Closed AverageVirusTotalEnjoyer closed 5 months ago
i honestly wonder if this is possible
It doesnt need to be kicking and stuff, it can just be stuff thaf the client couldnt do such as spawning enemies and other host only mods
It doesnt need to be kicking and stuff, it can just be stuff thaf the client couldnt do such as spawning enemies and other host only mods
he said that probably isnt possible but i wonder too, if you could spoof host to the server, could you spawn server-sided enemies??? or hell maybe even kick people!
i never doubt what winston and armorfid can cook up
@winstxnhdw did you cook?
not yet. the issue is getting the host's steam id, and whether that's sufficient to let me spoof their messages
I highly doubt this is possible, since all traffic ultimately has to go thru the real host, and he inherently knows that you're not the host. This page states the following:
Creating a game object with Instantiate will only create that object on the local machine. Spawning in Netcode for GameObjects (Netcode) means to instantiate and/or spawn the object that is synchronized between all clients by the server. [...] Netcode uses a server authoritative networking model so spawning netcode objects can only be done on a server or host.
Even if you could somehow trick your own game to think you are the host, it wouldn't work since it can't directly communicate with other clients, and the server would just ignore your messages.
Spawning in stuff would require an exploit with a badly-coded RPC somewhere.
since it can't directly communicate with other clients
It can't? So are you saying every Server RPC request we do as clients are relayed to the host first and then the host relays it to all other clients? That sounds unlikely.
That's certainly what the docs say: https://docs-multiplayer.unity3d.com/netcode/current/advanced-topics/ways-synchronize/
A ServerRpc can be used by a client to notify the server that the player is trying to use a world object (that is, a door, a vehicle, etc.)
Wording says "can be used" not "is used", does that mean it's possible the ServerRpc can call other clients without going through the server. Honestly, I am just coping rn ðŸ˜ðŸ˜ðŸ˜
Maybe use the antikick to spoof host or something?