Slashdot Mirror
Half Life 2 Source Code Leaked
Pyroman[FO] writes "Gamers with Jobs is reporting that the Half Life 2 source code is floating around the net right now. It looks to be about a month old. There's no official word from Valve on the source code leak yet. Unfortunately those who want to use it to cheat already have it, we need to get the word to legitimate customers to educate them about the situation." Update: 10/02 21:51 GMT by S : Valve's Gabe Newell has an official statement, via ShackNews/HalfLife2.net, indicating "infiltration of our network" and appealing for information on the culprits.
Wow.
That's quite a big deal to have leaked. Unfortunately the article is down to I can't RTFA, but is this just the SDK source code or the whole friggin thing?
If it's the whole thing think of how much jeopardy that puts them in with the people they've licensed technology from (such as the Havok physics engine, etc).
Again I say, Wow.
I am a leaf on the wind. Watch how I soar.
Aren't we past security through obscurity by now? Or is that just applied to Microsoft.
Mod this shit up. Actually got a chuckle on this one.
I mean, not like they have way to much of a choice right?
The preceding post was not a Slashvertisement.
What's so funny about that? That's probably all this is -- leaked source that was sent to modders. I thought I read somewhere that Valve had done that. So really, the code's probably worthless to anyone not doing modding (i.e., no models, sounds, textures, scripting, etc.)
Trolls lurk everywhere. Mod them down.
Not a bad idea. By allowing other people to port the code to different OSes they could get some instant karma, save themselves some effort and get a bigger potential market all in one go. After all, people would still have to buy the game to get the datafiles.
The only problem is if the code contains third-party stuff like sound modules, physics engines etc.
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
There are two possible widespread problems that come with the release of the source. 1. is making it easier for people to produce cheats, 2. is that people can reverse engineer cd-keys, that will lead to piracy.
But source code and source code alone does not a great game make. There are models, textures, maps, config files and myriad other items that the finished product contains that the source archive will not.
You're not going to see people rolling their own pirate releases of HL2 just because of this code, but it could help people to rip off the full version, once it's available.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Valve makes money from three sources: Sales of their games for sake of their games, sales of their games to support mods (such as counterstrike), and sales of their engine to other companies to create their own game. Because the art resources weren't leaked with the source, sales of their own game for their own sake will not be hurt. The other two cases are a little more interesting.
Sales of the engine may be hurt, or it may be helped. Certain companies may wind up "doing the wrong thing" and incorporating Valve code into their own, but no major player would be caught dead doing such a thing. I expect that snippets of that code may find its way into the wild due to overtasked programmers trying to make their game the best it can be, but such snippets wouldn't have equalled a sale, they simply mean fiercer competition. And with the increased visibility, companies can now know the quality of the code that their 500 grand will be buying. True, being released into the wild may reduce the perception of value, but with the availability of the code this may still lead to increased sales.
Modders are a different story. Without economic interests compelling them to buy a license, they might begin releasing compiled binaries of their work to the community without requiring a half-life 2 license, which would cripple Valve's sales numbers. But on the other hand with access to source, modders could create more extensive and more active modifications, creating original features instead of mere graphical facelifts. If these code modders require the original game to be playable, it could lead to a real renissance in modding and a tremendous boost in sales for Valve.
I can see how this may possibly turn out to be somewhat damaging to Valve, but I can't see how this is one of the four horsemen of their apocolypse. The head of the man who intentionally leaked the code should roll (if it truly was intentional), but it is way too soon to declare this the end of the company. Under closer analysis, it may even be a boon.
This Sig is a mnemonic device designed to allow you to recognize this author in the future.
This is not a sanctioned code release. It would be just about impossible to build a development community around it. Anything made with it would be warez. I suppose its possible some tight knit group of geniuses could adapt and "spread" the work but I wouldn't hold my breath. There would be inevitable bugs and no good way for the clandestine developers to get feedback.
Contrary to SCO's opinion, unclean code doesn't help Linux at all. The best thing to do is just avoid that source like the plague. It would legally contaminate anyone who even had just had it much less looked at it.
> what happens to a loaded server with
> MaxClients set too high
Right, it starts swapping since more child processes are forked than can fit into memory. As other posters have suggested, Apache's MaxClients needs to be aligned with MySQL's max_connections configuration.
The Army reading list
The leak includes Havok 2, Miles Sound System, 3DSM plugins, etc...
I think Valv^E will be pretty poor after this.
I'm feeling bummed going thru the source code, this is looking legit and some script-kiddies are going to have a field day with this! :(
:rolleyes:
Anyone wanna bet that Valve is going to delay the hell out of Half-life2 over this? Or that it was leaked because Valve didn't release the benchmark on the 30th?
Oh boy.
- "When I say dance, you'd best DANCE motherf*cker!" -Violent Femmes
we can determine the exponential rate at which the number of bugs in open source software decreases.
Healthcare article at Kuro5hin
Someone already managed to squeeze a HL2.EXE and TF2.EXE out of the source. Behold:
http://www.devils-children.com/hl2_1.jpg
It's being picked apart in #HL2-Source on irc.quakenet.org at the moment. Fun fun.
Quality, performance, value; you get only two, and you don't always get to pick.
That's the lame excuse offered by lazy people who don't want to learn their own language.
Another worry with the leaked source is that it's possible for competitors to rip off Valve's fancy new game engine. Any proprietary techniques in the code aren't secret any more.
The buffer handling in their socket code
// its a split packet :)
// this is the first in the series
// make sure we give up eventually on fragments // TODO: add support for multiple fragments at one time?
(Tracker/common/Socket.cpp) makes many
assumptions. Notice how they have incomplete
state for split packets:
if( *(int *)&buffer[0] == -2 )
{
int curPacket=0,offset=0;
SPLITPACKET *pak =reinterpret_cast<SPLITPACKET *>(&buffer[0]);
if(m_iTotalPackets==0)
{
m_iTotalPackets = (pak->packetID & 0x0f);
m_iSeqNo = pak->sequenceNumber;
m_iRetries=0;
m_iCurrentPackets=1;// packet numbers start at zero, total is the total number (i.e =2 for packet 0,1)
curPacket= (pak->packetID & 0xf0)>>4;
}
else if (m_iSeqNo == pak->sequenceNumber)
{
m_iCurrentPackets++;
curPacket= (pak->packetID & 0xf0)>>4;
}
else
{
m_iRetries++;
if(m_iRetries>MAX_RETRIES)
{
m_iTotalPackets=0;
}
return;
}
What faith in proper sequencing!
It would take a child 5 minutes to write a
netcat exploit for this. Why, here's a child
right here....
Remember: Many shifty eyes make all exploits
shallow.
It's an interesting thought, and perhaps this would be about the only way to start something of this nature.
Company A makes a great game for Windows that people absolutely love. Linux community begs for a port, but A doesn't want to spend the time. Someone gets their hands on the source code to the game and widely distributes it, to the point where it's everywhere. It's not feasible for A to try to legally crush the people who have the source, since they're simply too many, and decide to cut their losses and support them. The company provides further support, helps to organize work, etc. using the open-source community to help build their Linux version. In the process, bugs are found and patches are released for the Windows version while the Linux port is being worked on.
Idealist? Of course, there'll be many arguments by GPL zealots and so forth. Still an interesting thought though.
Your analogy is flawed. Reading the source code to the program would be like having the sheet music, or the outlines/notes the author used when writing the novel.
Your analogy would only work if the programmer was playing the game/using the application, not looking at the source code.
UMM no it is not. If the source is basically stolen then you are guilty just by reading it. You are contaminated because it is then up to you to PROVE that you did not use the illegal code as a base for any software written by you in the future.
I have downloaded the code and taken a quick peek, It does indeed seem to be legitimate. More disturbing though is , a simple grep through the code tree reveals that this leaked source tree contains gpl'd code .
./ivp/havana/havok/hk_math/ ./utils/vmpi/mysql/include/
files in these directories contain such code for example
It would take someone a little more clued up than I to verify that this code is actually used in a binary release.
Someone should take a closer look.
Electronic Music Made Using Linux http://soundcloud.com/polyp
I guess Valve will have come come up with a new authentefication system...
This situation has actually happend before. Dave Taylor (ddt) of the long now defunct crack dot com (and of Abuse and Golgotha fame) did the original port of Quake to Solaris (or some non-exactly-gamers-first-choice platform.) However, the machine with the code on it got cracked and the code become widely distributed (this was years before id officially released & GPL'd the code.) A Linux enthusiast got his hands on the code (it wasn't a hard thing to come by at the time), did a succesful port and actually sent it back to id. Not sure what happend there after, but I do know that ddt continued handling the un*x ports at id for awhile thereafter.
Pete
Header:
#
# Half-life Makefile for x86 Linux
#
# Feb 2001 by Leon Hartwig (hartwig@valvesoftware.com)
#
Perhaps something good coming our way? Or maybe just a dropped endeavor... one can only hope.
Falcon 4.0, a landmark achievement in consumer flight simulation technology had its full source code leaked several years ago. What happened aftewards?
Nothing for several months. People went about playing Falcon 4.0 as they did before. Then a user posted a single screenshot to the combatsim.com fora. It showed the Falcon 4.0 options menu, except with some rather peculiar options-- 3dnow! support, 32 bit textures, object texture filtering, DirectX 7 support, and some others. Falcon 4.0 did not ship with support for said features, so either it was an edited screenshot or the user had modified the source code. Then the actual executable was released. It was real, the engine enhancements worked.
Development of the leaked source code exploded shortly after that. A team known as eTeam (the executable was called eFalcon) was created to work on it, devoted to closing the numerous memory leaks, and improving the overall realism and performance of the game. The improvements were incredible, bringing a game released in 1998 to a 2001 state, competitive (or far superior, which was most people's opinions) to simulations released that year. The game's publisher ignored this for a few years.
The game's publisher then put its foot down. It said that all development of the leaked source code had to be ceased. Quickly though the community reached an agreement. It managed to convince the publisher to allow continued development of the leaked source code, as long as the publisher maintained all rights to all of the community's work and was not required to compensate the actual contributors. The result was the Falcon 4.0 Unified Team, composed of most of the eTeam members (not all though, some refused to join because of the constrictive agreement) as well as many from the Realism Patch group, a non-source code team focusing mostly on realism enhancements. The F4UT has succeeded in making hundreds if not thousands of changes to Falcon 4.0, ranging from technical (graphics engine, campaign engine, AI, sound engine, etc.) to gameplay (new flyable aircraft, dogfight AI improvements, numerous miscellaneous tweaks etc.) to other content (re-done textures, models, sound effects, completely new cockpit art, etc.). The F4UT finally brought Falcon 4.0 to what its original developers intended, not only simulation of F-16 combat, but a true military aviation experience taking place in a dynamic computer simulated war.
How does this relate to Half-Life 2's source code being leaked? Well, sometimes leaked source code can lead to greater things. After the Falcon 4.0 source code happenings, the full source code, including the graphics engine, network code etc. of a few simulations (Enemy Engaged Comanche Vs. Hokum, MiG Alley, maybe some others) have been released to the public. Maybe this practice could spread to other game genres.
I've had a look at the source, and although I'm far from an expert C++ coder, it doesn't seem to me that the Steam code is included. There is, however, a 'steam.lib' file in there.
If I understand the workings of Steam correctly, it handles authentication, and also includes mechanisms for controlling the integrity of game files. Ie there's no way you could use a hacked version of the engine for your cheats, and still authenticate through Steam.
<tinfoilhat reinforced with lead>
Maybe they intentionally leaked a (mangled?) version of the source just to prove that Steam has its virtues when it comes to dealing with hacked executables?
</tinfoilhat etc>
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
Here's the beginning comment from "hl2_src\src_main\ivp\havana\havok\hk_math\odesol
Quality, performance, value; you get only two, and you don't always get to pick.
No matter how much I love open source programming, I can't help feeling really sad for Valve. The gaming market is such a competitive place and this is really the worst thing immaginable. It must be absolutely horrible for Valve to see man-years of work fly out the window. Recent posts have talked about different risks, but I think the potential rumors on "HalfLife2 sources are leaked, so there will be too many cheaters" are a lot worse from a marketing and reputation perspective.
As for you GPL programmers, there is already a lot of interesting code out there to play around with. I cannot express in words how thankful I am to different companies letting me play with their products such as Quake2 by id. I think they deserve making money on their hard work and heavy risktaking. GPLing such code is giving me a present I could never make up for.
As I'm quite fond of snowboarding, I ended up working on the Soul Ride snowboard game engine. It would take me years to reproduce the same code on my own. Even if noone ever uses my changes, I really enjoy working on it and it's fun showing my changes to (geek)friends.
Open source is fun to play with. Stolen code just isn't. The whole idea of open source code is built on honesty and solidarity.
Anyway, good luck Valve, I'll buy the game when it comes out. Also, I will enjoy working on the real source you may GPL in 5-10 years, not this leaked one.
(I'm sure some slashdotters won't like what I write, but I've got karma to spend...)
Apparently the source code was stolen in some type of hacking attack as opposed to being leaked. Stolen passwords, DoS, outlook exploit, I guess we'll only know for sure in the coming days. I think that the implications for this are larger than many people realise. Back in the Doom days, I strongly believe a pre-release leak of the Doom or Build engine could have been a complete disaster. The question is now, how much will this financially hurt, or even benefit valve? Valve has been very supportive of the Mod community, and its practically an axiom that mods made HL the success that it is today. So.. if a game that is open to modding is far more beneficial to everyone ( long-term sales, a *really* big bang for your buck, creation of hobbies that build careers for others (CS, DOD), can a leaked source code be even more beneficial? I really hope so.
Yeah, funny that a company developing a FPS game for Windows would use the most common MS applications. "Oh, I'm sorry, Half-Life 2 doesn't run on a machine with Outlook installed; you'll need to switch to Mozilla, the open-source browser/email client."
"Uh, what?"
Right. "Hi, I'd like to return this game, it doesn't run on my computer."
Outlook !== BAD *if* you have good sysadmins and keep up on your patches. The buffer exploits in the preview pane have been patched for some time. Thanks for the typical Slashdot attitude, though. MS fucks up plenty, but don't blame them when the fix is readily available.
"If there's hope, it lies in the proles..."
Saying over and over again that "security through obscurity" is bad is missing the point. That phrase means that simply not telling people how you protect yourself is not much of a defense, because a clever attacker can figure it out. To be safe, you need to be able to tell the potential attacker exactly what you have done (if not the exact key, etc.) and still have reason to believe that he can't compromise your security.
But none of that applies here.
First of all, you are actually not trying to protect the server. The client is actually allowed to send all the data that a hacked/aimbot/etc client sends. The limitation is supposed to be that the client is operated by human skill instead of a program. So what you are really trying to protect is the client. (Yes, some things like looking one way and firing another, too rapid/accurate turns and shots can be detected server side, but for the purpose of detecting a hacked client. Again, it's about securing the client.)
Now the problem with this is, that it's impossible. The client is in the hands of the enemy. By definition all your security is through obscurity, since the client can be disassembled, its memory can be watched as it runs, etc. There is no other kind of security on the client besides obscurity, short of some Palladium-like thing.
If you have a better idea, don't waste it on a game, because it's worth around a billion dollars to the right people these days.
So I wish all the knee-jerk posters would lay off smugly saying that there's no security through obscurity so they get what they deserve. You need to put down the pipe and think it through.