Aimbot

An aimbot (sometimes called "auto-aim") is a type of computer game bot used in first-person shooter games to provide varying levels of target acquisition assistance to the player. It is sometimes incorporated as a feature of a game (where it is usually called "auto-aim" or "aiming assist"). However, making the aim-bot more powerful in multiplayer games is considered cheating, as it gives the user an advantage over unaided players.

Aimbots have varying levels of effectiveness. Some aimbots can do all of the aiming and shooting, requiring the user to move into a position where the opponents are visible; this level of automation usually makes it difficult to hide an aimbot—for example, the player might make inhumanly fast turns that always end with his or her crosshairs targeting an opponent's head. Numerous anti-cheat mechanisms have been employed by companies such as Valve to prevent their use and avoid the accusations.

Some games have "auto-aim" as an option in the game. This is not the same as an aimbot; it simply helps the user to aim when playing offline against computer opponents usually by slowing the movement of 'looking/aiming' while the crosshair is on or near a target. It is common for console FPS games to have this feature to compensate for the lack of precision in analog-stick control pads.

Contents

Color aimbots

Color aimbots are an old and easy method to hacking – they can work in any game that supports colored models. As color aimbots don't hook the game or modify any file, most anti-cheats don't detect them. Despite being lower in performance than hooking aimbots, color aimbots are fast enough to be used as cheats. They however have disadvantages – because the detection is purely color coded, the aimbot may aim at textures that contain the color, at dead bodies, parts of the environment, the flag in Capture the Flag, or at team mates after switching teams.

Color aimbots work by scanning the entire or parts of the players screen for the selected RGB value. Once a pixel of the color is detected the aimbot will move the players mouse cursor to that pixel. As such, color aimbots need more system resources than a standard aimbot.

There are versions that scan a smaller area around the players sight and activates this scan when the player presses a button. This type of color aimbot does not require as much resources and is much harder to spot. It does require more effort on the part of users because they have to aim at least somewhat in the correct direction.

Color aimbots are very inaccurate because most FPS games include different visual lighting effects which can distort the color.

Graphics driver-based aimbots

Another type are graphic driver-based aimbots. These types of hacks hijack the current API, such as DirectX or OpenGL, which render a game's graphics to the screen, and use the data gathered to locate players and other objects, for example by counting the number of polygons of player models. Once a player has been identified and tagged as the target, a series of calculations are performed to take the three dimensional location of a single coordinate within this model and convert it to a two dimensional set of coordinates. This pair of x- and y-values is then used in conjunction with some input API to move the cursor to the specified location, thus causing the player to aim at the target. Graphics driver aimbots are common in closed-source games, because it is not necessary to have the game sourcecode to write them.

Client hook-based aimbots

Client hook aimbots work by patching either the game executable on the hard disk, or by directly patching the instruction cache. Patching allows for redirection of the program execution flow, which allows to modify program behaviour, such as removing recoil, making players behind walls visible or predicting and drawing weapon projectile trajectories. Patching is accomplished by injecting a shared library ('so' on Linux, 'dll' on Windows, 'dylib' on Mac) in a running process. On Windows, one usually has to do this by DLL injection, ordinarily with CreateRemoteProcess or SETDLL, while on Linux/UNIX (including Wine), it is possible to use LD_PRELOAD (on Mac DYLD_INSERT_LIBRARY) to load a shared library into a process.

StoogeBot

First and certainly the most enduring example of an aimbot was the Stanford StoogeBot, a proxy-based system for the game Quake written by students at Stanford University. The StoogeBot featured a number of different modes (each of which implemented a different strategy), named after members of The Three Stooges. The StoogeBot's operator (known as the "driver") used an unmodified Quake client, and moved around the game world as normal, picking up equipment and pursuing (or, in theory, fleeing from) adversaries. Rather than being connected directly to the Quake server, the driver's client connected to a custom proxy on which the StoogeBot code ran, a man-in-the-middle attack. The driver's movement commands were passed through unaffected, but the StoogeBot assumed responsibility for selecting, targeting, and firing weapons. As Quake's network protocol allowed clients (and thus the StoogeBot) to know the positions of players even when they were obscured by scenery, the StoogeBot had the uncanny ability to shoot players moments after they emerged into view (even with slow-moving weapons such as rockets).

The driver's view didn't turn to match the StoogeBot's inhuman aim, instead behaving as if the StoogeBot wasn't present. The StoogeBot's operation was entirely automatic, and it made no attempt to hide its superhuman prowess. Indeed, it announced its presence (in an in-game chat message) and altered the player's name (as sent to the game server) to include the prefix "SBOT*", and its authors didn't release the source to their program knowing unscrupulous users would immediately remove this protection. The StoogeBot's skills were so blatant and made games so one-sided that when hacked StoogeBots (which didn't announce themselves) became available, their use remained glaringly obvious.