[Permanent Feature] Wallhack Exploit: By corrupting the checksum of a vtx for a model, you can unload props on maps with packed props (de_cache, de_nuke, de_dust2, etc.).
kkthxbye-code opened this issue · 150 comments
Status: WONTFIX
Cheat maps - host them on a dedicated server, join the server, leave and join a real server. VAC safe, faceit detected, ESEA unknown.
Dust2: https://www.mediafire.com/file/ktwz2cj7ty1endy/de_d2shiz.bsp/file
New Cache: https://www.mediafire.com/file/c5kmbg47filv0vs/de_shiz_d.bsp/file
Old Cache (the sparkles version still works on old cache): https://www.mediafire.com/file/pwb95sugsonq6da/model_breaker.zip
Replication steps to do it yourself: https://github.com/kkthxbye-code/csgo_bugs/tree/master/model_bug
@davidw-valve @vitaliyvalve @kisak-valve
This getting some love?
I can confirm that the issue is still there after the battle royale updates:
Just want to add that this has happened to me by accident. I played on a retakes server with a custom version of cache and had the "wallhack" on mid in a competitive match after. Could only fix it by restarting the game.
Still not fixed as of today's (12/11/2018) update.
Sparkles was here https://www.youtube.com/watch?v=nlhvpefMr58
im famous
yeah, it's not rendering the model because else the game probably will crash because the mdl and vtx checksums arent the same. (in this case, it works since only the checksum was modified instead of the entire vtx file) i don't know what a good solution for this would be, since the game would have to check all the model files and their vtx files for mismatching checksums, and there's just too many. wonder what volvo's solution will be. inb4 just kicking you out of the match and telling you to fix the problem yourself
@midlow Faceit checks its within 5 seconds when joining a server, same goes for molotovs and smokes that have been cached from either exploit server or zombie server mod, so why would they not have the ability to do the same and or do it even better since its not 3rd party.
maybe just clear any maps/models/etc cache before load new map. oh.. wait... seems to valve going to make paid ingame cheats 🌚
i mean it's fucking easier to just go and get an undetectable glow ESP that'll work forever instead of making a map in the SDK just to see through specific props, so i doubt literally anyone will use this exploit
To the last 6 comments. This is not a discussion forum. If you have information relevant to the reported issue, feel free to post it, otherwise discuss on hltv/reddit/whatever.
@kisak-valve Could you clean this up?
It seems to have been fixed during the weekends. (17/12-2018) It doesn't work for me at least.
for me it just fucks up the textures making them a bit gray scaled on cache.
I'm on an intel graphic card, if that's relevant.
It seems to have been fixed during the weekends. (17/12-2018) It doesn't work for me at least.
Still works for me (December 17th 2018 17:00GMT+1) https://i.imgur.com/GD61Bts.jpg
Did you guys join a offline session or an actual death match?
Did you guys join a offline session or an actual death match?
It says in the Steps for reproducing this issue, I marked it with bold text so you can see it easier:
- Host the map (doesn't work on a listen server).
and
- Join a de_cache server (still doesn't work on listen server).
Hey can you make the wood wall in b apps on mirage invisable?
@TheoneRobstar - Mirage doesn't have any packed props as far as I can recall. And you shouldn't cheat anyway, try a cheat forum.
Please don't write off-topic stuff though. There really is nothing to do or discuss in this issue anymore. Valve was notified on several occasions during the last two months, using several different channels, channels where they usually respond. So there are a couple of possibilities:
- They legit didn't spot a single one of the attempts to contact them (very unlikely).
- They have been prioritising getting Danger Zone out, and didn't care about the issue. Also seems kinda unlikely.
- They don't know how to fix it for some reason, again unlikely, but wouldn't surprise me. They actually never fixed the custom server moly exploit, so this might actually be the most likely scenario.
In all cases, the dead silence when trying to contact them has been very weird, and I'm not sure what could be the explanation.
Why does it require a password? What is the password?
How has valve not fixed this yet? I'm 100% sure some people in comp dust 2 were using this in lower tuns. Perfect peeks around the box. This exploit is at a ridiculous level of accessibility and it's impossible to detect. I think the priority of this is fairly high.
@rawsh - As I said, I don't have a good explanation. They most definitely know about the glitch, as they usually respond to the two valve mail addresses I tried. Also, I got the guy who ported de_cache to cs:go to write his valve contact, however he only knew a mapper at valve, not a developer (that was over a month ago too).
So it's all very weird, and I'm not sure what could be the reason other than they don't really know how to fix it without breaking something.
Still works after latest Christmas update :/
Tested on one game on a community server, and there's no change. What's weird is that the first time I checked on practice it didn't work, but it does on community servers.
My guess is that they are still working on a fix? Either that or this bug is really hard to fix.
EDIT:
Nope. It looks like most of the glitches are gone from the map being updated. Looks like on cache almost everything but the door is fixed.
Maybe they are fixing it by updating the maps?
@jasoryeh From what I've tested dust 2 is still broken, but mirage and cache are mostly fixed?
Couldn't get anything to bug out anymore as of now
Technically this doesn't work for Quick Match/Competitive/Community servers as listen server calculates and checks the model checksum when you join the server. This invalidates your model caches and forces your client to reload the model from file. Even you have compiled/modified map in your folder, it also runs a checksum with your model, which might trigger VAC checking too (VAC2/3). I don't have technical specs or details to show in here
Hey, is it just me or does only the blue door on cache work? No other spots on the map seems to be working for me.
Sigh, I tested again because of you guys. As of 20-12-2018 it still works exactly as it always has. If you have no idea what you are doing, please. stop. posting...
@t8er8 - Then you are doing it wrong. Please stop posting.
@windhamwong - I have no idea what you are talking about. It works fine in all those game modes. As said in the issue, the only place it doesn't work is on listen servers. Quick Match, competitive and community servers are not your own listen server. Please stop posting.
@hey132 - Then you are doing it wrong. Please stop posting.
Is there any chance I'll get vac banned for this?
Is there any chance I'll get vac banned for this?
No. As long as you don't use any third party application to abuse this exploit you won't get VAC banned.
Once this issue is fixed you won't be able to join any server until you verify file integrity.
And honestly, you shouldn't abuse this anyway.
Once this issue is fixed you won't be able to join any server until you verify file integrity.
This is false, you don't have to modify any integrity protected files for this to work. The map you join is a completely valid community map, and wont be remove by verifying file integrity.
I think this bug exists since long time, and i think it will not be quickly fixed because it seems to be sensitive and complicated. But it is a very good thing that you made this bug public, it will force Valve to move his little ass ;)
+Woot
How could you edit VTXfiles?
How can you create a prop static with the chosen mdl, vtx (Modified), phy, vdl, etc?
BTW, it still works 2018 Dec 21 12:30 AM
I am looking forward to your reply as a beginner map creator :)
I want to create my own maps, so could you explain to me pls
Is there any chance I'll get vac banned for this?
No. As long as you don't use any third party application to abuse this exploit you won't get VAC banned.
Once this issue is fixed you won't be able to join any server until you verify file integrity.And honestly, you shouldn't abuse this anyway.
Why should I not use it? lmao only shows again that the dev's are not good, 1 bigger update and we get like 5 or 6 gamebreaking bugs
I think this bug exists since long time, and i think it will not be quickly fixed because it seems to be sensitive and complicated. But it is a very good thing that you made this bug public, it will force Valve to move his little ass ;)
+Woot
I am sure security vulnerabilities has always been the priority for valve :)
This ain't really a security issue though.
so how to modify vtx fille?
so how to modify vtx fille?
Nobody is going to help you creating a cheating environment, you think people are that stupid :)
Please /thread this and remove all those script kiddy copy pasters comments.
I want de_mirage :) this legal vs hack :3, its very fun , thx for this!
Good luck getting mirage into the "supported" maps as mirage doesn't use the affected model.
isnt this the same thing?
not my ss though, so dont ask me how to reproduce it
isnt this the same thing?
not my ss though, so dont ask me how to reproduce it
No this network related issue, when dropping packets/timing out.
looks fixed now?
No.
https://www.youtube.com/watch?v=vol8lAoipcY
Here is whole de_subzero broken
Omg ASUS walls now default feature for csgo
@kkthxbye-code Make a tutoriel video a can't use this glitch i dont know how and the Sparkles tuto didn't work for me !
Why would he create a tutorial for it? He doesn't condone cheating so it goes against him.
It's been 73 days since I first reported this issue, and it is still an issue. No response from valve. I guess they really are having a hard time fixing it, which is just straight up strange.
The engine knows that something is wrong, so it's not a question about identifying where the issue is located. And even if a proper fix is hard, they could always band-aid it by forcing you to disconnect if there is a checksum mismatch for the vertex file. Or they could even band-aid it for the official maps by including the packed props in the .pak files.
Maybe I'm missing something.
Still works as of todays patch.
Still works as of the most recent patch.
Still not fixed btw
volvo pls fix
Still not fixed...
Still not fixed...
Good.
Can anyone check if they fixed it in todays update? I don't really play anymore.
Can anyone check if they fixed it in todays update? I don't really play anymore.
that bug still working bro 👍
that bug still working bro 👍
Thanks for checking. Valve is a joke, jesus christ. Even if they don't know how to fix it properly in the engine, they could at least just move the packed models to the pak files for the official maps that are affected. Or just boot players from the server if they get the texture errors.
Thanks for checking. Valve is a joke, jesus christ. Even if they don't know how to fix it properly in the engine, they could at least just move the packed models to the pak files for the official maps that are affected. Or just boot players from the server if they get the texture errors.
Insulting them will not aid in getting them to fix this bug faster, quite the opposite, if you did that to me, I wouldn't fix it at all just to piss you off more.
Have a nice day!
этот жук все еще работает 👍
Спасибо, что проверили. Valve-это шутка, Иисус Христос. Даже если они не знают, как правильно исправить это в двигателе, они могли бы, по крайней мере, просто переместить упакованные модели в файлы pak для официальных карт, которые затронуты. Или просто загружайте игроков с сервера, если они получают ошибки текстуры.
Where can I check whether this bug is fixed at the moment or not, that is, server ip?
Insulting them will not aid in getting them to fix this bug faster, quite the opposite, if you did that to me, I wouldn't fix it at all just to piss you off more.
Luckily, unlike you, they are not children. It is obviously not going to be fixed, it's been half a year, with not even an acknowledgement. I stopped playing in the meantime, so I'll close this for you if you want to protect their feelings.
lol
hahahhha permanent feature :D IT IS IT IS 🤣
Is It fixed? If not which server IP is working?
Insulting them will not aid in getting them to fix this bug faster, quite the opposite, if you did that to me, I wouldn't fix it at all just to piss you off more.
Luckily, unlike you, they are not children. It is obviously not going to be fixed, it's been half a year, with not even an acknowledgement. I stopped playing in the meantime, so I'll close this for you if you want to protect their feelings.
We can see that you are upset, but no need to project your own personality onto others.
Let the anger flow right through you.. take a few deep breaths.. and most importantly:
Have a nice day!
Not fully fixed with the model_breaker I have. Can't see through boxes but can thee through Blue door on cache
Is It fixed? If not which server IP is working?
the server is offline, but you can start a local server, and type changelevel model_breaker or open server browser and find manually US server with that map
Anyone who want a working model_breaker dm me...
I do it for the people.
Do not do this guys, first using exploit, but 2nd this could be packed with some kind of malware to hack your accounts.
DO NOT DO IT!
Anyone who want a working model_breaker dm me...
I do it for the people.Do not do this guys, first using exploit, but 2nd this could be packed with some kind of malware to hack your accounts.
DO NOT DO IT!As if I don't have better things to do than packing malware into a CS:GO exploit.
Innocent until proven guilty is a nice principle tbh, ever thought of it?
Well you can start by uploading it here so all can see it and reverse it, and you joined github 30 minutes go, much more to say no..
@kisak-valve @vitaliyvalve please clean up or get it destroyed perhaps?
Любой, кто хочет работать model_breaker dm me...
Я делаю это для людей.Не делайте этого, ребята, сначала с помощью эксплойта, но 2-й это может быть упакован с какой-то вредоносной программы, чтобы взломать ваши счета.
НЕ ДЕЛАЙ ЭТОГО!Как будто у меня нет лучших вещей, чтобы сделать, чем упаковка вредоносных программ в CS:GO эксплойт.
Невиновен, пока не доказано, что виновен хороший принцип tbh, когда-либо думал об этом?Ну вы можете начать с загрузки его здесь, так что все могут видеть его, и вы присоединились к github 30 минут идти, гораздо больше, чтобы сказать нет..
Гребаные белые рыцари повсюду.
Ха-ха, как если бы они не зафиксировали его в игре сейчас.
Я просто представляю новый сервер для подключения, и вам не придется ничего скачивать, если у вас уже есть .bsp файл.
Have you already created your server?
and how i can join to your server?
Anyone who want a working model_breaker dm me...
I do it for the people.
bro can u help me asap ? ı want it
i created server
Sure bro. Check out my selly in the description of this vid. https://www.youtube.com/watch?v=0jgZ-i1aszc Sendt fra E-posthttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
…
________________________________ Fra: aliozkaynak17 notifications@github.com Sendt: Monday, April 22, 2019 6:47:58 AM Til: ValveSoftware/csgo-osx-linux Kopi: Hexxie66; Comment Emne: Re: [ValveSoftware/csgo-osx-linux] [Permanent Feature] Wallhack Exploit: By corrupting the checksum of a vtx for a model, you can unload props on maps with packed props (de_cache, de_nuke, de_dust2, etc.). (#1888) Anyone who want a working model_breaker dm me... I do it for the people. bro can u help me asap ? ı want it — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#1888 (comment)>, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ALXNU4BGQFT2NM3QDR5KYZ3PRU7P5ANCNFSM4GFA3QXQ.
Så fandt man informationer på dig.
Sure bro. Check out my selly in the description of this vid. https://www.youtube.com/watch?v=0jgZ-i1aszc Sendt fra E-posthttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
…
________________________________ Fra: aliozkaynak17 notifications@github.com Sendt: Monday, April 22, 2019 6:47:58 AM Til: ValveSoftware/csgo-osx-linux Kopi: Hexxie66; Comment Emne: Re: [ValveSoftware/csgo-osx-linux] [Permanent Feature] Wallhack Exploit: By corrupting the checksum of a vtx for a model, you can unload props on maps with packed props (de_cache, de_nuke, de_dust2, etc.). (#1888) Anyone who want a working model_breaker dm me... I do it for the people. bro can u help me asap ? ı want it — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#1888 (comment)>, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ALXNU4BGQFT2NM3QDR5KYZ3PRU7P5ANCNFSM4GFA3QXQ.Så fandt man informationer på dig.
Og?
Don't quote me on this but I think it has been mostly patched as you can only see through the blue door on cache but not the boxes. It may be because I don't have a server to connect to and I'm just loading through the console.
Don't quote me on this but I think it has been mostly patched as you can only see through the blue door on cache but not the boxes. It may be because I don't have a server to connect to and I'm just loading through the console.
I just quoted you, and you are wrong.
They are not going to fix this, it's been 10 months. When the new cache is released I'll provide a map for easy exploitation, providing that it uses packed props again.
Hmm, I'm not sure how to make it work how it should I've purchased a server to try and make it work and still nothing. I'm following the guide that was posted on Sparkles' channel. Is the map outdated or something?
Hmm, I'm not sure how to make it work how it should I've purchased a server to try and make it work and still nothing. I'm following the guide that was posted on Sparkles' channel. Is the map outdated or something?
Sparkles map should still work. I don't know what you are doing wrong. Host it on a dedicated server , join the map, leave and join cache or dust2 (still on a dedicated). Listen server doesn't work.
Yep, that works. Thanks haha. The issue was after joining and leaving the hosted Sparkles dedicated map I was jumping into practice with bots which was clearly not something I should've done. But this works and is quite the advantage.
The only map this works on is Cache for me, it doesn't work on dust 2 like shown in the video. It's maybe just me though.
Dust2 was "fixed" in last update (dust2 + old dust2). I think they just... changed name of props, so the expoit map can`t replace them with a transparent one.
How difficult would it be to edit the map for someone like me who knows nothing about map making?
How difficult would it be to edit the map for someone like me who knows nothing about map making?
CS:GO SDK + Hammer + Google :)
Хм, я не уверен, как заставить его работать, как он должен был я купил сервер, чтобы попытаться заставить его работать и все еще ничего. Я следую за руководством,которое было опубликовано на канале Sparkles. Может быть, карта устарела или что-то еще?
Сверкающая карта все равно должна работать. Я не знаю, что ты делаешь неправильно. Разместите его на выделенном сервере , присоединитесь к карте, оставьте и присоединитесь к кэшу или dust2 (все еще на выделенном). Слушайте сервер не работает.
Valve mb changed name of props on Dust 2, and uses packed props again) Need just make a new map with new name of props or just edit new name of props on a map that already exists to check they fixed or still works
On the new cache: https://streamable.com/54hk5
Map file for de_cache_new:
https://www.mediafire.com/file/c5kmbg47filv0vs/de_shiz_d.bsp/file
Host it on dedi, join server, then join de_cache_new server. VAC-proof, not faceit proof.
Файл карты для de_cache_new:
https://www.mediafire.com/file/c5kmbg47filv0vs/de_shiz_d.bsp/fileРазместите его на dedi, присоединитесь к серверу, а затем присоединитесь к серверу de_cache_new. ВПТ-доказательство, не доказательство faceit.
What about dust 2?
Map file for de_cache_new:
https://www.mediafire.com/file/c5kmbg47filv0vs/de_shiz_d.bsp/fileHost it on dedi, join server, then join de_cache_new server. VAC-proof, not faceit proof.
It would be better if you made one version of the map with just few boxes and doors broken, and some important walls. I really appreciate your work, keep up!
Map file for de_cache_new:
https://www.mediafire.com/file/c5kmbg47filv0vs/de_shiz_d.bsp/file
Host it on dedi, join server, then join de_cache_new server. VAC-proof, not faceit proof.It would be better if you made one version of the map with just few boxes and doors broken, and some important walls. I really appreciate your work, keep up!
I don't actually use it, so while it would be better if you want to cheat, it's not something high on my priority list. The current was made automatically using scripts, there are over 500 packed props on the new cache, so it would take a good while to figure out what to remove and what not to.
@rovpanda - I'll make a dust2 version soon-ish, when I get the time.
@kkthxbye-code Can I like pay you 5$ for you to make it, or would it be possible for me with 0 knowledge of mapping, to make it myself?
Map file for de_cache_new:
https://www.mediafire.com/file/c5kmbg47filv0vs/de_shiz_d.bsp/file
Host it on dedi, join server, then join de_cache_new server. VAC-proof, not faceit proof.It would be better if you made one version of the map with just few boxes and doors broken, and some important walls. I really appreciate your work, keep up!
I don't actually use it, so while it would be better if you want to cheat, it's not something high on my priority list. The current was made automatically using scripts, there are over 500 packed props on the new cache, so it would take a good while to figure out what to remove and what not to.
@rovpanda - I'll make a dust2 version soon-ish, when I get the time.
kk
@rovpanda
Dust2: https://www.mediafire.com/file/ktwz2cj7ty1endy/de_d2shiz.bsp/file
Again, it's create with scripts, so a lot of unnecessary stuff has been removed.
@d0kii - Sorry, don't need money. There are some rough steps about how to do it here:
https://github.com/kkthxbye-code/csgo_bugs/tree/master/model_bug
But it's probably gonna be hard without any prior knowledge.
@kkthxbye-code okay, sorry bcz i bothered you.
@rovpanda
Dust2: https://www.mediafire.com/file/ktwz2cj7ty1endy/de_d2shiz.bsp/fileAgain, it's create with scripts, so a lot of unnecessary stuff has been removed.
@d0kii - Sorry, don't need money. There are some rough steps about how to do it here:
https://github.com/kkthxbye-code/csgo_bugs/tree/master/model_bugBut it's probably gonna be hard without any prior knowledge.
oh, no problem, im going check
Is this exploit only possible with dust and cache?