Half Life 2 Source Code Leaked

Pyroman[FO] writes "Gamers with Jobs is reporting that the Half Life 2 source code is floating around the net right now. It looks to be about a month old. There's no official word from Valve on the source code leak yet. Unfortunately those who want to use it to cheat already have it, we need to get the word to legitimate customers to educate them about the situation." Update: 10/02 21:51 GMT by S : Valve's Gabe Newell has an official statement, via ShackNews/HalfLife2.net, indicating "infiltration of our network" and appealing for information on the culprits.

HL2 Source

[Cowclops]

www.cowclops.net/hl2_src.rar 32MB.

Here's a link to the

[Sir Haxalot]

source [shadow.fi]

Full text of linked article

[Anonymous Coward]

Full article from:
http://www.gamerswithjobs.com/modules.php?o p=modlo ad&name=News&file=article&sid=665

Half-Life 2 Source Code Leaked, Seriously
Posted by: Pyroman[FO] on Thursday, October 02, 2003 - 11:02 AM EST

So I know what you're thinking. "Yeah right Pyro, it's really just more suprise gay porn" but its the real deal. The source code for Valve's Half-Life 2 has been leaked to the net. An anonymous GWJ reader has verified this is real.

I can confirm that this is indeed no fake ... The thing is available as a torrent download on the net. I don't know how much action they will take against people downloading this. ... The last edits are from a month ago (in the files). If this is fake, it is a damn good one. It looks very coherent. Over 100 megs unpacked source

There's still no official word from Valve and I haven't seen any other sites pick it up. There isn't any word on who leaked it either and from what I have heard the source doesn't give it away. Hopefully when this gets out in the open Valve can work with its partners to figure out who did this. Let's also hope it doesn't delay Half-Life 2 any further.

One things for sure, this can't be ignored. Those in the know already have it and they're probably working on their first cheat right now. Legitimate customers are the ones who need to know about this as they are the ones that will get their machine potentially broken into when they go online. You can't warez with month old source code, all it's good for is exploiting others in multiplayer and allowing crackers to make better cracks. Customers need to know that there are cheaters out there right now with the full Half Life 2 source code, if this is true.

More info

[redink1]

The staff at halflife2.net believe its real [halflife2.net].

There are also a few threads on steam [steampowered.com], PlanetHalfLife [forumplanet.com], and arstechnica [infopop.net].

HUGE BANDWIDTH LINK

[Sir Haxalot]

here [worldoverclockers.com]

Re:Thanks ATI!

[Spy Hunter]

Mod parent up, insightful. They leaked Doom III didn't they? They probably had access to the code, didn't they? Probably someone at ATI let his friend see it, and they let their friend see it, and suddenly poof, it's all over the Internet. Heads are going to roll for this one...

Re:...and in other news...

[Leffe]

Just for your information, there is a lot of Linux support in the code... I don't think there's enough though.

I guess Valve are working on something, but it's certainly not finished yet.

With this new rush of "help" I think that Linux support might be a reality in the future.

Re:What??

[FreeMath]

Here ya go... [worldoverclockers.com]

Bittorrent link

[slashdoter]

http://www.wireless-central.net/suprnova/torrents/ 382/hl2_src-rar(1).torrent

happy downloading

Re:One Word:

[Digital11]

Ok... It's real. It looks very incomplete, pretty old, but real nonetheless. There's functional code for things that never existed in HL1. (I assume to be functional at least, obviously I can't compile it but if this is a joke played by someone who just wrote a bunch of code to try to make it look real then they spent a LOT of time doing it.)

Now however, I have come to the conclusion that this IS an SDK, and not the full source of their engine.

Err, I take that back. Its the engine. Just found the occlusion system and the node management.

I feel for Valve about now. This sucks.
I'm deleting the source just out of respect. :(

Not always a problem

[mr_luc]

A lot of that has to do with the particular game, as well as the design of the prediction in that game.

For instance, in Starsiege:Tribes, since the rendering engine has been successfully hacked, people have been able to write some clever and EXTREMELY extensive cheats -- you can customize the visibility of the terrain, of individual objects (like buildings -- make them partially transparent to see people around corners), remove fog from maps, have pointers to the person with the flag, and most infamously, change the model for the flag into a twenty-story-tall red and green stick figure with a gigantic smiley face. This cheat is known as 'Happy Flag', and it makes it pretty much impossible to confuse the enemy team as to the location of your flag.

Now, in any other game, with the graphics engine compromised to that extent, the game would be over. It would be trivial to write auto-aim functionality that centers your view on a particular model type and fires the weapon.

But thanks both to the use of actual projectiles instead of instant (or 'hitscan') weapons, as well as a server-client model that DOES NOT TRUST CLIENT EVENTS (which you might think would make the game much more apparently laggy, but which in reality makes the game much less stuttery and much smoother for those on slower connctions; you just have to predict your shots more. But, since you have to do that anyways by design . . .).

The stability of this system is such that even with one of the most rabid fanbases in gaming, the only cheats available are primarily informational in nature. A cheater can see mines better, can know where the flag is, can see people clearly that would be mostly obscured by fog otherwise.

But this gives him very little actual advantage. The only hitscan weapon in the game is not a one-hit kill even on the lightest armor, and it needs to recharge, and the method used in both Tribes 1 and the Torque engine of the server not trusting the player for jack shit is actually EASIER on the server, since it processes client actions essentially as it receives them. Moreover, thanks to 'skiing' and the jetpacks and the visibility of laser rifle attacks, any advantage is quickly whittled down to a simple nuisance.

Now, at the other end of the spectrum is Red Faction. :D I'm not much of a cheater normally, but the most fun I have ever had was back in the day before everyone was cheating, when the careful task was to cleverly design cheats that are almost undetectable -- like a specially powerful jump to get you out of difficult situations, etc. The most fun I had was giving my player ninjalike abilities by modifying the scripts myself, and reducing my fall damage, and limiting myself to the pistol. It's all about the mobility, baby!

Re:One Word:

[Digital11]

In the dlls directory is pretty much all of the equivalant stuff thats in the HL1 SDK. I thought it was fake at first after looking in there, then I started to look through all the physics code. All of the ragdoll type stuff that there's no way is in HL1 and the code isn't faked. Then I checked out the engine directory. Like I said in a post futher down, the full occlusion system and node management is all there, I didn't have time to check for the actual rendering code because I had to get back to work. But I'm thoroughly convinced that it's real. I even feel bad for downloading it now because I know if someone stole my code I'd be way more than pissed about it. Let em steal a binary all day, but when they have the code it's a whole new level. This is corporate espionage at its finest.

Re:IT COMPILES

[W2k]

Some early results from the picking apart of the source are here [moddb.com] and here [gamefaqs.com].

I tried compiling the code, it won't work in Microsoft Visual Studio.NET 2003 (apparently it was developed in Visual Studio 6.0 and the version inconsistencies break the code. It's not exactly standard C++ :). According to unverified rumours, Visual Studio 6.0 with SP5 will compile the source.

Re:Look on the bright side

[revmoo]

I'm not so sure it's an SDK.

It's pretty complete, and weighs in at 100 megs unpacked, for this to be _not_ the source, I'd have to say it's a pretty damn good hoax.

There is also the complete source to worldcraft in there.

Most interesting thing though, is the presence of a linux/, *gets his hopes up*

Re:Screenshots

[W2k]

It's not, (unfortunately). Paste from LocalNetworkBackdoor.h follows:

// This class facilitates a fast path for networking when running a single-player game.
// Instead of the server bit-packing entities, delta'ing them, encoding deltas, then decoding the states,
// it just hands the server entity's data to the client, which copies the data over directly.

Re:Contains GPL'd code ...

[Anonymous Coward]

Things in ./utils directories normally isn't distributed. They're just dev-tools.

Re:Thanks ATI!

[heli0]

"was there info that ATI gave out the Doom 3 alpha?"

http://www.evem.org.au/evem/archives/games/doom_3_ alpha_leaked_by_ati.html [evem.org.au]

Apparently they are just really sloppy, ATI sent id a laptop with the Unreal Warfare engine it 3 months before they let this Doome3 build get out.

Re:License

[Osty]

Valve makes money from three sources: Sales of their games for sake of their games, sales of their games to support mods (such as counterstrike), and sales of their engine to other companies to create their own game.

Not quite right, at least historically. Because the original Half-Life was based on Quake1 technology licensed from id, Valve did not have the legal ability to license the engine they created to others. That is why you will never see a game that is not from Valve that uses the Half-Life engine. It's also why you didn't see Counter Strike or DoD released in boxed format until Valve struck deals with those development teams to publish under the Valve name (and in some cases, like with TeamFortress and I believe Counterstrike, brought those teams into the Valve company entirely). This may very well change with Half-Life 2, since I don't believe they're using someone else's licensed engine this time around, but I don't know enough about HL2's engine to say for sure.

But on the other hand with access to source, modders could create more extensive and more active modifications, creating original features instead of mere graphical facelifts.

Were Counter Strike or Day of Defeat merely "graphical facelifts"? Modding games from the big guys (Valve, id, Epic) has always been very powerful without requiring the engine's source code. Quake 1 mods ran the gamut from completely new multiplayer experiences (first CTF, then class-based CTF with TeamFortress, and then even TF evolved to allow for objective-based maps rather than just captuer the flag), to racing games (whee, QuakeRally!), flying games (AirQuake), side scrollers, Tetris, and more. Quake2 kept it going with the first RTS mod (Q2War), and so on. The Unreal engine's UnrealScript gave unprecedented control over the game world. Believe it or not, many of the earlier Unreal-based games (Deus Ex, Wheel of Time) were little more than new UnrealScript code in an only slightly modified (if modified at all!) Unreal engine. The point? If the developers design with modders in mind, you don't need the source code to make creative mods.

On the flip side, however, the release of the Quake1 source code resulted not in a bunch of interesting, technically impossible-through-modding games, but instead merely graphical facelifts like Tenebrae [sourceforge.net] (adds bump mapping, dynamic lighting, bunch of other stuff), that one that made everything look like a sketch but with a name I can't remember off-hand, etc. It makes sense that to do a graphical facelift, you'd need access to the engine's source code and not just a modification interface.

Re: yeah, right

[MrvFD]

(after learning to read, it's lgpl)

Re:Contains GPL'd code ...

[dnaumov]

The HAVOC Physics engine has been recently licensed by Valve. There is no LGPL (it's not GPL) violation.

Re:GPL code found in source

[Anonymous Coward]

That's LGPL, not GPL. There's a difference. LGPL is legal to use like this.

havok license link

[Chris Pimlott]

you're right...
http://oldsite.havok.com/newsletter/0503 .html

Licensed Havoc physics engine

[Overly Critical Guy]

It's the legally licensed Havoc physics engine, dummy.

Official Word

[Str8Dog]

Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe

http://www.halflife2.net/forums/showthread.php?s =& threadid=10692

Re:IT COMPILES

[Anonymous Coward]

Klient beats mIRC in functionality and in pretty much everything else. Only problem is, it's not free (mIRC isn't either, but Klient, unlike mIRC stops working after the trial period). www.klient.com [klient.com] - try it.

Completely legit, response from Valve

[bobobobo]

GABE NEWELL RESPONDS:

From HalfLife2.net [halflife2.net] Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe

Re:One Word:

[Minna Kirai]

Doubtful - the leaker and the people hosting the source on their servers will be in trouble, but those downloading probably won't.

In a copyright violation case, anyone who knowingly helped commit the offense is culpable. This includes not only the giver, but also the recipient (if he performed some affirmative action to get the files, not if they merely showed up in his email)

The MPAA so far has only sued distributors of their files, but they could go after leeches if they wished.

Since the estimated market value of the HL2 source code is almost one million dollars, anyone who has it could find himself the target of a dangerous lawsuit.

Re:Linux port

[NitroPye]

That is most likely the server makefile.

Gabe Newell responds - It's genuine

[DeeKayWon]

Gabe Newell of Valve has posted at halflife2.net [halflife2.net] on this issue. Since the halflife2.net servers are pretty slow right now, here's the text of the post:

Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1. Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2. Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3. For the next week, there appears to have been suspicious activity on my webmail account.
4. Around 9/19 someone made a copy of the HL-2 source tree.
5. At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6. Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com [mailto]. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe

__________________
Gabe Newell

Re:No it wouldn't

[wantedman]

IMAL.
You'd just have to look at the notes. You cannot trademark / copywrite "look and feel". Well, with IP, its getting that way, but as of right now, you cannot.

If I've looked at the source for opening a word document, but I do it differently, they have no case. If Word documents had a patent, then that would be different, but until they do, I don't believe they'd have a case.

Of course, if I signed a NDA, it might be different.

Who says it was?

[BZArcher]

There's no reason it had to be. Let's start from what we know from Gabe's post. In fact, let's assume the Source wasn't even on Gabe's machine.

Starting with the exploits in his outlook, they get information on which server holds the code, how their server scheme works, maybe even some addresses if they get really lucky. The keystroke logging programs help even more, because it gives passwords to those servers.

Now, we have an internal network address or name, a password, probably usernames, and maybe even a directory to look in.

So, now we move to the hack of the webmail server. Maybe they used keylogs for that, too, maybe it had an open port. Regardless. Slip inside there, and use those tasty server cycles to help portscan or maybe even legitimately access into the Source box, which is almost certainly required to be accessible over the internal network, unless you really want all your coders hamstrung.

Then, you pull that source file and either make it part of an email, or an attachment. Webmail server pops it to an account you have legal or illegal access to and can strip the mail out of without being traced...and whalah! You've just used the magic of the internet to steal from a machine that isn't connected to the internet.

Re:God I love the misinformed

[Anonymous Coward]

Hey, guy, the issue isn't whether this cheat was eliminated. He was showing us some of the cheats that can be done with the source code which may not be obvious to the less experienced gamer.

The neophyte, when introduced to the idea of cheating with the source, thinks of things the other team can see, like making weapons more powerful or increasing accuracy. These examples are real eye-openers regarding what cheating can be.

Re:Hopefully this includes Steam...

[33degrees]

First of all, Steam requires a live internet connection to play. Not just to register, or to activate, but every time you want to play. Goodbye gaming during that boring 10-hour flight, eh?

The last I heard, Valve was planning on removing the internet connection requirement from steam, so that you can play single player and multiplayer lan games without having an internet connection. What I do know for sure is that you will be able to buy and play the single player game without using steam at all.

some things

[jonwil]

1.the linux stuff is server-only.
if there really was a linux client, it would be using OpenGL and there are no references anywhere to OpenGL in the code.

2.I cant see anything in there that indicates Valve is violating open-source licences.
There are some LGPL libaries that they are able to use under the terms of the LGPL (I dont have the time to actually check if there are any "inhouse" mods for those) and one file thats GPL which looks like its only for internal tools and not for anything thats going to be public so they arent violating the GPL there.

3.I dont think anyone will actually use this source code (or bits thereof):
A.valve would pursue them if they did (for copyright violation)
and B.its going to be very out-of-date (missing a chunk of "crunch time" bugfixes) by the time the game itself actually comes out.

4.Its likely that (as happened with Half-Life 1) the bits of code pertaining to things like gameplay stuff will be released

and 5.I think there will be 5 different groups that will gain from this source code:

1.cheaters will see how to write better cheats (e.g. layout of internal game structures/classes etc)

2.modders will see how to make better mods (see how game engine works, see details of propriatory file formats, able to use interal utillities to generate maps, do BSP and stuff etc)

3.competitors (in fact anyone doing 3D coding) will be able to see how Valve does

4.users of other OS's will see details that will enable it to be made to run better on other OS's (for example Linux via WINE or ReactOS when it gets Direct3D going)

and 5.graphics card lovers/technical sites/etc will be able to see if HL2 really does favor one card over another

oh and BTW, I seriously doubt that this is any kind of "officially unofficial" leak (i.e. deliberatly leak code then deny it ever happened) since how would that benifit valve?