Id Software and Activision Wolfenstein Source

An enthusiastic Anonymous Coward writes: "Id Software and Activision released the sources of Return to Castle Wolfenstein. Single-player and multiplayer included. Unbelievable! Another great surprise from Id Software!" Update: 04/14 15:19 GMT by T : Note: don't get your hopes up -- these are the sources for the game code, not the engine.

Here come the hacked, never-miss multiplayers

[Brento]

Don't be surprised in a month when suddenly people start missing a lot less often in multiplayer mode.

Re:Here come the hacked, never-miss multiplayers

[carm$y$]

The license agreement (included, and clicked on in order to install), says, under "2. Prohibitions": "j. prepare or develop derivatives based on the software".

Clear enough for correct people - and if think different, maybe the whole GPL/Open Source concept is flawed...

Re:Here come the hacked, never-miss multiplayers

[coupland]

Bah, mod all this shit down. It isn't the full source, this is just the game source. They always release the game source...

Re:Here come the hacked, never-miss multiplayers

[Brown]

Umm, wrong-o.

This is just the game code; it gives *no* access to networking/engine features beyond what the gameplay code needs; it's also what runs on the server. It cannot be used to make hacked clients at all.
This is just ID's normal release of code to make mods etc. The engine src won't be released for 3 years or so yet!

Re:Here come the hacked, never-miss multiplayers

[Masem]

Except that v 1.3 and beyond will have PunkBuster software in place. Basically, if a server admin wants to minimize the cheaters on their system, they can force this on their server; all connecting clients will have to have this enabled to play on the server. The software scans key dll and other files in the RCTW folders and other factors to try to determine if any modification has been made to those files, and if so, the client is flagged as a cheater, and typically kicked from the server.

Last time I checked, about 50% of the 1.3 servers in GSArcade claimed to have PB on and running. And the other thing that I've noticed from playing it is the first 2 or so minutes of playing are typically a bit choppy due to the security tests, so it's not very intrusive.

Re:Here come the hacked, never-miss multiplayers

[defile]

It always frustates me how naive people who should rightfully know better are when it comes to cheat prevention. It's great to see an anti-cheat client actually work and kick the occasional cheater off of a server, but it often gives an irrational sense of hope.

Anti-cheat clients are a losing battle by definition. There is no way they can possibly be successful. The more effective one is, the more effort people will put forth to break it.

As long as the client must be trusted on computers that players own (and may therefore hack accordingly), cheating will always be possible.

The software scans key dll and other files in the RCTW folders and other factors to try to determine if any modification has been made to those files, and if so, the client is flagged as a cheater, and typically kicked from the server.

There are dozens of ways around this on any modern OS that has basic process debugging functions. Without even getting creative:

• You can hack the program to disable the anti-cheat client, and run your own anti-cheat client that meets the server's security requirements.
• Detect when the anti-cheat client runs and redirect its calls to a different, legit set of data.
• Write cheats that don't depend on modifying on-disk DLLs. When the game starts, modify in-core game data. Since the on-disk DLLs are never modified, the client says all is well.
• Intercept game system calls to load DLLs and redirect them to a set of hacked DLLs. Take measures to ensure that the anti-cheat client is not also redirected (it probably uses different calls).
• Impose a proxy between the client and the server that intercepts and adjusts actions accordingly.
• Run the game under an emulator (legitimate reasons are like how I run Counter-Strike under Linux/Wine). Set up a pristine system environment in the emulator, run all of the cheats from the host OS. The anti-cheat client could never access the host OS (unless the emulator is broken) and would have a much harder time detecting cheats.

Are there ways to write anti-cheat clients to counter all of these? Probably. But then you open up yet another round of the clever game developers vs. all clever hackers in the world. With each release, the anti-cheat client has to be more clever, more complex, more intertwined, which is only going to make it easier to defeat since there will be so many more points of attack.

If you want to play games without cheating, play on computers that are owned by a trusted third party (like a lan gaming place). Or play with players you trust. Trusting an anti-cheat client on an untrusted computer in front of an untrusted player is hopeless.

Re:Here come the hacked, never-miss multiplayers

[defile]

Meant to include this in the parent post.

A less hopeless attempt at cheat prevention would be to integrate a "web of trust" system into gaming communities.

This is all doable through cryptography, but I'll explain the protocol without the implementation details:

Players take a vow to play cheat free. They get their friends to confirm that they play cheat free. Friends confirm other friends. The web develops. This relationship is published to a well known repository and linked to other webs of trust submitted by other groups based on common participants.

Alice and Bob have never met before, but they can be pretty sure that niether is cheating because Alice trusts Frank, who trusts Trent, who trusts Eve, who trusts Andrew, who trusts Bob. This many levels of displacement is probaby enough to cover the population of the United States.

When you join a server to play, the server checks your position in the web of trust to that of others on the web, and tells you their trustworthiness. By playing against people who are trusted by people you trust you can play with higher confidence. You could set policies to only allow players who meet a certain trust level.

Someone who is actually confirmed to be cheating could damage the trustworthiness of a huge set of players, and would motivate the participants to quickly distance themselves from the cheater or be classified as cheaters themselves.

A lot of the attacks against this model are based on the implementation, but it sounds more promising to me than pursuing ridiculous anti-cheat clients.

Re:Here come the hacked, never-miss multiplayers

[ryanvm]

Players take a vow to play cheat free. They get their friends to confirm that they play cheat free. Friends confirm other friends. The web develops. This relationship is published to a well known repository and linked to other webs of trust submitted by other groups based on common participants.

At least one pitfall to this system is that it hinges on social interaction between participants.

It basically mandates that logging onto a random server and playing for an hour or so every couple nights isn't "good enough". Now you have to engage in moronic chit-chat with the dozen
retards on the server in order to can gain their trust. No thanks.

I play CounterStrike because the game is fun. The last thing I want to do is be forced to integrate myself into some "clan" of immature jackasses just so people can be sure I'm not cheating.

Re:Here come the hacked, never-miss multiplayers

[sheetsda]

So what stops someone from hacking PB? If you can hack PB, all you have to know is the right answers to the right questions. Alternatively cheaters could develop a hacked PB client. I wouldn't be surprized if things like these are floating around. Programs of this sort are a nice idea but they're fighting the untrusted client problem, an inheritly unwinnable battle.

Re:Here come the hacked, never-miss multiplayers

[Natalie's+Hot+Grits]

Here are some more methods of cheating:

- Program a standalone program to probe your frame buffer, recognise graphic patterns in the image. Automatically move the crosshair to that position using system calls.

- more shit here

The point of all this is that you don't understand the point. I ca think of litterally a million ways of cheating, and punkbuster is not about preventing cheating.

Have you ever heard of antivirus software? Their goal isn't to patch holes in buggy software written by microsoft. Their goal is to detect known exploits, and disable them. With punkbuster, signatures of exploits (mainly aim bots) can be detected, even if they have NOTHING TO DO WITH THE .DLL's that the game uses to run. It is not only a client side program that authenticates.

Everyone knows that anti-cheating is an uphill batter. But did you notice that AV software providers make assloads of money?

Untill game developers start encrypting every packet made by the client, before it is sent off to the network, and on the OS level, the video memory can be locked out, even by the root user, aim bots will exist. and people will use them. Things like PB are the only thing we have to slow this abuse.

If you want to play with non-cheaters, you had better be playing in a league. I can personally guarantee you that most popular public servers has a few people every now and then running aim bots. This applies to CS,Quake3,Wolf, and other popular FPS games.

Re:Here come the hacked, never-miss multiplayers

[Dwonis]

Smarter server-side sanity checking works much better.

Re:Here come the hacked, never-miss multiplayers

[defile]

It's not an uphill battle. It's a losing battle no matter what. It was already lost before it was started.

With punkbuster, signatures of exploits (mainly aim bots) can be detected, even if they have NOTHING TO DO WITH THE .DLL's that the game uses to run. It is not only a client side program that authenticates.

So uh, what stops me from hacking punkbuster so that it sees only what it needs to see?

Untill game developers start encrypting every packet made by the client, before it is sent off to the network, and on the OS level, the video memory can be locked out, even by the root user, aim bots will exist. and people will use them.

I have full control of my machine. I can break any of these mechanisms if I want to. That anti-cheat client developers don't get this fact means that they're naive. Or think they can make assloads of money by running everyone through the mud.

Anti-cheat clients will inconvenience legitimate users (you know, people who didn't install the latest fucking anti-cheat tool of the month) and do nothing to people who want to cheat.

Re:Here come the hacked, never-miss multiplayers

[defile]

It basically mandates that logging onto a random server and playing for an hour or so every couple nights isn't "good enough". Now you have to engage in moronic chit-chat with the dozen retards on the server in order to can gain their trust. No thanks.

Not necessarily. The beauty of such a web is that you don't need to know the people you play with, just that you know common people (which if you pick two random people in the US, they probably know each other with a suprisingly small amount of displacement).

It means that you need to know at least someone, but in the worst case you may just play on a server where no one trusts you--which is how much they already trusted you.

The end result is that this is going to be more effective than useless anti-cheat clients, and is really the only hope you've got unless you only plan on playing with people you trust, trust network or otherwise.

The third reich (A RTCW mod)

[linzeal]

Already has information on how to play with the source code.

Re:The third reich (A RTCW mod)

[jacoplane]

You were probably referring to this page.

This is just the *game logic*, not the engine

[adamwright]

ID always release the game logic portions of the game shortly after retail, to allow mod makers to start hacking on it (it's been this way since Quake 2 - Quake 1 came "source included"). The quake 3 engine source won't see the public light of day till probably Christmas 2003, maybe even later.

Re:This is just the *game logic*, not the engine

[Toraz+Chryx]

the QuakeC sources weren't included on the retail cd, though I think they were put up for download shortly after the was released.

(at least, my Q1 cd doesn't have the source on it)

Re:This is just the *game logic*, not the engine

[G-funk]

Yes it does, it's in the .pak file, you just need to extract it.

Re:This is just the *game logic*, not the engine

[Brown]

The .pak only contains the game code in byte-compiled form.

It is not easily modifiable on it's own, although there are utilities to convert it back into something like it's original source. ID released the actual QuakeC sourcecode a little later, along with a byte-compiler etc for it.

Re:This is just the *game logic*, not the engine

[Toraz+Chryx]

progs.dat wasn't the QuakeC source.....

Low Quality

Another low-water mark in terms of Slashdot content quality.

"Developers: Id Software and Activision Wolfenstein Source" - English is not my native language, but surely, this is a fairly crappy headline. "Developers: Wolfenstein Source Code Released" or something similar would have been way, way better.

Second, the posting itself is shit, written by an "enthusiastic anonymous coward" who is apparently about 13 years old. Who the hell is reviewing these news items before they hit the front page? Whoever posted this one (hi tim) should have done some creative re-writing, or better yet, picked another submission about the same thing (surely there must have been a couple about something this well-known).

In its current state, I am very glad I'm not paying a cent for /. access. Stuff like this posting really brings down the average content quality big time.

Mirror of source code pack

[itsnotme]

I managed to get in the ftp sites that wasnt slashdotted already and got a copy of it, you can get a copy from: wolf_source.exe

ok,

[Rhinobird]

Now how long until there's a Gentoo portage thingie?

And I'll just shut up now...

DUH!

[dnaumov]

Do you REALLY think this is the engine source ? HELLO ?! This is source for the "game" code, that enables mod makers to create the all-popular MODs for the game, like Team Fortress and Capture the Flag for the original Quake. ID Software's policy has always been to: "Make game1. Make game2. Start making game3 and release the source for game1. Finnish game 3. Start working on game4 and release source for game2".

That way the engine licensees can take their time to release their ID Software engine-based games without losing any profit due to all these custom engine modifications people do in their spare time with games like Doom, Quake and Quake2. You can expect Quake3 Arena (and NOT RtCW) engine source some time after ID starts working on a game AFTER Doom3 (their current project) is released.

Re:DUH!

[Nurgster]

Guess again.

Team Fortress Classis was a Half-Life mod, the original TF was a Quake 1 mod.

its not the engine

[krs-one]

I think one of the biggest misconceptions when ID does this is that they are releasing the engine. Why would they do that? ID never would when the engine is still being sold. Would you pay 300,000 for an engine you can get for free? Hardly.

-Vic

Advances.

[saintlupus]

Oh, goody. This means the market will soon be flooded with significantly more advanced and realistic deer-slaying simulators.

--saint

Fast mirror of the RTCW source code

[Turmio]

Just in case this is needed: http://shakti.tky.hut.fi/slashdot/wolf3d-source/

Use wine

[yerricde]

All they have is an EXE file so far.

Windows self-extracting archives tend to run quite well on Wine, the most popular application binary compatibility layer for FreeBSD and GNU/Linux operating systems.

Or try Info-ZIP Unzip on it; <crime violates="DMCA">it sure helps when dealing with Microsoft documentation archives</crime>.

true, however...

[spd_rcr]

it's good to see ID keeping with their tradition of slowly opening up their source code. how many other gaming companies out there do this ? many still freak out when you try to play w/ their 20 year old roms. quake 1 is still a great game, fast, and can be run on nearly any machine still operating, of course i don't think they're giving away the NiN tracks, the RIAA would have a fit !
ID is definately one of the best software companies and definatey at the top of game companies. They're a business, they make money, & they give back to the community.
so they keep the code for 3+ years, at least they won't go broke and stop having code to give us.
it'd be nice to see other companies doing this !
way to go ID Software, thanks for continued good deeds.

Re:true, however...

[ConceptJunkie]

I agree. I think it's awesome that they have opened up _all_ the source for their older games, so enthusiasts can port them to other platforms and/or make modifications and additions.

It's a common sense idea that I wish more companies would follow. Old products do not make the company any significant money (if at all), and releasing them gives the community a big bonus. Of course, most folks will still want the latest and greatest when it does come out. I suppose some companies might consider such an action impacting sales of their current products.

I'm glad that id is willing to take that risk,

I don't like id games, nor do I play them, but I like the idea of a company that doesn't bury obsolote code for no good reason.

Now, if Microsoft would only release the source to Windows 3.1....

Re:true, however...

[motardo]

Commander Keen for all!! :)

-motardo

Re:true, however...

[ConceptJunkie]

Release the source for Kroz!

Re:true, however...

[Warped-Reality]

iD has NEVER, I repeat, _NEVER_ given away their games (as your one sentence about the RIAA seems to imply)... Even though the full sources for Wolf, Doom, Quake, and Quake2 are out, you still need to actually posess the game to play it (source without data is useless)

Re:true, however...

[spd_rcr]

source is the only data that really matters. if you're just looking for a free copy of quake, sure they don't give away the complete game, but they do give you everything you need to make your own. collect some textures, throw together your own maps, skin a couple characters, it's no more work than the average enthusiast does when the game's brand new. www.quakeworld.com
or www.planetquake.com
i'm just complaining 'bout RIAA, because it'd be nice if you could legally download old NiN or other tracks after the cd's have left the marketplace. what sort of fan wants to spend $30 to replace that old scratched up cd because now it needs to be special ordered in.
ID has a good idea and it'd be nice to see other industries/companies following their lead.

Re:engine code vs. game code

[someonehasmyname]

umm. because sierra or another game developing company could use it. I mean, come on. I'd love to see counter-strike using that engine.

Re:engine code vs. game code

[reidbold]

Licensing the quake 3 engine costs 250k, there's your reason for not releasing the engine.

Do you know why this would never work?

[7-Vodka]

I'm a good player. I get accused of cheating several times a day. I don't cheat. Really.

So basically in a web of trust, I'm fucked. Every lamer out there will mark me as a cheater.

Suprise? How?

[SquierStrat]

While it IS pleasant news, it was not a surprise. If you read the change log to the last patch, one of the changes was the addition of a mod menu. Hmm could this be because they are releasing the game code? :-)

Most redundant posting ever

[screwballicus]

It's a shame to see good people making good comments get bad karma for posting useful information, but it's also a shame to see a message board filled with 30 people all saying the exact same thing. How many checked to see whether someone else had posted regarding the code being just game source and not engine source before repeating that fact? Not many, seemingly. 30 people can't have all posted that comment simultaneously. It looks like slashdot is all soapbox and no audience, especially seeing as virtually everyone seems to be well aware of the existing policy on releasing source, anyway.

I mirror this code to get your advise...

[droleary]

"Source code" in an exe from a complete stranger! Let me rush out and get that!

Re:I mirror this code to get your advise...

[Verne]

no no, he's +5 Informative, it must be safe... slashdot moderators can't be wrong... ;)

Re:I mirror this code to get your advise...

[btellier]

Not to mention that he's got a 20k user number. As we all know, Slashdot didn't start attracting the evil hordes of trolls and hax0rs until the 100k's-120k's.

Re:I mirror this code to get your advise...

[Nailer]

"Source code" in an exe from a complete stranger! Let me rush out and get that!

So I take it you only ever install GPG signed source / binary packages? Or if installing unpackaged source review each line yourself?

Nazi AI

[Screaming+Lunatic]

That's sweet. The AI of the bots is fricken amazing. Now I can figure out how they got the Nazis to kick grenades back at you. And how they managed to get the Nazis to sneak up behind you when they have spotted you. RtCW doesn't get that much credit for their AI, but is was quite good for a FPS.

Macs

[macdaddy]

I just wish the lazy SOBs would finish the Mac version. Why the hell is it taking them so fscking long?! The last test release was in November '01 for Christ's sake!!!

Re:How about the Linux version

[MichaelNewton]

If the .exe is just a self-extracting pkzip file, you can unpack it with "unzip file.exe" on linux.

Game code is in the interesting part

[Junks+Jerzey]

Note: don't get your hopes up -- these are the sources for the game code, not the engine.

Speaking as a professional game player, the game-level code is the interesting part. Graphics engines get pretty boring after you've worked on a couple of them. Go back to a graphics book from 15 years ago, back before PC gaming took off, and that's pretty much how graphics engines still work. Game-level code, though, now that's interesting. There are many more open problems in that area, or at least problems that can be solved in hundreds of ways, as opposed to three or four.