top of page

Mann Vs. Machine: How Automated Cheaters Nearly Killed a Timeless Classic

G'Day!
No, this game doesn't need five more Snipers! (Image Sources: Red Team's Day Off, Engineer Gaming; Logo Source: Valve Software)

Team Fortress 2 is widely regarded as a timeless classic due to having a consistent player base since its release as part of The Orange Box on October 10, 2007. Yet from 2008 onwards, the game has also been popular amongst individuals who utilize external programs to gain an unfair advantage against others, commonly referred to as "cheaters."

“It is incredibly easy to cheat on Team Fortress 2,Brody Jones, a member of the online cheating clan "MildlyKorrupt," explained in an online interview. “The anti-cheat is easy to bypass, with the bans being account based. This makes cheats incredibly easy to obtain.”


These bans are facilitated through "Valve Anti-Cheat (VAC)," which detects when a cheating program is used and prohibits cheaters from playing with others. But as the bans are account-based, many cheaters have taken to operating numerous accounts to circumvent and/or evade said VAC bans.

"When banned, VAC usually only bans the player’s Steam ID for that specific game," Erik Wendel, a Communication Technology graduate from the Norwegian University of Science and Technology, explained in his masters thesis. "The exception is games running on the same game engine, in which case the player is banned from all games using that engine."


Nowhere has this become more prevalent than in April 2017, when the GitHub user “NullifiedCat” combined multiboxing with automated pathfinding to form a new cheating program by the name of Cathook. This allowed him to operate a wave of “Cat bots” that swarmed casual matches on the King of the Hill map Harvest, killing any enemy player on sight.


“Multiboxing is running LMAOBOX on multiple computers, usually with a follow bot,” Michael (last name not disclosed due to the toxicity within the cheating community) of Bot Extermination Services explained in an online interview. ”I queue with a Medic bot, a Vaccinator Medic bot which assists me in killing the bots. And it goes Sniper if truly dire.”

These bots would remain an issue until they were VAC banned on August 3, 2017. This prompted him to respond with a wave of "lagger-bots" that were able to issue an excess of voice commands to lag out or even crash the servers they join until said exploits were patched on May 17 and June 7, 2018.


“I actually helped another sourcemod coder, ‘Backwards,’ develop a fix for the lagbots/crashbots around that time, for community servers to run,” Stephanie Lenzo, a backend person for Creators.tf, explained in an online interview. “He had made a similar fix for CS:GO, and I asked him to port it to TF2, and offered to test it on one of my own servers.”

Timeline of the 2017/2018 and 2019/2020 bot crises

The bots wouldn't return until November 19, 2019 with the public release of Cathook to numerous cheating clans such as "CHAIROWNERS." They were seen as more severe than their predecessors, as they can now take the identities of allied players to avoid being vote kicked, spam racial and homophobic slurs over text and voice chat and even abuse an exploit that caused others’ cosmetic slots to be cleared out.

“Back when I got my first cheats, I was a ragehacker,” Michael explained. “I was a toxic little sh*t. And what fueled me was the power I felt of having an army in this little virtual game, a feeling I couldn’t have in real life. So I feel like people host bots to have a sense of power over others.”


Most of the bots generated from April 24, 2020 to September 11, 2020 can be attributed to the “myg0ts,” an online cheating clan founded in 1998 that is internally referred to as “the Harassment Authority” due to their frequent raids on popular eSports titles. The group had been on Valve’s radar since 2003 for their involvement in compromising their servers and leaking the source code for Half-Life 2 prior to its planned release on November 16, 2004.


“I don't really understand what they gain out of it, other than just ‘making people upset’, which is a pretty dumb goal,” Lenzo explained. “If anything they're losing money because they have to host those bots on Linux machines in data centers somewhere, and those aren't free.”


Valve began responding to these bots through a series of patches from June 16, 2020 onwards that restricts their accounts from spamming text and voice chat. But as they continue to cheat, members of the TF2 community were prompted to take action in numerous ways, ranging from developing an external program to automatically call votes against the bots to developing their own line of bots to simply hunt them down.


“I pretty much made it because I wanted to play TF2 and focus on the game without having to constantly be going through the votekick menu,” Matt Haynie, an external plugin developer with over a decade of experience playing the game, explained in an online interview. “I also wanted a way to keep track of naughty human players via their Steam ID without having to maintain a list manually.”

The botters have also been creative in responding to these patches, with some developing their own fork of Cathook to operate bots that abused an exploit found in a prior version of the game to send malware to other users. This exploit was patched on August 27, 2020, with the bots no longer working due to an inability to run the Vulkan rendering engine.


“The major difference is that Poohook had features that could crash or lag a server, and was experimenting with features that could RCE or remote code execute,” Jones explained. “In most cases this did not work, but in some cases it did but the effects were minor.”


Some have even taken to operating bots in the Steam-based title Among Us by removing the maps from the servers, effectively making the game unplayable on most servers. And this was all while they promoted the social media accounts of "Eris Loris" through text chat in addition to the re-election of President Trump in 2020.


"I don't think that's necessarily an issue with bots per se, rather it's just an exploitable 'bug' in the game," Haynie explained. "The issue is made more significant because bots can go around crashing servers 24/7, but a human cheater during primetime could have been equally as annoying in my opinion."


While Valve continues working on mitigating the toxic behaviors seen from these bots, they are still continually being developed and operated across their digital distribution service. But this shouldn't stop users from playing the games they love in their entirety, as they can always play on community-run servers that are generally more secure, as they run with additional anti-cheat plugins.


“I think Valve has the right idea but they're not doing even remotely close to enough to fix the problem,” Lenzo explained. “If I, some self taught random TF2 player, can write a functionally better anti-cheat than Valve Software, a multimillion dollar company, then something is wrong. I really just don't think they care enough.”

Comments


Commenting has been turned off.
Post: Blog2_Post
bottom of page