GTA 5 source code leaks online
sportskeeda.comFor anyone that is curious, according to 4chan (i.e. take it with a mountain of salt):
> Apparently there are 3 leaks in circulation:
> 3.3 gigs, src only
> 17 gigs, src + partial assets
> 1 TB, src + full assets
I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.
It makes me wish that copyright lasted less time and that submitting source code was a requirement for software projects to receive protection. Then once copyright expires the source can be in the public domain, and we don't have to waste time reverse engineering to reconstruct what was already done. Admittedly, it's a pipe dream. But it makes me sad how much software is destined to be lost to time because of copyright law.
A lot of people love GTA5 online, and hopefully this leak contains everything needed to create a private server should Rockstar decide to take down the service.
I’m reminded of the time when a Reddit user bought a random box of Blizzard things on eBay and ended up finding a StarCraft gold master source code CD. Many people suggested sharing the code, but Blizzard lawyers reached out. Blizzard eventually gave them a bunch of swag after they returned it.
Would have been so interesting to see.
Those lawyers must have had a laugh there and then. Money? Nah, let’s see if they go with toys and clothing from the warehouse.
Publishing it would be breaking the law and exposing themselves to a lawsuit, which they would lose. The swag is nice.
Well there's two arguments to be made. They 100% gave him the source code in a grab bag of goodies. That's a pretty simple case of he has a right to the disc itself, so he could have just kept it (or resold it) and not published. Them giving him "stuff" was them "buying" the item back, not just them being nice (as you put it).
There's also an argument to be made that the code itself does not infringe on their IP, as this was the lost source code from the old edition of StarCraft (from how I'm reading it in the news). Losing this code specifically made Blizzard restart the project, so it's not even the same project nor a commercially released product.
The former argument is pretty black and white. The latter very tenuous.
> There's also an argument to be made that the code itself does not infringe on their IP,
That’s not how IP works.
Blizzard didn’t forfeit their rights to the IP at any point. Even selling them a grab bag of stuff that unintentionally included a copy of the source code doesn’t mean the recipient actually received a legal license to the IP.
You can make all the arguments you want, but in the court of law you’re not going to get away with anything that involves giving away another company’s IP, even if they accidentally let you see a copy of it. “Finders keepers” doesn’t work with IP.
Sure, the recipient doesn't have the right to call it their own or commercially distribute/benefit from it. I didn't make a claim otherwise.
I said the code they have does not infringe on the commercially released product called StarCraft as it is not a portion thereof. I even stated that releasing it or otherwise making it available is tenuous at best. So I'm not even sure what you're arguing.
> “Finders keepers” doesn’t work with IP.
He didn't "find" it, they willingly transferred it to him along with a bunch of other things they randomly grabbed from their warehouse.
"IP" is a collection of various laws and contracts used to keep exclusivity, it doesn't exist on its own. No law mentions IP. I am not sure the case is a firm as you say it is. Especially since he didn't sign anything.
Not publishing doesn't break any law and that disc is worth more in any way than a few knick-knacks.
And if you don't make an online post about it you could even anonymously leak it to archive.org or something so at least that game won't be yet another that's lost forever thanks to DRM.
Who said anything about publishing. Just give it to a friend who might share it with peers
Now in addition to copyright violation you’re part of a conspiracy
Sports teams do it all the time.
Congrats catching that ball that could be worth more than a hundred thousand dollars, would you like a grab bag of team merchandises instead?
What's a gold master source code CD? Source code wouldn't be in the gold master... The gold master is the final version intended to be pressed to retail disks.
Also:
"The disc in question allegedly contains the source code to the original StarCraft game that GameSpot reported as being lost back in 2000 -- it forced Blizzard to start from scratch on its massively popular real-time strategy game."
What does this mean? StarCraft came out in 1998. Also losing one copy doesn't mean you lose all the other copies. And I can't find this supposed article from 2000. I have so many questions...
It probably means “version of the source code used to build the gold master”.
Some places have (or had) a business process of escrowing both the release and the source used to build it. Escrowing just the source used to build the release can require significantly less storage than escrowing the whole version control system. It also avoids the problem “we have the entire revision history, but we aren’t sure which commit was used to build these binaries”
If you lose everything-a colleague told me the story of a company whose offices were in WTC, luckily all the staff got out alive on 9/11, but they forgot to make offsite backups of the source code-the source code to the release(s) shipped to customers is most important, because you need it to make patches. The rest of the revision history, while valuable, is less essential.
Presumably the source code for the gold master - “Gold Master Source Code” was written on the disk itself. The Imgur link is no more, but you can still see a preview image of it in the original Reddit post. Judging from the comments, it also sounds like the OP may have looked through the contents on a live stream and confirmed it was source code.
https://www.reddit.com/r/gamecollecting/comments/640iem/foun...
> The Imgur link is no more, but you can still see a preview image of it in the original Reddit post.
Here it is: https://web.archive.org/web/20170505105616/https://imgur.com...
what a sad story!
> I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.
Don't underestimate that software patents play a role in that. For instance, the source code release of Doom 3 had to be modified to remove a rendering technique under patent by Creative - even though John Carmack invented the technique simultaneously and independently of Creative[0]
[0]: https://www.theverge.com/gaming/2011/11/17/2569394/john-carm...
The original Doom had third-party audio playback routines, so the source came with a rewritten sound server: https://github.com/id-Software/DOOM/tree/master/sndserv
The bad news: this code only compiles and runs on linux. We couldn't release the dos code because of a copyrighted sound library we used (wow, was that a mistake -- I write my own sound code now), and I honestly don't even know what happened to the port that microsoft did to windows.
Related, I released the source code to Heroes of Newerth (a dota 2 competitor) after the company died (after dota 2 pulverized them). https://github.com/shawwn/noh
Oh man, what a nostalgia trip. I spent a lot of nights as a teenager playing Savage, S2 and then HoN. Thanks for the link. I have a fond memory of Marc kicking me off a pub S2 game because I slow debuffed him as the commander.
One time I walked into James Fielding’s office, our lead designer. He had a crumpled keyboard on his desk that he used as a pencil holder. I asked him what the hell, and he said it was a trophy from an inhouse game when Marc smashed his keyboard after losing.
He was an interesting fellow. He tried to teach me the value of self awareness, a lesson I was too young to internalize. I see now it was because he spent many years trying to break his raging habit.
The full source tree is at https://github.com/shawwn/hon by the way. There’s a lot of server side components and installer misc that were eluded from NoH, but you might like browsing.
That's amazing. I was wondering how you had the rights to do it. Apparently you don't?
> All code and assets are MIT licensed, to the extent that I'm authorized to do so. Which is to say, not at all. But nobody cares at this point
Kudos! I guess you know the people will enough to know they won't go after you?
So many people loved HoN, great to see it shared!
Having an escrow in a structure like the library of congress (or the NSA, they have tons of storage /s) and they get released when company dies or the product isn't commercialised for more than x years. Or when the company decides to.
Maybe it is a bit more complicated with assets rights, that's what a couple game devs told me.
Dan Geer (CISO at In-Q-Tel, the CIA’s private investment arm) gave a BlackHat talk that advocated for this, among other things.
https://youtube.com/watch?si=8txvgqH6mqerinkZ&v=nT-TGvYOBpI&...
Something about the CIA and NSA having access to a large library of commercial source code makes me feel uneasy from a privacy perspective. It's like inviting the neighborhood robbers over for dinner.
I wonder if there's a way to implement this without storing the code with a central authority, e.g. by encrypting the code so that it can only be decrypted in X years. You'd probably still have to have a central authority involved to ensure people can't just fast-forward - but a system similar to TOTP codes could be a neat mechanism!
I don't think we have any way to do that. Time is abstract for algorithms. Unless you make something you know you couldn't solve in less than x years. But that assumes you can predict improvements in algorithms and computing power over a long period which could be tricky to get precisely.
You use reflective solar bodies X/2 light years away and blast them with highly redundant encrypted data such that in X years Earth will be on the receiving end of the reflected transmission.
> I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.
technically true, but the risk of tainting FOSS projects to the point they can be killed by corporate lawyers could be too high. What if a FOSS developer implements in perfect good faith an algorithm that shares some resemblance to a proprietary shared source piece of code they just studied two months before? Could whoever owns that code have enough grounds to send a c&d to stop any development if not attempting to take ownership of the project? Not sure if I'd like to test that. As much as I deeply dislike closed source, I'm convinced that having a firm distinction between open and closed helps to avoid some dangerous grey areas.
Self-plug: Old World, a 4X game from the lead of Civ4, has from day one shipped with a copy of the entire gameplay source code. It's not the full source of the game as the rendering-related parts and a couple systems classes are excluded but most of that is handled by Unity anyway, but every bit of game logic is public.
3.3 gigs of just text source code? That is unfathomable to me.
EDIT: Okay, I guess if it also include revision control then that makes more sense. Still, that is huge.
lots of binaries are in there. it's ~16GB decompressed
What's the actual size of just a single version?
That would be very interesting indeed! Knowing nothing about actual game development, I always imagine games must have the worst spaghetti code imaginable. They are an artistic product with a shelf life of at most a couple of years. Once it gets running, the quality of the code must have a priority below almost anything else.
It's probably different these days with much lrger teams and engines like Unreal, but still.
Reminder: full source leak should include binaries and source for 3rd party libraries Rockstar licensed to use - so this leak could impact other companies too.
Private servers are already possible and also popular. The network is called FiveM and it has a lot more features and customization than the original.
> peak
peek
next weeks headline: "GTA5 performance up 40% due to fan-submitted patches."
[0]: https://www.pcgamer.com/rockstar-thanks-gta-online-player-wh...
I came to post this, I did play GTA online a couple years ago and their bugs never get patched unless it affects the money (like a glitch that gives me game-money so you won’t have to pay an actual money), any other glitches that ruin the game never get patched.
Maybe the Mt. Chiliad Mystery will be finally solved
That's awesome.
Nothing on that site about this one, which I can't talk about :)
https://www.reddit.com/r/gaming/comments/3ylmm4/comment/cyet...
I wonder if we'll ever get a San Andreas source code leak/release that would finally debunk or confirm the mystery of Bigfoot. After all these years, I still have hope that it's real...
that has already been debunked. It was the hunger making CJ stomach growl that people mistaked for bigfoot sounds.
> stomach growl that people mistaked for bigfoot sounds
bigfoot's biggest achievement was masking his cry as the sound of an empty stomach
Oh man I used to visit a subreddit every few months dedicated to this to make fun of people who were wasting tremendous amounts of time looking for something that clearly wasn’t there.
I'm always wishing there were more AAA games I could play natively on aarch64 linux. Porting it might not be the easiest thing in the world, but a source leak opens the door for it.
Yesterday I discovered that perfect dark for the n64 has been decompiled and built for windows (I'd assume Linux would not be difficult given it's decompiled now). Anyway it looks utterly amazing. There's been a few other projects like this.
Looks like it already supports Linux!
> I'm always wishing there were more AAA games I could play natively on aarch64 linux. Porting it might not be the easiest thing in the world, but a source leak opens the door for it.
Except a source code leak is basically the worst thing that could happen with this goal in mind.
It's a far cry from reverse engineering or a company open sourcing it. Most people aren't even going to touch it beyond the curiousity.
We don't need most people, just a handful of very dedicated volunteers. That's what happened with Thief/Thief 2/System Shock 2's Dark engine, which was patched for modern hardware after its source was leaked by an ex-employee.
I'm not hypothesizing about the behavior of others, I'm speaking only for myself.
Except for GTA.. the fan base is HUGE to the point that fans made a whole role play servers just to continue playing an obsolete game, I’m almost certain someone either anonymous or in a country isn’t subjected to US laws will pick it up and do something somehow.
Would be nice to have a completely open source reimplementation that works with the assets of the legitimately purchased game but without their launcher crapware.
And without micro transactions
plenty of custom servers on alt:v, fivem, ragemp platforms.
Serious, why would anybody care besides modding community, and maybe GTA Online hackers?
No competitor can think there's anything there worth their money and effort.
There are people in Amsterdam that steal bikes only to sell them for 10Eur.
I just don’t understand why would anyone do that but I am software dev working remotely it doesn’t make sense in „my world” - it most likely makes sense in someone’s else world.
If you want quick money, you sell things cheap. If you're addicted to drugs and need a quick high, you do easy crimes, and anything that's easy for money (including prostitution).
Thanks for explanation. But that was rhetorical question to illustrate the point that one might not see whole picture and incentives are also hidden.
But I didn’t want to spell out specific examples for stealing source code as the same for bikes to leave it up for readers.
Opioids are a hell of a drug
It could be a great learning material. I'm not a game developer, but I would be very happy to have an AAA game source code I can build locally.
99% of game developers dont build on their own engines. It's would be like looking into Linux kernel source code to build your own music player app or TODO app. Few people who do heavy engine lifting in C++ simply not gonna bother with someone else code.
But I pretty sure everyone in modding community would be really happy.
Everyone should read the Linux kernel source to see how aggressively up a painful local maximum you can get in the name of simplicity.
What do you mean?
Just a guess, but perhaps things like the process model. PID 1, fork, exec and so forth. Or argv, or environment variables, or “everything is a file”, or having just three streams (stdin, stdout, stderr).
In isolation, all beautifully simple concepts, but there has been an awful lot built on top over several decades, stretching and outgrowing the simplicity. The complexity of modern technology has to live somewhere, though.
I read a lot of Linux kernel code and I’m just a meager application developer.
The key difference is you are licensed and entitled to read the Linux source code.
GTA 5 hasn’t been licensed to you and you are absolutely not entitled to read it, even if you managed to get hold of it due to a theft. By reading it as an app developer you taint your knowledge with stolen intellectual property and stolen trade secrets, potentially exposing yourself and any game you work on (including for an employer) to criminal and civil penalties.
That’s the immense value of open source and Linux in specific. You are allowed to read it, improve it, rip out bits that are useful (as compliant with the license), and use the concepts as fully licensed intellectual property without trade secret encumbrance.
I am personally really interested in reading the source and see how they do things. I’m certain there’s fascinating bits of tech in there. But I wouldn’t underestimate the risk I would put myself, my family, and my employer at and the willingness of corporations to crush the small guy. See the pain inflicted by downloading mp3s, and the marginal value of copying an mp3 is infinitesimal compared to the source code of a AAA game to the studio.
If developers became tainted by knowledge of proprietary/secret code, wouldn't you be bound for life to your first employer? And wouldn't reading GPL code like Linux also taint your mind for life? What if a coworker or some random FOSS author read the code and later used a technique they saw, and then you see it and your mind is now tainted too? Sounds like a nonsense "risk".
You actually are bound to not disclosure their trade secrets. Trade knowledge isn’t a trade secret, but there are aspects of their code they may consider “secret sauce,” which if you took and implemented at a competitor you better believe they will come after your employer for. I’ve seen it many times in my career over the last 30 years. Be careful, it’s absolutely not nonsense and you personally are potentially implicated.
Is the risk any different than that if a programmer who used to work for Rockstar games?
Aren't former employees allowed to learn from their experience working on GTA V and develop products based on that knowledge, just as Rockstar programmers have used prior knowledge to develop GTA V?
The key is trade secrets. There are aspects that are common trade skills that are transferable, but some things are considered secrets in their novelty and competitive advantage. You absolutely can not disclose those to subsequent employers.
Usually though it’s really hard to establish this unless you were a key person behind some key technology. But it’s very common in high finance (high end hedge funds, etc) that they go after people for bringing some algorithm or technique to a competitor.
But there is a huge difference between knowledge gained in employment, which is protected by employment law and common sense, and knowledge gained in the furtherance of a crime. Copying, distributing, studying, and replicating trade secrets from stolen source code is ABSOLUTELY not protected under any squinting at the law.
> By reading it as an app developer you taint your knowledge with stolen intellectual property and stolen trade secrets, potentially exposing yourself and any game you work on (including for an employer) to criminal and civil penalties.
Yes
How stupid. What a stupid waste
Got to love capitalism
That’s why I’m a big fan of free software (in the FSF sense). But being a fan also means I’m aware of the consequences we face in our current structure. I’m worried reading these posts most people don’t realize the grave danger they could be in.
If you just want this, go download the Doom 3 Source code, or look at Lyra + UE5.
Worse, no competitor should allow their employees to ever download or worse look at the source code as it would taint all their IP with possible theft. Just because the code is leaked doesn’t mean Rockstar has lost ownership of the intellectual property, it just means everyone distributing it is participating in the theft and everyone holding it is complicit. Worse by reading it and possibly using trade secrets embedded in the code in a competitors product exposes the competitor to civil and criminal penalties.
I would treat the source code as radioactive toxic waste to be handled at your own peril.
ReactOS also treated/treats leaked Windows source code this way (disallow contributions even if you have academic or goverment-backed permission to look at it).
Rockstar micro-transactions would be one reason for Rockstar themselves to actually care about this. Hackers summoning RMT rewards in GTAV Online were already a "problem."
Speedrunners probably care too.
This is probably the most likely source of interest; modders might get some benefit from knowing the actual source but the decompiles are usually just as good (except variable names, perhaps, see Minecraft SRG, etc).
But speedrunners might be able to realize new exploits to reduce time that aren't apparent from the decomp.
Compatibility is also a point, GTA V works pretty well on Steam Proton, but it might clarify some bugs that already exist, while also helping with better support for RDR 2 and GTA 6 in the future.
Rock star is getting a lot of hits recently, and I’m not entirely sure if it’s an inside job, bad management, poor hires, or mix of all or something completely different, I would imagine they should have increased their measures when GTA6 got leaked..
This news is from the same 2022 leak, for some reason it is just getting coverage again now.
It's getting coverage because the GTAV source and assets weren't publicly leaked until now. The hack was in 2022, but AFAIK nobody but a select few had access to the stolen data.
Got it. Thanks.
Maybe the load times can be improved even further now…
"Out on bail for allegedly hacking the hardware company Nvidia, Kurtaj, prosecutors say, pulled off the GTA heist while staying under police protection at a Travelodge hotel. Without his computer, he somehow managed to hack into Rockstar using his smartphone, an Amazon Firestick, and the TV in his hotel room."
Oh? I will allow it.
https://nymag.com/intelligencer/2023/12/teen-hacked-grand-th...
After reading this I assumed he used some kind of remote server he had access to. Eg phone is the Bluetooth keyboard, fire stick provides an internet connection and a browser, and remote server provides the full Linux environment to do whatever actually hacking with.
That doesn't really get you much vs just using the phone. Bigger screen and notional multitasking I guess
Evasion of surveillance of his phone's internet usage?
I think I read somewhere (can't find the source at the moment) that he mainly used his existing access (to slack?) from his phone and didn't actually do much hacking at that point.
At this point, they really need to start leveraging this man's skills for good or *lawful* evil.
Give this man freedom and sic him on Moscow's infrastructure as penance. They have no chance.
The ends justify the means?
Assuming its not completely wrong that to me sounds something like that he just had the files stored somewhere.
That being said travelodge Wi-Fi is so bad, maybe the only way would've been actually doing the job.
I assume rockstar didn't pay, so they leaked the source code. Not sure why anything would be delayed because of this.
Why would they pay? It's a 10-year-old game that's the second best selling game of all time. Rockstar made their money, and there isn't anything a competitor could use to gain an advantage. It's almost good because it's free press for GTA VI.
1. The game still sells 10+ million copies a year.
2. GTA online brings at least half a billion a year in microtransactions.
The vast majority of those sales are for GTA online, which this leak doesn't inherently give you access to. I don't see this leak financially harming Rockstar more than the cost of the presumed ransom, people still have to pay to play GTA online.
Give it time and there will be private servers for the modded client
There are already private servers. There are whole communities built up around role playing in bootleg GTA 5 servers.
For context, one of these is FiveM[0], which is very popular (and if anything, a lot better than the official Online in many ways.)
[0]: https://fivem.net/
Rockstar bought the developers of the private server software out and integrated them into their teams, presumably for GTA 6.
If they cared about their customers they would pay to stop them (us) getting pwned with numerous 0-day vulnerabilities that no doubt exist in a 15 year old code base that had never seen the light of day.
Free advertising, very well timed indeed.
source leaks damage things aside from profitability.
this will just serve as yet another feather in the cap for the exploit/hacking/modding community; and a lot of THOSE people make cash by selling exploits.
If rockstar cared about cheating ( they don't ) this would throw a big monkey wrench into that effort, obfuscation is half the battle in a game where book-keeping like an MMO would be performance prohibitive.
Pay whom. Just explain me in brief how this leaking scene works.
1) Entity gets hacked
2) Hackers exfiltrate data from the target (this could be source code, database dumps, employee records, emails, or any combination of the above - basically anything that could be seen that has value to the company staying private.
3) Depending on the model used, the hackers either privately or publicly informs entity they have their data and unless a payment of X if made the data will get leaked or sold to the highest bidder.
I don't understand how anyone would ever pay. There is nothing guaranteeing you the hackers actually destroy their copy of the data on payment, so they could just come back and ask you for another payment every few months.
Or are we really supposed to believe these criminals would follow some sort of made up honor code?
You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).
However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.
But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.
Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage
With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.
Interesting game theory scenario
I don’t know if it’s really that interesting; reputation is just a fundamental currency required to facilitate trade when it can’t be guaranteed otherwise — there is in fact an honor amongst thieves.
These arm-chair game theory arguments tend to fall apart instantly as soon as you assume multiple rounds are played.
> However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.
The hackers are the real victims here
They have an incentive to uphold their end, otherwise they will never be able to extort someone else in the future.
Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.
You're missing the incentives. They /could/ change their name each operation, but then, as you note, the target would have reduced motivation to actually pay. By keeping their name, and keeping their word, customers are more likely to pay in the future, because there's a history of good faith transactions. And, of course, a group that is relying on their reputation like this must police their trademark and prevent other groups from abusing it.
"Good faith" is a difficult to grasp concept when concerning people who are holding your data for ransom
"good faith" == "continued future income".
There isn't any measure of morality or honor involved like you are suggesting.
If the criminals get a reputation for dumping data after you pay, no one will pay anymore. It’s not honor, its customer service.
Their business model wouldn't work if they did a double random. It's not an honor code but a common sense code.
Which is why it should be illegal to pay them off
There was an infamous ransomware attack. One of the hackers was convicted this week hence the timing of the leak https://www.bbc.com/news/technology-67663128
ransomware
Would be interesting to see a native ARM version coming out of this.
It seems the engine supports it as a target, even with NEON extensions
Rockstar, being major deeks to open-source projects, deserve this to the fullest.
It's interesting how much a community can improve performance. It's hard to imagine him doing all of this without a hacking community to motivate him.
Funny thing the whole ordeal but completely useless for anyone who writes code for money. I ain't touching that with a 10ft foot pole.
I'm surprised to see so much Ruby used in a video game. Excluding libraries and gems, there exist 627 *.rb files!
Granted, it is all for utilities and automation external to the game itself, but it's definitely not a common language in 2023.
If GTA5 Online on PC is still going to be a thing, the smartest move is probably to open source the code and let the community report and fix vulnerabilities.
Does this mean more and more developers could easily make GTA like games now that they have access to this source code ?
No. It's more like a writer describing their creative process. Knowing how someone else gathers ideas or structures text may help you improve your own writing, but that is still a very small part of publishing an original work.
not by much, usually I review the data models to absorb their design and translate into lessons
If they can extract the game engine code into a reusable framework, yes.
No game created from it could ever be legally released though.
If it's a closed source release, how could anyone prove which code/framework they reused ?
I'd imagine a complex game engine has some bugs or weird behaviours in specific conditions. If it can be proven that the closed source game has a lot of the same bugs/behaviours, that is likely enough to win a lawsuit.
>Reverse engineers have entered the chat room.
Finding this would be pretty trivial depending on how much was stolen. And proving this would be more of a matter for Rockstar lawyers
Decompile it and see things work exactly the way the original game does, bugs and all
Can’t you decompile it?
I hope Somebody figures out the reason for the horrible loading times
It's quite scary when video game source code leaks. No doubt people will start finding RCEs to exploit.
Video games are already full of exploits. That's what allows a rich modding scene to thrive.
Video games sit in this really weird place in software engineering where 'security' in the traditional sense doesn't necessarily apply.
Games are either single-player and don't really make any sense to exploit, or are multiplayer and have weird kernel-level DRM and anti-cheat, and on the server side, mainly host multiplayer matchmaking and servers.
Even if games have been exploited maliciously, users would have to go out of their way to find a malware-laden version on a shady BitTorrent website, and in that case the BitTorrent protocol is the real vector, not the video game itself.
Don't get me wrong, I'm not saying video game RCEs aren't security a problem—but they have fairly extensive positive implications that might not be usually considered.
> Video games are already full of exploits. That's what allows a rich modding scene to thrive
I'm not sure I see the correlation? unless you explicitly mean online modding, which I'm not sure it happens that often.
I've been modding games for a few years and it's mostly interacting with Windows API and its capability to access other processes in the same user space by injecting DLLs. I've never looked for vulns inside the game itself.
If you refer to online modding, usually while they're local some games allow it, but as soon as it affects gameplay they're very rarely what I would say they're wide enough 'to thrive'.
It is true that the term of security doesn't apply that often to offline games, though.
You seem to be confusing local modding and remote code execution over multiplayer, which are very different
Wouldn't be nearly as much of a problem if they didn't cheap out on the multiplayer and make it P2P instead of hosting proper servers. Valve's Source engine has been leaked half a dozen times and I don't think there's ever been a client-to-client RCE ever because servers are fully authoritative and clients have very limited control over what happens on the server.
I don’t see how the source code of a game being public is a problem; the game will be as enjoyable (or as crap) with or without the source code public.
Oh wait, Rockstar are going the multiplayer plus gacha route. A leak may hurt because the players may not need the gacha.
For single player games, I see no problem.
And for those hoping more games release source code, I don’t think the source for commercial games is in a state where you can learn from it :)
What is "gotcha route"?
https://en.wikipedia.org/wiki/Gacha_game
Putting a mechanic into your game where you spend real world money to gamble for skins and stuff. Game companies realized they can make a lot of money selling what modders used to be able to do for free. It's apparently a well known thing that there exist "whales" that spend huge amounts of money on these things. Probably a decent number are addicts being abused.
'gacha' refers to 'gachapon' in japanese, originally referring to lottery elements in mobile games (typically asian), now referring to exploitive microtransactions and addictive elements in all forms of gaming. Loot boxes are a common gacha element. The poster is implying that GTAV is exploitive.
The multiplayer is. And the startup screen tries VERY HARD to push you into the multiplayer. And god help you if you start the multiplayer even once.
Did he leak GTA V (2013) or GTA VI (2024)? The story is inconsistent.
It was GTAV (2013) that was leaked. GTAVI was leaked a few months back in the form of early development videos and the reveal trailer but nothing else.
Edit: GTA6 code and a testing build were supposedly also taken in the Rockstar hack, but none of that has been publicly leaked as of today.
Ah, OK. Not a big deal, then, except for GTA modders.
> Fans are requested to appreciate the hard work the developers put into their video games and avoid spreading the leaked source code further.
Alternately, appreciate the hard work by making interesting mods for the game. GTA5 has already had an extensive modding scene for the 10 years it’s been out, but now I assume mods will become easier to make and more powerful, benefiting Rockstar’s customers who paid for the game. And who is hurt? Not pirates, who could obtain the game starting shortly after release. Potentially people playing against cheaters online, except I’ve heard they’ve had free rein for a long time.
Companies should release their own games’ source code. Other software too.
> And who is hurt?
from the POV of management, a leak of the source might prevent a future re-release, which cuts into future potential profits!
How?
Why re release my 2008 game as a remaster in 2023 if Sven in Sweden already patched the (open) source with QOL changes and provided higher texture mods.
It does cut on future dumb re releases :)
They filed a lawsuit against the engineers behind the reverse engineering of GTA III/VC who published their work on GitHub. To strengthen their own legal position and to combat the obvious argument that "You abandoned this and had no intention to profit further from it", Rockstar/Take-Two paid for the quickest, dirtiest, shoddiest port that was put out within a month of their lawsuit being filed: https://en.wikipedia.org/wiki/Grand_Theft_Auto:_The_Trilogy_...
> from the POV of management, a leak of the source might prevent a future re-release, which cuts into future potential profits!
In the aftermath of the backlash from their shoddy legal engineering project, they decided to not remaster other games: https://kotaku.com/gta-iv-remastered-red-dead-redemption-can...
It's rather the other way around, they'd been working on the remasters for a while and were completely blindsided by the publishing of the re3 / reVC source code, which promised to be a better option than their own remasters could be. This scared them shitless and led to the lawsuit.
Emulators have given that forever. It does not seem to have stopped re-releases.
Leaked doesn’t equal open. It’s likely a crime to own a copy, and it’s definitely a crime to distribute it.
No way!
GPL'd source is an intriguing prospect to me. I'd BSD or MIT the libraries, engine, and other building blocks. But the games .. GPL feels right. With the assets being copyright probably?
Why not GPL the building blocks if you want the end product to be GPL'd as well?
If you want to make new works that are not GPLd, not GPLing the building blocks would let you do that.
Alternatively, you could LGPL the building blocks, still allow the end products to not need to be GPLd, but require development on the building blocks to be open sourced.
GPL + a copyright assignment agreement also works (because the copyright holder can issue any sort of license he pleases in addition to GPL)
Sven doesn’t care about contributing his changes back to your tree and does not assign you copyright. GPL is fine for Sven. Ingrid can use Sven’s GPL changes because she’ll use that license too. You want to dual licence, you can’t use Sven or Ingrid code.
Copyright assignment + gpl so you can charge for a different licence too only works if nobody wants to fork. Doubt that’s the case for this sort of thing.
Because I don't care what license other people release their games with.
ubisoft deserves to get the source code for all their old games leaked. One by one they have shut the servers down (quite understandable because of server costs) but offered no ways or means whatsoever to play them alienating the old fans really hard. Some of us have memories of playing the older games which we can never relive again. It should be illegal for a game company to shut an online only game down without offering a LAN patch. Developers should bake in LAN functionality from day 1 but keep it hidden which the patch must fix at EOL for games
Surely server costs for something that's no longer being used much can't be very high? Running an idle ETLegacy server on my desktop uses a whopping 100 MB RAM and 0.02 CPU cores on my 6th gen i5 with the powersave governor on and all cores at 800 MHz. The more obvious motivation is just that they want you to buy their new thing and not have the old one anymore.
If the matchmaking server isn't getting requests, you can put it on a potato VM for $5/month or whatever. Likewise at least old games could run with 64 players on much weaker CPUs than we have today. Surely a small VM could keep a handful of 16 player servers around.
It's mostly risk and inefficient org structure.
It is really cool that Id keeps the ET master server online from like 2003. There is more than one nowadays, but most servers only ping the old master. I occasionally work on ETL btw, nice to meet a fellow ET player!
The biggest cost here isn't the hardware, it's the people keeping the lights on.
I'm used to working in a context where you have to deal with audits and it makes sense to weigh that cost, but for video games, couldn't they throw it in EC2 or fargate in an account with nothing else and forget about it? It doesn't need to have access to anything important (it might not need access to anything at all if you're not persisting any player data). If the only open port is the game server, patch schedules can be somewhere between late and never.
No it's deffinately not as easy as that. You need to manage those servers, manage the updates, security patches, roll out updates to the game server... Because it will need updates because things break or need security updates etc. Managing things like that means it needs to be within the existing infrastructure. Imagine with every old game they just threw up an ec2 and left it rotting, they'd have hundreds of out of date servers running vulnerable software, it would be a nightmare.
Videogames also by very definition attract the kind of people who will want to hack the servers for fun; which in extreme cases will also involve RCE on the player's computers:
https://www.polygon.com/22898895/dark-souls-pvp-exploit-mult...
But what I'm saying is why do they need to install updates? If the only open port is your software, who cares if curl or ssh or whatever is out of date. Worst case, you shut it down if it ever does get compromised, and there was nothing anyone could do with that machine because it was underpowered and firewalled to only allow incoming connections on your game port and no outgoing connections. Unless there's an exploitable vulnerability in the Linux networking stack or their server application, everything else doesn't matter. If they run it in fargate, Amazon will take care of Linux patches, so it's only their application server that matters. Games usually use custom UDP protocols, right? So there's no off-the-shelf library for them to patch in their application.
Same deal with people talking about windows requiring new hardware really: for most people the answer should be "good, it'll stop rebooting to update now". Almost everyone is behind a firewall that doesn't allow incoming connections (it can't by default because of NAT). The only point of entry is the browser, and if you stay off the seedier parts of the web and have an adblocker, that's not really an issue either. Your bank or Spotify presumably aren't going to be dropping malware on your machine via old browser exploits.
You can't do that kind of thing if you're under some auditing regime, but they're not, right?
Because that's not how videogames in 2023 (or the past ~decade plus) have worked.
You need, at a very minimum:
— login system that also works with consoles
— persistence for users stats (maybe not for some kinds of games)
— matchmaking service (which really wants a persistence system for SBMM)
— make sure your systems aren't actively being exploited (you don't want to accidentally run a botnet)
— make sure nobody is "hacking" or modding the game (what's the point of keeping the severs up if they're filled with aimhacking bots)
— monitor the services to make sure they're up
— potentially patch the games on multiple platforms if you need to make a backwards-compatible change to fulfill any of the above.
— also potentially update your games if the console vendors make changes to their stacks
I agree that it sucks that the services are being shut down without any alternatives being provided, and I wish there was a way to force the publishers to support them for longer or provide an OSS servers options; but it is definitely not "free" or "easy" to provide these services for years.
You already have the login and database systems though. And who cares if someone mods or hacks the game; you were going to abandon it. If people are still having fun, you've added some incremental happiness to the world. If an OS vendor breaks your game that you otherwise would've abandoned, that sounds like something the users should take up with the OS vendor (really, it's something the users should take up with the OS vendor regardless, but if you've already decided you're done supporting it, that definitely applies). Or on PC they can avoid patching/"upgrading".
Basically, unless someone takes control of your servers or other players, if the alternative is to shut it down, why not just leave as-is and not maintain/support it? If an impactful exploit is found, then shut it down. Preemptively shutting it down because the experience might degrade is silly; shutting it down will definitely break it.
So you want the unsupported, unmanaged, not monitored game server - that will get hacked - access to the credentials database that holds emails, password, names, addresses and possibly payment details?
You also want users to contact the the OS devs when their old, unmanaged, not updated game no longer works? Or you want the users not to install important security updates because they want to play one old game?
None of what you've said really makes sense in the the enterprise IT world. AS it's already been previously stated to you, you can't just spin up a VM and host your game on it, it just doesn't work like that. There are plenty of valid reasons for that in the thread already.
Why would a game server database have payment details or passwords or PII? That's insane to start. It's a video game server, not a bank. It shouldn't have anything important on it. Even auth is handled by platforms/stores (which are maintained) for some time now, right? So the actual game servers just receive tokens for the user?
> Or you want the users not to install important security updates because they want to play one old game?
If the OS vendor is releasing patches that break user programs, then yes. This anti-customer attitude of move fast and break (other people's) things (without their consent) needs to die.
Historically, games were designed so that you very much could just spin up a VM and host it. Has that competence been lost? I'm not seeing why things aren't designed to continue working. It's not difficult to do.
You want separate logins to purchase dlc?
You also now want the current login severs to continue to support the old game logins and handle auth for them? So we're still supporting the old game, still maintaining it.
These old unmaintained, unmanaged servers you want to run get hacked they distribute malware to your users. Whoops, the hosting provider finds out, the business account gets locked, now nothing works.
They get hacked a different way, they start mining bitcoin, your hosting provider finds out and locks the business account, whoops, now nothing works.
They get hacked a different way, they intercept the api calls to the auth servers. They use the auth tokens to break into people's main accounts, use that for phishing attacks, steal millions of dollars. Whoops.
>it's not difficult to do.
That's the point you don't get. It is difficult. Standards change, security changes, things NEED updating or things go wrong, people lose confidence in you, you dont make any money and you go out of business.
Spin up an old version of minecaft on an old version of Linux, see how long it lasts before it all goes wrong.
legacy games of ubisoft such as watch dogs, splinter cell conviction/blacklist, ghost recon future soldier, far cry 3 etc only need a server to login via ubi credentials, they actually work peer to peer so shutting these down is a crime on so many levels honestly
It's more than $0. That means that when ubi goes belly up, nobody will be able to pay the bill to keep the lights on, no matter how cheap it is to do so
Not that a large corporation would ever do this, but you could imagine an indie company that cared setting up a trust with a few thousand dollars of the initial revenue, and that could pay the bills indefinitely using the interest.
For a large company, that money could've been a few micropennies back to the investors, so obviously it's silly to imagine. Also, if they really cared, they'd release the server code so others could run it.
Win95 didn't use that many resources either, why don't you run it on your servers? Just imagine the sea of unpatchable vulnerabilities
Such games are often not peer to peer, like the games of old. Releasing a server in a form that's somehow operable by a third party is not always easy.
If there's enough people interested in the game, someone will figure out how to run a private server. People are so persistent it happens even without the source code. For many online games the source code is either stolen or dedicated people black box reverse engineer it just to run private servers. That's how runescape private servers operated back in the day, although I don't know if it was a clean room reverse engineer.. someone probably stole the code given Jagex.
The source should be released. Regardless of how "hard" it is to stand up (it's just a server, stop being ridiculous) the people will find a way.
Correct me if I'm wrong but aren't most old school RTS games peer to peer?
EDIT: I misinterpreted the comment as saying that old games weren't P2P, sorry.
which is why there should be a law in place to force game companies to add LAN even if it is completely hidden from day 1 which should not be usable if companies care about competitive edge but at EOL they should be forced to add a patch that activates this feature
Indeed, I sincerely hope someone leaks Rocksmith 2014 soon, as well as all the no-longer-available CDLC packs. The current Rocksmith+ is a completely different application and is not a substitute, I want the real thing that I already paid for back.
What you wish upon others, you wish upon yourself.
Afaik most of Ubisoft games were offline singles. Even the game that sparked always online debate AC2 has been offline playable for very long time.
There are ofc online games that were shut down - that's a problem of whole industry.
They did publish the code for World in Conflict online server (initially made by Massive Entertainment), and a few other tools https://github.com/ubisoft
SHA256 hash for anyone got the file:
46ffb7f65944d4aaf97fd1eb8718be2dcd1ede71d38228bf126d25cf4f100e7b 3.31GB no_pass_gtav_source.zip
76f50dd98da88ec574b6c2800193f3579e588073fd05f18190313af2cfbb6bf3 4.33GB GTAVSP.7z (Pass: Mi76#b>9mRed)
Pardon my regardiness, but the description here says that there are two files and in the magnet link and mediafire one there is only one (the bigger one). Where's the smaller file?
Sorry for the noob question but how do you decrypt a SHA256 hash?
The hash is not for decryption. It is for checking the integrity of the downloaded file.
You don’t decrypt a hash, a hash is used to verify integrity of a specific content. You can use several programs to create a hash of the files you downloaded, and compare it to this person’s hash to see if they’re the same.
I wonder why Finder refuses to decrypt GTAVSP.7z, but I guess that's because it doesn't support 7z-specific crypto extensions.
can you tell why 7zip is showing password error again and again
Use the one in the password.txt file that comes along with the zip file.
*i was copying pass and pasting .. once i typed it worked thanks..
its not working . Which app should i use to extract
As chains of trusts go, this is utterly useless! Unless you’re about to post a picture of yourself with your HN username, today’s newspaper and a linked biog at a trusted domain that proves beyond doubt your integrity.
haha, grepping for curse words for a laugh. multiples of:
// DON'T FUCK WITH THIS UNLESS YOU KNOW WHAT YOU'RE DOING!
This will forever not be funny: https://www.youtube.com/watch?v=R_b2B5tKBUM
I've been told it's a pretty good game as well, in spite of the ranting comments.
// We have optimized the heap sizes to reduce TLB misses. Change this and you could &%$# up performance (by as much as 1+ ms/frame)
Cache misses are one thing but here it's virtual memory and page tables!?
TLB = Translation Lookaside Buffer
That means someone did at some point and broke something quite badly.
every coder on earth at one point in time: let's optimize this without actually testing anything
and then spends months finding and undoing. And writes this comment. Can confirm.
rockstar should be proud that hackers are applying what they learned from their games
God the web has gone to total crap outside of just a few sites. This site is unbearable on mobile.
It's the ads. Way too many of them, way too many layouts.
Really wasnt that bad. Not great. But far from awful.