Jump to content

Half-Life 2 Source Code Leaked!


Recommended Posts

Jeez, have you seen this? What a friggin nightmare for Valve. Sounds like it could be the source cod efor thier engine and Steam and the code for Havok physics. Sorry for all the people that have put their sweat and blood into this. I'm thinking it's also going to seriously affect us when we decide to play online. What a mess!



Link to comment
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Actually, it looks like its just an early leak of the SDK, thank goodness. Still, its a serious problem, not least because if there is any serious code leak we'll be seeing cheat hacks almost immediately, no doubt.


Boringly, I'll just take a moment to remind everyone we don't need any links to this leaked source, but you all know that anyway, don't you guys? I wouldn't have even said anything except that I've just come from Slashdot, where everyone seems to be competing to be the biggest asshat in the code leaking stakes.


Fortunately, other than the serious pain of multiplayer hacks, I don't think much will come of this. No serious developer is going to dare go near it for fear of being sued bigtime, and few amateurs are going to be able to do much with it other than obvious mods they could soon do with the SDK anyway.

Link to comment
Share on other sites

It's the real deal. Gabe Newell of Valve has said as such in a public posting on halflife2.net. Apparently his email account was compromised a while back, their network's been under attack for a while, and the source tree was copied on the 19th of September. What's floating around /is/ the full HL2 src tree.


Not good.


Not good at all.

Link to comment
Share on other sites

Let's not downplay the problem with multiplayer hacks though. One of the reasons Half-Life is so popular to begin with is its mod scene, and I'm sure I don't need to dance around Counter-Strike as being a serious piece of Half-Life's legacy. CS didn't become rife with cheats until it hit Beta 6 or so and it really killed the experience for a lot of people. And that sort of thing being an issue right from the gate has a serious potential to damage sales.


Just from my perspective, natch ;)

Link to comment
Share on other sites

When you play a game on your PC, you play compiled source code that is in HEX or whatever. It's mostly a gobbl-dy gook of numbers and such that you have to crawl through piece by piece to figure anything out.


What got leaked were the files that Valve uses to compile those source files you play. It is the source code with developer notes that describes EXACTLY how everything works, how the game server/client code works, how it renders graphics, everything.


So now the hackers don't need to climb through the endless compiled numbers to figure out where the potential holes in the code is, they simply look at the code itself for the holes. Then they write very detailed, very hard to detect cheating programs that allow them to cheat like asshats the day HL2 launchs.


It's not the end of the world for HL2, it's just not a very good security start for their game. I am suddenly reminded why I was excited about Counterstrike for the Xbox. Closed system = no cheating.


It shouldn't affect the single player experience of HL2 at all, just up the cheater possibilities in multiplayer game.

Link to comment
Share on other sites

-I know this may sound elementary, I have no knowledge off game development, but how could they allow this to happen?

Apparently his email account was compromised a while back

Why on earth would something so important be somehow linked to an email? (if this info we have IS true)




their network's been under attack for a while

Why have networks that games are being developed on, and networks that you know are at risk, why have them attached to an internet connection? Why not operate on a closed local network?

Link to comment
Share on other sites

Why on earth would something so important be somehow linked to an email? (if this info we have IS true)

From what I understand, the compromised e-mail account was used as a base for "socially engineering" to further compromise Valve. For example, using his e-mail account and posing as him, the hacker gains a certain amount of "trust" within the company. Using this, they could probably e-mail out trojans to other people within the company and get them to open them (which appears to be the case, he says their "speculation is that these [trojans] were done via a buffer overflow in Outlook's preview pane"), installing the trojans on the computers and giving the hacker remote access to them.


Statement from Gabe Newell

Link to comment
Share on other sites

Hoo Boy.


What a mess.


I don't have enough programming experience to know, but isn't it not too difficult to reverse engineer code in the first place? If that is the case, the leak may not be as detrimental as it appears right now. i.e. Asshat hacker boys would've been able to get this source code anyway, just later.

Link to comment
Share on other sites

Well not really. Certain things get lost completely when source is compiled to binary, i.e. comments. Really, the best you get decompiling something will look like this:

Disassembly of section .init:

080484b0 <_init>:
80484b0:    55           push  %ebp
80484b1:    89 e5          mov  %esp,%ebp
80484b3:    83 ec 08        sub  $0x8,%esp
80484b6:    e8 c9 00 00 00     call  8048584 <call_gmon_start>
80484bb:    e8 24 01 00 00     call  80485e4 <frame_dummy>
80484c0:    e8 af 02 00 00     call  8048774 <__do_global_ctors_aux>
80484c5:    c9           leave 
80484c6:    c3           ret  
Disassembly of section .plt:

080484c8 <.plt>:
80484c8:    ff 35 c8 99 04 08    pushl 0x80499c8
80484ce:    ff 25 cc 99 04 08    jmp  *0x80499cc
80484d4:    00 00          add  %al,(%eax)
80484d6:    00 00          add  %al,(%eax)
80484d8:    ff 25 d0 99 04 08    jmp  *0x80499d0
80484de:    68 00 00 00 00     push  $0x0
80484e3:    e9 e0 ff ff ff     jmp  80484c8 <_init+0x18>
80484e8:    ff 25 d4 99 04 08    jmp  *0x80499d4
80484ee:    68 08 00 00 00     push  $0x8
80484f3:    e9 d0 ff ff ff     jmp  80484c8 <_init+0x18>
80484f8:    ff 25 d8 99 04 08    jmp  *0x80499d8
80484fe:    68 10 00 00 00     push  $0x10
8048503:    e9 c0 ff ff ff     jmp  80484c8 <_init+0x18>
(260 more lines of assembler here)

Which you have to manually interpret the overall function/purpose/usage of. With something like the original high-level C++ source code, you get:

#include <iostream>

using namespace std;

int main()
   //print out "Hello world!"
   cout << "Hello world!" << endl;

   return 0;

Quite a bit easier to figure out what's going on. ;)


There would still, however, probably be cracks/cheats/etc. even if the source code were not leaked.

Link to comment
Share on other sites

Originally posted by dogbert@Oct 3 2003, 12:59 AM

They'll have to re-write their CD checking routines and whatever other protection mechanisms they have for one.

Obviously this will be done anyway, as they will want to make patches useless for anyone running the stolen code, but surely anyone with the source can at least compile the version they have with or without copy protection calls?


They'll still want to get hold of the actual release CD for all the actual data the code uses to create the game, but that would be a case of just copying it of there, yes?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...