[Question] How does this work?

[itsmeow]

I saw in #2 you mentioned that the game has terrible network code. At a basic level, how is the game written so badly that a single client can reproduce changes in ever other client without a modified server? That is terrifying. To what extent does this occur?

[caiocinel]

When you develop a network-based game it is necessary to restrict what the player can affect in the game, in which case there should be checks to really know if the person can do that, as in the case of "RpcSetSkin", which should only receive the Skin ID, and not also the user ID, this allows other people to change these values and be accepted by the server. If the only person who can change your own skins is yourself, why pass a parameter allowing you to change others?

[ExtraJuiceMan]

The game trusts the client too much. To my knowledge, the extent of this is only executing remote procedure calls that the developers have programmed into the game. An example is if I send a packet telling the game to call RpcCloseDoors with a door ID, the client on the receiving end will look up RpcCloseDoors by RPC ID and call it with the door ID given in my packet. And of course, it doesn't matter who I am--I just send the packet under the ID of another person, and it will be run as if they had sent the packet. This is the "bad networking" part.