                                              meow maniac

                                                                                faw, you're new to the scene dude. i've been around since days of the BBS. i co-founded OiNK and i was a top contributor on mazafaka. some of the first point of sales malware was written by me. lol

                                                                                if u'd like to argue w/ me u can add me on ICQ. i have the 4 digit: 6666

                                                                                Този коментар е бил редактиран
                                                                                faw

                                                                                  ICQ :D but actually i'd like to have a talk with u anyway

                                                                                  Rocket

                                                                                    hope your malware was as good as your win rate ;)

                                                                                    (Kappa)

                                                                                    TripleSteal-

                                                                                      can some1 stick this thread plz

                                                                                      Dire Wolf

                                                                                        I mean anything's possible, but you'd probably get caught pretty quick. I'll bet it's not really that difficult to map hack etc, the hard part is not having the server figure it out, that's probably impossible. But why would you want to cheat anyway? Where's the fun?

                                                                                        As an example look at the witcher game series studio cd-project red. They released witcher 2 and 3 without drm (maybe if you buy on steam it still has it) cus they realized drm just entices people to break it. Most hacked games people hack just for the fun of hacking it, play a couple hours like a demo, get bored and move on. They aren't people who would ever buy the game, so why not just make it drm free? People who still really want the game are likely to buy it. And it's kind of the same thing with dota, it's a free game, the fun is the competition, why hack it? What's the motive?

                                                                                        I guess the motive for a real hacker would just be to say they did it, and then they'd move on most likely. No one with those skills gives a shit about mmr, or should I say cheating to get mmr, it wouldn't mean anything.

                                                                                        Този коментар е бил редактиран
                                                                                        Pale Mannie

                                                                                          Hackers

                                                                                          Scripters*

                                                                                          jus chillen

                                                                                            ensage

                                                                                            JukePlz

                                                                                              @scraps: Are you really a "server engineer"? I don't think you understand what the term MITM means at all. Altering comunication between two parties refers to a client and a server you don't have control over. Manipulating your own trafic is not MITM by definition because "parties" in this context refers to the user or entity responsible of the comunication and not the software, it's always a 3 way exchange.

                                                                                              Packet filtering, packet crafting and automating such processes into a proxy server (as you mentioned) are probably closer.