Gabri04
commented
2 years ago That's sad to see, hope Basro will answer you
Open ghost opened 2 years ago
Gabri04
commented
2 years ago That's sad to see, hope Basro will answer you
guguxh
commented
2 years ago This is only a standalone to do this things, but the same can do with only headless. So, the solve to this problem is only not enter is these rooms.
haxball-app
commented
2 years ago Just like guguxh said, doing such a things is only possible if room is hosted via modified file. To make this available on any room, that person would somehow have to change the files which are called by official haxball website. So basically, it is impossible to "hack" any other room besides your own.
ghost
commented
2 years ago How can we trust people? Like I want to play a game with my friends and how can I know someone in the opponent team manipulating websocket stuff, changing some stuff to make our game worse. Because we got a VPS, created by us. We get 55-60ms on that room. It has super fast feeling and gameplay in that room. Then someone links us a room where we get same exact amount of ping and max ping. But it feels like slow motion. Absolutely trash feeling etc. So we started to think that people are abusing these stuff the gain advantage over other players. Basro needs to find out some solution for this immediately.
guguxh
commented
2 years ago How can we trust people? Like I want to play a game with my friends and how can I know someone in the opponent team manipulating websocket stuff, changing some stuff to make our game worse. Because we got a VPS, created by us. We get 55-60ms on that room. It has super fast feeling and gameplay in that room. Then someone links us a room where we get same exact amount of ping and max ping. But it feels like slow motion. Absolutely trash feeling etc. So we started to think that people are abusing these stuff the gain advantage over other players. Basro needs to find out some solution for this immediately.
When a room have headless, the owner have ping more than 0, so, if u enter in a room what the owner have ping more than 0, the room can be this. I recommend u play only in room with vps and famous room, or play in room with the owner have ping 0.
ghost
commented
2 years ago How can we trust people? Like I want to play a game with my friends and how can I know someone in the opponent team manipulating websocket stuff, changing some stuff to make our game worse. Because we got a VPS, created by us. We get 55-60ms on that room. It has super fast feeling and gameplay in that room. Then someone links us a room where we get same exact amount of ping and max ping. But it feels like slow motion. Absolutely trash feeling etc. So we started to think that people are abusing these stuff the gain advantage over other players. Basro needs to find out some solution for this immediately.
When a room have headless, the owner have ping more than 0, so, if u enter in a room what the owner have ping more than 0, the room can be this. I recommend u play only in room with vps and famous room, or play in room with the owner have ping 0.
You still don't understand. Maker of this client is able to copy paste whole haxball. Even he show me a screenshot about it and Basro was not giving him any permission to do it. So it's not only headless. He can also cheat in his OWN non headless room or even others room no matter VPS or NON VPS. He is using custom modified game-min.js with his own websocket stuff. He can manipulate data easily. He showed me...
People are making custom clients to get advantage over other players. So recently, a player show me that he has such a modified haxball client like this.
He can grab your IP adress (even its not his room) he can join to that room with your IP adress, he gets banned and then what happened? You banned, not him. Because he was using your IP adress. Also no need to add that he can see your IP adress aswell.
Also he said that he can also use websocket system to send messages from your client, move your player, change your nickname in game by re-sending the state. And many more.
Also in the screenshot, he has a "cheat" option which when he enables it, his player getting some boosts by headless API in his own VPS rooms. Basically, when he enables it he gets some xspeed for example. But since its happening with a one click, other players won't notice that. And he said that he can do many more things not only headless api provides.
This is basically cheating and you should really consider making an standalone applications. I know there still possibility to reverse engineering that standalone app. But maybe make stuff hard for these people, maybe?
Also I don't know if you can make code integrity check maybe to prevent such a thing. I don't know if JavaScript has such a feature like that (maybe you can use some framework for that) just get the original code's integrity or hash code or whatever you call it. And let the host check that value periodically. If your host's game integrity is not same as the others simply gave them bad actor. Also to prevent this you can store these values in server just like kick rate limit. So people won't "fake" it by changing the integrity check part in the client's codes.