Half Life 2 Source Code Leaked

Pyroman[FO] writes "Gamers with Jobs is reporting that the Half Life 2 source code is floating around the net right now. It looks to be about a month old. There's no official word from Valve on the source code leak yet. Unfortunately those who want to use it to cheat already have it, we need to get the word to legitimate customers to educate them about the situation." Update: 10/02 21:51 GMT by S : Valve's Gabe Newell has an official statement, via ShackNews/HalfLife2.net, indicating "infiltration of our network" and appealing for information on the culprits.

Pascal

[dekashizl (663505)]

Hopefully this will put to rest the controversy over Pascal. Now the world can see that you CAN write a production quality game in Pascal.

...and in other news...

[Kandel (624601)]

Valve Software are sueing Linux Kernel creator Linux Torvalds, on suspect that leaked Half-Life 2 source code is present in Linux operating system.

Re:...and in other news...

[wo1verin3 (473094)]

That would be funnier if it was SCO suing valve for using System V Unix Code in Half Life 2.

Re:...and in other news...

[Kandel (624601)]

I can just see all the Valve Software guys in a circle around a SCO executive, pushing him around going...
"Whadda gonna do huh? Revoke out Unix license!"

Thanks ATI!

[by Anonymous Coward]

I knew ATI wouldn't let us down!

It wasn't 'leaked'...

[goldspider (445116)]

...it was FREED!!

Re:It wasn't 'leaked'...

[ornil (33732)]

The proper term is "liberated".

You know you're on Slashdot when...

[SUB7IME (604466)]

... cheating is considered the 'big threat' of a source code leak, rather than the huge impending theft of intellectual property ;-)

Re:You know you're on Slashdot when...

[Havokmon (89874)]

... cheating is considered the 'big threat' of a source code leak, rather than the huge impending theft of intellectual property ;-)

I'm currently taking bets on the surprise release of Duke Nukem Forever.. (Which surprisingly, looks like Half Life 2)

IP?

[Oestergaard (3005)]

Intellectual Property, like flying pigs, cannot be found in nature.

That's the net for you...

[pegr__ (144172)]

Great... The article is Slashdotted... But the leaked code is mirrored everywhere!

Full text of linked article

[by Anonymous Coward]

Full article from:
http://www.gamerswithjobs.com/modules.php?o p=modlo ad&name=News&file=article&sid=665

Half-Life 2 Source Code Leaked, Seriously
Posted by: Pyroman[FO] on Thursday, October 02, 2003 - 11:02 AM EST

So I know what you're thinking. "Yeah right Pyro, it's really just more suprise gay porn" but its the real deal. The source code for Valve's Half-Life 2 has been leaked to the net. An anonymous GWJ reader has verified this is real.

I can confirm that this is indeed no fake ... The thing is available as a torrent download on the net. I don't know how much action they will take against people downloading this. ... The last edits are from a month ago (in the files). If this is fake, it is a damn good one. It looks very coherent. Over 100 megs unpacked source

There's still no official word from Valve and I haven't seen any other sites pick it up. There isn't any word on who leaked it either and from what I have heard the source doesn't give it away. Hopefully when this gets out in the open Valve can work with its partners to figure out who did this. Let's also hope it doesn't delay Half-Life 2 any further.

One things for sure, this can't be ignored. Those in the know already have it and they're probably working on their first cheat right now. Legitimate customers are the ones who need to know about this as they are the ones that will get their machine potentially broken into when they go online. You can't warez with month old source code, all it's good for is exploiting others in multiplayer and allowing crackers to make better cracks. Customers need to know that there are cheaters out there right now with the full Half Life 2 source code, if this is true.

Steam?

[Realistic_Dragon (655151)]

Nice to see that DRM is helping to make sure that it's hard to cheat and rip off the hard working games companies...

Those who want to steal will, those who are honest will pay anyway. Why piss off your entire userbase with DRM?

More info

[redink1 (519766)]

The staff at halflife2.net believe its real [halflife2.net].

There are also a few threads on steam [steampowered.com], PlanetHalfLife [forumplanet.com], and arstechnica [infopop.net].

Oh no.

[akunkel (74144)]

Lets just hope it does not end up in the Linux kernel.

Code control technology

[Skyshadow (508)]

It seems like these development houses need some sort of code control technology. Given that bits are inherantly copyable and the ease with which they're moved in large numbers (net, DVD-Rs, etc), companies can't rely on conventional security methods to protect themselves from serious employee theft.

But how?

At my company, we control access to code using good 'ol fashioned groups, but that leaves a relatively large number of people with access to everything. Maybe you could enhance that security with encryption of the codebase (you can decrypt the parts you need to change and that's it), but that doesn't seem like a great solution, either. Or maybe somehow watermark the code to each person in a way not easy to detect -- maybe dynamically change their variable names so they're individual-specific...

Anyhow, interesting problem. There's always air-gap, searched-by-security on the way out solutions, but given that my keychain holds more data than my first (or second, or third) hard drive, I'm not sure how effective even a police-state style could be against a determined thief....

Re:Code control technology

[randombit (87792)]

companies can't rely on conventional security methods to protect themselves from serious employee theft.

If security is really important, #1 rule is to make sure you trust the people who have the important data. Someone did this intentionally, either someone at Valve, or one of their partners. That person should probably not have been hired in the first place. OTOH, I don't know how one would go about security checks for this kind of thing. It's not as easy as govt ones (where what they want to know is 1) are you a spy/subversive/etc and 2) how easy can you be blackmailed by someone who is - between those two it covers 99% of the cases where one would wish to leak stuff). This seems like it was done - well, actually, I really don't understand why anyone would do this, except maybe to really fuck their employer.

Maybe you could enhance that security with encryption of the codebase (you can decrypt the parts you need to change and that's it)

Except that you still need to compile it, so unless you put special decryption stuff in the compiler (or in a preprocessor to it), etc, etc, etc it's not going to do you a whole lot of good.

Or maybe somehow watermark the code to each person in a way not easy to detect -- maybe dynamically change their variable names so they're individual-specific...

Would sure as hell make understanding things hard, though. 'Sure, to do such-and-such just increment a4362h' 'What? Do you mean z2314j?' I don't think this would fly.

Xbox Version

[Iscariot_ (166362)]

Looks like our best bet for a secure, low-cheat ridden version of Half-Life 2 multiplayer might be on the Xbox now...

Just a thought.

What??

[Creepy Crawler (680178)]

What? No bittorrent links?

How sad. oh wait.. you're shuning sharers today? Nevermind then

Just watch...

[Kedisar (705040)]

I wager the OS community finishes Half-Life 2 before Valve does. ;)

No wait, this could be good

[tsetem (59788)]

Think about it. If the code hits the net, and hackers find the various exploits in HL2 (buffer overflows, hijacked network streams, etc.), then Valve can see where their holes and possible exploits are at and fix them before it goes gold.

Not to mention, all of the free debugging, and reviews too. Heck, how many mods will be available when HL2 gets released because developers have access to the new API. Maybe it wasn't leaked, maybe it really was freed...

License

[Chris Canfield (548473)]

Valve makes money from three sources: Sales of their games for sake of their games, sales of their games to support mods (such as counterstrike), and sales of their engine to other companies to create their own game. Because the art resources weren't leaked with the source, sales of their own game for their own sake will not be hurt. The other two cases are a little more interesting.

Sales of the engine may be hurt, or it may be helped. Certain companies may wind up "doing the wrong thing" and incorporating Valve code into their own, but no major player would be caught dead doing such a thing. I expect that snippets of that code may find its way into the wild due to overtasked programmers trying to make their game the best it can be, but such snippets wouldn't have equalled a sale, they simply mean fiercer competition. And with the increased visibility, companies can now know the quality of the code that their 500 grand will be buying. True, being released into the wild may reduce the perception of value, but with the availability of the code this may still lead to increased sales.

Modders are a different story. Without economic interests compelling them to buy a license, they might begin releasing compiled binaries of their work to the community without requiring a half-life 2 license, which would cripple Valve's sales numbers. But on the other hand with access to source, modders could create more extensive and more active modifications, creating original features instead of mere graphical facelifts. If these code modders require the original game to be playable, it could lead to a real renissance in modding and a tremendous boost in sales for Valve.

I can see how this may possibly turn out to be somewhat damaging to Valve, but I can't see how this is one of the four horsemen of their apocolypse. The head of the man who intentionally leaked the code should roll (if it truly was intentional), but it is way too soon to declare this the end of the company. Under closer analysis, it may even be a boon.

Gamers with Jobs.com?

[yroJJory (559141)]

Seems to me this should be posted on Gamers WITHOUT Jobs, as that's what will happen when the leak is traced.

IT COMPILES

[W2k (540424)]

Someone already managed to squeeze a HL2.EXE and TF2.EXE out of the source. Behold:

http://www.devils-children.com/hl2_1.jpg [devils-children.com]

It's being picked apart in #HL2-Source on irc.quakenet.org at the moment. Fun fun.

Maybe the leak is the cause of the delay !

[rhino_badlands (449954)]

Just a thought but maybe Valve knew about the leak and then pushed back the release date to fix code which could have been comprimised !

So lets just say thanks to whom ever leaked the code and we can all blame them for the delay of the release date !

I hope they also know that NDA's are a big part of the game industry today so that either means your loosing your job, your company, or you getting sued.

Each file contains a date, what was modified and when for the most part depending on what code managemnt tool they use ... so valve can probaly go though see who checked out the whole build ... or just certain parts and figure out who leaked it. (most managemnet tools use 128 bit encryption and a key) Its very easy to track these things.

Here is some sample code

[DeadBugs (546475)]

}
If ATI Pays++

• then ATI_Card_Peformance++

else if NVIDIA Pays++

• then NVIDA_Card_Perferomance++

else

• BSOD

{

Not Quite Dead - Release Party

[greymond (539980)]

I would like to take this time to announce Stolensofts new upcoming FPS shooter "Not Quite Dead" The game features a robust and powerful 3D engine, with realistic AI.

Surprisingly enough we were able to complete the game engine and the game within 2 weeks, which goes to show why Stolensoft makes the best games.

Contains GPL'd code ...

[polyp2000 (444682)]

I have downloaded the code and taken a quick peek, It does indeed seem to be legitimate. More disturbing though is , a simple grep through the code tree reveals that this leaked source tree contains gpl'd code .

files in these directories contain such code for example ./ivp/havana/havok/hk_math/ ./utils/vmpi/mysql/include/

It would take someone a little more clued up than I to verify that this code is actually used in a binary release.

Someone should take a closer look.

Re:One Word:

[Moonshadow (84117)]

I got wind of this earlier this morning. There's a big thread on it. So far, those looking at it believe it's most likely a heavily-modified HL1 SDK, or something. Not sure if it's a hoax yet. Of course, they're gamers, not coders.

Thread here [halflife2.net].

Be interesting to see what the verdict of the Slashdot code gurus is.

Re:One Word:

[Digital11 (152445)]

Ok... It's real. It looks very incomplete, pretty old, but real nonetheless. There's functional code for things that never existed in HL1. (I assume to be functional at least, obviously I can't compile it but if this is a joke played by someone who just wrote a bunch of code to try to make it look real then they spent a LOT of time doing it.)

Now however, I have come to the conclusion that this IS an SDK, and not the full source of their engine.

Err, I take that back. Its the engine. Just found the occlusion system and the node management.

I feel for Valve about now. This sucks.
I'm deleting the source just out of respect. :(

Re:One Word:

[Digital11 (152445)]

In the dlls directory is pretty much all of the equivalant stuff thats in the HL1 SDK. I thought it was fake at first after looking in there, then I started to look through all the physics code. All of the ragdoll type stuff that there's no way is in HL1 and the code isn't faked. Then I checked out the engine directory. Like I said in a post futher down, the full occlusion system and node management is all there, I didn't have time to check for the actual rendering code because I had to get back to work. But I'm thoroughly convinced that it's real. I even feel bad for downloading it now because I know if someone stole my code I'd be way more than pissed about it. Let em steal a binary all day, but when they have the code it's a whole new level. This is corporate espionage at its finest.

Re:"use it to cheat?"

[Moonshadow (84117)]

Most people don't think like that. They think "You have the source, you can make whatever cheats you want!" They're gamers, not coders, and most don't have a clue what they're talking about. I trust that Valve is professional enough to write tight code.

The most damage is the loss of company secrets (Source engine techniques, anyone?) and the potential damage to engine licensing opportunities, I think.

Re:"use it to cheat?"

[Slothy (17409)]

If this is legit, this all applies. If not, then obviously it's not worth anyone's time to debate.

Valve will not lose any licenses due to the code being available. Nobody is going to not license the engine because they can get the source. You'd get your ass sued to oblivion to commit largescale copyright infringement on a major retail product. The first thing anyone asks when you're working on a game is "what engine are you using?". You can't hide your engine - knowledable people can easily tell what engine it is by running it.

The real risk is cheating, which could very well have a real impact on sales (why buy HL2 to play the new CS when the new CS has at least as many cheats as the old one?). Plus if cheating is rampant, it could scare away licensees.

So they could lose real sales and licensees, but only because of cheating, not because they don't need to pay for the source because they can get it for free :)

Jon (Slothy)
Programmer, S2 Games

Re:"use it to avoid licensing?"

[Moonshadow (84117)]

Well, that's really what I meant. No serious studio is going to use a pirated version of the engine to create a game, but HL2 is obviously using some cutting-edge techniques to achieve the results that they have demonstrated. The availability of the code means that such techniques could be analyzed and incorporated into other engines, diluting the exclusivity of the Source engine, and making it a lot easier for developers looking for a next gen engine to roll their own, or buy one a bit cheaper than Source.

Re:"use it to cheat?"

[slamb (119285)]

Aren't we past security through obscurity by now?

Not with games, especially first-person shooters. It's a problem of distributing the workload with limited server resources and limited bandwidth / high latency between nodes. To make the game playable, the clients have to know things and be trusted to do calculations that from a security standpoint they should not.

This really is unfortunate. It means you really can't stop cheating with this sort of game. It's especially easy when the source code is available, though it's still possible otherwise.

Re:"use it to cheat?"

[PyromanFO (319002)]

Mod this man up, I wasn't talking about the latest OpenSSH release getting leaked, it's Half Life 2. The latency problems mean you can't really have secure netcode, however obscurity goes a long way to help.

The CDKey and Steam authentication systems are also supposedly included, so any security control they had before goes out the window, you can't trust the CD Keys or Steam anymore. Not that they were perfect before, but this is going from "wait a bit while the crackers figure out this new authentication system, then it's changed in a patch, repeat" to "here it is on a silver platter, before it's released"

Not always a problem

[mr_luc (413048)]

A lot of that has to do with the particular game, as well as the design of the prediction in that game.

For instance, in Starsiege:Tribes, since the rendering engine has been successfully hacked, people have been able to write some clever and EXTREMELY extensive cheats -- you can customize the visibility of the terrain, of individual objects (like buildings -- make them partially transparent to see people around corners), remove fog from maps, have pointers to the person with the flag, and most infamously, change the model for the flag into a twenty-story-tall red and green stick figure with a gigantic smiley face. This cheat is known as 'Happy Flag', and it makes it pretty much impossible to confuse the enemy team as to the location of your flag.

Now, in any other game, with the graphics engine compromised to that extent, the game would be over. It would be trivial to write auto-aim functionality that centers your view on a particular model type and fires the weapon.

But thanks both to the use of actual projectiles instead of instant (or 'hitscan') weapons, as well as a server-client model that DOES NOT TRUST CLIENT EVENTS (which you might think would make the game much more apparently laggy, but which in reality makes the game much less stuttery and much smoother for those on slower connctions; you just have to predict your shots more. But, since you have to do that anyways by design . . .).

The stability of this system is such that even with one of the most rabid fanbases in gaming, the only cheats available are primarily informational in nature. A cheater can see mines better, can know where the flag is, can see people clearly that would be mostly obscured by fog otherwise.

But this gives him very little actual advantage. The only hitscan weapon in the game is not a one-hit kill even on the lightest armor, and it needs to recharge, and the method used in both Tribes 1 and the Torque engine of the server not trusting the player for jack shit is actually EASIER on the server, since it processes client actions essentially as it receives them. Moreover, thanks to 'skiing' and the jetpacks and the visibility of laser rifle attacks, any advantage is quickly whittled down to a simple nuisance.

Now, at the other end of the spectrum is Red Faction. :D I'm not much of a cheater normally, but the most fun I have ever had was back in the day before everyone was cheating, when the careful task was to cleverly design cheats that are almost undetectable -- like a specially powerful jump to get you out of difficult situations, etc. The most fun I had was giving my player ninjalike abilities by modifying the scripts myself, and reducing my fall damage, and limiting myself to the pistol. It's all about the mobility, baby!

Re:Open Source now?

[adrianbaugh (696007)]

Not a bad idea. By allowing other people to port the code to different OSes they could get some instant karma, save themselves some effort and get a bigger potential market all in one go. After all, people would still have to buy the game to get the datafiles.
The only problem is if the code contains third-party stuff like sound modules, physics engines etc.

Re:Open Source now?

[AKnightCowboy (608632)]

After all, people would still have to buy the game to get the datafiles.

Yes, because afterall, there's absolutely no way to share binary files amongst a large group of people semi-anonymously around the Internet now is there? ;-)

Linux port

[PepsiProgrammer (545828)]

Looks like there will be a linux port after all...

No it wouldn't

[roystgnr (4015)]

It would legally contaminate anyone who even had just had it much less looked at it.

It would definitely legally implicate anyone who had it (for copyright violation), but it wouldn't "contaminate" anyone who later wrote code of their own. Despite what some proprietary developers think and others fear, as long as no actual copying occurs it is perfectly okay for novelists to read other people's books, for singers to listen to other people's songs, and even for programmers to read other people's source code.

Re:Why... ?

[PyromanFO (319002)]

You obviously weren't paying attention to the UT2003 buffer overflows that allowed a server to execute arbitrary code on your computer. There's been many other games that had this problem.

People need to know that they're buying a product that could leave them vulnerable, or at the very least isn't going to be a fair multiplayer experience online. They also need to know what's going on so that when Valve says "delayed till 2004" everybody knows what's up.

It's not like you can warez with this, it's none of the levels, art or sound. I'ts only useful for crackers and cheaters, customers need to know what's going to so that they don't get screwed by people using the source code to comprimise the game.

Re:Look on the bright side

[Junior J. Junior III (192702)]

To hell with modding it, why doesn't someone finish the damn game and release it already??

Re:Look on the bright side

[revmoo (652952)]

I'm not so sure it's an SDK.

It's pretty complete, and weighs in at 100 megs unpacked, for this to be _not_ the source, I'd have to say it's a pretty damn good hoax.

There is also the complete source to worldcraft in there.

Most interesting thing though, is the presence of a linux/, *gets his hopes up*

Re:Hopefully this includes Steam...

[SmallFurryCreature (593017)]

Bullshit.

I have stacks of games all bought legit. I fucking hate it however when games I bought with good money then limit me while those who download them get the better deal.

Do a test once between a normal game and a game with a no-cd patch applied. It will boot faster and often run faster as well. Games that access the cd are slow as apart from the floppy the cd is the slowest part in your computer. If the game is copied instead to the HD and played completly from their it will run faster.

Having to enter registration keys is all very nice and not so much of a hassle except why aren't they printed on the fucking cd's.

I am fed up with being treated like a criminal. You apparently love it. Well go right ahead but don't insult others who object to it.

Just because you are to stupid to see the problems with online activation crap doesn't mean the rest of us are as blind as you or as willing to be insulted.

Re:Hopefully this includes Steam...

[ChaosDiscord (4913)]

I agree with most of your rant. I forked over my cash for your game, why do I need to just through more hoops to play? Gosh, you know, I really love shuffling disks in and out of CD drive when I decide to switch games solely to satisfy some copyprotection system. Add to that that my CD driver works fine but hums like jet engine if any CD is in at all, so I have to remove the disk when I finish to cut down on the noise. And while I'm playing I need to stupid disk in the drive (solely for copy protection), so I just get to enjoy the hum while I play.)

Having to enter registration keys is all very nice and not so much of a hassle except why aren't they printed on the fucking cd's.

Or at the very least, don't make the entire CD black! Leave a light colored area so I can use a Sharpie to write the registration key on the CD. No, I'm not going to keep your stupid jewel case. I own a lot of games, so I keep them in a CD binder to save space. The only thing a gamer is certain to keep is the CD itself, that's where the registration key belongs.

Re:Hopefully this includes Steam...

[pla (258480)]

If you're willing to pay for the game, why are your panties all in a bunch over Steam? It's not like it would affect you if you have a legitimate copy of the game.

Ys, it would indeed affect me.

First of all, Steam requires a live internet connection to play. Not just to register, or to activate, but every time you want to play. Goodbye gaming during that boring 10-hour flight, eh?

Second, Steam not only makes possible, but forces, whatever patches Valve has decided to make, on the users. you simply don't have the option of saying "gee, y'know, it runs fine right now, and I don't want the new uberfun zone, so I'll skip this update". Nope. They release a patch, you get it next time you connect.

Third, related to #2, you have no way to keep playing if Valve gets bored. Yeah, the servers will probably stay up for a year or two, to avoid lawsuits, but personally, I still play games well over a decade old. What odds do you lay on the Steam servers staing up for over a decade? Not very good, I'd wager.

Fourth, have you read about the typical user experience with connecting to a Steam server? It makes AOL-in-the-mid-90s look easy to connect to by comparison. Valve already has money-in-pocket by the time users try to connect, so has very little motivation to guarantee the capacity to let everyone get on. And, as history has shown, doesn't give a damn.

And finally, some people just don't like having companies treat them like criminals, or having minor annoyances pop up every time they want to play a game they legitimately buy. Whether as minor as a "no-CD" crack (which often makes the game far more responsive in general, since it doesn't wait for the CD to spin up every now and then), or as major as disabling Steam, when people buy games, they want to play those games, not jump through hoops to prove they really paid for it.


So there's got to be some other motive behind your words... something more to the tune of "Someone please make a crack so I don't have to buy the game."

Not really, no. If the above explanation doesn't do it for you, I guess nothing will. So enjoy all the BS, and if someday we meet on a plane, I'll share my bought-but-cracked copy with you, as you gaze forlornly at the screen when your uncracked copy presents the highly accusatory "cannot connect with server, ya damn pirate" screen. Perhaps then you'll "get it", why things like Steam count as "bad" even if you legally own a copy of the game.

Re:Thanks Slashdot

[SmallFurryCreature (593017)]

Ah, a Microsoft security advisor. Odd, I never seen one in the wild. Better stuff and mount him for the local museum.

Really security through obscurity is so obsolete it ain't even a good joke anymore.

This is out. It has happened. Though but it is hardly a big deal. It is not like the game itself has been leaked.

So what could this all mean.

1. Ports, with the code in hand porting the game by fans should be easy.
2. Mods, again with the code in hand modding will be much much easier.
3. Cheats, yup sucks in mp. On the other hand every online game wether source code was availble or not has had cheats. Live with it or play on lan games and only with friends online.
4. Pirated versions of the full game, well that depends on wether the steam code is in there. Again not big deal. Almost allgames are available BEFORE releases as warez. Though but it happens. Game companies just have to make it worth peoples money to buy the fucking game. I think valve has proofed they ain't cheap in the past (steam may erode that)
5. Huge lawsuit for valve. After all it uses licensed code for the physics engine. Well though again. They will just have to figure out who did it and then try to reclaim damages.

None of this will be stopped by not talking about it. And frankly I think you have shown youreselve to be extremly naive to believe that hushing this up is even going to work or have any effect.

Re:Screenshots

[zero-one (79216)]

Lets hope that "cl_localnetworkbackdoor.cpp" in the left corner of the thrird screenshot isn't as intresting as it sounds!

Re:Screenshots

[W2k (540424)]

It's not, (unfortunately). Paste from LocalNetworkBackdoor.h follows:

// This class facilitates a fast path for networking when running a single-player game.
// Instead of the server bit-packing entities, delta'ing them, encoding deltas, then decoding the states,
// it just hands the server entity's data to the client, which copies the data over directly.