In the world of software development, I am pretty sure that this handshake method through achievements isn't anything very creative. In fact, as soon as shounic mentioned achievements at the start of the video, I immediately guessed correctly that bots were using impossible achievements to communicate which would be possible to patch by Valve.
@@PouLS I mean, the info becoming widespread means the bot hosters will push out fixes to change the bots behavior. A minority of players knowing and utilizing the trick is better than a majority knowing and it getting removed.
It'd be funny if community servers flipped the script on their head and made it so if invalid achievements were broadcast it would intercept the bot's response and say every player /but/ the bot sent that back. Making the bot only target bots
It would be really easy for the bot owner to just update the code and flip the check, though. Instead of checking for the response, it just checks for the lack of one.
As hilarious as that'd be, the "Not Bot" can be marked as "Bot" so easily. The issue is that as soon as you can distinguish bot vs not bot, you just have to figure out which is which.
@@CiromBreeze if they did that then the bots wouldn't work on any server except those using that achievement flipping plugin, since otherwise they'd only recieve a response from bots since players would never normally send the response.
Would be really ironic. The things attempting to fuck up the game becoming the only things shot? I'd love this if it were for the main game, give us something to watch, little Bot Wars to laugh at, Rancho Relaxo and watch them go ham.
This is just one way of communicating... they can perfectly use another and keep changing And it doesnt solve the problem, even if the bots shoot each other it still ruins the other experience So yeah, its not that easy to fix the issue
TF2 bots only seem crude on the outside. This rudimentary IFF system is really clever and also... pretty sad when you realize that the people who make these bots can't be bothered to find any other outlets for their creativity.
the creativity/talent only came from a couple of people who wrote the hooks and put them on github. it takes zero skill, talent, or creativity to take someone else's code. in fact, i do it constantly, and no sane person would say i know what i am doing. yet, it works. curious
That's the thing I guess I never realized, cheating in games is one giant arms race. In this case, the TF2 Developer managed to counter one of the hacker's "plays". It makes me scared though because now I realize the single guy working on TF2 is going up against every single hacker in the game, with really only what they can look up to help them. This is prolly super obvious but it's new for me, idk.
Huge [citation needed] here, but I think Valve _hired_ some more developers to solve these absence of TF2 update, so it's not much "single guy" anymore. But again, don't cite me on this.
Well, they are not entirely alone. They got the entire tf2 community backing him up. There's dedicated players that root through the game's coding all the time that report exploits and cheats. It's just up to Valve to actually act with this information.
Cheating is just a game of cat and mouse ,doesnt matter if its tf2, csgo, valorant, r6siege or your mother If the devs fix one way of cheating they ll find another, so that doesnt make them worried
@@aloysiuskurnia7643 Tyler McVicker said a while ago that those working on TF2 updates following #SaveTF2 are all interns and such that wanted to. Tyler has given out so much insider info of what's going on with TF2 and the community it just completely tone deaf to him, I don't get it.
Imagine a real player got one of these invalid achievements which would have made them immune to bots, allowing them to go on a crusade against the bots
i remember seeing a few actually, there'd be only one on a team, and would only shoot bots. they never lasted long, being basically just a week or two before they disappeared entirely, adding more bots to fight bots was never good lol
There was actually some anti-bot bots. They were programmed to randomly chose a (real) player and follow them. They would only shoot at other bots, not real players. You could ask in chat for them to swap between Vac Medic and Sniper.
There is already an alternative identification method using cathook's own server called Nullnexus. The server will return all hashed SteamIDs of the bots/cathook users on a given server IP. It seems that many bots aren't using it though. Also: Bots used to identify through the "cl_drawline" message previously. This message is usually used after finishing a competitive match when you're able to draw on the screen. This was also fixed quite some time ago which made the bots switch to the achievement method.
@@szymex8341 That would be a bad idea, if the programmers for those bots realize that, they could maliciously add IDs of real players that they dislike, thus griefing real innocent people.
if random cheaters can upload their bot ID to this whitelist, then why can't normal players? Make a script that, whenever you join a game, everyone you play with gets added to the whitelist. You're like a walking bot vaccine!
@@nolin132 You have to provide the servers "Spawn Count" to send data to the cathook server. But this "Spawn Count" can only be retrieved by reading the game's memory. So you'd basically have to use a cheat in order to retrieve this information and add yourself to the whitelist.
I'm genuinely loving this. Seeing the bots popping each other truly felt like someone had spread a virus through them. Some real Terminator end of skynet shit.
Before the update that greatly reduced the amount of bots, I saw a few bot-killer bots. So I'm guessing that these botd did the same but instead of not killing the bots that use the "secret handshake" they just kill those
Or they just forgot to write it down. After plowing through a lot of bs, I'm sure I'd forget something boringly technical as "fixed sending invalid achievements being sent to server." Something like Sniper eating his gun is funny and worth noting just because I'd remember it.
no, security fixes are usually not mentioned because telling any wouldbe hackers you just fixed a flaw may lead them to look for more flaws faster@@SethTooQuick
wait if this handshake no longer works, that means Valve could apply the same script or code they made on CSGO, and put bots on only servers that have bots so they would kill each other for a underterminated time?
I'll try to clean this up: "Wait, if the bot handshake can be detected, is it possible for Valve to implement a system similar to CS:GO's, where identified cheaters are grouped up in isolated servers and left to kill each other?"
Man, dealing with bots is like a perpetual mouse and cat game between bot makers and developers. Unfortunately, this is the only way to minimize the bot invasion as much as possible without compromising too much of using a "permanent" solution like disabling chat for F2P players. As long as the bot makers keep improving their schemes, the devs need to keep up and get to one or two steps ahead of them as the bot makers doing the same.
Actually there was a bit of misinformation near the end, the bots are shooting each other because currently there is an uprising in botopia and there is a civil war
They could also have gone the other way, and made everyone regularly broadcast the bots' secret invalid achievements, so the bots all think everyone's a bot and don't shoot anyone.
@@unknownuser20778 I had the same experience as Milo on a few weeks 1-2 patches ago. Then cheaters found out what was the problem I guess and now it's back to square 1..
I swear I saw somewhere that one of the devs of a bot program or something like that quit so a large portion of bots either left or went to another program.
Bots are mostly gone but I’m seeing ALOT of closet cheaters now, some hide it and some are extremely obvious. Also there’s a group of people with extremely expensive unusuals and Australiums going around cheating just for fun
@@markuskarlsson2001 ban everyone trying to unlock an invalid achievement ID for starters, you cant do that with an unmodified client, they fixed the issue but could've used that to detect and ban bots
@@markuskarlsson2001 It's only secret in that normal users can't see it. There's no cryptography going on, the server can see everything being sent to it
You guys seem to forget that the guys who programmed the bots will prolly just make their bots not send the secret handshake anymore? People in the comments seem to believe valve could use this to catch bots or whatever when the people who make the bots would very easily be able to patch their bots to not send the invalid achivements. No matter what they did, the end result would be the same; bots remain, bots are no linger able to id eachother
Yeah but they just prevented the handshake from working here? Would it not be at the least minimally beneficial to make it so bots will get banned for attempting the handshake? Yes they'll just make the bots not attempt the handshake, but exactly, they have to make the bots not attempt the handshake. Compared to what they have to do rn, which is nothing because valve just made handshakes not work, you see? It seems like it would be just as easy to make a handshake attempt lead to a ban as it was to make a handshake attempt simply not go through, but with an added benefit of forcing the bot makers to change the bots. And it was a silent patch too, if they said nothing about it then the bot makers would have to FIGURE OUT that the handshake is what's causing the ban. It just seems like it would've been a very easy & has some benefits over simply making the handshake not work. You're ultimately right, not much of an actual difference in full end results, but still
@@LOLWHATBRO it goes back to the fundamental problem stated in the first bot video; any measure to limit or ban bots would take more effort for Valve to implement than it would for bot makers to circumvent, better just to jump to what the end result should be. Also adding a built-in "ban when invalid advancements are sent" could cause even more problems for tf2 spagetti code, and seems like the kind of thing that could absolutely be accidentally triggered by some bug or exploit
@@LOLWHATBRO however doing this would make the game even more unstable, imagine you got a bit flip und suddenly you are sending 0010 1000 0100 (644) instead of 0000 1000 0100 (132), bam you get banned without any reason or fault. And like you said in the end it wouldnt matter.
Then don't ban them; instead give them the bot models and have them drop money when killed. Both teams share the same money pool and resupply lockers double as upgrade stations.
@@Weeblon On average a computer experiences 4 bit flips per gig of RAM per month...New players are the ones that unlock the most achievements...I can see the "hey I downloaded the game, placed a dispenser and got banned" posts
Shounic, would you have any way to know about the weird Unicode character that namebots were using? Windows games would never render it, but Mac and Linux would render it, allowing them to immediately tell the difference between the bots. It always looked like a line with a block at the top of it. It was always at the end of namebots until one day I pointed it out, and I think the botmakers intentionally changed it to be inbetween characters to be harder to see on the vote menu. On Windows it would also oddly render only in the killfeed occasionally. It's apparently Unicode Character U+202C when I tried to look it up. Pasting it in Steam or anywhere else in my text editors would crash them immediately. Only my browser knew what to do with it.
There must be a font difference then, because I use ToonHud with a custom chat font which is literally just default chat with antialiasing, and I guess this also affected the killfeed which helped me know what players had impersonators. Unfortunately, the vote menu didn't display this character for me though
U+202C is "POP DIRECTIONAL FORMATTING", which shouldn't render as anything -- instead, it just disables the last directional formatting character (these are used to explicitly switch the direction of text from left-to-right or right-to-left). That's likely also why text editors crashed when you entered it -- there wasn't a previous directional formatting _to_ disable. The character actually being rendered was probably a different one, though it would take a while to figure out which one from a description -- there's a lot of characters in Unicode.
I always thought they just added eachother to their friends list but come to think of how many thousands of bots there are i don't think that would work out too well.
valve could make an ultimate and ban every bot in the game by simply write down every user that tried to unlock invalid achievement for a some period of time and ban everyone in this list that would look epic, but it has no purpose since you can easily generate another million of bot-accounts
We shouldn't get too happy about it, though. There are rough two gazillion other methods they can use to identify each other; it's just that many of them are harder to code and maybe less efficient (so it takes a few ticks to process instead of just one).
except its just broadcasting an invalid achievement like a radio tower and doesnt actually stick, malicious servers would also try to award you achievements outside of the normal range for an easy insta ban
Basically, if you were in spawn and had "respawn on loadout change" enabled in the option, if you started eating a sadnvich as Heavy but immediately switched to Sniper right before the animation started, it would play the eating animation on Sniper and his rifle instead, and it'd crash the server at the end of the taunt.
Nice, can't wait to learn about how the bot developers get around that fix in a few months *if we're lucky.* Edit: has bold text gotten even bolder on this site now?
I once encountered an unusual bot on casual, whose sole purpose was to alert the legit players in the server that certain other players were bots. Maybe whatever method that bots will use now to identify each other can be turned on its head to create a bot that _exclusively_ targets other bots.
What I've heard from a botter named pinkie, they have an config that they can whitelists their bots using steam64 so if a bot or player isn't whitelisted, it will target them.
honestly, that’s some good steps in the right direction. getting their hands on what they use, and then reverse-engineering it so they know what’s being exploited, and then fixing whatever exploits they’re using- it makes botters’ lives and efficiency that much harder.
Valve built in the theme 'players vs. robots' into the game in it's early life and now later in it's life those same robots can literally be used to aptly represent the biggest threat to the future of tf2. Nice one Valve.. >
Couldn’t this be used by servers to determine if they’re bots to begin with and kick them preemptively? I get it wouldn’t work for all bots, but surely it could for at least most of the really annoying ones.
Then the bot devs will change tactics. Instead, valve should just flag them as being bots, and have the server give them robot models and have them drop money when killed. Collected money can be used by human players to buy upgrades at resupply lockers.
[Valve] N***** Killer is the most hilarious bot name I've ever seen. And I'm happy there are bots with such names. Granted I don't play TF2 since like 2014 😂
It's so funny seeing bots shoot each other. God I really fo think tf2 is a great example between an old multiplayer game and a modern one. Before like with crits, text snd now achievements, the server didn't need to validate what it got from the client but now has to. Its why I think tf2 could use a recode. Since it was originally made in 2007 which was built on top of half life, it would be great if they could recode it with newer coding standards and practices.
to "recode" the game as you say would require such a sincere effort that they would essentially be creating an entire new game at no financial benefit to themselves. Even taking older aspects from the game and combining them with practises and features developed for CS:GO would take an immense amount of work that is just not feasible when time could be spent working on new interesting ideas
@@jacobwoodman4488 "...when time could be spent working on new interesting ideas" My brother in Steam, you do realize that we're talking about Valve here, right?
@@-cams. Yes, he does. And Valve has basically given up on this game. It'll likely stay that way until an exec or higher up like Robin Walker or whoever gets up and decides "hey, we need to focus on TF2 right now", and considering how they currently just don't care about the game...
@@jacobwoodman4488 no financial benefit? Do you not see the armies of TF2 SIMPS that are still playing this game in 2022? That's a lot of wallets ! Just add some new monetization, and allow people to play the old version as "TF2 Classic" they'd make bucks. Probably not more bucks than they're making now though lmao, because they really don't have to do anything at this point. They're raking in cash for just maintaining the service
WHY does the client validate the achievement instead of the server?!? nobody in any multiplayer game dev would EVER let the client validate data, they always could fake it... ._.
False. The problem still stands to this day. Yesterday i was playing goldrush and we got both teams blocked my bots.. we could not kick them so what then? We had to all leave. So currently the bot problem still stands .. it's less then before... but it's still there. Also 2fort is officially full of friendlies and people who stalemate the matched for longer then it should be and get mad if you dare playing the game as intended. Update 1 it seems it depends on the server. In my recent games no bot spotted and those whp tried to play got instantniously kicked.
my thoughts before the video: most likely, it's the same person running the bots in that case. or they have some way of comunicating amongst eachother about who is a bot
its not actually comeplete true catbots run over their own seperated network which makes them able to connect to and send bot identifies in order to see if thats a fellow bot or not and if bots have that disabled they will shoot each other like the attempted bot police bots which had these disabled to attack other bots
What's to stop them sort of making pseudo binary messages with achievements and having the bot software actually check steam achievement progress for hyper specific patterns?
If I patched this, I'd make it so it looks like *everyone* unlocked the invalid achievement, thus causing bots to whitelist the entire lobby & I would have invalid achievements flag an account for suspicious activity (likely quickly leading to a non-delayed VAC ban if, say, their killstreak gets too high)
1. Bots no longer use this method, and as shounic said in the video, it has been patched out of TF2 and no longer works. 2. Even if this method still worked, there are near-infinite invalid achievement IDs, so botters would be able to just use any other invalid achievement ID. 3. VAC bans are intentionally delayed so that cheaters are unable to know exactly what triggered the ban.
These bot creators could've done a lot of good things with their code, but decided that ruining the perfect game Team Foretress 2 was a good idea... Its 100% not, the game has so many fans you cant stop em all even with cheating AI
"the perfect game" LMAOOOOOOOOOO this is exactly why they do it, it's to make naive children like you realise that nothing is as good as you think it is
How does the bots shoot tho? Do they aim for everyone's head and when it is clear of obstacles, they shoot? If so, can we make random head hitboxes that spawns around the map randomly to attract the bots, but are invisible to the players? To think about it, all they have to do is to check whether the head is invisible or not. Goddamnit, now I have to go back to my thinking room...
The client will always need a way to distinguish what's real and what's fake in order for things to appear proper for the player. Whatever mechanism you use to distinguish, there will always be a way for the bot maker to detect it. In the case of invisible hotboxes, the bot maker could simply check if a player is actually rendered before trying to shoot. RuneScape actually tries this, spawning invisible objects and NPCs around the player, it's trivial to detect and ignore them.
This is an interesting counterpoint to a well known principle in software engineering, of being "conservative in what you send but liberal in what you accept", which is actually mostly an awful idea. Makes you wonder what other kinds of data TF2 servers will blindly relay...
Because no one is trying to massively invade community servers. Community servers use pretty crude and simple fixes because that's all that is needed really. If you put these fixes on Valve Casual. They will find a qay around these limits.
what if they just like, removed sniper from the game. Like sure it would be a massive loss to the community but the game would actually be playable again
@@revertfellpapyrusfandeunde4380 Shame, sniper is obviously an integral class but the game would actually be playable again if it were removed from competitive matchmaking
Rather than fixing it, it would have been better to use it to ban the bots: not only you prevent the use of fake achievements (like the fix does) but you also ban the occasional bot
The bots change it to not look for handshakes. Then a few innocent people also get banned. Bot makers find a way to force achievements possibly banning innocents. Nothing was accomplished.
How do the bots find heads so easily? I heard that cheat clients remove every texture and replace the colors of the classes head models, and then targets that color? I don't know how true that is
Most bots don't operate by using the contents of the screen for anything (though they theoretically could). As part of playing a multiplayer game, the server sends various information about the state of the game to your game client. Your game client uses that information to know where to place players, projectiles, and other objects, and draw them to your screen. Bots also use this information, but they aren't concerned with drawing a game scene. They just know where in the 3d space all of the players are, and where their heads are, and can use raycasts to determine if they have line of sight to heads. Then it is just a matter of calculating the exact movement needed to rotate and aim directly at the head, and sending that movement to the server. These types of calculations are very simple, and are often used by the game itself for various things (how do you think sentry guns work? They do the same thing, but apply the movement over time instead of instantly)
Because there's a chance botters could turn it around on players and start giving innocent players invalid achievements, therefore causing them to be falsely banned. Is it really not that obvious?
It's quite sad that the creativity of a man gets wasted in this way. They could've done something better than cheating.
Nah the bot creators have no talent, that's why they make shitty bot code instead of making something of actual worth.
nah they only take code from stackoverflow
Yea...
In the world of software development, I am pretty sure that this handshake method through achievements isn't anything very creative. In fact, as soon as shounic mentioned achievements at the start of the video, I immediately guessed correctly that bots were using impossible achievements to communicate which would be possible to patch by Valve.
Like make their own game
I wonder how many bot mechanisms you’ve known about but didn’t want to reveal until a fix was already deployed
It's all easily available to the public, so he probably knows about all bot mechanisms.
All of them.
I wonder why he chose to not reveal them, after all knowing it by regular people could make bots not shoot regular players
@@PouLS I mean, the info becoming widespread means the bot hosters will push out fixes to change the bots behavior. A minority of players knowing and utilizing the trick is better than a majority knowing and it getting removed.
@@PouLS by creating and using borderline cheat software? yeah nah
It'd be funny if community servers flipped the script on their head and made it so if invalid achievements were broadcast it would intercept the bot's response and say every player /but/ the bot sent that back. Making the bot only target bots
It would be really easy for the bot owner to just update the code and flip the check, though. Instead of checking for the response, it just checks for the lack of one.
As hilarious as that'd be, the "Not Bot" can be marked as "Bot" so easily. The issue is that as soon as you can distinguish bot vs not bot, you just have to figure out which is which.
@@steeledminer616 so basically, it’s either among us or everyone’s a spy.
[human]
[there are 3 bots among us.]
@@CiromBreeze if they did that then the bots wouldn't work on any server except those using that achievement flipping plugin, since otherwise they'd only recieve a response from bots since players would never normally send the response.
Would be really ironic. The things attempting to fuck up the game becoming the only things shot? I'd love this if it were for the main game, give us something to watch, little Bot Wars to laugh at, Rancho Relaxo and watch them go ham.
I was about to say how that sounds quite easy to fix, and then it cut to Valve fixing it
Neat
Well, this is only one way of communicating. Cathook has a secret messaging system that allows you to coordinate bots easily
Honestly, I think they should have kept this around as a way to detect bots, like that community plug-in Shounic mentioned.
This is just one way of communicating... they can perfectly use another and keep changing
And it doesnt solve the problem, even if the bots shoot each other it still ruins the other experience
So yeah, its not that easy to fix the issue
@@Ultra289 the treadmill
Greetings fellow lambda user.
TF2 bots only seem crude on the outside. This rudimentary IFF system is really clever and also... pretty sad when you realize that the people who make these bots can't be bothered to find any other outlets for their creativity.
Tf2 players upon seeing bothosters irl: "A funny _twist._ A funny *murder.* (proceeds to spam scout's BO(i)NK taunt)
Ham?
For every yin, there is a yang.
the creativity/talent only came from a couple of people who wrote the hooks and put them on github. it takes zero skill, talent, or creativity to take someone else's code. in fact, i do it constantly, and no sane person would say i know what i am doing. yet, it works. curious
@@boldCactuslad it just works
It IS rather amusing to see the cloned bots slaughtering each other for once.
They killed most humans and no one's left, but because of their coding they can't stop, so they decide to start killing each other and continue
Ironic
They used to attack each other, but then the bot hosts figured this out.
Valve straight up scrambled their IFF system
@@moonlightact1792 Mankind is dead
Blood is fuel
In 2024 there will be a robot war between China and India and this exact thing will happen but on a grander scale
That's the thing I guess I never realized, cheating in games is one giant arms race. In this case, the TF2 Developer managed to counter one of the hacker's "plays". It makes me scared though because now I realize the single guy working on TF2 is going up against every single hacker in the game, with really only what they can look up to help them.
This is prolly super obvious but it's new for me, idk.
Huge [citation needed] here, but I think Valve _hired_ some more developers to solve these absence of TF2 update, so it's not much "single guy" anymore. But again, don't cite me on this.
Well, they are not entirely alone. They got the entire tf2 community backing him up.
There's dedicated players that root through the game's coding all the time that report exploits and cheats.
It's just up to Valve to actually act with this information.
All forms of cybersecurity is an arms race. That's why you have to update your antivirus every few weeks.
Cheating is just a game of cat and mouse ,doesnt matter if its tf2, csgo, valorant, r6siege or your mother
If the devs fix one way of cheating they ll find another, so that doesnt make them worried
@@aloysiuskurnia7643 Tyler McVicker said a while ago that those working on TF2 updates following #SaveTF2 are all interns and such that wanted to. Tyler has given out so much insider info of what's going on with TF2 and the community it just completely tone deaf to him, I don't get it.
Imagine a real player got one of these invalid achievements which would have made them immune to bots, allowing them to go on a crusade against the bots
Meet the Spy
The Chosen One
The Doom Slayer of bots
@@gamech2008 amazing, perfect response.
It was abused by other certain cheats. The bot hosters caught on and started making lists of people that abused this feature which is funny tbh
Makes you wonder if someone fought fire with fire and made a bot that _only_ targets bots. It’d be pretty funny I won’t lie
i think that actually was a thing for a while
i remember seeing a few actually, there'd be only one on a team, and would only shoot bots. they never lasted long, being basically just a week or two before they disappeared entirely, adding more bots to fight bots was never good lol
There was actually some anti-bot bots.
They were programmed to randomly chose a (real) player and follow them.
They would only shoot at other bots, not real players.
You could ask in chat for them to swap between Vac Medic and Sniper.
That was a thing, but they were quickly impersonated, so the owner stopped.
Still wouldnt fix the problem so it would be a waste of time unless a youtuber who gets money from making content does it
There is already an alternative identification method using cathook's own server called Nullnexus. The server will return all hashed SteamIDs of the bots/cathook users on a given server IP. It seems that many bots aren't using it though.
Also: Bots used to identify through the "cl_drawline" message previously. This message is usually used after finishing a competitive match when you're able to draw on the screen. This was also fixed quite some time ago which made the bots switch to the achievement method.
I thought the cathook method would have been more popular. Weirdm
@@szymex8341 I imagine they put a shitload of random IDs in there so if valve ever tried to mass ban them they'd hit normal people
@@szymex8341 That would be a bad idea, if the programmers for those bots realize that, they could maliciously add IDs of real players that they dislike, thus griefing real innocent people.
if random cheaters can upload their bot ID to this whitelist, then why can't normal players?
Make a script that, whenever you join a game, everyone you play with gets added to the whitelist. You're like a walking bot vaccine!
@@nolin132 You have to provide the servers "Spawn Count" to send data to the cathook server. But this "Spawn Count" can only be retrieved by reading the game's memory. So you'd basically have to use a cheat in order to retrieve this information and add yourself to the whitelist.
I'm genuinely loving this. Seeing the bots popping each other truly felt like someone had spread a virus through them. Some real Terminator end of skynet shit.
Before the update that greatly reduced the amount of bots, I saw a few bot-killer bots.
So I'm guessing that these botd did the same but instead of not killing the bots that use the "secret handshake" they just kill those
Now that's some sweet fuckin vigilante justice right there
The biggest takeaway to me is that the fix was undocumented, meaning that Valve is doing more than just what they release in their patchnotes
Or they just forgot to write it down.
After plowing through a lot of bs, I'm sure I'd forget something boringly technical as "fixed sending invalid achievements being sent to server."
Something like Sniper eating his gun is funny and worth noting just because I'd remember it.
@@SethTooQuick Security related fixes are often undocumented, though they're usually related to code exploits rather than bots
Don't get your hopes up, only fixes get the undocumented treatment. Everything else Valve doesn't give a fuck
no, security fixes are usually not mentioned because telling any wouldbe hackers you just fixed a flaw may lead them to look for more flaws faster@@SethTooQuick
You can tell who commented before finishing the video, because they're asking why valve could check it but not do anything about it...
very good insight, shounic!
shounic is the hero of explaining such things on tf2
i agreee yamahaiamitchellman
wait if this handshake no longer works, that means Valve could apply the same script or code they made on CSGO, and put bots on only servers that have bots so they would kill each other for a underterminated time?
I had stroke reading this
Morbin
I'll try to clean this up:
"Wait, if the bot handshake can be detected, is it possible for Valve to implement a system similar to CS:GO's, where identified cheaters are grouped up in isolated servers and left to kill each other?"
The cheaters already stopped using the handshake
Well sorry for bad english i'm a brazilian, but thx correcting me
Man, dealing with bots is like a perpetual mouse and cat game between bot makers and developers. Unfortunately, this is the only way to minimize the bot invasion as much as possible without compromising too much of using a "permanent" solution like disabling chat for F2P players.
As long as the bot makers keep improving their schemes, the devs need to keep up and get to one or two steps ahead of them as the bot makers doing the same.
Glad the average players are starting to realize that fixing cheating issues isnt that easy regardless of game
i always said that, glad people starting to realize
@@Ultra289 it just was the radio silence,not even achnologing the problem for so long
Actually there was a bit of misinformation near the end, the bots are shooting each other because currently there is an uprising in botopia and there is a civil war
That's even better!
Sounds like a show I'm willing to lay money to watch!
They could also have gone the other way, and made everyone regularly broadcast the bots' secret invalid achievements, so the bots all think everyone's a bot and don't shoot anyone.
Again, they're secret. You as a player or a server would have no idea what the answer achievement is.
@@zizo5349 couldn’t they just make every player broadcast achievement 521-999+ then?
But the game server receives the message anyway. Just keep track of what the invalid achievement is and then apply it.
@@zizo5349 I think he meant something like having everyone unlock those achievements so Noone gets shot by bots.
@@zizo5349 Not really secret when you can just get the code online and do whatever you want to it
Ive legitimately barely seen any bots in the past few weeks
Looks like the tide is finally turning
demoman reference
@@unknownuser20778 I had the same experience as Milo on a few weeks 1-2 patches ago. Then cheaters found out what was the problem I guess and now it's back to square 1..
I swear I saw somewhere that one of the devs of a bot program or something like that quit so a large portion of bots either left or went to another program.
Bots are mostly gone but I’m seeing ALOT of closet cheaters now, some hide it and some are extremely obvious. Also there’s a group of people with extremely expensive unusuals and Australiums going around cheating just for fun
@@Odd-Definition Exactly. And worst of all is that they use patched exploits somehow.. I had a cheater heavy that used crits exploit to crit on will
So, there's a way for bots to figure out who're bots, but Valve can't use the same method to figure out who're bots? Damn.
It's a "secret" handshake for a reason, there's no way for valve to know which codes the bots are using. Cryptography in action!
@@markuskarlsson2001 They're using the invalid ones. They know which achievements are invalid.
@@markuskarlsson2001 ban everyone trying to unlock an invalid achievement ID for starters, you cant do that with an unmodified client, they fixed the issue but could've used that to detect and ban bots
@@markuskarlsson2001 It's only secret in that normal users can't see it. There's no cryptography going on, the server can see everything being sent to it
Who’re is definitely not a word.
You guys seem to forget that the guys who programmed the bots will prolly just make their bots not send the secret handshake anymore? People in the comments seem to believe valve could use this to catch bots or whatever when the people who make the bots would very easily be able to patch their bots to not send the invalid achivements. No matter what they did, the end result would be the same; bots remain, bots are no linger able to id eachother
Yeah but they just prevented the handshake from working here? Would it not be at the least minimally beneficial to make it so bots will get banned for attempting the handshake?
Yes they'll just make the bots not attempt the handshake, but exactly, they have to make the bots not attempt the handshake. Compared to what they have to do rn, which is nothing because valve just made handshakes not work, you see?
It seems like it would be just as easy to make a handshake attempt lead to a ban as it was to make a handshake attempt simply not go through, but with an added benefit of forcing the bot makers to change the bots. And it was a silent patch too, if they said nothing about it then the bot makers would have to FIGURE OUT that the handshake is what's causing the ban.
It just seems like it would've been a very easy & has some benefits over simply making the handshake not work. You're ultimately right, not much of an actual difference in full end results, but still
@@LOLWHATBRO it goes back to the fundamental problem stated in the first bot video; any measure to limit or ban bots would take more effort for Valve to implement than it would for bot makers to circumvent, better just to jump to what the end result should be. Also adding a built-in "ban when invalid advancements are sent" could cause even more problems for tf2 spagetti code, and seems like the kind of thing that could absolutely be accidentally triggered by some bug or exploit
@@LOLWHATBRO however doing this would make the game even more unstable, imagine you got a bit flip und suddenly you are sending 0010 1000 0100 (644) instead of 0000 1000 0100 (132), bam you get banned without any reason or fault. And like you said in the end it wouldnt matter.
Then don't ban them; instead give them the bot models and have them drop money when killed. Both teams share the same money pool and resupply lockers double as upgrade stations.
@@Weeblon On average a computer experiences 4 bit flips per gig of RAM per month...New players are the ones that unlock the most achievements...I can see the "hey I downloaded the game, placed a dispenser and got banned" posts
Shounic, would you have any way to know about the weird Unicode character that namebots were using? Windows games would never render it, but Mac and Linux would render it, allowing them to immediately tell the difference between the bots. It always looked like a line with a block at the top of it. It was always at the end of namebots until one day I pointed it out, and I think the botmakers intentionally changed it to be inbetween characters to be harder to see on the vote menu. On Windows it would also oddly render only in the killfeed occasionally.
It's apparently Unicode Character U+202C when I tried to look it up. Pasting it in Steam or anywhere else in my text editors would crash them immediately. Only my browser knew what to do with it.
There must be a font difference then, because I use ToonHud with a custom chat font which is literally just default chat with antialiasing, and I guess this also affected the killfeed which helped me know what players had impersonators. Unfortunately, the vote menu didn't display this character for me though
U+202C is "POP DIRECTIONAL FORMATTING", which shouldn't render as anything -- instead, it just disables the last directional formatting character (these are used to explicitly switch the direction of text from left-to-right or right-to-left). That's likely also why text editors crashed when you entered it -- there wasn't a previous directional formatting _to_ disable.
The character actually being rendered was probably a different one, though it would take a while to figure out which one from a description -- there's a lot of characters in Unicode.
@@Fayti1703 neat. Which implies there's a name exploit system with Unicode in Steam that hasn't been patched.
@@AshnSilvercorp is your profile picture the mark of ascension from Rain world?
@@scintillantflea4698 *dives back into void water*
I always thought they just added eachother to their friends list but come to think of how many thousands of bots there are i don't think that would work out too well.
"It's not a real achievement" - flashback to my childhood...
😂😂😂😂😭😭😭🤣🤣nooooooooooooo
>chad Valve secretly fixing the game, caring more about doing it right than getting reputation for it
1 year later now they dont shoot each other.
The dev commentary outro sends me back to 2007 trying to run tf2 on an Intel Atom
valve could make an ultimate and ban every bot in the game by simply write down every user that tried to unlock invalid achievement for a some period of time and ban everyone in this list
that would look epic, but it has no purpose since you can easily generate another million of bot-accounts
the botters are humans tho, they'll find another way
so what you’re saying is that the bots are killing each other now
Thats exactly what hes saying. And its funny af.
We shouldn't get too happy about it, though. There are rough two gazillion other methods they can use to identify each other; it's just that many of them are harder to code and maybe less efficient (so it takes a few ticks to process instead of just one).
@@Yveldi too late Im already too happy
@@Spacebugg NOOOOOO damnit
that's really interesting actually
It’s such an easy system to break too!! Valve could just ban anyone with invalid achievements
except its just broadcasting an invalid achievement like a radio tower and doesnt actually stick, malicious servers would also try to award you achievements outside of the normal range for an easy insta ban
Can you explain that patch note that says "Fixed a server crash caused by Sniper trying to eat his gun"?
Switching to the gun while eating a sandwich.
I've never played TF2. I learned this from a different comment.
Lmfao
Basically, if you were in spawn and had "respawn on loadout change" enabled in the option, if you started eating a sadnvich as Heavy but immediately switched to Sniper right before the animation started, it would play the eating animation on Sniper and his rifle instead, and it'd crash the server at the end of the taunt.
@@drucy. but sniper doesn't have a eating animation, does it?
@@AndresinReal It basically rigged Heavy animation directly onto Sniper's model, which deformed it greatly.
@@drucy. this doesn't explain why it happens, only how it happens, which everyone already knew just from reading the patch notes
Why not just trigger an anti cheat when they get an invalid achivement
Nice, can't wait to learn about how the bot developers get around that fix in a few months *if we're lucky.*
Edit: has bold text gotten even bolder on this site now?
bots still dont target eachother for some reason
clever indeed 👀
I once encountered an unusual bot on casual, whose sole purpose was to alert the legit players in the server that certain other players were bots. Maybe whatever method that bots will use now to identify each other can be turned on its head to create a bot that _exclusively_ targets other bots.
>Server is told achivement 521 is unlocked
>Server kicks and bans player that unlocked it
Problem, Botcrises?
What I've heard from a botter named pinkie, they have an config that they can whitelists their bots using steam64 so if a bot or player isn't whitelisted, it will target them.
honestly, that’s some good steps in the right direction. getting their hands on what they use, and then reverse-engineering it so they know what’s being exploited, and then fixing whatever exploits they’re using- it makes botters’ lives and efficiency that much harder.
Couldnt they just ban everyone who had those achievements? or players were also able to get them.
It kind of irritates me how maliciously smart this is.
Valve built in the theme 'players vs. robots' into the game in it's early life and now later in it's life those same robots can literally be used to aptly represent the biggest threat to the future of tf2. Nice one Valve.. >
Players could have created a plug-in to also send out the achievement broadcast and make themselves effectively invisible to bots, like in WWZ
good job as always:)
Couldn’t this be used by servers to determine if they’re bots to begin with and kick them preemptively? I get it wouldn’t work for all bots, but surely it could for at least most of the really annoying ones.
Then the bot devs will change tactics. Instead, valve should just flag them as being bots, and have the server give them robot models and have them drop money when killed. Collected money can be used by human players to buy upgrades at resupply lockers.
[Valve] N***** Killer is the most hilarious bot name I've ever seen. And I'm happy there are bots with such names. Granted I don't play TF2 since like 2014 😂
It's so funny seeing bots shoot each other.
God I really fo think tf2 is a great example between an old multiplayer game and a modern one. Before like with crits, text snd now achievements, the server didn't need to validate what it got from the client but now has to. Its why I think tf2 could use a recode. Since it was originally made in 2007 which was built on top of half life, it would be great if they could recode it with newer coding standards and practices.
to "recode" the game as you say would require such a sincere effort that they would essentially be creating an entire new game at no financial benefit to themselves. Even taking older aspects from the game and combining them with practises and features developed for CS:GO would take an immense amount of work that is just not feasible when time could be spent working on new interesting ideas
@@jacobwoodman4488 "...when time could be spent working on new interesting ideas"
My brother in Steam, you do realize that we're talking about Valve here, right?
@@-cams. Yes, he does. And Valve has basically given up on this game. It'll likely stay that way until an exec or higher up like Robin Walker or whoever gets up and decides "hey, we need to focus on TF2 right now", and considering how they currently just don't care about the game...
@@jacobwoodman4488 no financial benefit? Do you not see the armies of TF2 SIMPS that are still playing this game in 2022? That's a lot of wallets ! Just add some new monetization, and allow people to play the old version as "TF2 Classic" they'd make bucks.
Probably not more bucks than they're making now though lmao, because they really don't have to do anything at this point. They're raking in cash for just maintaining the service
@@LOLWHATBRO They don't need to try when those simps come crawling back regardless of fixes or updates coming out or not.
WHY does the client validate the achievement instead of the server?!?
nobody in any multiplayer game dev would EVER let the client validate data, they always could fake it... ._.
Fun fact: bots from different hosters use different handshakes, and you can see them killing each other fairly often.
Man why cant we have a bot that kills only bots
Does that mean we could create a software that detects and answers these fake achievements and effectively make people immune to bots ?
False. The problem still stands to this day. Yesterday i was playing goldrush and we got both teams blocked my bots.. we could not kick them so what then?
We had to all leave. So currently the bot problem still stands .. it's less then before... but it's still there.
Also 2fort is officially full of friendlies and people who stalemate the matched for longer then it should be and get mad if you dare playing the game as intended.
Update 1 it seems it depends on the server. In my recent games no bot spotted and those whp tried to play got instantniously kicked.
Bots wouldve been so much better if they didn't just kill you and were friendlies instead, still disrupts the game but doesnt make it unplayable
how long are you going brainwash your viewers into thinking that cheating accounts are NOT community made problem?
If bots can be programmed to only shoot human players, then that means we can program a bot that will only kill other bots
Fixed!
That was going on for a while. Unfortunately the aimbotters patched in a new method
I think valve did yhe wrong thing by removing to invalid achievments because they could have used them against the bots like community servers do
"oh look jimmy replied to me i should react with [insert achievement here]
my thoughts before the video:
most likely, it's the same person running the bots in that case.
or they have some way of comunicating amongst eachother about who is a bot
its not actually comeplete true catbots run over their own seperated network which makes them able to connect to and send bot identifies in order to see if thats a fellow bot or not and if bots have that disabled they will shoot each other like the attempted bot police bots which had these disabled to attack other bots
the so called NullNetwork i think it was
NullNexus yes. That's super complex in comparison to just sending fake achievements though so it's not surprising they replaced it.
I always wondered how that worked. Very informative as usual.
Yeah, I've been wondering why bots shoot other bots lmao
As much as bots and bot hosters suck, you gotta admit, that's pretty damn smart.
No
@@kitschydotpre4302 try coming up with this secret handshake on your own
What's to stop them sort of making pseudo binary messages with achievements and having the bot software actually check steam achievement progress for hyper specific patterns?
We need to find that achievement- oh nvm it's already gone
2:50 it would be batter if the account was deleted the millisecond a false achievement was sent
If I patched this, I'd make it so it looks like *everyone* unlocked the invalid achievement, thus causing bots to whitelist the entire lobby & I would have invalid achievements flag an account for suspicious activity (likely quickly leading to a non-delayed VAC ban if, say, their killstreak gets too high)
1. Bots no longer use this method, and as shounic said in the video, it has been patched out of TF2 and no longer works. 2. Even if this method still worked, there are near-infinite invalid achievement IDs, so botters would be able to just use any other invalid achievement ID. 3. VAC bans are intentionally delayed so that cheaters are unable to know exactly what triggered the ban.
Why havent they banned everyone with invalid achievements first?
Bots still don't shoot each other when I play.
1:00 AM IN THE CLUB! yeeaaaa boooyyyy
Tf2 bots maybe annoying, but they're really interesting
I dont understand why they bot though? What does it accomplish? Can you sell achievements?
no, it's just because some no-lifes and script kiddies thinks it's funny to ruin the game for everyone else
It took me longer than I'm happy to admit to realize that the video is talking about cheating, external bots, not Valve-made, in-game bots.
Pretty sure its happening again, so uh, could be real neat if we could figure out a way to become invisible to other bots using this trick.
Did you actually watch the video? Players can no longer unlock invalid achievements, therefore this method no longer works.
Couldnt we reverse engineer this in a way?
These bot creators could've done a lot of good things with their code, but decided that ruining the perfect game Team Foretress 2 was a good idea... Its 100% not, the game has so many fans you cant stop em all even with cheating AI
"the perfect game"
LMAOOOOOOOOOO
this is exactly why they do it, it's to make naive children like you realise that nothing is as good as you think it is
tf2 is literally nowhere near perfect it sucks
The pfps of the people above me are perfect for their respective comments lmao
@@darky5780 yes, my cat is indeed a negative little gremlin and he bites the shit out of my hand if he feels like it
@@Mate_Antal_Zoltan Ain't he an adorable little gremlim?
TF2 Machine VS Machine Update
shounic mabye you could make a video about how explosions work also eplaining why the caber dose less dmg from upbove and the oppisite from beneath
Please, make a video explaining how bots wear three hats in the same slot
This might be a weird question, but is it physicaly possible to backstab a building ?
I think not, even if buildings have back hit boxes t server won't register it as a stab
How does the bots shoot tho? Do they aim for everyone's head and when it is clear of obstacles, they shoot? If so, can we make random head hitboxes that spawns around the map randomly to attract the bots, but are invisible to the players? To think about it, all they have to do is to check whether the head is invisible or not. Goddamnit, now I have to go back to my thinking room...
The client will always need a way to distinguish what's real and what's fake in order for things to appear proper for the player. Whatever mechanism you use to distinguish, there will always be a way for the bot maker to detect it. In the case of invisible hotboxes, the bot maker could simply check if a player is actually rendered before trying to shoot.
RuneScape actually tries this, spawning invisible objects and NPCs around the player, it's trivial to detect and ignore them.
One of them recently has been Ghost in the Machine
I used a simplified version of this before, not for anything malicious but it was pretty cool.
thats him officer, the guy who made the tf2 bots
This is an interesting counterpoint to a well known principle in software engineering, of being "conservative in what you send but liberal in what you accept", which is actually mostly an awful idea. Makes you wonder what other kinds of data TF2 servers will blindly relay...
I'm told that most multiplayer games are... shockingly lacking in their security.
this bot problem is really just a digital arms race. Making it harder for bot makers only creates smarter bots in the long run...
If community servers know how to block bots then why doesn't Valve servers do the same thing?
Because no one is trying to massively invade community servers. Community servers use pretty crude and simple fixes because that's all that is needed really.
If you put these fixes on Valve Casual. They will find a qay around these limits.
what if they just like, removed sniper from the game. Like sure it would be a massive loss to the community but the game would actually be playable again
That probably be very unlikely
@@revertfellpapyrusfandeunde4380 Shame, sniper is obviously an integral class but the game would actually be playable again if it were removed from competitive matchmaking
Bots aren't killing each other anymore lol
Surely this could be used to ban the bots?
Rather than fixing it, it would have been better to use it to ban the bots: not only you prevent the use of fake achievements (like the fix does) but you also ban the occasional bot
The bots change it to not look for handshakes.
Then a few innocent people also get banned. Bot makers find a way to force achievements possibly banning innocents.
Nothing was accomplished.
@@Buglin_Burger7878 The average TF2 player has a room-temperature IQ.
How do the bots find heads so easily? I heard that cheat clients remove every texture and replace the colors of the classes head models, and then targets that color? I don't know how true that is
I am no expert but I am pretty sure bots can't see what normal players see, so for them it must be just hitboxes instead of recolored models
Those visualizations are for human cheaters, bots look at the raw game state.
@@kaeruKola_ it is indeed hitboxes, you can select a hitbox to hit in cathook.
Most bots don't operate by using the contents of the screen for anything (though they theoretically could). As part of playing a multiplayer game, the server sends various information about the state of the game to your game client. Your game client uses that information to know where to place players, projectiles, and other objects, and draw them to your screen. Bots also use this information, but they aren't concerned with drawing a game scene. They just know where in the 3d space all of the players are, and where their heads are, and can use raycasts to determine if they have line of sight to heads. Then it is just a matter of calculating the exact movement needed to rotate and aim directly at the head, and sending that movement to the server. These types of calculations are very simple, and are often used by the game itself for various things (how do you think sentry guns work? They do the same thing, but apply the movement over time instead of instantly)
Had no clue, explains a fair bit
So why didn't valve implement the invaild achievement instant ban? It seems like it worked for the servers that did it.
Because there's a chance botters could turn it around on players and start giving innocent players invalid achievements, therefore causing them to be falsely banned. Is it really not that obvious?
@@numbersstationsarchive194 I mean, it clearly is not, considering I needed to ask the question.
So it’s just sending data packets
Man thats fucked up, tf2 is fucked up
it's pretty obvious
how do they do it now?
Huh, that's quite a weird, but makes sense for random bots queueing into random servers.
In Global Offensive we usually just whitelist our SteamIDs
Lmao there is something epic about TF2 bots basically using espionage techniques to avoid friendly fire