I'm Mr. Meeseeks! Look at me!
Afaik there are a few scripts which allow you cheating. For example this techies script, detonating remote mines as soon as an enemy hero is in range. It also only blows up as many mines as needed.
Other scripts will allow you to instantly hex/silence enemy heroes in a customized range..making it almost impossible for certain heroes to gank you!
Since everything is server-side, there's nothing to hack really.
However, there are scripts for heroes (Techies, you know), there are scripts for Invoker (where one key press will trigger the next 2 abilities) and also few other heroes.
faw, a hacker is just someone that finds a clever way to do something.
there's a script that reveals the position of every enemy on the map. it's currently priv8
Scripts are one thing, some people find way to manipulate gold/map while not being in lobby. Those are hacks, but you never see those unless you are on some kind of low mmr shadow server where no one actually cares about game. So I think there is nothing to worry about.
Well certain scripts do offer a huge advantage to most players (in pub games atleast)
yes there are hacks like map hack (pretty rare) and stuff that lets you know when the enemy has vision on you
then there are scripts like meepo fast sheep dagon ethereal blink comboes etc all kinds of stuff
There are as others suggested scripts that can give unfair advantage, but I must say that it hasnt happened even once in the multitude of games that I play that I see someone actually use it. I do know it happens though, I think its mostly bad players wanting to cheat for unfair advantage.
there is a bug (don' know if it got patched) which worked as a map hack. something to do with when the match for observers is loaded, the server sends out all the position info. there's a couple of videos showing impossible sunstrikes (i don't mean unlikely ones - ones which would take till the end of the universe to happen by chance :) )
very much doubt you'll come across someone using it though unless you are in the shadow pool....;)
Since everything is server-side, there's nothing to hack really.
as a server engineer, I really wish this were true, or that security was that simple.
conceptually, there's nothing stopping you from performing a man in the middle attack.
When you click to move your hero, the game client is sending a message to the game server to the effect of "I'm moving to X, Y". The game server is sending the client messages continuously, like "Tide is at X,Y with direction D", or "Void started his attack animation". You could in theory create a program that sat in the middle of this communication channel (a proxy server) and modified this communication stream; it could send messages on behalf of the client, for example, or it could display to the user messages that the server is sending to the client that the client normally doesn't display.
Here's a program that uses this very technique to provide a translation service inside of the game: https://github.com/patriksletmo/Dota2Translator
The addon works by intercepting network traffic, parsing the data stream for incoming chat messages which are then in turn translated using Google Translate into which ever language you choose. The results can be displayed within the application or integrated into the game client using a DirectX 9 overlay which is automatically scaled to match the current display resolution.
It doesn't send messages back to the server, but there's (in theory) nothing preventing that from happening. (also I haven't used it because it looks like a pain in the ass to install.)
It cuts both ways, though. You could send a message to the server, but there's no guarantee that the server will accept it. There are a variety of ways to confirm or deny the authenticity of a message. Even if the server thought the message was authentic, its contents could be suspicious, inasmuch as the message corresponds to an action that a human couldn't logically perform.
So for the Techies hack for example: client receives a message that enemy hero is at some position X,Y, we know we have a mine at that X,Y location, we send a detonate message at X,Y and all the mines at that location blow up. That's a super simple MITM program. At the same time, your client is sending to the server, at all times, the location of your viewport; the server knows what you can and can't see. The server could know, for example, that you're sending a message performing an action that is outside of the player's viewport, which a human is incapable of doing, and flag you as cheating and ban you. There's simply no guarantee, when you send a message, that the server will accept it. There are various techniques for confirming or denying the validity of a message; the server might have a way of figuring out that the message comes from a third party and deny it.
You could play this cat and mouse for a very, very long time, but it's worth remembering: they have professional engineers that are paid to work to fight you. If you were sufficiently skilled enough to outsmart them, you would have to posses security knowledge that would be more profitable to use elsewhere (e.g.: on the other side of the table, working in anti-cheat at Valve, or in securities elsewhere). So really, for people capable of doing such a thing, the value proposition of write cheat programs is ... quite poor. If you could write such programs, you would have to chose between: cheating at dota or putting them to legitimate use and having a pretty good career. It seems like a seriously shitty way to use those skills.
Fun fact: I wrote a client-server game once and showed it to a handful of friends that work in security and it was so poorly engineered that they found ways to cheat at the network level almost immediately.
I would bet money that some form of cheats exist (and by extension, yes, dota hackers do exist), but I would also bet money that most are detectable by some means and that you're at a significant risk of getting caught if you use them. I would also bet money that the likelihood that you have encountered a cheater in one of your games is nearly zero.
also it's worth repeating here: do not make posts or links to websites containing game cheats or malicious programs, including making posts that exploit other forum visitors on the website. If you post a link to an actual hack or cheat in this thread it's instant banerino, so don't.
Of course:
Since everything is server-side, there's nothing to hack really.
This isn't true, don't spread false information. You can't make a maphack since the server doesn't give you information about units you shouldn't see. You can't modify speed/damage, force 100% crits and so on. However, nothing stops you from developing a program that would instantly cast Axe's / Necro's ulti when someone's HP is below threshold. Nothing stops you from developing a program that would instantly hex someone performing an initiation as seen in the video I linked.
'Since everything is server-side, there's nothing to hack really'.
... I think we found a winner for the must retarded comment on dotabuff 2016, can we get a round of applause for Chaoshype please ladies and gentlemen!
faw, a hacker is just someone that finds a clever way to do something.http://tmrc.mit.edu/hackers-ref.html
faw, that's what a hacker is and i'm speaking as someone that's reversed engineered software for a scene release group, written malware and developed exploits for the linux kernel
* Insta hex hacks and ulti hacks are client-side actions.
* Literally, all factors such as health, gold and items are controlled by the server.
* Scripts/macros are not hacks, they are exactly what their name says.
* Keep your shit to yourself.
Literally, people here should have a "Are you a dick to other people?" quiz before they'll allowed on the forums but in that case 50% wouldn't be here.
@Scraps:
No, you can't MITM without spoofing the players IP adress, and the server doesn't expose it to you so what you describe can't be done for practical pourposes except for your own packets.
Also, you talk about techies and the server knowing your viewport as an example but the detonate target skill can also be targeted at the minimap, and let's not forget anything to do with the viewport or mouse position can't be extrictly enforced because of lag and false positives.
--------------------------------------------------
OT: There are full-fledged maphacks available because the server sends back fullupdate packets containing the position of all heroes when you spoof a reconnect request. Until this is fixed and fullupdates are limited to disconected clients and time limited then it's posible to create working maphacks.
No, you can't MITM without spoofing the players IP adress
kek ok m8 yeah you have to spoof "the player"'s IP to sniff your own traffic, good one. you are the player.
except for your own packets.
4head that's exactly what I said, you're intercepting the traffic between your own game client and the game server. Analyzing other players' traffic was never in question.
faw, you're new to the scene dude. i've been around since days of the BBS. i co-founded OiNK and i was a top contributor on mazafaka. some of the first point of sales malware was written by me. lol
if u'd like to argue w/ me u can add me on ICQ. i have the 4 digit: 6666
I mean anything's possible, but you'd probably get caught pretty quick. I'll bet it's not really that difficult to map hack etc, the hard part is not having the server figure it out, that's probably impossible. But why would you want to cheat anyway? Where's the fun?
As an example look at the witcher game series studio cd-project red. They released witcher 2 and 3 without drm (maybe if you buy on steam it still has it) cus they realized drm just entices people to break it. Most hacked games people hack just for the fun of hacking it, play a couple hours like a demo, get bored and move on. They aren't people who would ever buy the game, so why not just make it drm free? People who still really want the game are likely to buy it. And it's kind of the same thing with dota, it's a free game, the fun is the competition, why hack it? What's the motive?
I guess the motive for a real hacker would just be to say they did it, and then they'd move on most likely. No one with those skills gives a shit about mmr, or should I say cheating to get mmr, it wouldn't mean anything.
@scraps: Are you really a "server engineer"? I don't think you understand what the term MITM means at all. Altering comunication between two parties refers to a client and a server you don't have control over. Manipulating your own trafic is not MITM by definition because "parties" in this context refers to the user or entity responsible of the comunication and not the software, it's always a 3 way exchange.
Packet filtering, packet crafting and automating such processes into a proxy server (as you mentioned) are probably closer.
Пријавите се да бисте поставили коментар.
I know for a fact it's nearly impossible to hack or cheat online games cause you'll mostly likelly get caught and eventually ban...but I saw some vids about hackers in Dota 2 not sure if it's even a true..here's the vid I saw in YouTube
https://m.youtube.com/watch?v=BgM7_0F1CAI