Call it cheating, hacking, or just plain pwning, using an aimbot in a First Person Shooter (FPS) undoubtedly provides a decided edge. These little tools can turn even the greenest of noobs into full-fledged fraggers in no time, but how exactly does an aimbot allow that player to completely dominate the game? How do they know where you are at all times? Why do they seem to shoot you square in the head with a pistol, while running and jumping no less, from across the map without even appearing on your screen? These are some of the questions I will try to answer here in this look at how aimbots work.
The first point to clarify is that there is no single and universally applicable aimbot that you simply turn on and watch play. The term is actually used to refer to software which is either created to run alongside an FPS, or any number of different modifications to game files that exploit varying aspects of the game code to a player’s advantage. Because of these advantages aimbots are generally prohibited from multiplayer gameplay on the public servers of most games, some of which actively seek out behaviour consistent with aimbotting and kick and/or ban the offending player.
The first aimbots to make their way into FPS games were known as colour aimbots. A Colour aimbot is usually a separate program that runs in the background concurrently with the game. For this type of aimbot to work, the user must assign a particular RGB colour value as the target, usually the colour value of the skin or uniform of the designated enemies. During gameplay, the colour aimbot will seek out that particular colour code on the player’s screen and snap the cursor or crosshair to that pixel location. Generally speaking, the faster the processing speed of both the CPU and graphics card of the user’s computer, the faster the aimbot will process the target and draw the cursor to it. Colour aimbots can also be configured to automatically fire the selected weapon when the cursor reaches the target, eliminating the need for the player to click the mouse. While this type of aimbot is relatively effective considering it does not require the modification of any game files, the inherent drawbacks are that it will often fire at the landscape, dead bodies, and teammates if they match the target colour code. Colour aimbots are usually much less effective in newer games where high quality graphics rendering using light and shadow constantly change the colour code of moving players making it much more difficult for the aimbot to consistently find the correct RGB value and identify a target.
In response to these developing complications, aimbots began to incorporate more sophisticated processes than simple colour recognition. One such advance was the development of what are commonly referred to as “content hacks.” Rather than simply search the screen for a specific colour, this type of aimbot is actually more of a customization of settings. The user modifies their graphics display settings so that the game will render images differently. A common employment of this type of hack is to force the game to render enemies in bright red, friends in bright blue, and walls and other objects as transparent except for small grid lines that show where they start and end. Doing so makes it impossible for enemies to hide behind walls or in shadows as the user can always track their movement provided they are looking in the right direction. Content hacks are particularly effective because since no game files are actually tampered with to create this type of interface, anti-cheat software cannot always discern whether or not this type of hack is being used.
Interestingly enough, this type of content hack can actually be used in conjunction with the older colour aimbots to make a very effective combination. Because the content hack renders the enemies as a single consistent colour, a colour aimbot configured to target that RGB code will have almost no margin for error. The bot will likely attempt to shoot players that are visible through objects and walls, but otherwise it will always find the proper target.
Innovation in the field of aimbot creation also brought what are known as client hook aimbots. These aimbots provide an advantage by allowing the user to tinker with game mechanics such as the recoil on weapons or the transparency of solid objects such as walls. Unlike the colour aimbots or content hacks, client hook aimbots give the user the ability to track enemy players based on their position as recorded by the game’s memory. This eliminates the false targeting of colour aimbots. These aimbots work by modifying either the dynamic-link library (.dll) or executable (.exe) files of the game itself. They gain access using what is known as a DLL injection whereby the user forces the executable file to run a modified dll file alongside all of the standard game files. This foreign dll file is where the code is written that changes the game mechanics from their original function to give the user a decided advantage. For more information in Dll injection and a great tutorial check out this forum post. Unfortunately, because this type of aimbot modifies game files, they are usually easier for anti-cheat software such as Valve’s Anti-Cheat (VAC) or PunkBuster.
The last and perhaps most complex type of aimbots are known as graphics driver aimbots. By hickjacking information from the graphics rendering software (such as DirectX or OpenGL), this type of aimbot is able to pinpoint the three dimensional coordinates of all players on the server. In some versions of this type of aimbot the user can actually enter a player’s screen name and have the aimbot track that player until he or she comes into unobstructed view at which point the aimbot will begin firing the selected weapon. This type of aimbot can be particularly effective since it can track players well out of the user’s visible range and actually shoot targets that cannot actually be seen on the screen.
I think that it would be appropriate to close with a youtube video of what is perhaps one of the best recorded examples of aimbotting. This particular user’s aimbot combines a content hack, that renders the enemies in yellow and red while displaying friends as blue and green, a graphics driver hack that tracks players across the map, a colour aimbot that draws the cursor to the red and yellow targets and fires immediately, and a client hook that appears to reduce the gun recoil. At 2:28 we see the user open the aimbot interface indicating that it is a separate program running concurrently to the game that is modifying the gaming experience. Enjoy!