[Megathread] The Source Code Leaks
Since the news is kind of a big deal, let’s center all discussions here. Existing threads about this can and will be fused there.


What exactly happened ?
The source code for TF2 and CS:GO was apparently leaked to the public. For TF2, the codebase seems to be dated around the time of Jungle Inferno’s release.
UPDATE 2 : Team Fortress 2 source code may not have leaked after all according to the source below.
UPDATE 3 : TF2 source confirmed not leaked : what filtered is really just shared code with the CS:GO leak. See this public source.

UPDATE : Official word on the CS:GO side of things :

We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.

Does Valve know about this yet ?
The news was forwarded internally, so they probably already know about it. If you have further informations, feel free to share.
UPDATE : They do, and have reviewed it. Source.

How will it impact TF2 ?
With the full source code release, it’s highly possible that cheat developers will use those to develop cheats and/or exploits based on unfixed glitches. I’d expect future updates to stamp it out fast, though.

Do note that for an exploit to impact you, it requires you to be playing on an online server and on the same one as an exploiter with an active exploit on hand : either of those conditions missing means you’re safe.

Xem thêm  CSGO update 17-8-2017 / Five Seven king / Fix lỗi một loạt lỗi và làm sập các server sourcemod

If you’re a coder, find out one of those exploits, can craft a PoC but decide to not exploit it for evil, head over to this link[] : you may get rewarded.

UPDATE 2 : According to the earlier source, TF2 may be confirmed not to be affected by the leak at all.

UPDATE 3 : TF2 confirmed not to be affected outside of potentially shared code being used for cheat development. As said earlier, even this will peter out with updates.

I have important informations about the leak !
Refer to this page for contacting Valve about security matters.

What games are safe to play ?
I really can’t make a 100% assumption on that one, but the rule of thumb is :

  • Offline gaming, on your own LAN server, is 100% safe : you don’t connect to servers in the process and you can physically yell at the cheaters if you play with local friends. If there was an exploit there, that means Valve servers got hacked, and we have a much bigger problem.
  • Singleplayer games are 100% safe, even on Source. They don’t connect to servers either. Updates are safe too.
  • Other multiplayer Source games should be safe unless a RCE exploit found within the leaks can be transferred across games (for example, by shared source code), you’re connecting to a multiplayer server and the active exploiter with the active exploit joins your game. So far, I got nothing, but if one’s out, I’ll update the post.
  • Needless to say, non-Source games are safe too.

How about the posts showcasing RCEs affecting TF2 clients ?
They were passed on for investigation.
UPDATE : There is a high chance they were fake.

Xem thêm  CSGO update 8-8-2017

Will having the game installed be risky ?
No. In the worst-case scenario, the only risk would be when connecting to an online server where an exploiter with an active exploit on hand is present.

Do you have any other information ?
None, I’m afraid. Either I genuinely don’t know, or I am not allowed to share it, which is functionally identical for you guys. If there’s news, I’ll add it to the FAQ.

I have another question
There’s not much more I can answer, but if the question is frequent enough and I get an official answer, I’ll add it.

F.A.Q. updated as of 23/4, may be updated without notice.
If you have updates, contact me directly through my profile comments : I’ll be probably be darting left and right across hubs.

Dự đoán là sắp tới hacker sẽ nhiều hơn car bình thường…………. Bây giờ hackers đã có thể có full quyền đối với game.
Và anh em tốt nhất chỉ nên chơi trên các server đáng tin, Vì một khi source đã leak thì nếu chủ server cố ý thì cũng có thể chèn thêm code / process thể khai thác dữ liệu từ client



We're not around right now. But you can send us an email and we'll get back to you, asap.

Translate »

Log in with your credentials


Forgot your details?


Create Account