Jump to content
  • 0
Vince

Client Exploits

Question

As for the game running on multiplayer servers are clients able to edit server stats of players and or player location?

Just need to know if I need to create a anti-exploit for movement and if their able to edit the server that's not good. 😕

 

Just wondering about the setup or other details pertaining to this.

Share this post


Link to post

6 answers to this question

Recommended Posts

  • 0

An game engine is exploitable. It's why valve has VAC software.

IMO player movement is a fairly small exploit. Depending on the type of game you are making, there are exploits far more damaging.

FPS - suffers from auto-aim bots
MMORPG - Duplicate items, auto xp

Player movement hacks are less likely as you have to find the memory address of the player positions in the application memory and then modify that memory externally.

Auto-aim bots, and auto xp bots are more likely as you don't have to worry about cross application memory. On most modern operating systems application memory is stored in pages. These pages are protected by the operating system to make sure your program doesn't bump into another applications memory. A common way to get past this protection is to do DLL injection. Basically take a commonly used DLL by your game (libcurl for example), modify the library to function exactly how it normally does, plus add in hooks to let you control the game.

TLDR:

Yes

Share this post


Link to post
  • 0

Hmm, I’d need to learn more about how that works to protect against it and automatically shutdown the client for exploiting.

Planning on making an MMORPG, aim bots would be easy to prevent, just track mouse movement and make sure it's not an instant jump, humans move the mouse more jagged/wavy vs a robot being perfectly straight.

I've made pretty good anti-exploit on other games I've worked on in the past so I just need to figure out how they work and make some on here.

 

Not sure if you could give some additional in site on how they would edit their invy/items so I can possibly prevent it and other exploits if possible.

 

Edit:

Sounds like I may need to log item/stat edits with a timestamp to verify it via the server,  but they could mess with that too as it's all open?

Share this post


Link to post
  • 0
10 hours ago, Vince said:

As for the game running on multiplayer servers are clients able to edit server stats of players and or player location?

No.  Clients typically can't hack servers directly.  If you have your own server (your computer or one you rent) then setting up a proper authoritative server (https://www.gabrielgambetta.com/client-server-game-architecture.html) will allow you to handle the vast majority of hacks.  This includes positions, items, stats, XP, etc.

Auto-aim bots are a bit tricky because they're often smarter than just instantly snapping to an enemy.  I've also seen a hack that highlighted enemies behind walls, which doesn't need any interaction with the server so it's mostly a fool-proof cheat (you could check the computer for any hack programs running but that's probably beyond how far you want to go).

Share this post


Link to post
  • 0

Think I'd be able to check if they have added instances to detect that with some sort of an instance added detector to see if it's actually something not added by the game on their client and then ping their client to check for network connection so if the ping is nil then I can kick them from the server for disabling the script that contains the other anti-exploit stuff to help stop it or something. That's how I set it up on my other anti-exploit I made on another game engine. 

Share this post


Link to post
  • 0

You mean if they start a new program while they're running your game?  You probably don't want to assume that that's a hack.  They could be opening a music program, notepad to take notes, a browser, anything.  Plus they could run the hack even before they start your program.

Not sure what a nil ping has to do with hacks.  A hack wouldn't prevent the program from sending and receiving packets (unless maybe you're talking about lag switching).

  • Like 1

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...