how do aimbots/wallhacks auto-target and shoot through walls?
In order for your computer to display the enemy on your screen, it must know where the enemy is. The game server will send this data out regularly, since the server is the one handling the data from everyone’s computers. Usually, the game will display the wall in front of the enemy instead of the enemy itself, so all you can see is the wall; you’ll have no idea where the enemy is. But an aimbot or wallhack can read that signal telling your computer where the enemy is and then either let you know where they are (wallhack) or aim your weapon at them (aimbot) before they’re actually visible on screen.
Your computer already knows where all nearby targets are. Precisely. That’s how it knows what sounds to play and what image to show you, as well as predicting what consequences your actions have before the server has a chance to confirm.
So it does the simple math to find the angle you face if you want to hit them precisely in the head. It then does this and fires. Boom, easy.
There’s a lot going on when it comes to making hacks for video games. The main thing is server vs client. Pretty much every hack you see that happens in any video game is manipulating client-side code in some way. This is actually what makes anti-cheat hard to do.
The server of a game is to mostly keep clients synced with each other and sometimes keep players in line.
The client is what the player uses, so everything on your screen is apart of the client, basically works with the server to get information and your client gives the server your information.
If you were to get a bird’s eye view of a game’s map and remove ceilings or anything to obscure your view of the players you’d be able to see every player in the match. Interestingly, enough for most games the each client is simulating what the other player’s are doing and if lag is bad you could very well see a slightly different game.
The problem comes from this client-server relationship is that data from other players (like position, armor/cosmetics, maybe health, etc) are being sent to your client, even if you cannot see the player on your screen.
Since the client is on your computer, if you had the know-how you can find the other player’s information in memory. Since it’s on your computer’s memory you can change it or use it to your advantage. The actual how of obtaining this information is a bit beyond eli5.
Essentially, aimbot, wall hacks, etc look up certain values in memory and draw or aim on them on screen, and/or shoot.
Now you’re probably thinking why don’t they just put it on the server? The problem is that twitch reaction games like CoD, CSGO, etc work better when the client does things like reading keystrokes or mouse information better and more smoothly. If they only sent other players information things like lag might make it look like players appeared out of thin air. Another issue is rubberbanding, if connection is poor or delayed or the server is having issues, you could keep teleporting back to the last known location, which frustrates the player.
An aimbot is not looking at the image being rendered for you on screen, instead it’s looking at the raw data of other players positions in the world relative to you and doing the math to figure out exactly what angles to point your camera in to hit a chosen point on those players bodies. It may also look at the map itself to determine if there are obstacles between you and your target and whether or not your current weapon can pierce that obstacle.
You’re dependent on what you can see, ie what the game is designed to show you, where as an aimbot is looking at raw information that isn’t really available to a normal player.