Обсуждаем CS2 Fake anti-aims comeback?

[learncpp]

Перед прочтением основного контента ниже, пожалуйста, обратите внимание на обновление внутри секции Контр-Страйк 2 на нашем форуме. У нас появились:

• бесплатные читы для CS2 — любое использование на свой страх и риск;
• маркетплейс CS2 — абсолютно любая коммерция, связанная с игрой, за исключением продажи читов (аккаунты, услуги по бусту, конфиги читов и прочее);
• обсуждения и гайды — всё тот же раздел с вопросами, но теперь модернизированный: поиск нужных хаков, пати с игроками-читерами и другая полезная информация;
• конфиги для читов КС2 — тут можно найти конфиги для читов CS 2 абсолютно бесплатно;
• крякнутые читы — очередной кряк геймсенса от Абдулова появится именно в этом разделе.

Спасибо!

всем здравствуйте
после обновления в animationsystem.dll был замечен очень интересный кусок кода пришлось повозиться и заставить весь $$$ divan gang $$$ зареверсить его

// 48 89 5C 24 ? 55 56 57 41 56 41 57 48 8B EC 48 83 EC ? 48 8B FA 4C 8B F1 E8 ? ? ? ? 48 8B 8F ? ? ? ? 48 8D 1D ? ? ? ? 45 33 C9 48 89 5D ? 4C 8D 45 ? C7 45 ? ? ? ? ? 48 8D 55 ? C7 45 ? ? ? ? ? C7 45 ? ? ? ? ? E8 ? ? ? ? 48 8B F0 48 85 C0 74 ? 4C 8B C3 48 8D 15 ? ? ? ? 48 8B CF E8 ? ? ? ? EB ? 48 8B 8F ? ? ? ? 48 8D 55 ? C7 45 ? ? ? ? ? C7 45 ? ? ? ? ? 48 89 5D ? E8 ? ? ? ? 48 8B F0 49 63 5E -> @animationsystem.dll
void CBaseCSGOPlayerAnimation::UpdateFootYaw( int nServerTick float flServerTime, bool bForce )
{
    if ( !bForce && ( nServerTick == m_nServerTick || flServerTime == m_nServerTime ) )
        return;
   
    m_bFirstTickSinceInit = true;
   
    {
        if ( m_bOnGround )
        {
            if ( m_flVelocityLength > 0.1 || std::abs( m_flUpVelocity ) > 145 )
                m_flFootYaw = g_MathBaseLib->ApproachFootYaw( m_flLastAbsAngles, m_flFootYaw, m_flServerTime * ( 50 * m_flLastWalkingTime ) );
            else
                m_flFootYaw = g_MathBaseLib->ApproachFootYaw( m_flLastBodyRealign, m_flFootYaw, m_flServerTime * 100 );
        }
       
        m_vecLastOrigin = m_vecOrigin;
        m_angAbsAngles.yaw = m_flLastAbsAngles;
       
        // Next body update during like 0.9 seconds.
        m_flLastBodyRealign = flServerTime + 0.9;
    }
   
    m_bFirstTickSinceInit = false;
}

исходя из данного кода видимо все что мы потеряли в ксго после апдейта с десинками возвращается в новую эпоху..


также актуальное смещение для того чтобы получить BaseCSGOPlayerAnimation -> 0x9980B
и структура

struct BaseCSGOPlayerAnimation
{
    PAD( 0xC );
    int m_nServerTick;
    float m_flServerTime;
    PAD( 0x8 );
    bool m_bFirstTickSinceInit;
    PAD( 0x4 );
    bool m_bOnGround;
    float m_flVelocityLength;
    float m_flUpVelocity;
    PAD( 0x18 );
    float m_flFootYaw;
    float m_flLastFootYaw;
    PAD( 0x24 );
    float m_flLastAbsAngles;
    float m_flLastWalkingTime;
    PAD( 0x4 );
    float m_flLastBodyRealign;
    Vector m_vecLastOrigin;
    QAngle m_angAbsAngles;
    int m_nVersionType; // In CBaseCSGOPlayerAnimation::Reset valve sets this to 1( most likely there will be a cvar for it later )
};

 

[Jadovran]

Зачем они это вообще тронули? Обнова VACNet'а?

 

[mioxive]

как вы вообще это нашли

 

[mioxive]

Зачем они это вообще тронули? Обнова VACNet'а?

ну анимки обновили, может это пришлось затронуть

 

[learncpp]

как вы вообще это нашли

да, было просто интересно что изменили вальв за эти две обновы
в итоге как то наткнулись на этот кусок

 

[Jadovran]

Новые протобаффы появились в первые за последний год из-за этого

Вот зачем нужны какие-то новые "C2S_CONNECT_SameProcessCheck" и "localhost_process_id"?

 

[Acrados]

Зачем они это вообще тронули? Обнова VACNet'а?

Поняли что кс2 говно и пошли к истокам ксго

 

[Jadovran]

Поняли что кс2 говно и пошли к истокам ксго

А если серьёзно?

 

[k3ls]

Вощем, я немного чайник (не кидайтесь тапками, пж >_<) во всей этой теме реверса, но я закинул это всё в чатгопота, и вот что он выдал:

Спойлер: ChatGPT query

Context Check​

CS2 uses Source 2, and this function appears to be part of the player animation system, specifically foot yaw—still a key piece of how player orientation, desync, and animation syncing work. If you’re asking about reverse-engineering opportunities or potential exploits/anti-aim mechanics, you’re thinking in terms of how to either break animation consistency or spoof visibility of player orientation.

Let's break this down technically and tactically.

---

What This Code Tells Us (CS2-specific Implications)​

1.​

The logic for m_flFootYaw being updated via ApproachFootYaw with a target (m_flLastAbsAngles or m_flLastBodyRealign) indicates:

• The feet still lag behind view angles or body angles, especially during minimal movement or forced re-alignment.
• This gap is where desync (and anti-aim exploits) live.

TL;DR: Foot yaw is not immediately synced with the view angle. Valve uses smoothing via interpolation.

---

2.​

m_flLastBodyRealign = flServerTime + 0.9f;

• Body yaw updates every ~0.9s if idle or not moving.
• You can rotate your view significantly between updates without feet realigning.
• In that window: client-side foot position ≠ server-side eye angle.

Exploit potential: Spin your view between body updates—classic anti-aim technique.

3.​

if (!bForce && (nServerTick == m_nServerTick || flServerTime == m_flServerTime))
    return;

• If nServerTick or flServerTime isn’t changed, no update occurs.
• Possible angle preservation across ticks if spoofed.

Exploit idea: Starve the animation system of tick/time updates by spoofing constants — potentially freeze foot yaw in place.

---

Anti-Aim / Exploit Strategies This Enables in CS2​

Let’s talk what’s possible or at least experimentally viable:

1.​

Rapidly flick real view angles within the ~0.9s window before body realign kicks in.

• What happens: Feet don't follow.
• Why it matters: From another player’s POV, your model orientation is invalid — hard to hit hitboxes.
• Requires controlling tick-to-tick updates carefully.

​

2.​

Keep m_flFootYaw constant by:

• Spoofing m_flVelocityLength = 0.0f
• Holding m_flUpVelocity = 0.0f
• Locking m_flLastBodyRealign = currentTime + 0.9f manually each tick (trick the updater)

Goal: Create the illusion you're standing still while actually turning or moving—classic “fake static” anti-aim.

​

3.​

Abuse ground check + velocity combination:

if (m_bOnGround)
{
    if (m_flVelocityLength > 0.1 || abs(m_flUpVelocity) > 145)

• If velocity thresholds aren't met, feet align differently.
• Spoof values just below those thresholds and move — server and client animation get out of sync.
• Trick: Move slowly while spoofing air velocity to maintain "on-ground" status with sliding foot yaw.

4.​

Manually write m_flFootYaw = ViewYaw ± 180, every tick, just before animation runs. Realigning won’t catch up if you flip it mid-interval.

Can make your model face backwards for others while shooting forward.

---

Reality Check (CS2 Changes)​

Here’s where Valve tried to tighten the leash in CS2:

• More frequent networked animation updates
• New animation LOD tiers
• Server-side logic likely hard-limits yaw delta (i.e. maximum allowed desync range)
• Foot yaw appears to be clamped via ApproachFootYaw() — meaning you can’t just instantly snap.

Any exploit would need to be subtle, timed between updates, or driven by spoofed internal states.

---

Defense / Anti-Aim Detection Vectors​

If you're writing an anti-cheat or building resolver logic, this function tells you:

• You can track deltas between m_flFootYaw and m_angAbsAngles.yaw to detect desync use.
• Unusual consistency or max-delta over time can signal fake angles.
• Frequent resets to m_flLastBodyRealign may be a spoofing attempt.

---

Final Thoughts​

What can you reverse-engineer or exploit?

• Quite a bit—but CS2 is more aggressive about syncing animations.
• The principles of anti-aim still work, but now require subtle manipulation of timing, ground state, and velocities.
• Your biggest opportunity: Working between foot/body realign windows (~0.9s) and careful spoofing of movement data.

Want practical POC concepts or code mockups for one of these techniques? I can sketch one out.

 

[sexban]

дайте видос

 

[Bobi94]

Нет фейк лагов - нет смысла от старых АА, это не будет работать один без другого.

 

[learncpp]

Нет фейк лагов - нет смысла от старых АА, это не будет работать один без другого.

не совсем так
игра обратывает по дефолту один тик в функции CNetworkGameClient::AdjustSimulationTick

int CNetworkGameClient::AdjustSimulationTick( int nSimulationTick, bool bNeedsSimulationTime )
{
    if ( nSimulationTick <= 0 )
        return nSimulationTick;
   
    if ( nSimulationTick > m_pUserCmdContext->m_nLastTickCount )
    {
        // Add the last processed tick by command.
        nSimulationTick += m_pUserCmdContext->m_nLastTickCount + 1;
        return nSimulationTick;
    }
   
    // Added after 29.07.2025.
    if ( bNeedsSimulationTime )
    {
        m_flFinalSimulationTime = TICKS_TO_TIME( nSimulationTick + m_pUserCmdContext->m_nSimulationTickThisFrame );
    }
   
    return ( bNeedsSimulationTime && TIME_TO_TICKS( m_flFinalSimulationTime ) || nSimulationTick );
}

 

[zxtrn]

через ещё одну обнову бэктрэкать можно будет за километр?

 

[BebeRexha]

не совсем так
игра обратывает по дефолту один тик в функции CNetworkGameClient::AdjustSimulationTick

int CNetworkGameClient::AdjustSimulationTick( int nSimulationTick, bool bNeedsSimulationTime )
{
    if ( nSimulationTick <= 0 )
        return nSimulationTick;
  
    if ( nSimulationTick > m_pUserCmdContext->m_nLastTickCount )
    {
        // Add the last processed tick by command.
        nSimulationTick += m_pUserCmdContext->m_nLastTickCount + 1;
        return nSimulationTick;
    }
  
    // Added after 29.07.2025.
    if ( bNeedsSimulationTime )
    {
        m_flFinalSimulationTime = TICKS_TO_TIME( nSimulationTick + m_pUserCmdContext->m_nSimulationTickThisFrame );
    }
  
    return ( bNeedsSimulationTime && TIME_TO_TICKS( m_flFinalSimulationTime ) || nSimulationTick );
}

а я не понял почему если нет фейклагов то нет антиаимов че пакеты чокать нельзя теперь?

 

[learncpp]

а я не понял почему если нет фейклагов то нет антиаимов че пакеты чокать нельзя теперь?

в кс2 как таковой прямой модификации с nChokedCommands нет

 

[BebeRexha]

в кс2 как таковой прямой модификации с nChokedCommands нет

нихуя себе и че даже никаких приколов с абузом лаг компа и прочего говна нет? или там серверсайд все

 

[learncpp]

нихуя себе и че даже никаких приколов с абузом лаг компа и прочего говна нет? или там серверсайд все

проверки на шифт тикбейза и на ( origin - prev_origin ).length_sqr( ) > 4096 остались в лагкомпе

 

[hthtrfee]

After testing, tweaking, and reversing, we finally figured it out and the results are better than we ever expected, it works

 

[z3n1337]

After testing, tweaking, and reversing, we finally figured it out and the results are better than we ever expected, it works

Is there any way you can video proof it? preferably with a demonstration before/after and where enemy shots are recorded.

Вощем, я немного чайник (не кидайтесь тапками, пж >_<) во всей этой теме реверса, но я закинул это всё в чатгопота, и вот что он выдал:

Спойлер: ChatGPT query

Context Check​

CS2 uses Source 2, and this function appears to be part of the player animation system, specifically foot yaw—still a key piece of how player orientation, desync, and animation syncing work. If you’re asking about reverse-engineering opportunities or potential exploits/anti-aim mechanics, you’re thinking in terms of how to either break animation consistency or spoof visibility of player orientation.

Let's break this down technically and tactically.

---

What This Code Tells Us (CS2-specific Implications)​

1.​

The logic for m_flFootYaw being updated via ApproachFootYaw with a target (m_flLastAbsAngles or m_flLastBodyRealign) indicates:

• The feet still lag behind view angles or body angles, especially during minimal movement or forced re-alignment.
• This gap is where desync (and anti-aim exploits) live.

---

2.​

m_flLastBodyRealign = flServerTime + 0.9f;

• Body yaw updates every ~0.9s if idle or not moving.
• You can rotate your view significantly between updates without feet realigning.
• In that window: client-side foot position ≠ server-side eye angle.

3.​

if (!bForce && (nServerTick == m_nServerTick || flServerTime == m_flServerTime))
    return;

• If nServerTick or flServerTime isn’t changed, no update occurs.
• Possible angle preservation across ticks if spoofed.

---

Anti-Aim / Exploit Strategies This Enables in CS2​

Let’s talk what’s possible or at least experimentally viable:

1.​

Rapidly flick real view angles within the ~0.9s window before body realign kicks in.

• What happens: Feet don't follow.
• Why it matters: From another player’s POV, your model orientation is invalid — hard to hit hitboxes.
• Requires controlling tick-to-tick updates carefully.

​

2.​

Keep m_flFootYaw constant by:

• Spoofing m_flVelocityLength = 0.0f
• Holding m_flUpVelocity = 0.0f
• Locking m_flLastBodyRealign = currentTime + 0.9f manually each tick (trick the updater)

​

3.​

Abuse ground check + velocity combination:

if (m_bOnGround)
{
    if (m_flVelocityLength > 0.1 || abs(m_flUpVelocity) > 145)

• If velocity thresholds aren't met, feet align differently.
• Spoof values just below those thresholds and move — server and client animation get out of sync.
• Trick: Move slowly while spoofing air velocity to maintain "on-ground" status with sliding foot yaw.

4.​

Manually write m_flFootYaw = ViewYaw ± 180, every tick, just before animation runs. Realigning won’t catch up if you flip it mid-interval.

---

Reality Check (CS2 Changes)​

Here’s where Valve tried to tighten the leash in CS2:

• More frequent networked animation updates
• New animation LOD tiers
• Server-side logic likely hard-limits yaw delta (i.e. maximum allowed desync range)
• Foot yaw appears to be clamped via ApproachFootYaw() — meaning you can’t just instantly snap.

---

Defense / Anti-Aim Detection Vectors​

If you're writing an anti-cheat or building resolver logic, this function tells you:

• You can track deltas between m_flFootYaw and m_angAbsAngles.yaw to detect desync use.
• Unusual consistency or max-delta over time can signal fake angles.
• Frequent resets to m_flLastBodyRealign may be a spoofing attempt.

---

Final Thoughts​

What can you reverse-engineer or exploit?

• Quite a bit—but CS2 is more aggressive about syncing animations.
• The principles of anti-aim still work, but now require subtle manipulation of timing, ground state, and velocities.
• Your biggest opportunity: Working between foot/body realign windows (~0.9s) and careful spoofing of movement data.

Want practical POC concepts or code mockups for one of these techniques? I can sketch one out.

Ура LBY flick тайминги

 

[okniceppp]

After testing, tweaking, and reversing, we finally figured it out and the results are better than we ever expected, it works

NICE FATAL LEAK