Game hacking and cheat development
you may be wondering, how exactly are game cheats made? are they really considered hacking? and why exactly are they used and made so much yet such a specialty to both the cheat developers and game developers? Well in this article we will be talking about how game cheats work, how they are made and what some examples like the one below are created.
How game cheats are typically made
Game cheats come in all different shapes, sizes, forms, styles, and even down to format. Game cheats are designed and laid out like any other program, they have a frontend design, a backend base of code typically your standard functions along with some algorithms, and have features such as security features and design features implemented into the program, but what makes game cheats different than your average day to day client or engine. The reason game cheats are different from average game plugins is because they actually like most exploitation scripts take advantage of a vulnerability most developers do not know about or if they do know about it do not care to fix or are working on patching. Game cheating or rather game cheat dveelopment has a few steps in order to even start developing the menus and even cheat functions.
1 > The hacker or game cheat developer must first find a vulnerability within the executable file or if they are on windows DLL ( Dynamic Link Library )
2 > After step one is complete you must figure out certain memory registers such as what offset so and so value is stored for example a players health
3> After step two the developer or hacker must figure out what type of cheat they want to make whether it is going to be external or internal and what function it will make such as ESP ( Extra Sensory Perception ), AB ( Aimbot ), X-Ray, ACB ( Anti Cheat Bypass ) and so on.
4> Finally once the developer or hacker figures out what they are going to make they must inject the code into the vulnerable file of the game or write data to the memory.
That may have been a bit confusing so im going to go into deep explanation of how things may work a bit more.
Step 1–2 checking to see if the game is vulnerable
This part is pretty simple to understand, the hacker typically will look and scout the game to see if they can find a vulnerability within a DLL or EXE or ELF that typically has to do with memory, process, or in again a windows case DLL injection. When they figure out exactly how or to what type of vulnerability a game file is vulnerable to they typically begin the process of memory dumping or hex dumping. When developing game cheats it is mandatory for you to be able to reach memory values in a game in order to properly access them and then modify them to your limits such as player health, player ammo, player skin kits, or even a players visibilities. Typically when the hacker or game cheat developer ends up developing game cheats they wont always look for these values since some people may have gotten to the exploitation of the file first before they have which means those values are already dumped or leaked on some forums. In the sense of games like CS:GO which are the typical starter game for game cheat developers who are looking to get more information on game cheat development there are already dumps and leaks of both the engine and the games source code, which makes the development process a lot easier than it would be manually exploiting and dumping those hexes.
Step 3 Design and Planning
After the hacker dumps the memory addresses and gets all of the needed information set they then start to lay out a design plan to develop the cheats. There are two types of main game cheat topics that are used to design and plan before development and those include
- Internal cheats
- External cheats
What is a INTERNAL game cheat? A internal game cheat typically is injected into the games process that is running. For example if you were to make a internal game cheat you would need to find the games process say CS:GO.exe and inject the DLL file into the process using some sort of either custom or pre made DLL / PROC loaders.
What is a EXTERNAL game cheat? External game cheats are NOT injected into the direct game such as CSGO.exe but rather injected or ran along side of something like client.dll or engine.dll or player.dll as a windows example. This also means that you are most likely not going to trigger AC ( Anti Cheat ) unless you are reported or the game developers implemented a system to detect external cheats, this does not mean it is completely undetectable however it still makes a major difference in terms of detection rather than something like internal game cheats would.
Pros and Cons | External vs Internal game cheats
Most of the time about 60% of the game cheat community uses internal game cheats that are directly loaded into the vulnerable DLL or game file. Internal game cheats have a more direct link to the games source code, which means the cheat can modify and call direct functions from the game, edit variables and so on. This direct accessibility and linkage to the game allows for more efficient game cheats, especially when you can have direct access to algorithms like linear regression functions
if you do not know linear transformation in long is a function from one vector space to another that respects the underlying (linear) structure of each vector space. A linear transformation is also known as a linear operator or map
The defining characteristic of a linear transformation T: V \to WT:V→W is that, for any vectors v_1v1 and v_2v2 in VV and scalars aa and bb of the underlying field,
T(av_1 + bv_2) = aT(v_1) + bT(v_2).T(av1+bv2)=aT(v1)+bT(v2).
(https://brilliant.org/wiki/linear-transformations/)
how is this exactly used in internal game cheats you might ask? well having access to this means you are able to find the head, feet, and body positions of a player and in things like ESP draw a box around the player. When you take something like external ESP and compare it to INTERNAL ESP you notice a massive difference, not only is one faster and more accurate given it is calling and riding code from the game itself but its also using algorithms that you wont have direct access to inside of the game. take the following images below, one is an example of an external ESP and the other is internal ESP
EXTERNAL ESP
INTERNAL ESP ( Extra Sensory Perception )
The difference is quite clear, this also follows the same for aimbot, xray, player info, infinite tools and health etc. The reason hackers and developers will use internal game cheats is mainly due to functionality, but with that comes complexity and the need for advanced code sets, modules, and loaders. Some cheats you will buy will be more plain like the image example of a EXTERNAL game cheat shown above. Here is a comparable list of the pros and cons of using external vs internal game cheats.
Step 4 writing the code
Step 4 or actually writing and testing the code in itself branches off into its own little steps which include the following. Choosing the programming language, making memory modules, writing to memory, reading memory, and even creating hooks. What is a hook? In general programming a hook is a way to extend the ability / behavior of a function at runtime of the program. Hooks will typically be used in a internal cheat since those have more direct linkage to the internal sides of a game and its functionality. Lets now get into the few stages of development of a game cheat and how tedious this process can be.
As said in the last section when designing the game cheats there were two main types of game cheats those being external and internal. The development process depends on the type of game cheat for the first writing we will be focusing on external game cheats. External game cheats are smaller, lighter, and easier to program as discussed above, the programmer has to first open the process, read the data of the process and write to it, simple right?
To some this process may be quite easy if you have had experience in the field, but to new comer's this process can be super tedious especially given you have to write your own modules to do things such as memory reading and writing, binary transformation, and to use algorithms and functions like linear transformation and worst of all have to make sure that this program is secure and performant because like most applications if the application is not performant, speedy, and secure it could seriously ruin the reputation of your product that is if you are like 90% of the game cheat community and choose to sell your cheat. The first step is to be able to open and read the process which in order to do that you should choose a programming language that deals well with process and memory management most people will use C or C++ since both of those languages along with certain libraries make it easy to read processes. When the developer chooses a programming language to write their code in they now can begin the process of again reading and writing to the memory. Once the module or file or source code is written to read the process and write to the memory or do other functions such as getting PID ( Process ID’s ) They now need to get the memory address of the given process in order to read from that memory address and inject or modify data into the memory address. When they manage to read the memory address of the process they take the memory addresses of certain values they found during the exploitation process and continue to read certain values matched up to the memory addresses from the read process and the values of the game. This process in itself to even describe can b super long and tedious but this does not even reach into the whole development path or even barely touch the tip of the iceberg. When you reach internal cheats it gets more and more heavier cause not only are the programmers and hackers writing advanced programs to make the cheats more accurate but they also have to used leaked source code of the games engine and the game itself in order to continue to develop and design their code. When a hacker or programmer begins to program internal game cheats they need to run a whole new step of development such as again adding hooks, looking over what can possibly be hundreds of leaked source code files of a game to make sure they are using it correctly and even understand how certain graphical interfaces work, graphics engines work and even 3D rendering works.
Summary
Game cheat development is often mistaken as a easy process, and that does not require brains and does not even count as real computer hacking. However coming from personal experience game cheating is a process that requires a lot of knowledge of how memory works, vulnerability reconnaissance, process and memory injection, 3D rendering and some very intense algorithms to ensure that your programs are un breakable. I know i made this article short but this was my first article and i really hope this clears up some understanding with game cheat development and hope you enjoyed this article! later on i will write an article talking just specifically about internal game cheats and make it a bit better to understand if this was not clear enough.
