🚨INTERVIEW | Developer of one of CS2’s most used external cheats 🚨
We spoke with a developer behind one of CS2’s most popular undetected external cheats.
We spoke about VACnet’s weak spots, detection logic, why externals still work, and why Valve won’t fix it.
⬇️ Full Q&A: ⬇️
We spoke with a developer behind one of CS2’s most popular undetected external cheats.
We spoke about VACnet’s weak spots, detection logic, why externals still work, and why Valve won’t fix it.
⬇️ Full Q&A: ⬇️
Q: Are you doing anything special on the obfuscation side, or does it mostly rely on being external and staying chill? Or maybe is just Valve not showing interest at all.
A: Valve doesn't give a shit. We are an external with extra steps to hide it, and VAC can't see our cheat at all because if it ever tried to read our cheat memory it'll get access violation. Last being a lame replacement for per-user obfuscation.
Basically all VAC can see is some random protected system process with a window it has no access to, neither process or window. That 's pretty much it.
We always seek to improve however, both in terms of stay UD and features.
A: Valve doesn't give a shit. We are an external with extra steps to hide it, and VAC can't see our cheat at all because if it ever tried to read our cheat memory it'll get access violation. Last being a lame replacement for per-user obfuscation.
Basically all VAC can see is some random protected system process with a window it has no access to, neither process or window. That 's pretty much it.
We always seek to improve however, both in terms of stay UD and features.
Q: Honestly it's not pretty hard to stay UD by VAC nowadays as it is… purely ornamental at this point, it was harder to bypass back in the old CSGO days. Do you think if Valve ever did push a serious update (like client-side memory inspection or a kernel AC), a cheat like X would still be safe? Or would that be game over for externals too?
A: We do not change client-side memory, X is read-only. A kernel AC - yes. But that goes against Valve's current policy.
If Valve pushed a kernel AC, we would first try to fight it, hoping Valve doesn't go overboard, then probably shut down for good, but I find that unlikely.
Or, well, go AI/DMA and compensate users too I guess?
If they can't use that however, yes we will largely suffer.
A: We do not change client-side memory, X is read-only. A kernel AC - yes. But that goes against Valve's current policy.
If Valve pushed a kernel AC, we would first try to fight it, hoping Valve doesn't go overboard, then probably shut down for good, but I find that unlikely.
Or, well, go AI/DMA and compensate users too I guess?
If they can't use that however, yes we will largely suffer.
Q: Do you think Valve’s whole “no kernel AC” approach is more about maintaining Linux compatibility or more of a public stance on not being invasive?, some people think (even some other devs) that Valve allow cheating for a financial purpose. Quick tangent btw , what do you think of Valve’s whole approach of basically ditching proper client-side AC and relying on ML + AI to detect cheaters over time? Like, do you think that’s a smart way to scale AC long-term?
A: I think they're doing the right thing focusing on server-side AI and statistical detection, just they're not great at it.
Probably because it's John McDonald solo working on that or like a team of two-three people alongside him?
They gain nothing from allowing people to cheat, people have already cashed in into their system to get skins and the game.
Besides that, CS is so miniscule when compared to the money they get from game sales, Steam fees… it makes even less sense.
Tldr, I think Valve do what they do to either keep the cheating population (which they pretty effectively isolate with trust factor) or they have nobody inside the company to work in the problem to efficiently eliminate it.
A: I think they're doing the right thing focusing on server-side AI and statistical detection, just they're not great at it.
Probably because it's John McDonald solo working on that or like a team of two-three people alongside him?
They gain nothing from allowing people to cheat, people have already cashed in into their system to get skins and the game.
Besides that, CS is so miniscule when compared to the money they get from game sales, Steam fees… it makes even less sense.
Tldr, I think Valve do what they do to either keep the cheating population (which they pretty effectively isolate with trust factor) or they have nobody inside the company to work in the problem to efficiently eliminate it.
Q: So in your opinion, if they did suddenly hire a proper AC team or contracted a serious third-party kernel AC, how hard do you think it’d be to wipe out like 80% of the current cheat market? CS2 is one of the easier if not the easiest game to cheat on right now. And about that part about isolating cheaters with TF instead of banning them directly. Do you think that system actually works well? Like do cheaters end up just playing with each other forever or are there ways around it too? I would like to hear your honest opinion, because I know TF is easy to trick and you can see people literally semi-raging in green TF.
A: Yes, I think a proper AC will be a huge hit on the cheat market - at the price of a lot of users playing on older PCs, though.
Cheater percentage is something I have genuine zero idea on, we have an unknown quantity of bots playing the game, and cheat devs don't exactly share each other's userbase size as you can imagine.
TF works well in Europe and NA, you're heavily unlikely to meet a cheater on green trust below ~18k which is what the system is supposed to achieve.
Most legit players reside below that, and after, they switch to FaceIT.
Green TF is bs because you don't know when it's actually green, keep that in mind.
R2P tab can signify you're in literal purgatory of trust factor or in actual layers of hell.
It doesn't tell you how green you are, all it tells is that you're WAY out of line compared to most players.
Also keep in mind the game uses glicko-2 as a base of ranking system, the ranks you see are just one of the parameters it uses.
And cheaters almost always tend to have higher volatility parameters from my thought experiments compared to normal players. A cheater quickly exceeds the expectations of the system, meaning they get ~+400 each match is a simple proof of that.
A: Yes, I think a proper AC will be a huge hit on the cheat market - at the price of a lot of users playing on older PCs, though.
Cheater percentage is something I have genuine zero idea on, we have an unknown quantity of bots playing the game, and cheat devs don't exactly share each other's userbase size as you can imagine.
TF works well in Europe and NA, you're heavily unlikely to meet a cheater on green trust below ~18k which is what the system is supposed to achieve.
Most legit players reside below that, and after, they switch to FaceIT.
Green TF is bs because you don't know when it's actually green, keep that in mind.
R2P tab can signify you're in literal purgatory of trust factor or in actual layers of hell.
It doesn't tell you how green you are, all it tells is that you're WAY out of line compared to most players.
Also keep in mind the game uses glicko-2 as a base of ranking system, the ranks you see are just one of the parameters it uses.
And cheaters almost always tend to have higher volatility parameters from my thought experiments compared to normal players. A cheater quickly exceeds the expectations of the system, meaning they get ~+400 each match is a simple proof of that.
Q: That whole 18k thing about cheaters not showing up in green trust is interesting… but isn’t that kinda idealized?
I mean, I know for a fact there’s a bunch of X and other external users “semi-raging” or closeting at 10k, 8k, 16k, even 20k+.
A lot of good CFGs bypass VACnet entirely as long as you play cleanish.
Some of them even reach 20-25k and just derank manually to farm.
So wouldn’t that mean TF isolation is not really “working” per se, but just slowing down obvious ragers and semi-ragers?.
Do you think there’s a way to build a strong behavior-based AC system purely on performance metrics like that?
Like a smarter VACnet that only looks at consistency, aim patterns, volatility etc? Having in mind this ML system was implemented around 2018 and now in 2025 struggles to detect obvious cheaters, do you think this system will detect closet-cheaters anytime in the future?
A: People do get 30k with X, but it's pure semi-rage above some point, which is around 18k-ish, which you reach... fast. Given high volatility from glicko-2.
Closeting you simply cannot fight, not even on FaceIT. Of course it's cheaper in CS mm/premier, but still you ultimately can't ever hope to fight it.
It is definitely possible to base an anti-cheat system around statistics, given you have a large number of users vetted for your dataset.
Mind you John Mcdonald got into valve as applied maths/statistical analysis expert, not a coding one.
Big data is scarily effective when used like that, it can kill cheating just as effective as kernel AC's only it won't be bypassable on clientside but rather behaviour based instead.
You can never be sure about its flags, but... Well, vaclives aren't permanent either
Just stop sus players from playing for a couple of weeks and they switch accounts, same as with an actual ban.
The key is to find acceptable length of a ban and certainty your system finds someone cheater. The problem is Valve's structure, have you ever checked Valve's handbook for new employees?
Ah, and also about metrics from csgo - consider them all reset when CS2 dropped.
The Subtick system broke all that. Subtick is so fucked almost all currently existing exploits base around it, including undetected ragebots as in [some other cheat], supposedly.
I have no real clue, but I do think it's actually that.
I mean, I know for a fact there’s a bunch of X and other external users “semi-raging” or closeting at 10k, 8k, 16k, even 20k+.
A lot of good CFGs bypass VACnet entirely as long as you play cleanish.
Some of them even reach 20-25k and just derank manually to farm.
So wouldn’t that mean TF isolation is not really “working” per se, but just slowing down obvious ragers and semi-ragers?.
Do you think there’s a way to build a strong behavior-based AC system purely on performance metrics like that?
Like a smarter VACnet that only looks at consistency, aim patterns, volatility etc? Having in mind this ML system was implemented around 2018 and now in 2025 struggles to detect obvious cheaters, do you think this system will detect closet-cheaters anytime in the future?
A: People do get 30k with X, but it's pure semi-rage above some point, which is around 18k-ish, which you reach... fast. Given high volatility from glicko-2.
Closeting you simply cannot fight, not even on FaceIT. Of course it's cheaper in CS mm/premier, but still you ultimately can't ever hope to fight it.
It is definitely possible to base an anti-cheat system around statistics, given you have a large number of users vetted for your dataset.
Mind you John Mcdonald got into valve as applied maths/statistical analysis expert, not a coding one.
Big data is scarily effective when used like that, it can kill cheating just as effective as kernel AC's only it won't be bypassable on clientside but rather behaviour based instead.
You can never be sure about its flags, but... Well, vaclives aren't permanent either
Just stop sus players from playing for a couple of weeks and they switch accounts, same as with an actual ban.
The key is to find acceptable length of a ban and certainty your system finds someone cheater. The problem is Valve's structure, have you ever checked Valve's handbook for new employees?
Ah, and also about metrics from csgo - consider them all reset when CS2 dropped.
The Subtick system broke all that. Subtick is so fucked almost all currently existing exploits base around it, including undetected ragebots as in [some other cheat], supposedly.
I have no real clue, but I do think it's actually that.
Q: You think that’s why Valve hasn’t patched any of the ragebot stuff properly? Like they’re either overwhelmed or the system’s too janky to even touch without breaking the game (even more)? Kinda ironic though… Valve built this “trust-based” system to isolate cheaters, and then the cheaters ended up understanding it better than Valve does.
Also that bit about big data replacing kernel ACs, sounds great on paper, but how do you even trust Valve to manage a system like that if their structure is that chaotic?
A: I don't trust Valve, I simply said it is theoretically a better approach.
Ragebot stuff, well, I would assume they made vaclive analyze shit per subtick, not per tick, and that's what sucks because a rage shit can send up to 16 subticks per tick (1024 fps each frame inputs equals).
It may work if they actually put work into it, but they will have to put work in a kernel AC all the same.
It's not the problem of approach, it's a problem of lacking manpower.
Also that bit about big data replacing kernel ACs, sounds great on paper, but how do you even trust Valve to manage a system like that if their structure is that chaotic?
A: I don't trust Valve, I simply said it is theoretically a better approach.
Ragebot stuff, well, I would assume they made vaclive analyze shit per subtick, not per tick, and that's what sucks because a rage shit can send up to 16 subticks per tick (1024 fps each frame inputs equals).
It may work if they actually put work into it, but they will have to put work in a kernel AC all the same.
It's not the problem of approach, it's a problem of lacking manpower.
Q: How did you end up on this side of things? Were you always into coding or did cheating just become the weird niche you vibed with?
A: Well, if that makes sense, I was coding since I was like 15 or smth (my dad is a senior dev, so I was always into tech as far as I can remember), when I was at high-school and COVID struck I started playing CSGO a lot, so it kinda evolved from that.
Basically shitpasted stuff for me and school friends back in 2017-ish but that was really fucking bad, I added more and more features to the cheat until I realized even shit coded CSGO cheat was still better then most CSGO externals at that time
which is when I just made a horrible website and a license system and pushed the cheat to yougame (the largest CIS forum on cheating)
[Other dev] kinda joined me back then (dude is insane when it comes to reversing or optimization) so we started gradually adding features, features other cheats didn't have, even back in CSGO.
Mind you I live in Ukraine and even $200 of profit sounded great to me as a side job, especially so as for a student with no real job.
A: Well, if that makes sense, I was coding since I was like 15 or smth (my dad is a senior dev, so I was always into tech as far as I can remember), when I was at high-school and COVID struck I started playing CSGO a lot, so it kinda evolved from that.
Basically shitpasted stuff for me and school friends back in 2017-ish but that was really fucking bad, I added more and more features to the cheat until I realized even shit coded CSGO cheat was still better then most CSGO externals at that time
which is when I just made a horrible website and a license system and pushed the cheat to yougame (the largest CIS forum on cheating)
[Other dev] kinda joined me back then (dude is insane when it comes to reversing or optimization) so we started gradually adding features, features other cheats didn't have, even back in CSGO.
Mind you I live in Ukraine and even $200 of profit sounded great to me as a side job, especially so as for a student with no real job.
Q: So this is like a side hustle for you now right? By the way, do you ever feel weird knowing that legit players are getting stomped by your product? Or do you see it more like: if it wasn’t us, someone else would be doing the same?
A: It isn't a side hustle but I am still in Ukraine. X bring me some cash and that's amazing for all of my purposes. There is money in it, but as in all businesses, unless you invest you get little revenue.
And I genuinely give zero fucks about legit players, closet cheating doesn't hurt them at all (they can't spot it if it's proper closet) and semirage puts cheaters in high volatility and high rank.
Besides, it is true that if it wasn't us it would be other cheats cashing in and I personally think a lot of them are actively lying to their users about undetectability (UD now, sure, but so is a free external you get off github)
And feature-wise I can't name many cheats competing with us.
And at our price? None. (Except [other cheat] if you trust a cheat existing for over half a year and price compete only inside CIS, since they cost $4 for CIS and $8 for everyone else).
A: It isn't a side hustle but I am still in Ukraine. X bring me some cash and that's amazing for all of my purposes. There is money in it, but as in all businesses, unless you invest you get little revenue.
And I genuinely give zero fucks about legit players, closet cheating doesn't hurt them at all (they can't spot it if it's proper closet) and semirage puts cheaters in high volatility and high rank.
Besides, it is true that if it wasn't us it would be other cheats cashing in and I personally think a lot of them are actively lying to their users about undetectability (UD now, sure, but so is a free external you get off github)
And feature-wise I can't name many cheats competing with us.
And at our price? None. (Except [other cheat] if you trust a cheat existing for over half a year and price compete only inside CIS, since they cost $4 for CIS and $8 for everyone else).
⚠️ Note:
The dev chose to remain anonymous, and we’ve replaced the cheat name with "X", because this isn’t about cheating promo.
The conversation was shared with me by a contributor to VACdeluxe, who handled the questions directly.
As always, my goal is to provide a clearer understanding of the systems, behaviors, and blind spots affecting CS2’s competitive integrity.
Thanks for reading.
The dev chose to remain anonymous, and we’ve replaced the cheat name with "X", because this isn’t about cheating promo.
The conversation was shared with me by a contributor to VACdeluxe, who handled the questions directly.
As always, my goal is to provide a clearer understanding of the systems, behaviors, and blind spots affecting CS2’s competitive integrity.
Thanks for reading.
Q: So this is like a side hustle for you now right? By the way, do you ever feel weird knowing that legit players are getting stomped by your product? Or do you see it more like: if it wasn’t us, someone else would be doing the same?
A: It isn't a side hustle but I am still in Ukraine. X bring me some cash and that's amazing for all of my purposes. There is money in it, but as in all businesses, unless you invest you get little revenue. And I genuinely give zero fucks about legit players, closet cheating doesn't affect them at all (they can't spot it if it's proper closet) and semirage usually puts cheaters in high volatility and high rank.
Besides, it is true that if it wasn't us it would be other cheats cashing in and I personally think a lot of them are actively lying to their users about undetectability (UD now, sure, but so is a free external you get off github). And feature-wise I can't name many cheats competing with us. And at our price? None.
A: It isn't a side hustle but I am still in Ukraine. X bring me some cash and that's amazing for all of my purposes. There is money in it, but as in all businesses, unless you invest you get little revenue. And I genuinely give zero fucks about legit players, closet cheating doesn't affect them at all (they can't spot it if it's proper closet) and semirage usually puts cheaters in high volatility and high rank.
Besides, it is true that if it wasn't us it would be other cheats cashing in and I personally think a lot of them are actively lying to their users about undetectability (UD now, sure, but so is a free external you get off github). And feature-wise I can't name many cheats competing with us. And at our price? None.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
