Fade Into Oblivion Combined efforts of BW sites catches more hackers
Introduction A new technique discovered by the TL.net user flag has allowed us to catch players using the Oblivion hack or hacks similar to it, even when the hacker has the “autosplit” option turned off.
The validity of this method has been tested and verified through a collaborative effort by replay specialists and administrators at TeamLiquid.net, ICCup.com, GosuGamers.net, SCLegacy.com, and WGTour.com. Currently, teams at all five of these sites are working to uncover and confirm hackers. Please note that this report is not solely speaking for TL.net, but is also speaking for these other four sites. You will find similar reports in the news on these others sites shortly.
The following people have been caught hacking with this method: RoX.Localhost, TT1, Executor, Killah, Excello.Tronic, NaW-SenSei, NaW-PuSh, and sMi.Spades. There are more names under suspicion, but have been omitted here to allow for a more complete and thorough investigation.
Explanation of method When you select units (men/buildings) it is recorded in the replay. However, some map hacks remove the recording of selections on units which are not your own. This happens in any game type (UMS, Melee, etc.) and regardless of the number of players. The reason for this is because previously hackers have been caught by analyzing the replay and finding cases of them clicking on things which they could not see without a map hack. Because selecting an enemy unit is the only way to see things like upgrades, health, build progress, or distinguish buildings that are identical while they build, decent players do this quite often.
In a game over 15 minutes, over 99% of the time a good player will have at least one selection of an enemy unit. All of the players in this list have several games played in a row (which are over 15 minutes) and without ever clicking an enemy unit once. While for only one game, there might be a 1% chance of this happening to even a legitimate player, the chance of this happening 5 times in a row is roughly 1 out of 10 billion.
There are two potential faults to this method of finding map hackers:
The first is that there is some other legitimate SC related program that for whatever reason removes selection of units other than your own. However we have checked some of the more commonly used SC programs (Advloader, APM Live, Chaos Launcher, etc.) and none have done such things. If such a program exists, a falsely accused player would promptly be able to determine it.
The second is that they are simply a player that does not ever select other's units. This is not the case for the players listed above, because when looking at games they played on LAN or with ICCup anti-hack launcher on, they click on enemy units just as much as anyone else.
This second “I never click on enemy units!” excuse may be pleaded by a newbie with an APM of 50, who never checks opponents’ upgrades and waits for buildings to complete to see what they are, but for a non-newbie, scouting is just too much an advantage for a competitive SC player to pass up. In looking through thousands of replays, we have not found one competitive player who frequently never clicks on opponents’ units for multiple games over 15 minutes. But do not simply assume this. We are sure there are newbies out there who never ever click, so if you are gathering data make sure to find replays of that player having many clicks either on LAN or with ICCup anti-hack enabled.
Instructions on how to use the “Flag” Method To do so, open BWChart v1.03G, go to “Options” and “Other Options.” Change the “Suspicious events” field to “Ignore events after: 2000 minutes instead of minutes (default).” Reload BWChart to refresh. Now BWChart will mark any selection of an opponent's unit as suspicious. When you reload BWChart, go to “Charts” and uncheck all the boxes in the bottom left box instead of “Suspicious” and you should see suspicious events in red.
Lack of any suspicious actions is what is actually suspicious though. When doing this it is important to remember that just because a player has 0 suspicious actions does not mean they are hacking in this game, although the longer the game the stronger evidence it is.
Things to keep in mind:
1. One single replay, especially under 15 minutes, is not solid proof. The proof percentages increase exponentially with multiple games or games played in a series, preferably over 15 minutes.
2. To combat the “I am just a person who never clicks!” defense, find multiple replays of games where the player has many suspicious actions. This should not be hard to find.
Now that this replay method is released, there will be idiots who throw hack accusations back and forth based on one 5 minute replay with no clicks. Please just ignore them, and recognize that the proofs below were done with hours of work and hundreds of replays.
Case by case explanations **Let "clicks" mean selection of opponents units.
Sensei has 13 clickless replays (and none with clicks) from Jan 26 to April 11. Most are multi set matches from clan wars. There are eight other replays of SenSei, provided by the NaW leaders, most from Q-Cup, all of which have many clicks. Download pack here: http://teamliquid.net/staff/Hot_Bid/Flag/sensei.zip
These have been dear members of our team so I don't really want to say anything bad about them. They screwed up and for this pointless act they cannot remain in team NaW, meaning they are released with immediate effect. NaW has been around for 4 years and this is our first incident where a team member is involved in serious cheating accusations.
They have been good friends with the team and Push even let me stay at his home and treated me dinner and everything. So I really don’t want to be too harsh against them, even though I think what they did was wrong and I can never support their acts of stupidity.
The team will take a big blow because of this, but I wish both players good luck in their future. We will now look for replacement players.
Sensei – “I have been using this "hack" called [omitted] or something not totally sure about it but it is a map hack. I was sent it through one of my friends NaW-Logic around 3 months ago (after I joined NaW) just before I reached A rank on ICCup in which you could use the hack with the AH loader ON. [Side note: this hack no longer works on ICCup’s AH launcher]. I have been using this hack ever since in all of the events i have played in for the past time. It became addicting to use the hack it made things so much easier even though my level was high without it. With it I could be on par and beat basically all players. I really don’t know what I was thinking it was just an easy way out and before this time I hated hackers just as much myself. For me I will be quitting BW. I guess this is finally my chance to get away from the game and never come back which I have been wanting to do for awhile this is a great excuse to do it and get back to real life and continue with real life studies and plans which were majorly distrupted by BW. I am sorry to team NaW- and any of my other friends that I have played with over the years that I turned to such a low scum way of playing a game and my lesson is learned.
Push – “All I can say is that it was more like a try than competing with it. But it will be done, remove me from the NaW team. Sorry for the bad publicity I made the team and every bullshit that will happen now.”
We know your first impulse will be to flame the NaW team for having hackers. However, please know that Emerald, merz, and many others on the team have cooperated 100% with the investigation by either giving replays or getting confessions. Yes, this team had two hackers, but they did everything humanly possible to get rid of them, and in our opinion acted very professionally.
All 10 games in Ascension, played in February 2008, have 0 clicks, totaling over 80 minutes of game play. All 15 games played in a LAN on Feb 10 have multiple clicks, even averaging over 10 per game. All 9 games played in the Excello Cup, an online tour (Feb 17) using the alias “cruelpoliceman” have 0 clicks, totaling over 2 hours of game play. With a generous estimate of a game having a 10% chance of no clicks (the real value is probably about 1%, but dependent on game length) in any given game played without hack, the chance of these sets having no clicks is 1/10^14, or 1 in one-hundred trillion.
When confronted with the accusation, Localhost provided an FPVOD of one game in one of the Ascension Bo5 series in question. You can download the VOD here. What he didn't realize at the time was how he was caught, or that Oblivion or hacks like it do not record unit selections other than your own, even if it is in the “off” or “lite” state. He probably anticipated being accused of hacking at one point so occasionally makes an FPVOD of one game in a set as proof with hack in off mode, but not closed. In the VOD, he clearly selects a creep colony as well as many other things (zerglings, etc.) yet none of these actions are recorded in the replay.
Download replay pack with the games in question here.
Additional games with extraneous proof can be found at replayhome.com, a useful site for investigating all players due to its 75,000+ replays in database.
Since a new method of Oblivion maphack detection was found many players were claimed to be "dirty".
As for our new 2x2 pair (Executor and Killah), the probative force of this method is strong. I have seen it my own, and I can’t challenge the efficiency of the method in their case. All WGT CL replays were marked as "dirty." (it's quite clear when you compare them with ICCUP "clean" ones).
But it is polar opposite in Victor's case (localhost). First, he had "dirty" replays only in Ascension tournament and Excello Cup #1. Assuming localhost is a hacker it's very strange for me, that a hacker is loosing hacked games, winning lots of tournaments (e.g. WGT CL, ICCUP CL, LANs and many online ones) without the hack. Thus I don’t think it is fair to claim him. Moreover, pirate version of software is still a problem for Russia, and gamers often download it and just buy CD-Keys. I mean he could have such a StarCraft copy at home, or at the cafe, where he used to play. Yet we do respect Counter Abuse Team work and understand their efforts to make a clean e-Sport.
We have the following decision. We apologize to Executor and Killah for this may be unfair decision, but we have to release them for RoX. As for Victor, to avoid ambiguity he should be in some sort of quarantine zone. From this time forward he is bounded to record FPVod of all official tournaments or leagues, to upload them as a proof at any moment. I would also like to draw admin's attention on a fact that ALL the replays except Ascension and Excello Cup #1 were "clean". None of us want a questionable decision like MistrZZZ’ one to happen again. And TSL once showed how professional they are, apologized to him after wrong decision. Let this professionalism be now. Not only at TSL, but other portals also.
Thanks for understanding. Very truly yours, Kirill Rus_Brain Patyrykin, Here on behalf of RoX team leader.
We at TeamLiquid.net cannot speak for the other sites like WGT or ICCup, but we can speak for TSL. While Localhost was found only to be using a hack in Ascension and Excello Cup #1 but not in WGT CL, ICCup CL or various other tournaments, we cannot make that distinction here. He not only violated our policy of hacking within the past year, but repeatedly lied and attempted to deceive us with an FPVOD. Localhost will be removed from the current TSL.
We respect the wishes of the RoX team and applaud their decisions in the cases of Executor and Killah (more on them later on). We hope that in the future Localhost's name can be cleared and that the measures to ensure his future fair play are effective.
Disciplinary action for events under the jurisdiction of the other sites will be detailed in their respective newsposts. Please note that no other RoX players were found to have "dirty" replays using this method.
***Special Update*** More "dirty" replays of Localhost have been found in GG.net's "Masters of the Craft" money tournament. Please recognize that the statements above made by RoX managers were before this new information, and they are re-evaluating the situation in light of this new information. We thank the RoX team for supporting and validating this method.
In a replay pack from WGT tour around May 2007, there are 54 games played under the alias “aqua66,” none of which have any clicks. In 5 recent games played outside of the TSL there are no clicks (games are from idg clan war versus Mistrzzz and miscellaneous games versus Moonek and Haypro). In his games in the TSL, all games we have seen have many clicks, but a few with none can most likely be found if you check all 250. Generous mathematical chance of TT1 having no clicks (occurring naturally) is 1 in 10^59.
When confronted with the evidence against him, TT1 claimed that he had lent his WGT account to a friend and that it was not him playing those games. However, one of the games played under “aqua66” versus Skew, TT1 put into a replay pack of himself released here.
Hotkey analysis by Romad and Midian also verify that it was actually TT1 playing under aqua66 (while there may be a very few games played by his friend).
The sad part about this is that TT1 is currently in the Top 16 of the TSL ladder, hosted on ICCup which we have not yet found a replay where he is “dirty.” He has made statements to Manifesto and Hot_Bid that promise that he does not hack anymore and that his TSL games are clean, which we believe. He also promises to make FPVODs of all matches in an effort to clean his reputation.
While we appreciate the sentiment and meaning behind his words, it is quite clear that he has hacked within the past year, as recently as February 2008. This violates the policy of the TSL of hacking within the past year so TT1 will be disqualified and removed from the TSL. To some of you this punishment may seem harsh given the number of clean games he’s played, and to some of you this punishment may not seem harsh enough. TT1 has made several false statements, and it is our decision in this case to stick with our rule.
Of Executor’s last approximately 18 games from ReplayHome here, only one has clicks in it. It was an hour long game and there were no clicks for the first 50 minutes and then there are many clicks for the rest of the game, this is most likely because for whatever reason he closed the hack completely at this point in the game. If you look beyond the first 20 replays, in older games, most of the games have a normal amount of clicks.
In the past Executor has been found to have recieved a loss after playing an UMS game here. This was caused by Blizzard's Warden program, which determined him to be hacking. Later he was found (link here) to have a replay with an action at the beginning which can only be caused by a program called Warden Watch which prevents you from getting a loss after such games where you hack. It was deemed not enough evidence because it only proved he used a hack, not a map hack.
There are no replays available of Killah playing recently without Executor as his partner. They are friends as evident by the fact that they changed clans together, and he helped defended Executor, and they are always a 2v2 team. Of the 33 clickless games played by Executor, 17 are 2v2's with Killah as his partner. Looking at older games, they both have had many clicks in their 2v2's and they both stopped having them at the exact same time.
***Executor and Killah both recently left Los Reyes Del Mambo (LRM).
There are 10 recent clickless replays of Tronic from clan wars and miscellaneous matches. Most of these are multi set matches and many of the games are very long (30-40 minutes). Also included is a replay pack provided by Tronic himself (in his defense) which is mostly older games all which have clicks. http://teamliquid.net/staff/Hot_Bid/Flag/Tronic.rar
When confronted with the evidence, Excello.Tronic claimed that he simply never clicks enemy units, or that the proof was mathematically flawed. However this is not likely because older matches (before a hack, or this particular hack was used) had many clicks, and recent games there are none. The chance of Tronic having zero clicks occurring naturally only in non-ICCup matches (WGTCL clan wars) after a certain date is virtually 0%.
Tronic is in a leadership position with Team Excello, and while we understand that it is difficult to break trust with friends and teammates when such accusations are leveled against them, the weight of the evidence is so strong that it cannot be ignored.
We acknowledge this stubborn loyalty to their player Tronic, bu choosing to dismiss this method in the face of such overwhelming evidence when so many others have accepted it can only hurt Excello in the future. Please note that Tronic was the only Excello player to have been caught with this method.
***Special Update*** Tronic is apparently stepping down from his admin position on Excello.
All 14 games played in the Yankee League (Jan to April) are clickless (replays not publicly released). 72 games played in WGT ladder http://rapidshare.com/files/98162605/WGT_LADDER.rar where most of the games there have clicks. However a fair number of these games, roughly 15% are clickless, however many are short games. Spades either hacked some there too, or doesn't click enemy units as much as other players. Even if you give him the benefit of the doubt and say in any game he plays without hack there is a 20% chance no clicks, the chance of playing all 14 games of the Yankee League is 0.2**14 = 1 in 6103515625. There is further supporting evidence (check Spades’ WGTCL matches), but the Yankee League provides the clearest proof (pending Xeris releasing the Spades’ replays to the public).
You can download other games here or a compilation of clan wars/etc sets without clicks here.
I planned on providing an estimation of the chance of each player being innocent, but it was getting repetitive. A generous estimation of clickless to click-filled games is 1 in 10, but that is assuming a 10% ratio of clickless games, when the actual number is closer to 1%, but varies by player. This does not mean if you find twp replays of Mondragon or White-Ra (I have yet to see even one after seeing hundreds of his replays due to the wide variety of opponents they face) not clicking that there is a 99% chance hacks, the games must be a decent length, preferably consecutive, and multiple in number to show they are not flukes.
[u]Conclusion We applaud the teams that have cooperated with us (NaW and RoX) and so should you, as they are taking proactive steps to maintain the integrity of their team and members, and we look forward in cooperating with them in the future to ensure fair play.
We also urge the community to support the efforts of the players and administrators who worked so hard to make this and other anti-hack announcements possible, and to trust in the collective judgment of TeamLiquid.net, GosuGamers.net, ICCup.com, WGTour.com, and SCLegacy.com.
You also have all the information in front of you, and you as the public can make a decision along with the joint judgment from these five sites. Please keep in mind that in addition to a consensus of the method's validity from the major Brood War news and ladder sites, we have the support of two teams whose players have been named, and two confessions from players who have been caught.
Thanks to Sn3t, Walen, Juppi, Boone, Yello-ant and Scythe from ICCup; Mazor, Raistlin, Pogdi, Vilda, and Artanis from GosuGamers; LordofAscension from SCLegacy; DKnight, Emerald, and Insane from WGTour; and Hot_Bid, Kennigit, Manifesto, and R1CH from TeamLiquid. Also thanks to Artosis, Nony, Xeris, and others for providing replays and testing the methodology. Lastly, thanks to flag for his ingenuity in discovering the method and countless hours collecting and analyzing replays.
We thank all the players currently competing in the TeamLiquid StarLeague who do not let the cheating actions of a few stand between them and fair play. We will continue to work hard to ensure a safe, honest environment and foster an atmosphere of professionalism in our events. We cannot speak for other sites, but we believe that they will also conform to such standards in events under their jurisdiction.
We hope that in the future ladders and tournaments will remain hack free, and that this spirit of cooperation between major SC:BW sites continues.
To be serious for a moment though, I just wish people would realize that the amount of work these cheaters cause the organizers of the community reduces the amount of work we can do for other things. It ruins it for everyone. Im probably jsut shouting down a well here though.
Last edit: 2008-04-20 22:10:07
@Manifesto7 - Who says terran is underpowered! I'm #1 Gold
KizZBG u gotta skate. April 20 2008 22:06. Posts 8152
"Fucking up is part of it. If you can't fail, you have to always win. And I don't think you can always win." Elliott Smith ------ Yet no sudden rage darkened his face, and his eyes were calm as they studied her. Then he smiled. 'Witness.'
Push got owned. There was a lot of rumors among our dying Franch bw community but i didnt think that he was an hacker because the first guy who accused Push to hack was the lamest guy ever, Myst. He bragged about how he deserved aninvite in Tot) more than Sarens ahahah and now he might be the next admin of Fra A. Life is funny, but now i understand why all his LAN results sucked.
LOL @ Tronic: an admin who hacks.
fuck all those elitists brb watching streams of elite players.
Thank YOU tl.net for all the tremendous work that has made this possible. Although I'm very saddened by the fact that some of these players are getting banned, I'm bound to agree that they have to be punished.
Hack and you will get caught, eventually.
Winners never quit, quitters never win.
CoralReefer Canada. April 20 2008 22:26. Posts 2069
Wow. Excellent job guys. I am incredibly happy that such a solid stance has been taken against hacking. And I am even more happy that the foreign BW community came together this way to stamp out the scum.
RowdierBob Australia. April 20 2008 22:27. Posts 9120
I'm so glad this was done, it is about time the community cleans out the clutter. Although it really does make me sad to see some of the more respectable players leaving the tournament, as well as the Starcraft foreign scene (Hopefully they won't be allowed to trash Starcraft anymore), it is about time there is a league that is legitimate and uses measures to make sure people are playing without haX.
I am really surprised about Localhost though. That is saddening. But I'm sure Spades is going to commit suicide after making a comment to Artosis that "[Artosis] isn't on [his] level."
Oh god I ran all my stuff into siege tanks... shnarf.
Burn in hell idiots you are the worst scum ever. TT1 I don't wanna have anything to do with you anymore go die a painful death. Executor + Push you fuckers dared to insult me when I told everyone you were maphacking YOU ARE FUCKING TRASH. God bless oblivion, best antihack ever.