this post was submitted on 20 May 2024
471 points (97.0% liked)

Funny: Home of the Haha

5712 readers
1086 users here now

Welcome to /c/funny, a place for all your humorous and amusing content.

Looking for mods! Send an application to Stamets!

Our Rules:

  1. Keep it civil. We're all people here. Be respectful to one another.

  2. No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.

  3. Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.


Other Communities:

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 6 months ago (1 children)

What's going to tell if the client has been modified? The client, which has been modified...?

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

The server. Like how some games handle the hit detection client side (counter-strike) and others do it server side (battlefield). If everything was handled server side, the server should be able to detect modified clients and not permit them to even connect. This is basically how Blue Sentinel for Dark Souls 3 works. It's a 3rd party anti-cheat that can detect modified clients and block them from connecting to you or vice versa if the client data doesn't match up. This way you can only connect to vanilla clients if you're playing vanilla or only to clients also running the mod you're running.

[–] [email protected] 1 points 6 months ago (1 children)

And who tells the server that the client hasn't been modified...?

But then you started to being in external solutions, which of course themselves could be modified, and you're starting to answer your own question about why it's pretty hard.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

And who tells the server that the client hasn't been modified

The server itself checks against what is allowed and what isn't. It knows what the clients should be doing, and if they do something else it's flagged. External hacks still, afaik, hook into the client and change the code as it is executed but still before it's sent to the server, so you could still be checking against what the client is actually doing.

The external solution I mentioned in Blue Sentinel only exists because such a thing was not built into the game itself by FromSoftware, but there is no reason why it couldn't be.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

You're not a developer, I take it.

Ironically, this is the kind of thing that sebinspace was complaining about, even if you're saying more than just "it's not hard!"

But the server only knows what the clients tell it. It's not psychic or magic. And if the client is compromised, there's all kinds of things you can do. One of the main goals is often just making exploits/cheats as difficult as possible.

On the client-side, some of the anticheat solutions are designed to help prevent the client being modified, or be able to detect if memory of running client has been modified, etc.

Some are to do some kind of regular cryptographic hash of what's in memory and send that home in a way that is difficult to hack. But that's difficult too because all the info needed to generate and send this home are running client-side. Its one reason that having TPM chips and things are potential security benefit.

But the point is that this is NOT simple.