return to table of content

GTA 5 source code leaks online

TheAceOfHearts
37 replies
1d14h

For anyone that is curious, according to 4chan (i.e. take it with a mountain of salt):

Apparently there are 3 leaks in circulation:

3.3 gigs, src only

17 gigs, src + partial assets

1 TB, src + full assets

I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.

It makes me wish that copyright lasted less time and that submitting source code was a requirement for software projects to receive protection. Then once copyright expires the source can be in the public domain, and we don't have to waste time reverse engineering to reconstruct what was already done. Admittedly, it's a pipe dream. But it makes me sad how much software is destined to be lost to time because of copyright law.

A lot of people love GTA5 online, and hopefully this leak contains everything needed to create a private server should Rockstar decide to take down the service.

otras
15 replies
1d12h

I’m reminded of the time when a Reddit user bought a random box of Blizzard things on eBay and ended up finding a StarCraft gold master source code CD. Many people suggested sharing the code, but Blizzard lawyers reached out. Blizzard eventually gave them a bunch of swag after they returned it.

Would have been so interesting to see.

https://mashable.com/article/starcraft-source-disc

scyzoryk_xyz
9 replies
1d6h

Those lawyers must have had a laugh there and then. Money? Nah, let’s see if they go with toys and clothing from the warehouse.

underdeserver
7 replies
1d4h

Publishing it would be breaking the law and exposing themselves to a lawsuit, which they would lose. The swag is nice.

deaddodo
3 replies
1d

Well there's two arguments to be made. They 100% gave him the source code in a grab bag of goodies. That's a pretty simple case of he has a right to the disc itself, so he could have just kept it (or resold it) and not published. Them giving him "stuff" was them "buying" the item back, not just them being nice (as you put it).

There's also an argument to be made that the code itself does not infringe on their IP, as this was the lost source code from the old edition of StarCraft (from how I'm reading it in the news). Losing this code specifically made Blizzard restart the project, so it's not even the same project nor a commercially released product.

The former argument is pretty black and white. The latter very tenuous.

Aurornis
2 replies
22h27m

There's also an argument to be made that the code itself does not infringe on their IP,

That’s not how IP works.

Blizzard didn’t forfeit their rights to the IP at any point. Even selling them a grab bag of stuff that unintentionally included a copy of the source code doesn’t mean the recipient actually received a legal license to the IP.

You can make all the arguments you want, but in the court of law you’re not going to get away with anything that involves giving away another company’s IP, even if they accidentally let you see a copy of it. “Finders keepers” doesn’t work with IP.

whelp_24
0 replies
3h7m

"IP" is a collection of various laws and contracts used to keep exclusivity, it doesn't exist on its own. No law mentions IP. I am not sure the case is a firm as you say it is. Especially since he didn't sign anything.

deaddodo
0 replies
21h13m

Sure, the recipient doesn't have the right to call it their own or commercially distribute/benefit from it. I didn't make a claim otherwise.

I said the code they have does not infringe on the commercially released product called StarCraft as it is not a portion thereof. I even stated that releasing it or otherwise making it available is tenuous at best. So I'm not even sure what you're arguing.

“Finders keepers” doesn’t work with IP.

He didn't "find" it, they willingly transferred it to him along with a bunch of other things they randomly grabbed from their warehouse.

93po
1 replies
1d3h

Who said anything about publishing. Just give it to a friend who might share it with peers

bathtub365
0 replies
21h31m

Now in addition to copyright violation you’re part of a conspiracy

alpaca128
0 replies
8h23m

Not publishing doesn't break any law and that disc is worth more in any way than a few knick-knacks.

And if you don't make an online post about it you could even anonymously leak it to archive.org or something so at least that game won't be yet another that's lost forever thanks to DRM.

costanzaDynasty
0 replies
1d2h

Sports teams do it all the time.

Congrats catching that ball that could be worth more than a hundred thousand dollars, would you like a grab bag of team merchandises instead?

ClassyJacket
3 replies
1d12h

What's a gold master source code CD? Source code wouldn't be in the gold master... The gold master is the final version intended to be pressed to retail disks.

Also:

"The disc in question allegedly contains the source code to the original StarCraft game that GameSpot reported as being lost back in 2000 -- it forced Blizzard to start from scratch on its massively popular real-time strategy game."

What does this mean? StarCraft came out in 1998. Also losing one copy doesn't mean you lose all the other copies. And I can't find this supposed article from 2000. I have so many questions...

otras
1 replies
1d11h

Presumably the source code for the gold master - “Gold Master Source Code” was written on the disk itself. The Imgur link is no more, but you can still see a preview image of it in the original Reddit post. Judging from the comments, it also sounds like the OP may have looked through the contents on a live stream and confirmed it was source code.

https://www.reddit.com/r/gamecollecting/comments/640iem/foun...

ClickedUp
0 replies
1d5h

The Imgur link is no more, but you can still see a preview image of it in the original Reddit post.

Here it is: https://web.archive.org/web/20170505105616/https://imgur.com...

skissane
0 replies
1d11h

It probably means “version of the source code used to build the gold master”.

Some places have (or had) a business process of escrowing both the release and the source used to build it. Escrowing just the source used to build the release can require significantly less storage than escrowing the whole version control system. It also avoids the problem “we have the entire revision history, but we aren’t sure which commit was used to build these binaries”

If you lose everything-a colleague told me the story of a company whose offices were in WTC, luckily all the staff got out alive on 9/11, but they forgot to make offsite backups of the source code-the source code to the release(s) shipped to customers is most important, because you need it to make patches. The rest of the revision history, while valuable, is less essential.

IYasha
0 replies
1d8h

what a sad story!

ta988
4 replies
1d13h

Having an escrow in a structure like the library of congress (or the NSA, they have tons of storage /s) and they get released when company dies or the product isn't commercialised for more than x years. Or when the company decides to.

Maybe it is a bit more complicated with assets rights, that's what a couple game devs told me.

mburns
1 replies
1d12h

Dan Geer (CISO at In-Q-Tel, the CIA’s private investment arm) gave a BlackHat talk that advocated for this, among other things.

https://youtube.com/watch?si=8txvgqH6mqerinkZ&v=nT-TGvYOBpI&...

willis936
0 replies
1d6h

Something about the CIA and NSA having access to a large library of commercial source code makes me feel uneasy from a privacy perspective. It's like inviting the neighborhood robbers over for dinner.

Timon3
1 replies
1d4h

I wonder if there's a way to implement this without storing the code with a central authority, e.g. by encrypting the code so that it can only be decrypted in X years. You'd probably still have to have a central authority involved to ensure people can't just fast-forward - but a system similar to TOTP codes could be a neat mechanism!

ta988
0 replies
19h48m

I don't think we have any way to do that. Time is abstract for algorithms. Unless you make something you know you couldn't solve in less than x years. But that assumes you can predict improvements in algorithms and computing power over a long period which could be tricky to get precisely.

sillysaurusx
4 replies
1d10h

Related, I released the source code to Heroes of Newerth (a dota 2 competitor) after the company died (after dota 2 pulverized them). https://github.com/shawwn/noh

potatochup
1 replies
1d9h

Oh man, what a nostalgia trip. I spent a lot of nights as a teenager playing Savage, S2 and then HoN. Thanks for the link. I have a fond memory of Marc kicking me off a pub S2 game because I slow debuffed him as the commander.

sillysaurusx
0 replies
1d9h

One time I walked into James Fielding’s office, our lead designer. He had a crumpled keyboard on his desk that he used as a pencil holder. I asked him what the hell, and he said it was a trophy from an inhouse game when Marc smashed his keyboard after losing.

He was an interesting fellow. He tried to teach me the value of self awareness, a lesson I was too young to internalize. I see now it was because he spent many years trying to break his raging habit.

The full source tree is at https://github.com/shawwn/hon by the way. There’s a lot of server side components and installer misc that were eluded from NoH, but you might like browsing.

doix
0 replies
1d5h

That's amazing. I was wondering how you had the rights to do it. Apparently you don't?

All code and assets are MIT licensed, to the extent that I'm authorized to do so. Which is to say, not at all. But nobody cares at this point

Kudos! I guess you know the people will enough to know they won't go after you?

Ntrails
0 replies
1d5h

So many people loved HoN, great to see it shared!

magpi3
2 replies
1d12h

3.3 gigs of just text source code? That is unfathomable to me.

EDIT: Okay, I guess if it also include revision control then that makes more sense. Still, that is huge.

0xDEADFED5
1 replies
1d11h

lots of binaries are in there. it's ~16GB decompressed

MichaelZuo
0 replies
1d4h

What's the actual size of just a single version?

sebazzz
1 replies
1d7h

I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.

Don't underestimate that software patents play a role in that. For instance, the source code release of Doom 3 had to be modified to remove a rendering technique under patent by Creative - even though John Carmack invented the technique simultaneously and independently of Creative[0]

[0]: https://www.theverge.com/gaming/2011/11/17/2569394/john-carm...

rzzzt
0 replies
19h56m

The original Doom had third-party audio playback routines, so the source came with a rewritten sound server: https://github.com/id-Software/DOOM/tree/master/sndserv

    The bad news:  this code only compiles and runs on linux.  We couldn't
    release the dos code because of a copyrighted sound library we used
    (wow, was that a mistake -- I write my own sound code now), and I
    honestly don't even know what happened to the port that microsoft did
    to windows.

squarefoot
0 replies
1d5h

I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.

technically true, but the risk of tainting FOSS projects to the point they can be killed by corporate lawyers could be too high. What if a FOSS developer implements in perfect good faith an algorithm that shares some resemblance to a proprietary shared source piece of code they just studied two months before? Could whoever owns that code have enough grounds to send a c&d to stop any development if not attempting to take ownership of the project? Not sure if I'd like to test that. As much as I deeply dislike closed source, I'm convinced that having a firm distinction between open and closed helps to avoid some dangerous grey areas.

ncr100
0 replies
1d11h

Reminder: full source leak should include binaries and source for 3rd party libraries Rockstar licensed to use - so this leak could impact other companies too.

cgjohn
0 replies
1d5h

That would be very interesting indeed! Knowing nothing about actual game development, I always imagine games must have the worst spaghetti code imaginable. They are an artistic product with a shelf life of at most a couple of years. Once it gets running, the quality of the code must have a priority below almost anything else.

It's probably different these days with much lrger teams and engines like Unreal, but still.

anticrymactic
0 replies
1d8h

Private servers are already possible and also popular. The network is called FiveM and it has a lot more features and customization than the original.

albrewer
0 replies
1h5m

peak

peek

ACS_Solver
0 replies
1d4h

Self-plug: Old World, a 4X game from the lead of Civ4, has from day one shipped with a copy of the entire gameplay source code. It's not the full source of the game as the rendering-related parts and a couple systems classes are excluded but most of that is handled by Unity anyway, but every bit of game logic is public.

BoardsOfCanada
27 replies
1d14h

I assume rockstar didn't pay, so they leaked the source code. Not sure why anything would be delayed because of this.

ashupadhi01
18 replies
1d14h

Pay whom. Just explain me in brief how this leaking scene works.

Crosseye_Jack
15 replies
1d13h

1) Entity gets hacked

2) Hackers exfiltrate data from the target (this could be source code, database dumps, employee records, emails, or any combination of the above - basically anything that could be seen that has value to the company staying private.

3) Depending on the model used, the hackers either privately or publicly informs entity they have their data and unless a payment of X if made the data will get leaked or sold to the highest bidder.

andersa
14 replies
1d13h

I don't understand how anyone would ever pay. There is nothing guaranteeing you the hackers actually destroy their copy of the data on payment, so they could just come back and ask you for another payment every few months.

Or are we really supposed to believe these criminals would follow some sort of made up honor code?

Crosseye_Jack
5 replies
1d13h

You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.

google234123
3 replies
1d12h

Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage

setr
2 replies
1d12h

With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.

dest
1 replies
1d11h

Interesting game theory scenario

setr
0 replies
1d5h

I don’t know if it’s really that interesting; reputation is just a fundamental currency required to facilitate trade when it can’t be guaranteed otherwise — there is in fact an honor amongst thieves.

These arm-chair game theory arguments tend to fall apart instantly as soon as you assume multiple rounds are played.

neffo
0 replies
1d13h

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

The hackers are the real victims here

shric
4 replies
1d13h

They have an incentive to uphold their end, otherwise they will never be able to extort someone else in the future.

andersa
3 replies
1d13h

Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.

addaon
2 replies
1d13h

You're missing the incentives. They /could/ change their name each operation, but then, as you note, the target would have reduced motivation to actually pay. By keeping their name, and keeping their word, customers are more likely to pay in the future, because there's a history of good faith transactions. And, of course, a group that is relying on their reputation like this must police their trademark and prevent other groups from abusing it.

PLenz
1 replies
1d13h

"Good faith" is a difficult to grasp concept when concerning people who are holding your data for ransom

k_roy
0 replies
1d12h

"good faith" == "continued future income".

There isn't any measure of morality or honor involved like you are suggesting.

xvector
1 replies
1d13h

Their business model wouldn't work if they did a double random. It's not an honor code but a common sense code.

google234123
0 replies
1d12h

Which is why it should be illegal to pay them off

op00to
0 replies
1d3h

If the criminals get a reputation for dumping data after you pay, no one will pay anymore. It’s not honor, its customer service.

endianswap
0 replies
1d14h

ransomware

Maxious
0 replies
1d14h

There was an infamous ransomware attack. One of the hackers was convicted this week hence the timing of the leak https://www.bbc.com/news/technology-67663128

dehrmann
7 replies
1d12h

Why would they pay? It's a 10-year-old game that's the second best selling game of all time. Rockstar made their money, and there isn't anything a competitor could use to gain an advantage. It's almost good because it's free press for GTA VI.

MikusR
3 replies
1d7h

1. The game still sells 10+ million copies a year.

2. GTA online brings at least half a billion a year in microtransactions.

vlakreeh
2 replies
1d5h

The vast majority of those sales are for GTA online, which this leak doesn't inherently give you access to. I don't see this leak financially harming Rockstar more than the cost of the presumed ransom, people still have to pay to play GTA online.

93po
1 replies
1d3h

Give it time and there will be private servers for the modded client

op00to
0 replies
1d3h

There are already private servers. There are whole communities built up around role playing in bootleg GTA 5 servers.

serf
0 replies
1d10h

source leaks damage things aside from profitability.

this will just serve as yet another feather in the cap for the exploit/hacking/modding community; and a lot of THOSE people make cash by selling exploits.

If rockstar cared about cheating ( they don't ) this would throw a big monkey wrench into that effort, obfuscation is half the battle in a game where book-keeping like an MMO would be performance prohibitive.

getwiththeprog
0 replies
1d12h

Free advertising, very well timed indeed.

dns_snek
0 replies
1d8h

If they cared about their customers they would pay to stop them (us) getting pwned with numerous 0-day vulnerabilities that no doubt exist in a 15 year old code base that had never seen the light of day.

epolanski
23 replies
23h20m

Serious, why would anybody care besides modding community, and maybe GTA Online hackers?

No competitor can think there's anything there worth their money and effort.

tarruda
12 replies
23h16m

It could be a great learning material. I'm not a game developer, but I would be very happy to have an AAA game source code I can build locally.

SXX
11 replies
23h13m

99% of game developers dont build on their own engines. It's would be like looking into Linux kernel source code to build your own music player app or TODO app. Few people who do heavy engine lifting in C++ simply not gonna bother with someone else code.

But I pretty sure everyone in modding community would be really happy.

formerly_proven
7 replies
23h6m

I read a lot of Linux kernel code and I’m just a meager application developer.

fnordpiglet
6 replies
22h22m

The key difference is you are licensed and entitled to read the Linux source code.

GTA 5 hasn’t been licensed to you and you are absolutely not entitled to read it, even if you managed to get hold of it due to a theft. By reading it as an app developer you taint your knowledge with stolen intellectual property and stolen trade secrets, potentially exposing yourself and any game you work on (including for an employer) to criminal and civil penalties.

That’s the immense value of open source and Linux in specific. You are allowed to read it, improve it, rip out bits that are useful (as compliant with the license), and use the concepts as fully licensed intellectual property without trade secret encumbrance.

I am personally really interested in reading the source and see how they do things. I’m certain there’s fascinating bits of tech in there. But I wouldn’t underestimate the risk I would put myself, my family, and my employer at and the willingness of corporations to crush the small guy. See the pain inflicted by downloading mp3s, and the marginal value of copying an mp3 is infinitesimal compared to the source code of a AAA game to the studio.

worik
1 replies
22h5m

By reading it as an app developer you taint your knowledge with stolen intellectual property and stolen trade secrets, potentially exposing yourself and any game you work on (including for an employer) to criminal and civil penalties.

Yes

How stupid. What a stupid waste

Got to love capitalism

fnordpiglet
0 replies
21h13m

That’s why I’m a big fan of free software (in the FSF sense). But being a fan also means I’m aware of the consequences we face in our current structure. I’m worried reading these posts most people don’t realize the grave danger they could be in.

tarruda
1 replies
22h2m

Is the risk any different than that if a programmer who used to work for Rockstar games?

Aren't former employees allowed to learn from their experience working on GTA V and develop products based on that knowledge, just as Rockstar programmers have used prior knowledge to develop GTA V?

fnordpiglet
0 replies
21h15m

The key is trade secrets. There are aspects that are common trade skills that are transferable, but some things are considered secrets in their novelty and competitive advantage. You absolutely can not disclose those to subsequent employers.

Usually though it’s really hard to establish this unless you were a key person behind some key technology. But it’s very common in high finance (high end hedge funds, etc) that they go after people for bringing some algorithm or technique to a competitor.

But there is a huge difference between knowledge gained in employment, which is protected by employment law and common sense, and knowledge gained in the furtherance of a crime. Copying, distributing, studying, and replicating trade secrets from stolen source code is ABSOLUTELY not protected under any squinting at the law.

ndriscoll
1 replies
22h3m

If developers became tainted by knowledge of proprietary/secret code, wouldn't you be bound for life to your first employer? And wouldn't reading GPL code like Linux also taint your mind for life? What if a coworker or some random FOSS author read the code and later used a technique they saw, and then you see it and your mind is now tainted too? Sounds like a nonsense "risk".

fnordpiglet
0 replies
21h19m

You actually are bound to not disclosure their trade secrets. Trade knowledge isn’t a trade secret, but there are aspects of their code they may consider “secret sauce,” which if you took and implemented at a competitor you better believe they will come after your employer for. I’ve seen it many times in my career over the last 30 years. Be careful, it’s absolutely not nonsense and you personally are potentially implicated.

mhh__
2 replies
22h57m

Everyone should read the Linux kernel source to see how aggressively up a painful local maximum you can get in the name of simplicity.

asddubs
1 replies
22h52m

What do you mean?

diarrhea
0 replies
22h26m

Just a guess, but perhaps things like the process model. PID 1, fork, exec and so forth. Or argv, or environment variables, or “everything is a file”, or having just three streams (stdin, stdout, stderr).

In isolation, all beautifully simple concepts, but there has been an awful lot built on top over several decades, stretching and outgrowing the simplicity. The complexity of modern technology has to live somewhere, though.

ozim
3 replies
22h32m

There are people in Amsterdam that steal bikes only to sell them for 10Eur.

I just don’t understand why would anyone do that but I am software dev working remotely it doesn’t make sense in „my world” - it most likely makes sense in someone’s else world.

giancarlostoro
1 replies
15h16m

If you want quick money, you sell things cheap. If you're addicted to drugs and need a quick high, you do easy crimes, and anything that's easy for money (including prostitution).

ozim
0 replies
8h16m

Thanks for explanation. But that was rhetorical question to illustrate the point that one might not see whole picture and incentives are also hidden.

But I didn’t want to spell out specific examples for stealing source code as the same for bikes to leave it up for readers.

stjohnswarts
0 replies
21h40m

Opioids are a hell of a drug

fnordpiglet
1 replies
22h31m

Worse, no competitor should allow their employees to ever download or worse look at the source code as it would taint all their IP with possible theft. Just because the code is leaked doesn’t mean Rockstar has lost ownership of the intellectual property, it just means everyone distributing it is participating in the theft and everyone holding it is complicit. Worse by reading it and possibly using trade secrets embedded in the code in a competitors product exposes the competitor to civil and criminal penalties.

I would treat the source code as radioactive toxic waste to be handled at your own peril.

rzzzt
0 replies
21h44m

ReactOS also treated/treats leaked Windows source code this way (disallow contributions even if you have academic or goverment-backed permission to look at it).

FartyMcFarter
1 replies
23h10m

Speedrunners probably care too.

bombcar
0 replies
22h3m

This is probably the most likely source of interest; modders might get some benefit from knowing the actual source but the decompiles are usually just as good (except variable names, perhaps, see Minecraft SRG, etc).

But speedrunners might be able to realize new exploits to reduce time that aren't apparent from the decomp.

zamalek
0 replies
22h59m

Rockstar micro-transactions would be one reason for Rockstar themselves to actually care about this. Hackers summoning RMT rewards in GTAV Online were already a "problem."

augusto-moura
0 replies
22h41m

Compatibility is also a point, GTA V works pretty well on Steam Proton, but it might clarify some bugs that already exist, while also helping with better support for RDR 2 and GTA 6 in the future.

vivzkestrel
20 replies
1d14h

ubisoft deserves to get the source code for all their old games leaked. One by one they have shut the servers down (quite understandable because of server costs) but offered no ways or means whatsoever to play them alienating the old fans really hard. Some of us have memories of playing the older games which we can never relive again. It should be illegal for a game company to shut an online only game down without offering a LAN patch. Developers should bake in LAN functionality from day 1 but keep it hidden which the patch must fix at EOL for games

ndriscoll
11 replies
1d13h

Surely server costs for something that's no longer being used much can't be very high? Running an idle ETLegacy server on my desktop uses a whopping 100 MB RAM and 0.02 CPU cores on my 6th gen i5 with the powersave governor on and all cores at 800 MHz. The more obvious motivation is just that they want you to buy their new thing and not have the old one anymore.

If the matchmaking server isn't getting requests, you can put it on a potato VM for $5/month or whatever. Likewise at least old games could run with 64 players on much weaker CPUs than we have today. Surely a small VM could keep a handful of 16 player servers around.

klausa
5 replies
1d12h

The biggest cost here isn't the hardware, it's the people keeping the lights on.

ndriscoll
4 replies
1d12h

I'm used to working in a context where you have to deal with audits and it makes sense to weigh that cost, but for video games, couldn't they throw it in EC2 or fargate in an account with nothing else and forget about it? It doesn't need to have access to anything important (it might not need access to anything at all if you're not persisting any player data). If the only open port is the game server, patch schedules can be somewhere between late and never.

roygbiv2
3 replies
1d10h

No it's deffinately not as easy as that. You need to manage those servers, manage the updates, security patches, roll out updates to the game server... Because it will need updates because things break or need security updates etc. Managing things like that means it needs to be within the existing infrastructure. Imagine with every old game they just threw up an ec2 and left it rotting, they'd have hundreds of out of date servers running vulnerable software, it would be a nightmare.

ndriscoll
1 replies
1d3h

But what I'm saying is why do they need to install updates? If the only open port is your software, who cares if curl or ssh or whatever is out of date. Worst case, you shut it down if it ever does get compromised, and there was nothing anyone could do with that machine because it was underpowered and firewalled to only allow incoming connections on your game port and no outgoing connections. Unless there's an exploitable vulnerability in the Linux networking stack or their server application, everything else doesn't matter. If they run it in fargate, Amazon will take care of Linux patches, so it's only their application server that matters. Games usually use custom UDP protocols, right? So there's no off-the-shelf library for them to patch in their application.

Same deal with people talking about windows requiring new hardware really: for most people the answer should be "good, it'll stop rebooting to update now". Almost everyone is behind a firewall that doesn't allow incoming connections (it can't by default because of NAT). The only point of entry is the browser, and if you stay off the seedier parts of the web and have an adblocker, that's not really an issue either. Your bank or Spotify presumably aren't going to be dropping malware on your machine via old browser exploits.

You can't do that kind of thing if you're under some auditing regime, but they're not, right?

klausa
0 replies
8h52m

Because that's not how videogames in 2023 (or the past ~decade plus) have worked.

You need, at a very minimum:

— login system that also works with consoles

— persistence for users stats (maybe not for some kinds of games)

— matchmaking service (which really wants a persistence system for SBMM)

— make sure your systems aren't actively being exploited (you don't want to accidentally run a botnet)

— make sure nobody is "hacking" or modding the game (what's the point of keeping the severs up if they're filled with aimhacking bots)

— monitor the services to make sure they're up

— potentially patch the games on multiple platforms if you need to make a backwards-compatible change to fulfill any of the above.

— also potentially update your games if the console vendors make changes to their stacks

I agree that it sucks that the services are being shut down without any alternatives being provided, and I wish there was a way to force the publishers to support them for longer or provide an OSS servers options; but it is definitely not "free" or "easy" to provide these services for years.

klausa
0 replies
1d9h

Videogames also by very definition attract the kind of people who will want to hack the servers for fun; which in extreme cases will also involve RCE on the player's computers:

https://www.polygon.com/22898895/dark-souls-pvp-exploit-mult...

whatever1
1 replies
1d7h

It's more than $0. That means that when ubi goes belly up, nobody will be able to pay the bill to keep the lights on, no matter how cheap it is to do so

ndriscoll
0 replies
1d3h

Not that a large corporation would ever do this, but you could imagine an indie company that cared setting up a trust with a few thousand dollars of the initial revenue, and that could pay the bills indefinitely using the interest.

For a large company, that money could've been a few micropennies back to the investors, so obviously it's silly to imagine. Also, if they really cared, they'd release the server code so others could run it.

yread
0 replies
1d9h

Win95 didn't use that many resources either, why don't you run it on your servers? Just imagine the sea of unpatchable vulnerabilities

winrid
0 replies
1d12h

It's mostly risk and inefficient org structure.

It is really cool that Id keeps the ET master server online from like 2003. There is more than one nowadays, but most servers only ping the old master. I occasionally work on ETL btw, nice to meet a fellow ET player!

vivzkestrel
0 replies
1d12h

legacy games of ubisoft such as watch dogs, splinter cell conviction/blacklist, ghost recon future soldier, far cry 3 etc only need a server to login via ubi credentials, they actually work peer to peer so shutting these down is a crime on so many levels honestly

nine_k
4 replies
1d13h

Such games are often not peer to peer, like the games of old. Releasing a server in a form that's somehow operable by a third party is not always easy.

vivzkestrel
0 replies
1d13h

which is why there should be a law in place to force game companies to add LAN even if it is completely hidden from day 1 which should not be usable if companies care about competitive edge but at EOL they should be forced to add a patch that activates this feature

subtra3t
0 replies
1d12h

Correct me if I'm wrong but aren't most old school RTS games peer to peer?

EDIT: I misinterpreted the comment as saying that old games weren't P2P, sorry.

mvdtnz
0 replies
1d13h

The source should be released. Regardless of how "hard" it is to stand up (it's just a server, stop being ridiculous) the people will find a way.

dj_mc_merlin
0 replies
1d12h

If there's enough people interested in the game, someone will figure out how to run a private server. People are so persistent it happens even without the source code. For many online games the source code is either stolen or dedicated people black box reverse engineer it just to run private servers. That's how runescape private servers operated back in the day, although I don't know if it was a clean room reverse engineer.. someone probably stole the code given Jagex.

cpv
0 replies
1d5h

They did publish the code for World in Conflict online server (initially made by Massive Entertainment), and a few other tools https://github.com/ubisoft

buildsjets
0 replies
21h53m

Indeed, I sincerely hope someone leaks Rocksmith 2014 soon, as well as all the no-longer-available CDLC packs. The current Rocksmith+ is a completely different application and is not a substitute, I want the real thing that I already paid for back.

SleepyMyroslav
0 replies
1d9h

What you wish upon others, you wish upon yourself.

Afaik most of Ubisoft games were offline singles. Even the game that sparked always online debate AC2 has been offline playable for very long time.

There are ofc online games that were shut down - that's a problem of whole industry.

comex
13 replies
1d14h

Fans are requested to appreciate the hard work the developers put into their video games and avoid spreading the leaked source code further.

Alternately, appreciate the hard work by making interesting mods for the game. GTA5 has already had an extensive modding scene for the 10 years it’s been out, but now I assume mods will become easier to make and more powerful, benefiting Rockstar’s customers who paid for the game. And who is hurt? Not pirates, who could obtain the game starting shortly after release. Potentially people playing against cheaters online, except I’ve heard they’ve had free rein for a long time.

Companies should release their own games’ source code. Other software too.

chii
6 replies
1d14h

And who is hurt?

from the POV of management, a leak of the source might prevent a future re-release, which cuts into future potential profits!

edflsafoiewq
5 replies
1d14h

How?

cianuro_
4 replies
1d13h

Why re release my 2008 game as a remaster in 2023 if Sven in Sweden already patched the (open) source with QOL changes and provided higher texture mods.

It does cut on future dumb re releases :)

fnordpiglet
1 replies
1d10h

Leaked doesn’t equal open. It’s likely a crime to own a copy, and it’s definitely a crime to distribute it.

Takennickname
0 replies
1d3h

No way!

edflsafoiewq
0 replies
1d13h

Emulators have given that forever. It does not seem to have stopped re-releases.

ZoomerCretin
0 replies
23h27m

They filed a lawsuit against the engineers behind the reverse engineering of GTA III/VC who published their work on GitHub. To strengthen their own legal position and to combat the obvious argument that "You abandoned this and had no intention to profit further from it", Rockstar/Take-Two paid for the quickest, dirtiest, shoddiest port that was put out within a month of their lawsuit being filed: https://en.wikipedia.org/wiki/Grand_Theft_Auto:_The_Trilogy_...

from the POV of management, a leak of the source might prevent a future re-release, which cuts into future potential profits!

In the aftermath of the backlash from their shoddy legal engineering project, they decided to not remaster other games: https://kotaku.com/gta-iv-remastered-red-dead-redemption-can...

whateveracct
5 replies
1d14h

GPL'd source is an intriguing prospect to me. I'd BSD or MIT the libraries, engine, and other building blocks. But the games .. GPL feels right. With the assets being copyright probably?

8372049
4 replies
1d14h

Why not GPL the building blocks if you want the end product to be GPL'd as well?

vegetablepotpie
2 replies
1d14h

If you want to make new works that are not GPLd, not GPLing the building blocks would let you do that.

Alternatively, you could LGPL the building blocks, still allow the end products to not need to be GPLd, but require development on the building blocks to be open sourced.

timschmidt
1 replies
1d13h

GPL + a copyright assignment agreement also works (because the copyright holder can issue any sort of license he pleases in addition to GPL)

harry8
0 replies
21h11m

Sven doesn’t care about contributing his changes back to your tree and does not assign you copyright. GPL is fine for Sven. Ingrid can use Sven’s GPL changes because she’ll use that license too. You want to dual licence, you can’t use Sven or Ingrid code.

Copyright assignment + gpl so you can charge for a different licence too only works if nobody wants to fork. Doubt that’s the case for this sort of thing.

whateveracct
0 replies
1d4h

Because I don't care what license other people release their games with.

throwaway34y33
9 replies
1d13h

Mediafire link: https://mediafire.com/file/2wk5ne9bciarmyw/GTAVSP.7z/file?dk...

Tor: http://gtavi3hbdscwivvjscu5cxumykghdj5mv2wxi4wpl4ektdet4qtlv... (has links to Gofile and other mirrors too)

Torrent (one of them): magnet:?xt=urn:btih:0e1610f5c681bbe8e908ddb7f73dc890899994f4&dn=gta%20v%20source%20code&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce

tarruda
3 replies
1d8h

Can these downloads be used to build a working version of the game locally?

SSLy
2 replies
2h13m

Yes, but with considerable effort

tarruda
1 replies
1h53m

Have you done it yourself?

Is there documentation anywhere?

SSLy
0 replies
1h40m

The gossip is that FiveM mods are based upon same leak. They probably keep their build docs private.

codegladiator
3 replies
1d9h

This file was uploaded from Saudi Arabia on December 9, 2023 at 10:06 AM

Interesting

tarruda
2 replies
1d8h

That the uploader used a Saudi Arabia VPN node?

quenix
0 replies
1d4h

I don't believe it's legal to host public VPN exit nodes in Saudi Arabia, so it might be someone from there.

crtasm
0 replies
1d5h

That it was uploaded two weeks ago, I presume.

TnS-hun
0 replies
1d10h

The password can be found here: https://news.ycombinator.com/item?id=38759941

cepacked
8 replies
1d7h

Does this mean more and more developers could easily make GTA like games now that they have access to this source code ?

tarruda
5 replies
1d7h

If they can extract the game engine code into a reusable framework, yes.

No game created from it could ever be legally released though.

cepacked
4 replies
1d7h

If it's a closed source release, how could anyone prove which code/framework they reused ?

sweatypalmer
0 replies
1d6h

Reverse engineers have entered the chat room.

Finding this would be pretty trivial depending on how much was stolen. And proving this would be more of a matter for Rockstar lawyers

prometheon1
0 replies
1d6h

I'd imagine a complex game engine has some bugs or weird behaviours in specific conditions. If it can be proven that the closed source game has a lot of the same bugs/behaviours, that is likely enough to win a lawsuit.

jncfhnb
0 replies
1d

Can’t you decompile it?

93po
0 replies
1d3h

Decompile it and see things work exactly the way the original game does, bugs and all

mopsi
0 replies
1d6h

No. It's more like a writer describing their creative process. Knowing how someone else gathers ideas or structures text may help you improve your own writing, but that is still a very small part of publishing an original work.

brainzap
0 replies
1d5h

not by much, usually I review the data models to absorb their design and translate into lessons

renegade-otter
7 replies
23h21m

"Out on bail for allegedly hacking the hardware company Nvidia, Kurtaj, prosecutors say, pulled off the GTA heist while staying under police protection at a Travelodge hotel. Without his computer, he somehow managed to hack into Rockstar using his smartphone, an Amazon Firestick, and the TV in his hotel room."

Oh? I will allow it.

https://nymag.com/intelligencer/2023/12/teen-hacked-grand-th...

sh1mmer
2 replies
22h55m

After reading this I assumed he used some kind of remote server he had access to. Eg phone is the Bluetooth keyboard, fire stick provides an internet connection and a browser, and remote server provides the full Linux environment to do whatever actually hacking with.

calamari4065
1 replies
22h25m

That doesn't really get you much vs just using the phone. Bigger screen and notional multitasking I guess

lupusreal
0 replies
22h14m

Evasion of surveillance of his phone's internet usage?

screye
2 replies
23h12m

At this point, they really need to start leveraging this man's skills for good or *lawful* evil.

renegade-otter
1 replies
23h2m

Give this man freedom and sic him on Moscow's infrastructure as penance. They have no chance.

mulmen
0 replies
22h47m

The ends justify the means?

onion90
0 replies
22h55m

I think I read somewhere (can't find the source at the moment) that he mainly used his existing access (to slack?) from his phone and didn't actually do much hacking at that point.

Trung0246
6 replies
1d13h

SHA256 hash for anyone got the file:

46ffb7f65944d4aaf97fd1eb8718be2dcd1ede71d38228bf126d25cf4f100e7b 3.31GB no_pass_gtav_source.zip

76f50dd98da88ec574b6c2800193f3579e588073fd05f18190313af2cfbb6bf3 4.33GB GTAVSP.7z (Pass: Mi76#b>9mRed)

pato22
2 replies
1d11h

Sorry for the noob question but how do you decrypt a SHA256 hash?

asynchronous
0 replies
1d10h

You don’t decrypt a hash, a hash is used to verify integrity of a specific content. You can use several programs to create a hash of the files you downloaded, and compare it to this person’s hash to see if they’re the same.

SkyArrow
0 replies
1d10h

The hash is not for decryption. It is for checking the integrity of the downloaded file.

urbandw311er
0 replies
1d8h

As chains of trusts go, this is utterly useless! Unless you’re about to post a picture of yourself with your HN username, today’s newspaper and a linked biog at a trusted domain that proves beyond doubt your integrity.

kendoff
0 replies
6h0m

can you tell why 7zip is showing password error again and again

19h
0 replies
16h47m

I wonder why Finder refuses to decrypt GTAVSP.7z, but I guess that's because it doesn't support 7z-specific crypto extensions.

Retr0id
6 replies
1d12h

I'm always wishing there were more AAA games I could play natively on aarch64 linux. Porting it might not be the easiest thing in the world, but a source leak opens the door for it.

k_roy
3 replies
1d12h

I'm always wishing there were more AAA games I could play natively on aarch64 linux. Porting it might not be the easiest thing in the world, but a source leak opens the door for it.

Except a source code leak is basically the worst thing that could happen with this goal in mind.

It's a far cry from reverse engineering or a company open sourcing it. Most people aren't even going to touch it beyond the curiousity.

tamimio
0 replies
1d1h

Except for GTA.. the fan base is HUGE to the point that fans made a whole role play servers just to continue playing an obsolete game, I’m almost certain someone either anonymous or in a country isn’t subjected to US laws will pick it up and do something somehow.

fragmede
0 replies
1d10h

We don't need most people, just a handful of very dedicated volunteers. That's what happened with Thief/Thief 2/System Shock 2's Dark engine, which was patched for modern hardware after its source was leaked by an ex-employee.

Retr0id
0 replies
1d11h

I'm not hypothesizing about the behavior of others, I'm speaking only for myself.

pipes
1 replies
1d11h

Yesterday I discovered that perfect dark for the n64 has been decompiled and built for windows (I'd assume Linux would not be difficult given it's decompiled now). Anyway it looks utterly amazing. There's been a few other projects like this.

TaylorAlexander
0 replies
1d8h

Looks like it already supports Linux!

https://github.com/fgsfdsfgs/perfect_dark

albeebe1
5 replies
1d14h

Maybe the Mt. Chiliad Mystery will be finally solved

https://gta-myths.fandom.com/wiki/Mount_Chiliad_Mystery

ramcle
2 replies
1d5h

I wonder if we'll ever get a San Andreas source code leak/release that would finally debunk or confirm the mystery of Bigfoot. After all these years, I still have hope that it's real...

mcwhy
1 replies
1d4h

that has already been debunked. It was the hunger making CJ stomach growl that people mistaked for bigfoot sounds.

jareklupinski
0 replies
19h26m

stomach growl that people mistaked for bigfoot sounds

bigfoot's biggest achievement was masking his cry as the sound of an empty stomach

qingcharles
0 replies
1d10h

That's awesome.

Nothing on that site about this one, which I can't talk about :)

https://www.reddit.com/r/gaming/comments/3ylmm4/comment/cyet...

jncfhnb
0 replies
1d

Oh man I used to visit a subreddit every few months dedicated to this to make fun of people who were wasting tremendous amounts of time looking for something that clearly wasn’t there.

0xDEADFED5
5 replies
1d11h

haha, grepping for curse words for a laugh. multiples of:

    // DON'T FUCK WITH THIS UNLESS YOU KNOW WHAT YOU'RE DOING!
in main.cpp =)

vlovich123
2 replies
1d11h

That means someone did at some point and broke something quite badly.

0xDEADFED5
1 replies
1d11h

every coder on earth at one point in time: let's optimize this without actually testing anything

IYasha
0 replies
1d8h

and then spends months finding and undoing. And writes this comment. Can confirm.

spintin
0 replies
1d5h

// We have optimized the heap sizes to reduce TLB misses. Change this and you could &%$# up performance (by as much as 1+ ms/frame)

Cache misses are one thing but here it's virtual memory and page tables!?

TLB = Translation Lookaside Buffer

arp242
0 replies
1d5h

This will forever not be funny: https://www.youtube.com/watch?v=R_b2B5tKBUM

I've been told it's a pretty good game as well, in spite of the ranting comments.

nottorp
4 replies
1d4h

I don’t see how the source code of a game being public is a problem; the game will be as enjoyable (or as crap) with or without the source code public.

Oh wait, Rockstar are going the multiplayer plus gacha route. A leak may hurt because the players may not need the gacha.

For single player games, I see no problem.

And for those hoping more games release source code, I don’t think the source for commercial games is in a state where you can learn from it :)

worik
3 replies
21h45m

What is "gotcha route"?

mholm
1 replies
21h22m

'gacha' refers to 'gachapon' in japanese, originally referring to lottery elements in mobile games (typically asian), now referring to exploitive microtransactions and addictive elements in all forms of gaming. Loot boxes are a common gacha element. The poster is implying that GTAV is exploitive.

nottorp
0 replies
20h46m

The multiplayer is. And the startup screen tries VERY HARD to push you into the multiplayer. And god help you if you start the multiplayer even once.

ndriscoll
0 replies
21h24m

https://en.wikipedia.org/wiki/Gacha_game

Putting a mechanic into your game where you spend real world money to gamble for skins and stuff. Game companies realized they can make a lot of money selling what modders used to be able to do for free. It's apparently a well known thing that there exist "whales" that spend huge amounts of money on these things. Probably a decent number are addicts being abused.

cedws
4 replies
1d10h

It's quite scary when video game source code leaks. No doubt people will start finding RCEs to exploit.

delta_p_delta_x
2 replies
1d8h

Video games are already full of exploits. That's what allows a rich modding scene to thrive.

Video games sit in this really weird place in software engineering where 'security' in the traditional sense doesn't necessarily apply.

Games are either single-player and don't really make any sense to exploit, or are multiplayer and have weird kernel-level DRM and anti-cheat, and on the server side, mainly host multiplayer matchmaking and servers.

Even if games have been exploited maliciously, users would have to go out of their way to find a malware-laden version on a shady BitTorrent website, and in that case the BitTorrent protocol is the real vector, not the video game itself.

Don't get me wrong, I'm not saying video game RCEs aren't security a problem—but they have fairly extensive positive implications that might not be usually considered.

etra0
0 replies
1d5h

Video games are already full of exploits. That's what allows a rich modding scene to thrive

I'm not sure I see the correlation? unless you explicitly mean online modding, which I'm not sure it happens that often.

I've been modding games for a few years and it's mostly interacting with Windows API and its capability to access other processes in the same user space by injecting DLLs. I've never looked for vulns inside the game itself.

If you refer to online modding, usually while they're local some games allow it, but as soon as it affects gameplay they're very rarely what I would say they're wide enough 'to thrive'.

It is true that the term of security doesn't apply that often to offline games, though.

circuit10
0 replies
1d4h

You seem to be confusing local modding and remote code execution over multiplayer, which are very different

bakugo
0 replies
1d6h

Wouldn't be nearly as much of a problem if they didn't cheap out on the multiplayer and make it P2P instead of hosting proper servers. Valve's Source engine has been leaked half a dozen times and I don't think there's ever been a client-to-client RCE ever because servers are fully authoritative and clients have very limited control over what happens on the server.

tamimio
2 replies
1d1h

Rock star is getting a lot of hits recently, and I’m not entirely sure if it’s an inside job, bad management, poor hires, or mix of all or something completely different, I would imagine they should have increased their measures when GTA6 got leaked..

fzzzy
1 replies
1d

This news is from the same 2022 leak, for some reason it is just getting coverage again now.

Sakos
0 replies
23h4m

It's getting coverage because the GTAV source and assets weren't publicly leaked until now. The hack was in 2022, but AFAIK nobody but a select few had access to the stolen data.

sureglymop
2 replies
1d12h

Would be nice to have a completely open source reimplementation that works with the assets of the legitimately purchased game but without their launcher crapware.

93po
1 replies
1d3h

And without micro transactions

Yiin
0 replies
16h40m

plenty of custom servers on alt:v, fivem, ragemp platforms.

deelowe
2 replies
1d14h

God the web has gone to total crap outside of just a few sites. This site is unbearable on mobile.

shadowgovt
0 replies
1d14h

It's the ads. Way too many of them, way too many layouts.

firebot
0 replies
1d14h

Really wasnt that bad. Not great. But far from awful.

Animats
2 replies
23h15m

Did he leak GTA V (2013) or GTA VI (2024)? The story is inconsistent.

Sakos
1 replies
23h13m

It was GTAV (2013) that was leaked. GTAVI was leaked a few months back in the form of early development videos and the reveal trailer but nothing else.

Edit: GTA6 code and a testing build were supposedly also taken in the Rockstar hack, but none of that has been publicly leaked as of today.

Animats
0 replies
23h11m

Ah, OK. Not a big deal, then, except for GTA modders.

serf
1 replies
1d10h

next weeks headline: "GTA5 performance up 40% due to fan-submitted patches."

[0]: https://www.pcgamer.com/rockstar-thanks-gta-online-player-wh...

tamimio
0 replies
1d1h

I came to post this, I did play GTA online a couple years ago and their bugs never get patched unless it affects the money (like a glitch that gives me game-money so you won’t have to pay an actual money), any other glitches that ruin the game never get patched.

jpeter
1 replies
1d5h

I hope Somebody figures out the reason for the horrible loading times

MaximilianEmel
0 replies
12h37m
htk
1 replies
1d13h

Would be interesting to see a native ARM version coming out of this.

potwinkle
0 replies
1d9h

It seems the engine supports it as a target, even with NEON extensions

seydor
0 replies
1d12h

rockstar should be proud that hackers are applying what they learned from their games

senectus1
0 replies
1d13h
mkl95
0 replies
22h9m

If GTA5 Online on PC is still going to be a thing, the smartest move is probably to open source the code and let the community report and fix vulnerabilities.

jackphilson
0 replies
1d13h

It's interesting how much a community can improve performance. It's hard to imagine him doing all of this without a hacking community to motivate him.

i_am_a_peasant
0 replies
21h1m

Funny thing the whole ordeal but completely useless for anyone who writes code for money. I ain't touching that with a 10ft foot pole.

dukodk
0 replies
1d14h

Maybe the load times can be improved even further now…

ZoomerCretin
0 replies
22h54m

I'm surprised to see so much Ruby used in a video game. Excluding libraries and gems, there exist 627 *.rb files!

Granted, it is all for utilities and automation external to the game itself, but it's definitely not a common language in 2023.

IYasha
0 replies
1d8h

Rockstar, being major deeks to open-source projects, deserve this to the fullest.