Exposure for leaked source code to Counter-Strike: Global Offensive and Team Fortress 2 has experts concerned that it could possibly lead to cheats, exploits, and a fastrack to Valve’s Source 2.
Though an outdated model, source code for Valve’s beloved FPS title has been getting shared online. This gives everyone from CSGO enthusiasts to malicious actors a way to “literally build the game,” according to ‘2Eggss,’ an ethical hacker and Steamworks developer.
To be clear, everything that hackers and exploit makers needed to make cheats in CSGO was already out in the wild, which is why services like the Valve anti-cheat (VAC) system exist to try to thwart any potential hacks that may come out of them.
While the source code has been dwelling around corners of the internet for some time, now it’s been made public.
The information getting shared online works as sort of a beacon for anyone interested in creating harmful exploits, since they now have fairly recent and complete builds for two of Steam’s most popular titles.
That might not be entirely exciting for those with prior knowledge of the situation, but people are already coming across things like a remote code execution (RCE) exploit for Team Fortress 2 that could potentially let someone make use of a player’s computer that is logged into the game.
“Do not play Team Fortress right now,” 2Eggss explained. “There’s some RCE exploits in the engine that could allow malicious code to run right now.”
In less than a day of these leaks being made public, TF2 players are being advised by people like 2Eggss to refrain from opening their game, in case anyone is looking to gain remote access.
CSGO historian and President of competitive club Dogmination, Nors3, said that Valve will almost certainly address the leaks in the coming days for what they could mean for the FPS title and developers of other games.
“CSGO code to make cheats was already very public in many repositories,” he said. “This leak just gives more advertising to it. It means more to Valve as a whole. It involves a lot of people and projects, it's a bad leak for them and gives to other devs an advantage.”
Devs for similar games such as Valorant and the like can take a peek at this 2018 source code to see inside mechanisms for one of the longest thriving esports titles in the world.
Nors3 expects the famously silent Valve developers, possibly Gabe Newell as well, to address the leak in the coming days.
Others speculate that this leak could be a motivation for Valve to push out Source 2, the long-waited engine update for their titles.
“This [leak] is awful, and I wish that it didn't happen,” user ‘Vadographer’ said. “However, this does open the door for both games to potentially be ported to Source 2.”
Valve has already been teasing refined features from the new engine like 2018’s Panorama UI update for CSGO.
The source code leak would give eager eyes a look into the inner workings of Valve’s popular titles, a reality that the developers, who tend to like their privacy, would have a problem with.
“Expect a Valve statement about the Source code leak. It can take days tho, and Gaben for sure will step in," Nors3 said. "New internal rules could appear, and someone could be fired and maybe sued.”
Update on April 22 4:54 P.M.:
Valve has responded to the reemergence of the leaked code by notifying players there is no "reason for players to be alarmed or avoid the current builds."
We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.
— CS:GO (@CSGO) April 22, 2020
They advised their player base to stick to the official CSGO servers where they'll have the "greatest security" while playing.