I do. Getting down to it… is it a “crack” or not? All I see is just hacks and cheats for false positives.
1 Like
with all respects do you know to enter some keyword under google ? because it is not really hard to find those ■■■■■, and to understand this is third party program and so hack, or are you part of people that use it ?
1 Like
Other players have made me more aware of the situation. Some of it seems fun, but most of all of it was no fun. I see no hurry to change that bit.
Funcom just keep those updates coming, maybe eventually the hackers will get as sick of redoing their hacks as the modders did with their mods 
Misery loves company, right?
1 Like
All LATAM server in this state over yrs by the same player group, funcom do nothing just mute post or auto close zendesk reports
There are several types of cheating in these games. Some are hard to stop, some are an embarassing sign of a horrible developer.
Of course admins on a server can do anything… but on an official server, if it is possible for a client hack to modify other player equipment, item inventories, their base storage, or anything like that… It is simply aweful coding by the developer.. as the cients should never have authority over any of this… the server should be checking and validating every action, and they are not hacking the server, only their own client.
That said, there are a whole host of reasons so many games have these types of hacks… starting with the fact that game engines like Unreal have “built in networking” which allows really easy and fast coding of very bad networking strategies with no “hack prevention”, and Unreal Engine doesn’t make coding the “correct solution” particularly obvious or easy for content centric game developers.
This is why there are so many item-dup and inventory hack bugs in games build with Unreal as “solo offline or private server” games, wheras there have been hardly any in totally custom engine online-only games like WoW, League of Legends, Valorant, CS:GO, etc. (not that those games have zero cheats, they are just not corrupting the server data with a client hack)
For example, consider inventories…In order to get you instant feedback about what is valid and not, code has to run on the client to do validation. The simplest way to code all this is to only run that code on the client… so the checks all happen on the client, and the server just allows anything. However, this is what allows inventory hacks with a hacked client.
The way to fix this is to also run checks for all inventory actions on the server. However, this type of structure isn’t the simple easy way to do things on Unreal Engine. It requires extra coding, and extra understanding. And the coding structures most commonly used in Unreal Engine to do this, also make the client coding more complicated, as the client is no longer allowed to change server inventories, so they have to request to make changes and ask for the server to respond… which if implemented naively, causes the client to wait for the server to respond before the inventory change is reflected, which feels pretty horrible for players (and im sure some of you have played games with inventory lag)
And then we get to:
- wall-hacks - where enemy players are visible through walls, because the client knows where all nearby enemies are, even if they are supposed to be hidden… a hard and complicated problem to solve well, but probably not CE’s biggest issue
- aim-hacks - which are essentially impossible to solve if the game has reliable aim. The only way to fix it is either to give everyone aim-assist, or make the server inject randomness into all shots, which feels bad for people who can aim.
- speed-hacks or lag-switching - which is an even harder issue to fix for developers basing anything on the built-in Unreal network and movement prediction
I don’t mean any of this to excuse Funcom… I think Conan has been enough of a commercial success that this stuff could have been prioritized and fixed at some point… but they are also in a bit of a no-win scenerio, as if they take their initial commercial success and pour that money into recoding lots of the game so that it basically works exactly the same with less cheat-vulnerability, people would complain they didn’t pour it into more content additions.
I will say, that if you look at most ultra successful long term online games. they all have a decent amount of safety from hacks, because of both the coding and game design… and most games that get hacked have a pretty short success cycle before the playerbase effectively dies…
If Funcom doesn’t do some serious work to prevent this kind of hacking server data in Dune, it’s going to be a quick flash in the pan followed by a very fast fizzle once the cheaters drive the playerbase away. However, the very explicit “who has permissions to touch containers” UI in Dune suggests that they have done something to stop this kind of thing. Maybe one day, after they get some Dune sucess under their belt, they’ll decide to refresh CE with everything they’ve learned.
3 Likes
dune is going to fail!
due to their incompetence or CE karma,
a company to act like this with their community cant be succesful. (ie how people are being treated here is a clear example)
1 Like
I just ran across this exploit to open legendary chests without keys… which reveals the exact kind of client-side authority vulnerability I talked about in my post above…
This works by abusing the fact that there is some kind of server-side check to see if you can open a legendary chest, but if you drop some loot right next to it, there is a timing race where by the time the server gives you permission to open your bag, you’ve moved your cursor to the legendary chest, and your client opens the legendary chest instead (without a key).
I have not verified this is still in the game myslef, but if it is, it could probably be used by pvpers to open your locked chests in a similar way. Using this to open and see contents really wouldn’t be the biggest deal, but the fact that once open your client can take things out of the chest you have not unlocked represents exactly the kind of client-authority mistakes that lead to the game being exploitable by client cheats, as if the server was checking it should be able to see you have not unlocked the chest and prevent anything being taken out of it.
While I can certainly agree that there are a variety of exploits that seem like hacks the one where items are removed from containers/thralls is still a part of the injection programs/hacking.
Especially considering range and witnessing.
As a private server owner I’ve always harbored deep concerns about the security of the Conan server application…
Not just the integrity of the server itself but the safety of my entire network.
So much so, in fact, that I isolated the server on its own VLAN…
One can never be too careful.
There are so many exploits…as exploited hacks..as exploited says…said…
Theese titles are premonitory of what was going to happen in Conan Exiles
—Exploited,Beat the Bastards—
If you find your base raided and you find a…
“Massacre of Innocents”
so you send a ticket to express your angry to…
“Police TV”
and the only answer is…
“Don’t Blame Me”
oh,well,with some helpfully advices..
“If You’re Sad”
“Fight Back”
“Beat the Bastards”
ah,yeah…hacking clan?raiders clan?i can kill alll my enemies with a…
“Sea of Blood”
so you don´t know who were the real enemies…
“Affected by Them”
Who?So…maybe
“They Lie”
maybe those exloited hacks and those servers…
“System F***d Up”
maybe there is something more important than you.
“Law for the Rich”
Sorry,have nothing to do,and i think this opinion well,just curiosity about the conexion between exploit and exploited…is just a morning joke…i was reading many times,exploits,exploits…so i remember explloited band and just take a look to a record of that band…and is funny how you can get a similitude with CE bugs and problems…is just a joke
And the two final titles…well.
“Fifteen Years”
15 yeras ffter CE release…what i can not do in official servers,well,i´ll do in real life,or better,i will become a nasty player…naked with stone daggers asking for help and backstaping anyone helping me…
“Serial Killer”
…is just a joke
So,as i´m reading…3rd party software is guilty,maybe is modding community,i mean,allowing mods makes or creates backdoors for 3rdPS hacks…a solution could be every single mod allowed should be checked and authorized by funcom,with an internal download from funcom servers,i don´t now if it´s possible to create a SP/MP client with no mods and adding a SP/MP client allowing mods,maybe it can helps.
BY NOW…give yourselves a big FY hackers…i´m not playing now Conan but hacks are not going to keep me out of PVP servers…
Other thing,i don´t remember but hitting from distance hack can be avoid…well,carring a bow or throwing speers or ..i really don´t remember but you can hit cheater with…don´t remeber what i did but i hit him and he run off…i think is something with ping,or i thought it was a problem with ping…you don´t see where he is as your ping is so big,so i didn´t thought it was a cheat and…and,i really don´t know but maybe is hitting from where you are…i mean,even if cheater if from distance…aim him,try to use NPC prediction paths(joke) and hit towards where you think he is,you see him far but really is next to you…
the problem is that the official servers won’t let you into the game with mods.
These cheat programs don’t “ask”, they just bypass the game
I didn’t know many hacks; I knew the one that lets you attack from a distance, though I thought it was a glitch, not a hack. I also knew the one that lets you walk through walls. Once a guy entered my base with me in it, several of my wheel slaves disappeared. They didn’t touch the chests; they probably didn’t know how to. The hacks are pretty annoying, but they can be overcome; you just have to be lucky; normal raids are annoying enough as it is… the hacks are beyond awful.
The adventures of Hacker Very Fine.
Well now. Then it seems to me there’s an opportunity for “hacks” that add qol stuff or even fixes long standing issues. Could be quite a few people who’d pay for such things but would otherwise never buy pvp hacks.
If you can’t beat 'em put 'em to work for you…
Yeah. Pretty unlikely I know.
That’s the thing… A properly designed game server can not be bypassed by a client hack.
At the risk of turning a game forum into an education source.. I’ll elaborate..
The core of Unreal Engine’s built-in networking is replication. Just data being copied around between clients and servers. The UE replication doesn’t know anything about who should be in control of data, it lets you do whatever you want. You can mark it server-controlled, you can mark it client-controlled, you can mark it neither and let everyone control it.
The naive unsafe way to code chests and player inventories, is to “replicate” those lists of data and let all clients and servers both edit them. If a client moves an item from inventory to a chest, that data will “replicate” and the server will simply accept the changes. In this simple model, it’s assumed that the client code is checking things like “who owns the chest” and “is there space in the destination”.
Obiously this is insecure to client-code hacks.. which is why companies that go down this route tend to think the solution is things like BattleEye detecting those client side hacks… but this is nonsense. You will never detect all the client side hacks, and once they infect your server data, it’s broken data. Which is why this model is only viable for isolated and private server games, but not “single dataset online games” like WoW or EVE or even League of Legends, where your inventory and stuff persists across all games and servers.
ASIDE: this type of “replicated inventories” is also where item-dup bugs come from. One common bug of this kind is if two different clients remove an item from a chest into their inventory at the same time (where neither of them knows the other also did it). A very naive implementation will have both clients removing the item from the chest, and both of them adding it to their own. When the replication processes these requests, it ends up with two copies of the item, one in each player inventory.
The naive safe solution to all of this is to make inventories 100% server-controlled. If you want to move something from a chest to your inventory, you send a message to the server that says “move item-5 from chest-3 to player-4”. When the server receives this, it does all the checks for permissions, and space availabilibity, and everything, and then sends back a “success or fail” to the client. The problem with this naive approach, is that every item moving between inventories requires a server roundtrip, which even on a low-latency network is still WAY slower than doing it all on the client. These lags are noticable by players, and are horrible in higher latency environments.
The “best” solution is for all the checks to exist on both sides, and for the client to have extra code to create the illusion that everything is happening locally, while in the background verifying everyhing with the server. You drag an item from a chest to your inventory… your client checks that it’s your chest and you have rights, and your inventory has space, and then instantly puts a “phantom” of the item in your inventory, and marks the real item in your chest as “taken out”, but none of it is real. THen it sends the request to the server, which repeats all the same checks, making sure the request is valid in the eyes of the unhacked server, and hasn’t conflicted with any other users, and hasn’t duplicated any items, and then sends back either a “success- make it real” to the client, or a “fail - roll it back”… If the client receives a failure/rollback, it has to revert the changes to inventory it made. This causes a ‘snapback’ for the user, but in practice with unhacked clients and good code this is incredibly infrequent.
I hope even if you don’t understand programming, you can see that the “best” solution is generally much more work and handling edge-cases than the “naive unsafe” or “naive safe” soluiton. And I didn’t even start to go into all the edge cases one has to handle in this “server-authority with instant illusion” model.
Another problem is… if I had to wager, I would guess more games get bad early reviews and failed sales because of the lag of the “naive safe” solution than the eventual hacks of the “naive unsafe” solution… which is why this is so common for any game where there is no “global state” or “global economy”.
If we really want this problem fixed, we need Epic to make some obvious default networking tools that solve these problems and become the fastest easiest way to code these things in unreal. Which is not an easy feat, and even if it existed, it wouldn’t stop programmers from “doing what they know” and using the bad methods.
2 Likes
Well, anyway, there are hacks in other games too… it’s really annoying. I hope there are still servers with people, actually the best thing about Conan Exiles is the PvP… and well, if you have to get used to the raiders, legal or not, it is what it is,new players,even hacking raiders are new money to catch for… it’s very nice to release a game with the enthusiasm placed in what you have created, wanting a lot of people to play your idea that you were able to carry out,playing how you think the game should be played… and then there is, of course, the money… non-profit, there is no game, I’m not complaining about the price of the Bazaar, nor am I going to hate Funcom for spending three months building something that is thrown in 4-6 hours, with or without a hack… it doesn’t matter, you can try to be a raider yourself, or fight against the raiders… it would be nice if all the players were legal, fair fights, you’re not going to ask anyone to respect the rules, especially the hackers, because they are not going to listen to you.
Anyway, I like CE for its realism, taking into account that there are dragons, skulls, magic… I have played other sword fighting games, there are very good ones, very good graphics, the animals for example in some other games are much better, their behavior, the graphics… but CE maintains that touch of… a little more mature, for older people, and it has the right level of realism, more realism would be if the slaves were dying of hunger, you couldn’t carry 240 kg of stones to build, etc., etc., etc…
So,i hope there is CE servers for a long time…
Probably a good near-term solution for this would be for people to host private password protected servers, gated by discord membership, both to discourage cheaters, and so admins can block them… If a stable population was established, new players could be admitted only in certain windows of time.
I see there are some password protected servers, so maybe this is already happening.
I believe that without a kernel-level protection system and functional oversight, a functional reporting system that actually analyzes those involved and not this “investigation” system based on video recordings by players, and this neglect and abandonment provided by Funcom only encourages this type of practice more. Any restriction measure given by Funcom during these last 4 years (or more) was insufficient to the point that groups of “hackers” today use clan and sub-clan with several “123#FUNCONID” accounts simply to avoid a ban reported/recorded/investigated/filmed by players…
I no longer believe in this company’s commitment to anything, every time I open the game again it is always worse than before and in my case I see the same group of players “Cavalaria Negra” / “Basement Rats” / “Sala do trono” completely destroying any possibility of playing on ALL officials LATAM servers.
This is all just my personal opinion, I’ve been watching the same situation for over 4 years and the only thing I’ve seen so far is people giving up on the game and no action from the “responsible” party.