Slashdot Log In
Half Life 2 Source Code Leaked
Posted by
CmdrTaco
on Thu Oct 02, 2003 12:02 PM
from the i-hate-when-that-happens dept.
from the i-hate-when-that-happens dept.
Pyroman[FO] writes "Gamers with Jobs is reporting that the Half Life 2 source code is floating around the net right now. It looks to be about a month old. There's no official word from Valve on the source code leak yet. Unfortunately those who want to use it to cheat already have it, we need to get the word to legitimate customers to educate them about the situation." Update: 10/02 21:51 GMT by S : Valve's Gabe Newell has an official statement, via ShackNews/HalfLife2.net, indicating "infiltration of our network" and appealing for information on the culprits.
This discussion has been archived.
No new comments can be posted.
Half Life 2 Source Code Leaked
|
Log In/Create an Account
| Top
| 1027 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Look on the bright side (Score:4, Funny)
(http://analogy.grickle.org/ | Last Journal: Sunday April 11 2004, @02:59PM)
Re:Look on the bright side (Score:5, Informative)
(http://www.moolicious.org/ | Last Journal: Wednesday March 26 2003, @01:51PM)
It's pretty complete, and weighs in at 100 megs unpacked, for this to be _not_ the source, I'd have to say it's a pretty damn good hoax.
There is also the complete source to worldcraft in there.
Most interesting thing though, is the presence of a linux/, *gets his hopes up*
Completely legit, response from Valve (Score:5, Informative)
From HalfLife2.net [halflife2.net] Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
GabeRe:Completely legit, response from Valve (Score:4, Interesting)
(http://www.djpotter.com/ | Last Journal: Friday December 06 2002, @12:18AM)
"Uh, what?"
Right. "Hi, I'd like to return this game, it doesn't run on my computer."
Outlook !== BAD *if* you have good sysadmins and keep up on your patches. The buffer exploits in the preview pane have been patched for some time. Thanks for the typical Slashdot attitude, though. MS fucks up plenty, but don't blame them when the fix is readily available.
Re:Look on the bright side (Score:5, Funny)
(http://jjjiii.livejournal.com/)
Re:Open Source now? (Score:5, Interesting)
(http://www.adrianbaugh.org.uk/ | Last Journal: Wednesday December 17 2003, @07:58PM)
The only problem is if the code contains third-party stuff like sound modules, physics engines etc.
Re:Open Source now? (Score:5, Funny)
Yes, because afterall, there's absolutely no way to share binary files amongst a large group of people semi-anonymously around the Internet now is there? ;-)
One Word: (Score:4, Interesting)
(http://www.chrisbower.com/)
That's quite a big deal to have leaked. Unfortunately the article is down to I can't RTFA, but is this just the SDK source code or the whole friggin thing?
If it's the whole thing think of how much jeopardy that puts them in with the people they've licensed technology from (such as the Havok physics engine, etc).
Again I say, Wow.
Re:One Word: (Score:5, Interesting)
(http://captionthis.com/)
Thread here [halflife2.net].
Be interesting to see what the verdict of the Slashdot code gurus is.
Re:One Word: (Score:5, Informative)
(http://www.chrisbower.com/)
Now however, I have come to the conclusion that this IS an SDK, and not the full source of their engine.
Err, I take that back. Its the engine. Just found the occlusion system and the node management.
I feel for Valve about now. This sucks.
I'm deleting the source just out of respect.
Re:One Word: (Score:5, Funny)
Err, I take that back. Its the engine. Just found the occlusion system and the node management.
What is your address? I am sending you a keyboard with a "Backspace" key for Christmas.
Re:One Word: (Score:5, Informative)
(http://www.chrisbower.com/)
Re:Slashdot double standards (Score:4, Insightful)
(http://slashdot.org/...shold=-1&mode=nested | Last Journal: Wednesday December 08 2004, @11:33PM)
Sharing music online is equivalent to warez binaries, and ripping a cd you own is equivalent to making a backup copy of a game you own. Mixing existing music DJ style would be like taking screen captures and level designs from one game and using them in another. Downloading the source gives you the same level of control that the artists have; it is equivalent to copying the recording studio while the artists were in it.
However, it is worth noting that leaked albums are indefensible under my assumptions: they take control of the creative process away from the artist by removing their ability to decide when the album is done and how the public will be exposed to the music. This is equivalent to the leak of the alpha doom 3 a while ago-still less threatening than a source code leak.
Another factor in the severity of a source leak is security. Knowledge of the source will allow cheaters to exploit the game and ruin online play-once again, a phenomenon we do not see in music. Music pirates cannot degrade the quality of the music legitimate buyers listen to, but online cheaters can ruin the multiplayer experience. It would be like going to a concert and blowing a bullhorn repeatedly. Doing that in a concert is not considered an intellectual property offense, so it is inappropriate to think of a source leak's potential for cheating as an intellectual property issue. It is a security/espionage problem.
That said, those who would delete the source after downloading it and verifying its authenticity are very misguided. Unless their computers are public access and could be used to futher distribute the source, deletion helps noone and limits your opportunity for education. Of course, if you are going to work on a competing product it would be dangerous to expose yourself to the source, but as a disinterested party or potential valve customer there is much to learn and little damage to do.
After all, the real danger of a source leak is in the actions that can be taken by those who acquired it illicitly. Hackers and competitors can dilute the creators' control over the software, but an unabused copy of the source is harmless. So, go ahead-download the source, read it, figure out how it works and learn from it. Unless you're getting a job at id or epic, or creating your own software directly related to hl2, your copy of the code is no worse than sheet music. Of course, if you upload too much on bittorrent, it could be argued that you're helping to distribute it. Although you're only one link in a large chain, it's like voting-if enough people make the same decision it really will change things. So, go download all the stolen half life source you want, just dont use bittorrent or write hl2 cheats. After all, aren't all "bad" acts bad because of their consequences? Think about it-no matter what you do, if nobody is worse of for it, how could there possibly be anything wrong with it? Throw away the anachronistic, irrelevant "moral" codes of a repressed past-its not about what some people think, it's about what's ethical in the strictest definition of the word. So go eat pork, masturbate, and download hl2. Yeah!
Programmers will never feel like mp3-pirated musicians when source code is stolen. They will feel like a musician whose beat and backup were stolen, combined with someone else's voice, and sold as a new release. This has happened in the music world, and though it is not an exact parallel of the source code situation, the uproar was just as severe.
Why is the parallel off? All music is by definition open source-hearing the notes allows you to reconstruct the sheet
Re:Slashdot double standards (Score:4, Funny)
I see you're still here.
Pascal (Score:5, Funny)
(Last Journal: Thursday April 03 2003, @02:07AM)
Moderators, Moderators (Score:4, Funny)
Re:Pascal (Score:4, Funny)
C# is basically pascal with curly braces instead of begin/end (along with all the ++=/-=**%^ inconsistencies that make it suck). I work in C# and obj pascal everyday (obj. pascal for optimization critical code, c# for high level BS) and I prefer obj pascal over C# or C++. Aside from java, I don't have experience with those "other" languages mainly because I develope for windows and unix (where do all these froto,grox,dipschil,etc languages come from anyways???)
and of course, the top 10 reasons [pascal-central.com]
...and in other news... (Score:5, Funny)
(Last Journal: Saturday October 04 2003, @12:41PM)
Re:...and in other news... (Score:5, Funny)
(http://slashdot.org/)
Re:...and in other news... (Score:5, Funny)
(Last Journal: Saturday October 04 2003, @12:41PM)
"Whadda gonna do huh? Revoke out Unix license!"
Re:...and in other news... (Score:4, Funny)
(http://www.backdrifter.com/ | Last Journal: Thursday August 28 2003, @11:21PM)
Thanks ATI! (Score:5, Funny)
"use it to cheat?" (Score:3, Interesting)
(http://www.rigidsoftware.com/ | Last Journal: Saturday September 24 2005, @11:58PM)
Re:"use it to cheat?" (Score:5, Insightful)
(http://captionthis.com/)
The most damage is the loss of company secrets (Source engine techniques, anyone?) and the potential damage to engine licensing opportunities, I think.
Re:"use it to avoid licensing?" (Score:5, Insightful)
(http://captionthis.com/)
Re:"use it to cheat?" (Score:5, Insightful)
(http://www.slothy.com/)
Valve will not lose any licenses due to the code being available. Nobody is going to not license the engine because they can get the source. You'd get your ass sued to oblivion to commit largescale copyright infringement on a major retail product. The first thing anyone asks when you're working on a game is "what engine are you using?". You can't hide your engine - knowledable people can easily tell what engine it is by running it.
The real risk is cheating, which could very well have a real impact on sales (why buy HL2 to play the new CS when the new CS has at least as many cheats as the old one?). Plus if cheating is rampant, it could scare away licensees.
So they could lose real sales and licensees, but only because of cheating, not because they don't need to pay for the source because they can get it for free
Jon (Slothy)
Programmer, S2 Games
Re:"use it to cheat?" (Score:5, Insightful)
(http://www.slamb.org/)
Not with games, especially first-person shooters. It's a problem of distributing the workload with limited server resources and limited bandwidth / high latency between nodes. To make the game playable, the clients have to know things and be trusted to do calculations that from a security standpoint they should not.
This really is unfortunate. It means you really can't stop cheating with this sort of game. It's especially easy when the source code is available, though it's still possible otherwise.
Re:"use it to cheat?" (Score:5, Insightful)
The CDKey and Steam authentication systems are also supposedly included, so any security control they had before goes out the window, you can't trust the CD Keys or Steam anymore. Not that they were perfect before, but this is going from "wait a bit while the crackers figure out this new authentication system, then it's changed in a patch, repeat" to "here it is on a silver platter, before it's released"
Not always a problem (Score:5, Informative)
For instance, in Starsiege:Tribes, since the rendering engine has been successfully hacked, people have been able to write some clever and EXTREMELY extensive cheats -- you can customize the visibility of the terrain, of individual objects (like buildings -- make them partially transparent to see people around corners), remove fog from maps, have pointers to the person with the flag, and most infamously, change the model for the flag into a twenty-story-tall red and green stick figure with a gigantic smiley face. This cheat is known as 'Happy Flag', and it makes it pretty much impossible to confuse the enemy team as to the location of your flag.
Now, in any other game, with the graphics engine compromised to that extent, the game would be over. It would be trivial to write auto-aim functionality that centers your view on a particular model type and fires the weapon.
But thanks both to the use of actual projectiles instead of instant (or 'hitscan') weapons, as well as a server-client model that DOES NOT TRUST CLIENT EVENTS (which you might think would make the game much more apparently laggy, but which in reality makes the game much less stuttery and much smoother for those on slower connctions; you just have to predict your shots more. But, since you have to do that anyways by design . .
The stability of this system is such that even with one of the most rabid fanbases in gaming, the only cheats available are primarily informational in nature. A cheater can see mines better, can know where the flag is, can see people clearly that would be mostly obscured by fog otherwise.
But this gives him very little actual advantage. The only hitscan weapon in the game is not a one-hit kill even on the lightest armor, and it needs to recharge, and the method used in both Tribes 1 and the Torque engine of the server not trusting the player for jack shit is actually EASIER on the server, since it processes client actions essentially as it receives them. Moreover, thanks to 'skiing' and the jetpacks and the visibility of laser rifle attacks, any advantage is quickly whittled down to a simple nuisance.
Now, at the other end of the spectrum is Red Faction.
It wasn't 'leaked'... (Score:5, Funny)
(http://goldspider.blogspot.com/ | Last Journal: Friday March 18 2005, @10:54AM)
Re:It wasn't 'leaked'... (Score:5, Funny)
You know you're on Slashdot when... (Score:5, Insightful)
(http://www.drinklord.com/)
Please (Score:4, Interesting)
(http://www.customroadsign.com/)
Re:You know you're on Slashdot when... (Score:5, Funny)
(http://www.vfemail.net/ | Last Journal: Thursday September 27 2001, @04:18PM)
I'm currently taking bets on the surprise release of Duke Nukem Forever.. (Which surprisingly, looks like Half Life 2)
Re:You know you're on Slashdot when... (Score:4, Interesting)
(http://www.angelfire...epublican/index.blog | Last Journal: Thursday July 27 2006, @12:00AM)
But source code and source code alone does not a great game make. There are models, textures, maps, config files and myriad other items that the finished product contains that the source archive will not.
You're not going to see people rolling their own pirate releases of HL2 just because of this code, but it could help people to rip off the full version, once it's available.
LK
Don't forget the value to competitors (Score:4, Interesting)
IP? (Score:5, Funny)
(http://unthought.net/)
That's the net for you... (Score:5, Funny)
(http://slashdot.org/)
Full text of linked article (Score:5, Informative)
http://www.gamerswithjobs.com/modules.php?
Half-Life 2 Source Code Leaked, Seriously
Posted by: Pyroman[FO] on Thursday, October 02, 2003 - 11:02 AM EST
So I know what you're thinking. "Yeah right Pyro, it's really just more suprise gay porn" but its the real deal. The source code for Valve's Half-Life 2 has been leaked to the net. An anonymous GWJ reader has verified this is real.
I can confirm that this is indeed no fake
There's still no official word from Valve and I haven't seen any other sites pick it up. There isn't any word on who leaked it either and from what I have heard the source doesn't give it away. Hopefully when this gets out in the open Valve can work with its partners to figure out who did this. Let's also hope it doesn't delay Half-Life 2 any further.
One things for sure, this can't be ignored. Those in the know already have it and they're probably working on their first cheat right now. Legitimate customers are the ones who need to know about this as they are the ones that will get their machine potentially broken into when they go online. You can't warez with month old source code, all it's good for is exploiting others in multiplayer and allowing crackers to make better cracks. Customers need to know that there are cheaters out there right now with the full Half Life 2 source code, if this is true.