Funcom, a little hint regarding your cheater problem

If you will ever fix the undermeshing issues, you may find this useful (this also applies to the 50 stat glitch, regarding resetting attribute points):

If you don’t understand, comment below.


1 Like

I don’t understand

1 Like

Afaik stat points aren’t handled by the client. If they were, you wouldn’t need to exploit a server crash to make the server not understand you both kept the points you had allocated and the new points you got from resetting stats. If the client handled it, you could just make a simple hack that sent the wrong value to the server.

They should just make a “max stat points” slider in server settings and automatically reset your stats if you somehow have more (so people still can make modded private servers where you can get more points)

Maybe it’s even worse. Maybe it’s handled both by client and server in the same time :slight_smile:

1 Like

Yeah you could say it’s kinda both. Cos obviously the command to allocate or reset stats are sent from client to server.

But then you could also say, in the video example it’s also handled by both because it’s the client that sends the command to the server that I’m trying to do damage.

Well you crash the server, then you reset your attributes.

The server’s last state was: all points were spent. I don’t understand how it would just unspent all points and ADD them to the clients state of unspent points. This is the logic error here. There is still some kind of simulation done on client side that affects the server state.

The same with damage calculation but more importantly hit detection. The client should only simulate that and never influence server state. Damage calculation is not done client side, but hit detection. After a short lag spike (package loss), all the hit commands get sent to the server and the server is like: “Okay, I will deal damage to the player now”.

I heard this a lot from players: “This guy must have an extended spear or something!”. Because they got hit from 5 meters away. The attacking player had some package losses and his client said: “Hey server, I hit that guy!” and the server was like: “so be it!”. Huge logic issue in their programming. This example gets more common when the server laggs and/or has low SFPS.

@Aleetoo Read this post :slight_smile:

I don’t think anyone truly knows how it works lol. But I guessing it has to do with the server already being in shutdown mode but at the same time accepting new inputs and then somehow saving both.

Like fx. Str is one value, Unspent points is another. So it accepts the “reset unspent points” command you send to it, but forgets it also has to reset str at the same time.

I think it’s because of lag. On you client it looks like you moved away fast enough, but on the server you didn’t.

And also because of some hitboxes being whacked, so you can get hit even though it looks like the weapon doesn’t hit.

1 Like

I wouldn’t say it happens on the server or because of hitboxes being weird. You can disconnect yourself from the internet for 10 seconds, do a hit and the server still registers this as hit, because the client says so and does damage to your opponent. This is what is wrong.

I think that’s just an extra added problem then lol

I also noticed if you’re riding a horse when the server crashes, when you log back in the horse went further than you did. Pretty useless fact I guess but I find it kinda funny.

The thing i’ve noticed with Conan’s client is it does alot of its work client-side, the server pushes the truth down the pipe and the client absorbs it but from there its really a client-side driven process. The prime example is the stats bug, the fact the client is able to dictate terms with no server-side math checks makes me overly concerned as without BattleEye this game would have a tonne more exploitive behaviours.

Moreover they should ban the moment you exceed that number as there really isn’t any excuse or reason for a sudden surge in stat points. Math doesn’t leak like this accidently.

The client should always just be a render process, it should never have a brain of its own simply because of these issues such as meshing, stat exploits and lag switching.

Even Minecraft has this somewhat figured out a little, it has a 7 block threshold for giving the client a chance to catchup, but beyond that it just snaps you back to the 7 block thresholds. You could say the same for the client, allow a certain amount of frames per client to accomodate latency fluctiations but after that you’re beyond the 200ms ping acceptance level so thats a kick from the server.


I’m generally against autobans, because some people will find ways to exploit it and tell some noob “hey, try this neat trick”… But I understand why you’d want it.

wouldnt it be easier to just idk , just record how much was spent for the point vs the level and then automatic reset attribute if was spent higher / lower… such as this if your lvl 5 then you should have a total attribute score of 10/10 to spend as max if the result count backward is more then the max ammount then auto reset the point back to default.

1 Like

I’d say its way more simple than that, think of the entire attributes system as a mutable payload, that is you have total amount of points spent and the last known state the server has. Everytime a change occurs all the client is doing is sending the “intended” state to the server. The server has to agree to the state change based on simple rules mainly around ensuring the packet doesn’t exceed hard limits and that it works on a FIFO system… so lets say I Reset and Spend my points and send it to the server. Then i crash the server and try again. Let’s say both times that packet is sent to the server, all the server is really doing is overriding the existing state with the new state instead of appending or whatever the hell its doing now.

This means, the worst that can happen is the player was able to do a reset twice for free vs once at a cost (beast potion or whatever). They can’t make it cumulative as the state unpacking server-side just halts it.

Its probably the most basic transactional system you could write for a game but one that you use constantly throughout (combat, vault chests etc).

Whats actually happening is the client and server seem to have a very odd progressive disclosure based system in place. You see this problem for example when you have people who do vaults and find the end chest empty… similiar set of problems… client is still dictating way too much on behalf of the server.

When making a MMO your first rule is to enure your in/out UDP network traffic always assume a very simple rule - “The client lies”.

TBF its quite a hard balance to strike as well in games, it requires often a tailor fit network framework per game to be created which means you have to plan this upfront from the get go.

I feel Conan Exiles however is largely made up of Unreal Engine editor simple designs, meaning there are C++ code specific to the game but a lot of the work is imho being designed at a very entry level based design that typically you will find in Indie Game Devs for Unity3d and Unreal “Look mah, i’m coding without code”


this cut me deep but it’s so true. :joy:

1 Like

lol Hey no shame in that either. There is a place for that style of gaming dev, and tbh you could probably make it work for Conan if you planned it out more …but for MMO games its problematic given you’ll need to keep an eye on perf and unreliable network negotiations.

Same problem as in cs:go when you are getting on a high ping server. The movement of the hitboxes aren´t calculated fast enough. So if you lets say run in a corridor and then turn around the corner the guy who is behind and shooting at you still can hit and kill you, even though your are not more visible too them. He just needs to keep shooting into the corridor. Or you see someone and you shoot and think why I am not hitting while you are shot by the guy. Thats because his hitboxes are way behind him when you start shooting, but since hes late to the party mine already settled where they are belong. I can not explain it better. But I gues you understand it.

Yeah yeah, lag works the same way everywhere I guess…

But there’s also videos of people standing still, so lag shouldn’t be an issue, and mobs still hit them even though the attack animation doesn’t actually connect.

or. just make the pippi mod avalivle to all private/official servers insted of the admin panel.
and then hire a guy to play on the official servers checking peoples attributes. and answered players complains and help the players when they have issues

they could also downscale the number of server too