Guide What does Server Sided mean? Can't change online variables?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,349
78,998
2,412
Anticheat
N/A
Tutorial Link
N/A
How long you been coding/hacking?
5 Years
Coding Language
N/A
What does Server Sided mean? How to change server sided variables?

There is a reason everyone on the server does not have 999,999,999 gold.

Multiplayer games are designed in a way that makes changing important variables such as health, gold, ammo etc... impossible.

These variables are referred to as being "server sided".

The developer of the game decides what important variables must be calculated by the server. This way the client cannot change the value and it prevents hackers from completely ruining a game.

This is the authoritative server client replication model that all games use. You truly cannot trust anything from the client and the developers know that.

Here's how an example server / client communication may occur:
  1. The client sends data to the server
  2. The server overwrites some of it's local data with the data the client sent it
  3. The server does some calculations and overwrites some more data with the result of the calculations
  4. Then the server sends the client some data back
  5. The client overwrites it's local data with the data that the server sent it
  6. The client side value you set is now overwritten by the server, i.e. it's server sided

The client and the server are constantly sending the "current state" of the server and client to each other. Therefore when you told the server you had 1337 ammo, it sent a packet back that said you only had 30 ammo.

The server is authoritative over things like gold, health, mana, attributes etc...Anything that hackers would want to modify which would ruin the game, the server will be authoritative over.

The client is authoritative over the view angle, movement, position & animations and other similar things. The reason is because these things would use too many server resources to keep track of on the server. Certain things the client is authoritative over are done that way for efficiency. In many cases the server and client are using prediction algorithms to predict your position in between state updates.


Authoritative Server / Client Replication Networking Model
Here are some interesting articles on the client server model used in some video games:
So how do we hack server sided games?

ESP and aimbot is possible in every game because the client:
  • Must know the position of the enemies
  • Angles are client sided
  • Has control over what gets drawn on the screen.

Exploiting Client Side Logic Holes
The trick is to find what the client does have control over and how we can exploit that to create undesired behavior.

Example
In assault cube you can't tell the server how much damage to do when you shoot someone, this is server sided.
But the client can tell the server what type of hit it is, so if you tell the server every hit is a headshot with the sniper rifle, then you get 1 hit kills.

Bypass Normal Logic by Packet Editing
Often times the functions will have error checking and sanity checks that would make spoofed function calls never make it to the server. But these are not always done on the packets server side so by utilizing packets and bypassing the in-game functions it is sometimes possible to do sneaky stuff.

Learn more about packet hacking here: Guide - Game Hacking Using Packets ? Start Here

It's Not That Easy
Packet hacking may rely on exploiting some logic bug like a sign/unsigned mismatch or integer overflow.

It's not like you SendServer("I have lots of gold") and it's just like SendClient("ok fam nice job, here you go").

It's always more complicated than that.

Exploiting Logic Bugs In MMOs
Manfred has several videos on the topic of exploiting serverside integer flaws including overflows and signed/unsigned mismatches, it's advanced stuff and not for noobs.

1st video: https://guidedhacking.com/threads/d...-hacking-better-graphics-same-exploits.10601/
2nd video: https://guidedhacking.com/threads/manfred-interview-with-darknet-diaries.14577/post-88717
Darknet Diaries Podcast Episodes: Manfred (Part 1) – Darknet Diaries & Manfred (Part 2) – Darknet Diaries

Conclusion
You cannot change gold, ammo and other variables in multiplayer games because they're server sided, meaning the server controls them, not the client. The reason every game has aimbot and ESP is because these are things the client has control over. The only way to affect server sided variables is to find a logic bug. This is not for noobs and is uncommon. If you're a noob and trying to change server sided variables, just give up and focus on something else.
 
Last edited:

Akaion

Wizard
Meme Tier VIP
Trump Tier Donator
Oct 13, 2018
234
7,968
14
I really hope a lot of people will read this before asking absurd questions. Very nice post.

It may be worth mentioning (not endorsing) that it is possible to craft / edit packets and send them to the server to make them think you are doing certain actions.

For example, when you pick up gold after killing a monster, a packet is sent to the server telling it that you picked up x amount of gold and to add this to your gold total in its database. You could (very easily in some games) send a bunch of packets to the server telling the server that you picked up x amount of gold and it will add this to your gold total.

Whilst it's quite a grey area and not what we are about on this forum (as it can definitely be grounds for a lawsuit) it is interesting to know how it works.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,349
78,998
2,412
Yeah we should add links to the manfred videos that's probably the best intro to that topic
 

ronop1

Newbie
Dec 27, 2017
4
14
0
There is a reason everyone on the server doesn't have 999,999,999 gold. Multiplayer games are designed in a way that makes changing important variables such as health, gold, ammo etc... impossible.

These variables are referred to as being "server sided".

The developer of the game decides what important variables must be calculated by the server. This way the client cannot change the value and it prevents hackers from completely ruining a game.

This is the authoritative server client replication model that all games use. You truly cannot trust anything from the client.

The client sends data to the server, the server overwrites some of it's local data with the data the client sends it. The server then does some calculations and overwrites some more data with the result of the calculations. Then the server sends the client some data back. The client overwrites it's local data with the data that the server sent it.

he client and the server are constantly sending the "current state" of the server and client to each other. Therefore when you told the server you had 1337 ammo, it sent a packet back that said you only had 30 ammo.

The server is authoritative over things like gold, health, mana, attributes etc...Anything that hackers would want to modify which would ruin the game, the server will be authoritative over.

The client is authoritative over the view angle, movement, position & animations and other similar things. The reason is because these things would use too many server resources to keep track of on the server. Certain things the client is authoritative over are done that for efficiency. In many cases the server and client are using prediction algorithms to predict your position in between state updates.

ESP and aimbot is possible in every game because the client must know the position of the enemies and has control over what gets drawn on the screen.

The trick is to find what the client does have control over and how we can exploit that to create undesired behavior.

For example in assault cube you can't tell the server how much damage to do when you shoot someone, this is server sided. But the client can tell the server what type of hit it is, so if you tell the server every hit is a headshot with the sniper rifle, then you get 1 hit kills.

Often times the functions will have error checking and sanity checks that would make spoofed function calls never make it to the server. But these are not always done on the packets server side so by utilizing packets and bypassing the in-game functions it is sometimes possible to do sneaky stuff.

But this still relies on exploiting some logic bug like a sign/unsigned mismatch or integer overflow. It's not like you SendServer("I have lots of gold") and it's just like SendClient("ok fam nice job, here you go"). It's always more complicated than that.

Conclusion:
The reason every game has aimbot and ESP is because these are things the client has control over. The client decides what gets drawn on the screen and the client is authoritative over view angles.
You cannot change gold, ammo and other variables in multiplayer games because they're server sided, meaning the server controls them, not the client.
The only way to affect server sided variables is to find a logic bug. This is not for noobs and is uncommon. If you're a noob and trying to change server sided variables, just give up and focus on something else.

Here are some interesting articles on the client server model used in some video games:
https://developer.valvesoftware.com/wiki/Source_Multiplayer_Networking
https://fabiensanglard.net/quake3/network.php
https://gabrielgambetta.com/client-server-game-architecture.html
https://wiki.beyondunreal.com/Every...ow_about_replication_(but_were_afraid_to_ask)
https://developer.valvesoftware.com/wiki/Networking_Entities
thats make sense mate but.. i heard you can change those server side values with something like Sql injection i saw one do it. but anyway thats some great information mate
 

Lukor

ded
Meme Tier VIP
Fleep Tier Donator
Dec 13, 2013
500
6,253
25
SQL Injection is a decade old problem that still many devs don't think about.
It can occour at any place you are able to enter arbitrary text.

Rudolph is right. In most places this would be illegal as you are purposely attacking something outside of your owned hardware/software.
 
  • Like
Reactions: Rake

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,349
78,998
2,412
I just updated this guide, if you have any good information or resources to add, please do so
 
  • Like
Reactions: XdarionX

timb3r

Semi-Retired
Dank Tier VIP
Jul 15, 2018
768
24,668
47
Maybe add something like:

If you're unsure on the legality of what you're doing just remember the golden rule: is what I'm doing going to cost someone money? If the answer is yes then expect someone to come after you legally.

Example of things that will get you in trouble:
  1. DDoSing a server.
  2. Remotely attacking a server in order to gain unauthorised access.
  3. Duping items in a game with an economy based on real money (for profit).
  4. Releasing or selling information that may allow other people to do the same.
Things that are a nuisance and will probably only result in a ban:
  • Spamming chat services.
  • Griefing players.
  • Duping items (that have no real value).
  • One hit kills.
  • Mob spawns.
This doesn't necessarily mean you're going to be safe because you did x instead of y. Game companies are alot more hostile these days so just be careful what you get up to.
 

Jenny

Full Member
Mar 22, 2020
5
122
0
Hello there,
I'm new to this community so please don't hit me if this question might be stupid, but I was really thinking about, how it is possible to give a character money in GTAV if money is server sided and you can also pay for it to get some?
If it works in a Triple A Game why shouldn't it work in an MMO.
In this thread, you wrote about a solution of using Logic Bugs/Wholes, but is this really the only way to access this kind of data?

hope it was clear and not to stupid.😅
 

PsyBot

Full Member
Nobleman
Aug 18, 2018
171
1,548
8
Hello there,
I'm new to this community so please don't hit me if this question might be stupid, but I was really thinking about, how it is possible to give a character money in GTAV if money is server sided and you can also pay for it to get some?
If it works in a Triple A Game why shouldn't it work in an MMO.
In this thread, you wrote about a solution of using Logic Bugs/Wholes, but is this really the only way to access this kind of data?

hope it was clear and not to stupid.😅
I think it's all managed server side. We are talking about Rockstar Games... The only hacking window in this case is mess with server packets, but the server can investigate on it. If you buy an house which costs 150,000 and your heritage decreses only of 1,000 the server can flag you. You could try to simulate a disconnection few ms before complete the transiction but i don't think it will work. Since all transiction is managed by the server you have to find a bug in this whole system and use it in your favor.
 
Last edited:
  • Like
Reactions: Jenny

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,349
78,998
2,412
how it is possible to give a character money in GTAV if money is server sided and you can also pay for it to get some?
Please link me to the service which claims to do this on official servers
 

Jenny

Full Member
Mar 22, 2020
5
122
0
I think it's all managed server side. We are talking about Rockstar Games... The only hacking window in this case is mess with server packets, but the server can investigate on it. If you buy an house which costs 150,000 and your heritage decreses only of 1,000 the server can flag you. You could try to simulate a disconnection few ms before complete the transiction but i don't think it will work. Since all transiction is managed by the server you have to find a bug in this whole system and use it in your favor.
Okay, so it's all about using the bugs of the game. Thank you!
 

Jenny

Full Member
Mar 22, 2020
5
122
0
Please link me to the service which claims to do this on official servers
Its already some years ago, but friends of mine did so. They used undetected trainers to simply add cash to your ingame account.
 

PsyBot

Full Member
Nobleman
Aug 18, 2018
171
1,548
8
Its already some years ago, but friends of mine did so. They used undetected trainers to simply add cash to your ingame account.
I don't think so. The lastest exploit dates years ago, it used a promotional offer to get profit. A trainer simply changes the client variable, but in the moment you make a purchase the server uses the server side variable stored in the database. Your client side variable is here just to "show you how much money you have".
 
  • Like
Reactions: Jenny

Jenny

Full Member
Mar 22, 2020
5
122
0
I'm trying to understand the complex system, but that makes sense.
I'm just starting with game hacking so thank you for the answers. 🙏
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,304
37,938
270
GTA V Is just a poorly written game. They can do something like player->money=5000000000, but R* will see it, what they instead do is spawn money bags or whatever it is which the player is for some reason allowed to do
 

PsyBot

Full Member
Nobleman
Aug 18, 2018
171
1,548
8
GTA V Is just a poorly written game. They can do something like player->money=5000000000, but R* will see it, what they instead do is spawn money bags or whatever it is which the player is for some reason allowed to do
OMG i forgot the spawn of stuffs. What a great shit.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,349
78,998
2,412
and don't forget, the economy in GTA V is meaningless, it has no effect on the larger ecosystem. A broken economy in a MMO, ruins the game
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods