🔷
b00m-h3adsh0t! Neural Network Configurable Aimbot for First-Person-Shooter Games in C/C++ Note: Aimbots are cheats and illegal in gaming leagues. This repo is solely for educational purposes only.
┬┴┬┴┬┴┤ (҂ ` ロ ´)︻デ═一______________________________\(º □ º )/ ├┬┴┬┴┬┴┬┴┬┴┬┴┬┴┬┴┬┴┬┴┬┴
🔷
Table_of_Contents - Motivation
- Aimbot_Neural_Network
- Technical_How_Aimbot_Works
- Technical_How_Aimbot_with_Neural_Network_Works
- Client-Server_Back-End_Implementation
- Security_and_Efficiency_Game_Server
- Player_Behavior_Statistics
- User_Privacy
- Player_Attacks
- Glitches_and_Modifications
- Conclusion
- References
🔷
Motivation -
B00m-h3adsh0t is a game bot software for first-person shooting (FPS) games where players need to constantly move, think, strategize, and shoot enemies all at once. Aimbot uses game data to automatically shoot at the heads of energy targets.
-
Personal motivation to learn C++ compiler programming language, object oriented programing, and how a FPS game executes on an operating system. B00m-H3adsh0t is 100% written in C++ with Visual Studio compiler providing a very fast, and efficient framework with scripting support such that the framework uses a consistent object-oriented design
Image. “Turn off Lucy's b00m-h3adsh0t aimbot you noob K/D ratio hacker!"
🔷
Aimbot_Neural_Network -
Trained by neural network (NN) with customizable predictions and dynamic speed settings
-
Select which FPS game you will use
-
Engine-Aim with colored models:
-
Hook into the FPS game engine to use actual game data to auto-aim without altering gaming files
-
Code won't work by itself because we need a handle to the game
-
Modifies memory of RAM half-life runs on
-
Gathers information from current game and pixel location
Image. Custom training mode on the aimbot with a range of functionalities
-
-
Custom training mode
- Leverage neural network to detect objects for object recognition using computer vision algorithms
- Train with range of distances, lights, and angles for best possible recognition
🔷
Neural_Network_Model_Training_Recognization Deep Reinforcement Learning
- Allows bot to learn how to aim by interacting with its unknown 3D environment
- Bot receives a reward if it correctly kills an enemy, hence the name b00m-h3adsh0. If the bot dies, it gets a penalty.
- For each step, bot observes the current states Ot of the environment and decides of an action
- Observes reward signal where the goal of the agent is to find a policy that maximizes the expected sum of discounted rewards
- Game states are partially observable
Q-Learning Adaptation
- Used a Q-Learning adaptation for Deep Learning to train the autonomous agent
- Inputs are screenshots of the fps game (pixels)
- Deep reinforcement learning allows bot to learn game features simultaneously along with minimizing a Q-learning objective
Dynamic Bayesian Network
- Common for aimbot detections in FPS games
- Used for probabilistic modeling and inference in discrete-time
- Implementation options:
- libDAI - A free and open source C++ library for Discrete Approximate Inference in graphical models (C++)
- Mocapy++ (C++) - A toolkit for inference and learning in dynamic Bayesian networks
🔷
Technical_How_Aimbot_Works -
Aimbot can be easily toggled on and off using the mouse or keyboard
-
Recognizes game objects in a certain range, then aims at the objects using game physics
-
Memory Searcher with Cheat Engine
- Understand the memory storage structures within a game
- Searching memory to find the values of the player classes such as player coordinates, health, mouse x,y coordinates, etc.
- Use Cheat engine to find addresses (programs that scans memory depending on the search details you give it and returns the memory addresses)
- Base address of "client.dll" (int or DWORD)
- Read and write to the game memory
- Call the functions ReadProcessMemory (RPM) and WriteProcessMemory (WPM)
- Use multi-level pointers to access information to playerObjectAddress
-
CalcAngle
- Needed to calculate angle functions for aimbot since everything is based on game coordinates
- Takes two 3D positions in source and distance, and outputs the angle to distance in angles
- Pass in the local player's eye position into src, the target's head in dst, and then set the view angles from angles
-
Call Game Functions
- For internal hacks where we need to inject DLL
- C++ programs call funtion by address via function pointers
- Traceline and RayTrace commonly used in aimbots:
- Draws a line between your player and another player
- Checks if there are objects in the way
- If there are no collisions between you and your target your aimbot should aim and shoot at that target
-
Game Player Detection
- FPS game memory contains the (X,Y,Z) coordinates of each player for rendering
- Aimbot scans memory locations for this information
- Gain access to two key positions - the player and enemies coordinates
- Subtracting the two positions as vectors == the vector between the two
- Calculate the angle from the player's current vector to the desired angle vector
-
Aim Automatically
- Inject information directly to the game
- DLL injection
- Overwriting current FPS game aim functions
- Patching in-place the Direct3D or OpenGL DLL
- Examining the functions calls to draw geometry
- Insert own geometry functions (for things like wall-hacks or glitches)
- Fine-tune with constants adjusting for any dynamic data structure moving players around on you
- Inject information directly to the game
🔷
Technical_How_Aimbot_with_Neural_Network_Works -
Neural Network
- Program takes multiple screenshots to recognize objects
- Different distances, lights, angles for best possible recognition
- Output - program writes in cfg file
- Batch = 1
- Subdivision = 1 for testing
- Graph of Training/Validation Set
- Graph x vs y
- Error Rate vs Number of Iterations in Training Set
-
Training Depenencies - Trained Files for Games
- Use b00m-h3adsh0t.cfg file to change the resolution range for object recognition
- Train Files Folder
- Darknet folder/subfolders
- Data or back up
- GAME.names
- GAME.cfg
- GAME_last.weights
- GAME.weights
🔷
Client-Server_Back-End_Implementation -
Computer has to display the gameplay to the user by rendering the whole map and every player in it
-
Client–Server Model Method
- Model instantaneously calculating/sending game results
- Client sessions run synchronously with aimbot server with user input data
- Run aimbot purely on game server
- Run server mirrors client gameplay and continuously validates each game state
-
Modifying Game Rules World Method
- Aimbot targets servers with no rule enforcement or data integrity
- Synchronize all client data with information about all of the other clients
- Reveals where all the players in the game are via (X,Y,Z) coordinates
- Reveals user game states with information on player names, position, clip ammo, ammo count, health, class, weapons, frame rate and more.
- Data from client will allow player to break game rules, manipulate server, or manipulate other clients
🔷
Security_and_Efficiency_Game_Server -
Server responsible for information security and enforcing game rules
-
Sending Game World State needed for Immediate Display
- Results in client lag under bandwidth constraints
-
Sending the Player the Entire World State
- Results in faster display for player under the same bandwidth constraints
- Exposes data to interception or manipulation
- Trade-off between security and efficiency
🔷
Player_Behavior_Statistics Refer to playerdata.h file
-
Aimbot Evaluation Metrics
- Compare human player with b00m-h3eadsh0t agent
- K/D Ratio to compare ratio of kills to deaths
- Single player vs multi-player games
-
Pattern Detection Systems
- Scan player's hard drives for known cheat code or programs
- Scan player's system memory for known cheat code or programs
- Labor-intensive to constantly track down cheats and update detection patterns
-
Anti–Cheat Method
- Guaranteed to work on all end–user system configurations
- Reduce the amount of false positives
-
Player Behavior Anomalie Detection
🔷
User_Privacy - End–users concerned with privacy issues and "Never trust the client" is common saying with game developers
- VAC (Valve Anti-Cheat) accessing browsing history
- User privacy compromised with packet interception/manipulation
- Man-in-the-Middle Attack
- Reverse engineer the network packet formatting
- Security of game circumvented by intercepting or manipulating data in real-time while transit from the client to the server or vice versa
- Performed on client machine itself or via external communication proxy
- Can provide player positions and other useful related information
- Forged packets sent to server to move the player, shoot, or other game actions
🔷
Player_Attacks - Select button to attack and enable/disable training mode
- Custom zooming control with scroll wheel
- Custom crosshairs
- Laser sight
- Trigger bot
- Move speed
- Ammo count
- Player radar
- Name-tag display to detect players
- Auto shoot/rapid fire
- Most fps games limit the rate weapons are fired regardless of how fast a player presses buttons
- Binding the firing button to the scroll wheel of a mouse
- Macro setting that will simulate rapid key presses automatically
- Set aiming speed and shooting delay
- Auto clicker for semi automatic weapons
- Dynamic recoil control
- Remove gun revoil game element
- Control bullet spread
- Correcting for bullet drop
🔷
Glitches and Modifications -
Wall hacks
- Glitches with game surfaces
- Graphics driver modifications that ignore depth checking
- Draw all objects on the screen
-
Reduced flash
-
Correcting for ping/lag
-
Resolution range
-
Pixel memory hack
-
Transparent buildings, ceilings, obstacles, and trees
- Remove visual elements of the game
- Ex Replace opengl32.dll with one that would render polygons transparent
-
Display enemy lines
-
Extrasensory perception (ESP)
- Display all the enemy positions on the map
- Glowing or lighted players, weapons, and loot.
- See all players at all times and plan ahead before making a kill
- Show all information ex: player names, position, clip ammo, ammo count, health, class, weapons, frame rate and more
🔷
Conclusion B00m-h3adsh0t! is a single architecture neural network configurable aimbot for first-person shooting (FPS) games. We introduced a method to augment a deep reinforcement q-learning model with high-level game information, and feature implementation. We showed that b00m-h3adsh0t! model is able to outperform built-in bots as well as human players and demonstrated the generalizability of our model to do game glitches and modifications.
🔷
References - MultiPlayer Game Hacking - How to make a aimbot (in C) for any FPS game https://www.mpgh.net/forum/showthread.php?t=191416
- Machine Learning Paper. Aimbot Detection in Online FPS Games Using a Heuristic Method Based on Distribution Comparison Matrix: https://link.springer.com/chapter/10.1007/978-3-642-34500-5_77
- 2D collision detection headers in C/C++ routines on primitives, boolean results and/or manifold generation, shape cast/sweep test, raycasts/ https://github.com/RandyGaul/cute_headers
- Exploting supervised learning techniques on game server collecting game data with decision trees, Naive Bayes, random forest, neural networks, and support vector machines. https://ieeexplore.ieee.org/abstract/document/6032016
- Call of Duty 4 Wall hack in C++ https://guidedhacking.com/threads/c-call-of-duty-4-wallhack-chams-directx-tutorial.6/
- Code tutorial for aimbot CounterStrike http://www.d3scene.com/forum/counter-strike-source-hacks/74156-tutorials-c-how-create-aimbot.html
- CalcAngle alternative. Coding a better aimbot https://www.unknowncheats.me/forum/counterstrike-global-offensive/137492-math-behind-hack-1-coding-better-aimbot-stop-using-calcangle.html
- Multi-threaded game engine written in C++. https://github.com/BearishSun/BansheeEngine
- Multiple classificatoin system for neural networks http://ceur-ws.org/Vol-1659/paper7.pdf
- Cheat Engine HD https://www.youtube.com/watch?v=EzZ259yac-4#ws
- Math behind aimbots. Basic review https://guidedhacking.com/threads/aimbot-math-explained.13544/
- Bayesian Imitation Learning the ROute to Belivable Gamebots. https://www.researchgate.net/profile/Christian_Bauckhage/publication/258510478_Is_Bayesian_imitation_learning_the_route_to_believable_gamebots/links/0c960539de8012b04e000000/Is-Bayesian-imitation-learning-the-route-to-believable-gamebots.pdf
- Towards a Fair n Square Aimbot. Machine Learning techniques for spatio-temporal improvements to aimbots. http://vampire-project.de/files/papers/Bauckhage2004-TAF.pdf
- Server side machine learning classifiers for anti-cheating in games using game logs https://ieeexplore.ieee.org/abstract/document/6633617
- Bayesian network paper on aimbot behavior detection. http://www.cs.cuhk.edu.hk/~cslui/PUBLICATION/detect_cheat.pdf
- Classifier systems for controlling NPCs in games. https://pdfs.semanticscholar.org/68cf/3f5b16c452b004d986dcbdefa6fc28fa1c9b.pdf
- Game bot detection. Detecting user injections https://dl.acm.org/citation.cfm?id=1653694
- Game bot detection. Humans vs NPCs https://dl.acm.org/citation.cfm?id=1517498
- C++ code for applications of Dynamic Bayesian Network https://github.com/wengjn/MatlabDBN
- DBN++ Data Structures and Algorithms in C++ for Dynamic Bayesian Networks https://github.com/thiagopbueno/dbn-pp
- Paper Dynamic Bayesian Neytworks https://www.cs.ubc.ca/~murphyk/Papers/dbnchapter.pdf
- Paper A Bayesian Model for Plan Recognition in RTS (Real Time Strategy) Games https://www.aaai.org/ocs/index.php/AIIDE/AIIDE11/paper/viewFile/4062/4416
- Learning to Shoot in First Person Shooter Games by Stabilizing Actions and Clustering Rewards for Reinforcement Learning. https://arxiv.org/pdf/1806.05117.pdf