I’m not a hacker, but I need to know how these hackers work, sadly.
Basically, a hacker can do whatever they want locally, but not on the server.
What’s stopping the hacker from making a local function that tells the server “the player earned this/that, so you should give it to them”?
If you have a system that rewards items and stores them as data, why can’t a hacker just tell the server portion that they do deserve to have all the best stuff for free?
So the solution is to just don’t? I guess that does make sense.
What can a local button do that a server button can’t other than be snappier with high ping?
So that’s why fishing is so frickin prone to being affected by ping.
Well what I have right now is a local button that gives you whatever is set in the script, but it’ll probably be more like AO’s treasure chests in the future, which, come to think of it, are also very bad with high ping.
anything on the server is gonna be bad with high ping, unfortunately roblox cant handle a game like ao with so much going on on the server constantly
learn to optimize and 90% of people will be ok, high ping will always suck no matter what and even if you did handle them opening locally the item you get would still be on the server with a delay
I am not experienced with Roblox anything, but whenever you have a client running on someone elses computer, you assume it is malicious. Physical access is complete access, so the server that you control must be the source of truth.
In games this means the client is allowed to inform the server about the local game state (“The player character moved to [100,100]”).
It’s up to the server to check this, update its own state, which is the “true” one, and inform all other clients about the changes (“No way, you were at [0,0] 10ms ago, best you can get to is [10,10]”).
This is usually done in separate and “unreliable” packets, since a full duplex connection would be more latent and expensive.
The client is allowed to predict that the packets reach the server and get accepted to give you a more responsive experience.
This works great when the client is right, but if a network issue arises somewhere in the middle and you drop packets, the server will miss them and slap you back into place, i.e. you rubberband.
This is also why there is usually a small discrepancy between what you see on your screen and what is “true”, i.e. what the game state is on the server.
Don’t question the “let’s guess the future and hope we’re right most of the time” approach too much. It has actually been used for decades in multiple areas of computing and enables a lot of the things we take for granted lol.
Now Roblox’s remote events are probably a form of remote procedure calls.
Basically, the code is stored on the server and thus assumed to remain untampered.
The client is only allowed to initiate a run of a procedure. Obviously, only existing procedures created intentionally by the programmer can be called upon by the client.
Since they run on the server, they know the “true” state of the game and can confirm if an action is allowed.
So all your code that checks for validity of some action should be a remote event that runs on the server.
That is all how it works in theory, at least. Roblox’s implementations might be different (unlikely), and your remote events could be exploitable in many ways.
From the explenation on the trello, it looks like each individual citizen spawned just has a random chance to be a thief, so you can just spawn an absurd amount of citizens in one place, walk into them, then self explode for a free 1.666…x multiplier on your current galleon amount
ifg how server and client things work but i assume that the server would handle randomizing the npcs while the client spawns them meaning it wouldnt be possible.
either that or the game checks if the thief you killed was real