[Multiplayer] (Huge Game Breaking Exploit With Proofs) Increasing Class Perks From Config Files [Edit: Just a Placebo effect.]

Users who are viewing this thread

Errayn

Sergeant Knight at Arms
First of all this may be "legit hacking" instead of being "exploit". Tonight I saw a forum post about that and we tried it. While we have a tournament going on this exploit needs an immediate fix. If you increase your character skills from config files it makes you swing sword faster. Let's you have much better accuracy even you can have %100 accuracy in the air. You can throw axes without waiting to get accurate. I also have a video as proof. You can see it down here.



Edit:
Also I didn't try it for other skills like riding, movement speed etc. We may have a lot bigger problem than it seems.





-Edit: Tonight we tested this again with DM and Taleworlds Devoloper (NIN3) also talked about other exploitable ways with xml files etc. it seems does nothing and has only visual for the client and it was a Placebo effect.
 
Last edited:

bug report from 1 week ago and Taleworlds' answer about it :

unknown.png


We don't think that it is impossible... and needs to get fixed immediately.
I am also sending the exploited file to @MArdA TaleWorlds and not publishing it here.




-Edit: Tonight we tested this again with DM and Taleworlds Devoloper (NIN3) also talked about other exploitable ways with xml files etc. it seems does nothing and has only visual for the client and it was a Placebo effect.
 
Last edited:
There are some rival players in clan matches that we think apply this. As if it is not enough to struggle with enough mistakes, we also struggle with this situation. We saw few people attack that fast. We thought this was caused because of lower pings. Lately we took someone into clan who's playing with ~10 ping. I can assure you he can't hit that fast and he also complains about fast attack speeds for some people.
 
Finally Taleworlds adds the feature to increase/decrease server attack speed. Good work!
it is not server sided exploit it is indeed player sided. Players who don't have this eploited file, can not attack faster.





-Edit: Tonight we tested this again with DM and Taleworlds Devoloper (NIN3) also talked about other exploitable ways with xml files etc. it seems does nothing and has only visual for the client and it was a Placebo effect.
 
Last edited:
Hey just to clear this up. What you are seeing in that video, is not what's happening on the server and for other clients.


If you edit your files like this, you will see the edited numbers in the armory and your character will seem like it is super fast and has 1000% swing speed or whatever. But the server only accepts realistic inputs from you and everyone around you (if their files are also not edited) will see it just like normal.
 
What if they edit values inside realistic limits? Someday we might see improved MP experience, and if it comes.. I wonder if some ppl could adjust input realisticly (that server reads) or not.

Sum..
Do servers record&check profile progress just like checking realistic inputs?
 
Hey just to clear this up. What you are seeing in that video, is not what's happening on the server and for other clients.


If you edit your files like this, you will see the edited numbers in the armory and your character will seem like it is super fast and has 1000% swing speed or whatever. But the server only accepts realistic inputs from you and everyone around you (if their files are also not edited) will see it just like normal.

Thats also what i thougt but we tested this with group of people that has the exploit or not, has a low ping or high ping etc and made duel with each other. It makes people to spam better, fake faster, attack faster also kick better that normally you shouldn't able to with native files. I am not saying it makes swing 1000% faster etc it clearly gives players who is using it clear advantage. Normally peoples character size should be equal to realistic inputs but we saw giant ones smaller ones etc. "Normally server only accepts realistic inputs from everyone" but for that it didn't worked that way until it got fixed. from the tecnical part it looks like bull**** but it just works.

Quote from bug report.

Editing mpcharacters.xml and changing the stats of the classes seems to give you an advantage over other players. I thought local file editing is only client-sided but doing this actually seems to work. You seem to be able to swing faster in general and it doesn't feel client-sided because those hits sync up with the server. I think there are probably players already using it if this is true because you likely wondered sometimes how someone can seemingly hit 2.5x faster than you under the exact same circumstances. I found that it's pretty useless to change the crossbow and bow values because it basically forces you to reload the crossbow twice and when using a bow, it'll probably result in your arrow curving oddly.

I can't 100% confirm this exploit because I'm only 1 person and latency + server stability could have made it feel like it works. So, if others test this, maybe they'll have the same or different results.
How to Reproduce: Edit mpcharacters.xml and change the stats of the heroes. 200 might be the max you can increase it to and anything beyond that is pointless.



I am saying that again it does not makes your swing 1000% faster etc. But give players clear advantage. In a serious/ranked envoriment even 1 ms faster speed is important or any slightly advantage or even having a smaller character size (i know character size exploit got fixed saying it just to give example).




-Edit: Tonight we tested this again with DM and Taleworlds Devoloper (NIN3) also talked about other exploitable ways with xml files etc. it seems does nothing and has only visual for the client and it was a Placebo effect.
 
Last edited:
I don't think ppl above knows what you are talking about.







Imagine you need to get up the next day at 6:00 AM because you need to get to your workplace by 6:30AM.
(0.5 seconds later, the server will receive your attack input)

But you are not allowed to have any kind of clock to control your timing
(uncertain network delay)

How do you make it?
(make an attack as close as on the "server acceptance" slot)

Answer: get up earlier, wait outside your workplace until your supervisor opens the front door.
(faster client side input)
 
I tried this as far back as the beta, the server will always compensate for it.




The only way for it work, was to throttle the packets send to the server to an absurd low amount. But even then it didnt actually work. You need to do more testing

So like Nin said, its client sided
 
It doesn't even work xD
In theory your client will just tell the server "I want to attack from the left side" and the server will calculate your movement speed / swing speed by all data he has. Thats why you cannot hit after a round has ended or when a battle server crashes. It simply is not calculated clientside.
So even if you increase your swing speed to 1000, the server will synchronize your normal swing speed to other players cause he doesn't even know that you edited those numbers.
By editing those numbers you will only confuse yourself. Everyone else should be totally fine.
 
It doesn't even work xD
In theory your client will just tell the server "I want to attack from the left side" and the server will calculate your movement speed / swing speed by all data he has. Thats why you cannot hit after a round has ended or when a battle server crashes. It simply is not calculated clientside.
So even if you increase your swing speed to 1000, the server will synchronize your normal swing speed to other players cause he doesn't even know that you edited those numbers.
By editing those numbers you will only confuse yourself. Everyone else should be totally fine.

What about my experience with HYS6 where I used a tra.... to change everyone's atmosphere in online season? I didnt affect others permanently(which i could in what it offers), but quite temporary ? All were in online season, but "confused myself" ?
 
You need to provide more informations, I don't understand what you are talking about.
You changed like the weather for everyone? Or what exactly do you mean?
 
Yes, i changed it like an admin. However i was just another player in that online mp game.. So, can we really say that there is no chance to a gamebreaking touch for Bannerlord servers? Just wondering, and asking cheat-proof protection for bl mp.
 
Guys.
He doesn't mean a hacky client input will change the server-side speed.
He means hacky client input will make the server-side act closer to low-ping behaviour.

------

His assumption:
The game has intervals between feints. And of cause, the client-side's interval doesn't matter. Server-side control everything.
But...
how do devs handle uncertain network delay?
(Player clicks just in time, server-side thinks he is too early, so cancels his attack. That will be annoying)
I guess to handle this, we use an input queue.
(server-side temporary put incoming player inputs into a queue, trigger them in order, or whenever the cooldown is over)
Okay. if we use a queue, how do we prevent spam? (Player spams tons of feints to overwhelm the queue)
I guess we have a restriction from the client-side.

Then here we are: How about we remove the restriction, what will happen?
 
Last edited:
Back
Top Bottom