Note: almost everything of the story below is true, although I’ve done some minor edits to avoid confusion.
When I play a game on the internet, I usually use the name Xifon. If you ask a PC gamer for Xifon, it’s possible that he/she knows the name. I once wrote a little piece of software which has been used by over 40.000 people, influencing a game called Call of Duty: Modern Warfare 2. The tool was called “Modern Warfare 2 Server Admin”.
Let’s go back a few months first. Back in the old days (before the tool) the game had a huge amount of cheaters, hackers, and other people nobody wants in public games. I didn’t like that. The day I bought the game there weren’t any cheaters. The second day there were, and it didn’t look like Infinity Ward, Activision or Valve were going to do anything about it.
So I decided that there had to be a way to somehow “kick” those players from the games. First, I had to figure out how the game worked. After a lot of research (actually in this case that just involved gaming a lot) I found out that Modern Warfare 2, while claiming to use Peer to Peer technology, actually used a client-server model for the actual games: when you launch the game, the game talks to IWNet to find a server (it’s a bit more complicated and actually does involve P2P) which it would join. If it couldn’t join any, it would tell IWNet that it would create its own server. IWNet would then send players to this server. Like I mentioned, it’s a bit more complicated, but that’s not really the point of this post.
To avoid confusion, I’ll now call this server the host. The host is the player who has been chosen by IWNet to be the server.
The client-server model has good things and it has bad things. Bad things include the fact that the host needs a fast connection, which explains the huge amounts of “lag” people can have in MW2 games. Good things include that it’s easy to make (for the programmers) and also easy to disrupt (in this case, for me). So, I did even more research (I gamed even more).
It took me a few days to figure out how the game communicates with the host. When a player joins a game it sends some information (classes, level, name) to the host. It took me a few tries but I managed to intercept this information via WinPcap. The big advantage of WinPcap is that it works on the Operating System level of Windows, not on the Application level. Basically this meant that VAC couldn’t detect it without major modifications. Since Valve hadn’t done a lot against cheaters by then, I assumed that it never would make those modifications. So far, I’m still right.
So by then I knew how the basic functions of the game worked. The next step was writing the actual first version of the tool. My development steps are usually very simple: research, develop, wipe everything and develop again without the v1 bugs.
The first version was very simple. I used a standard webserver, PHP and MySQL (if you’re not a programmer, this will most likely mean nothing to you) and wrote the first script. This took me a few hours and then I was ready to test. Note that this was before the big Steam update – the webbrowser in the game still sucked so I didn’t even consider using it – so I used my laptop to steer the application. It worked, I kicked one of my friends from the game and we all cheered (well, I did, can’t really tell about them. I never asked).
So then it was time for the version 2 of the application. I recently installed the new Steam update which came with a proper webbrowser so I knew that it would be easy. However, if I was going to make a tool which would work for everyone I wouldn’t be using a webserver, PHP and MySQL. This would take far too much time for the average user to install. I decided to learn C++ (it’s a programming language) for this task.
I split the program into three parts: the ban management system, the packet capture system and the web interface. I wrote them, and the program worked. I gave it to my friends, and while it worked a bit, it still had major flaws: in a lot of cases it wouldn’t display the names properly (like cut the last 3 letters of the name, etc) or simply not display them at all. Also, after a few rounds the list became cluttered with names of players who left a long time ago.
The fixes for this were pretty simple. I rewrote the code that parsed the packets so that the names got displayed properly, I wrote some code which tracked all IPs that communicated with the game and display them as unknown IPs, and I decided to put a timeout on each name. If no packet was received before the timeout expired, the player would be considered gone. This worked very well and the application was ready to be released.
Of course, I’m no idiot. I know that if you give a police man a gun, he’ll use it properly, but if you give that same gun to a homeless he might shoot you. I implemented a few safeguards: if there was an update available, the user would be forced to update or the application wouldn’t work. If I decided that the tool would be abused too much, I had to be able to stop people from using it, and since I’m not a cheater I didn’t want to be banned by it. I added these three measures in the application and gave it to my friends. They loved it, so it was ready to be released.
As you can see in the screenshot on Xifon.eu, it was still called MW2Fix by then. I decided to change the name to MW2SA, as it wasn’t really a fix but a tool. Me being lazy, I wrote a very quick page which introduced the application as a pre-alpha application. The page looked ugly and I didn’t expect a lot of people to view it. I posted it on 1 forum and I think I’ve seen about 10 downloads from that site. No feedback, so that was pretty useless. I decided to go a step further. I became a fair “moderator” in the game and if I was certain someone was a hacker, I kicked that person. If I was “lucky”, this happened about once per 3 matches, on Ground War this was 2 matches. The players, which had been calling the person a cheater for a few minutes, were always happy and loved to check out the tool I wrote. I got some feedback, made some minor improvements, and then did some updates.
What I didn’t expect was a huge amount of users to come out of nowhere. In a few days I had 50 users, and a few days later that was 100. You can call these people “early adopters” although I’d call them stupid for using a tool which wasn’t confirmed to be VAC-proof yet. Anyway, I pretty much dropped the project because it had too much bugs. Of course, since it worked perfectly on my own machine, I kept using it myself, and some of my friends did as well.
About a month later I checked back on the amount of users. It hadn’t been increasing a lot, but people were still using it. Another month later it passed the 200 daily users, and half a year after writing the application I had almost 1000 daily users! For a 17 year old kid that’s a lot, and to be honest it still is.
In that 6 months, I had gotten a lot of complaints from MW2 players about the tool, but also a lot of great feedback and compliments. I discussed the tool with a mod on the Steam forums and while I initially got a ban for mentioning the tool in two different topics (by then the user base was so large that it had been mentioned 50 times or something already) the mod unbanned me after deciding that he liked the tool (okay, I’m just making that up, but he did unban me). I posted some stats on the forum (in a post that was somewhat shorter than this one) and started a heated discussion about the tool. Of course, this topic eventually got closed because of the flamers, but I’ve seen a lot of good things in the topic.
However, in these 6 months I didn’t get a single mail, complaint, or anything else from IW or Activision. You might say “of course not” but consider what the tool did: 1000 users per day, average match with 10 players, 8 matches per day, is 8.000 “affected” matches per day for up to 80.000 players. Do they simply not care at all, or are they stupid? It wouldn’t take long to figure out that the tool uses a master server to check for permission to run and taking this server down would break the tool. They could have sent me an e-mail asking me to take down the tool. I would have done that (unless they immediately started throwing lawyers at me, lol). But they didn’t send me anything.
The tool is now 13 months old. I don’t have a good way to measure the amount of users (IPs change a lot) but judging by the statistics I can collect I think it’s somewhere around 40.000. A friend of mine, who still plays Modern Warfare 2 (I don’t) says that the tool gets abused a lot nowadays. This doesn’t surprise me: proper server admins would have hired a server for Black Ops (or Modern Warfare 1), and cheaters don’t have a lot of chances on that game (well, that’s what he told me, I’ve never played it after the major fail of MW2).
Ah, yes, the point of this post 
I’d like to apologize to all the honest players of MW2 who have got kicked by the people who manage to abuse this tool (the homeless, as I called them before, sorry if this insults some of you, it’s not intentional). I’d like to apologize to the non-honest players of MW2 who have managed to keep their addiction up by using a non-bannable tool. I’d like to apologize to Valve, for creating a tool that doesn’t allow VAC to ban it. I’d like to apologize to Infinity Ward for interfering with their game on such a large scale, and I’d like to apologize to myself for buying MW2.
I’m currently considering taking down the tool. Infinity Ward, please contact me. Thanks!
Tom
aka Xifon