Hacking CS:GO to Death
“Everyone loves to play a good First Person Shooter, but not everyone opens up a Ghidra session to analyze its code, understand its behavior, and find mistakes in the code.
The goal of the project was to understand the internals of CS:GO enough to exploit the client’s runtime.
With the triage process finally at an end, it is possible now to disclose details of the total of five vulnerabilities, leading to two different complete exploit chains that both enable a malicious community server to take over a CS:GO client connecting to it. The exploits allow a malicious actor to execute arbitrary code, for example, initiate a reverse shell, or gain persistence on the unsuspecting player’s machine.
The vulnerabilities that were in the newest version of the game at the time were all responsibly disclosed to Valve, whose rebranded product, CS2 — replacing CS:GO — is no longer vulnerable to the described exploits. The fix never landed in CS:GO, hence the title.
The technical deep-dive will present the vulnerabilities and the exploits, including a demo. The commentary will discuss my experiences with Valve’s bug bounty and the implications of C code issues.”