Someone (Jazy) mentioned server-sided values in a comment today-ish, so I've decided I'm going to do a long-ass post explaining in detail just what server-sided means in hacking.
server-sided is a term used too often and too generally, usually by people who don't understand it.
The concept of server sidedness is relatively simple.
data that is stored and processed by the client is said to be client sided, and data that is stored and processed by a server, or any other computer you don't have direct access to is said to be server sided.
However, these phrases are a bit ambiguous, and the more hacking you do, the more you will find that there is in fact a fair bit of overlap between them.
In reality, the vast majority of the time when people say something is "server sided", it means that no one has discovered a way of hacking it, as opposed to it being unhackable.
in theory, the only way of changing fully server-sided values, values which the client has absolutely no influence on, is by gaining access to the server the values are stored on, which is not only usually incredibly difficult but also highly illegal. Like, jail time illegal.
However, since the majority of the time people use the term "server-sided" much more loosely, a lot of the time it is still possible to hack things people have deemed "server-sided". It usually requires doing some pretty low-level hacking (hacking with very little abstraction), though.
Packet editors are wonderful for this, as packet editors give you raw access to the communication channel between the client and the server. As a general rule, if a value on a server is hackable then a good packet editor can hack it.
A good example someone told me of how server sided values work:
Imagine you are playing a game with a friend. They pick a random number, and you have to guess it.
Your friend picks the number 5.
You guess the number 7.
He tells you you are wrong.
In this situation, your friend is the server and the number he picked is the server-sided value.
You have no control over the number he picks. The only thing you can change is the number you guess, which is a client-sided value.
Trying to hack a server-sided value is like trying to tell your friend that he cannot have chosen 5 because you said he chose 7, which makes no sense.
An example of a "server-side" value hack would be my boxhead bounty hunter money hack.
In boxhead bounty hunter, money is server sided. Every purchase you make with the in-game currency is processed by the server, and there is no way to directly set your money. You can't even tell the server you gained X money. I did however manage to indirectly hack the value by sending a packet to the server whenever a new money pickup was dropped saying "I picked up money drop #X", which meant I would gain money so fast it was effectively the same as being able to change my money directly.
In summary, there are two ways people use the term "server-sided":
1) A value stored/processed/ect by the server
2) A value stored/processed/ect by the server that the client has no influence on
Personally, I find it's best practice to only use the second use of the word.
And a tip to everyone out there: use the terms "server-sided" and "impossible" as sparingly as you can, cause when it comes to hacking almost anything is possible if you know how.
Also, for the record: most hackers just throw the term "server-sided" around to scare newbies. It's usually their way of politely saying "stop spamming me asking me to hack this goddam game" or "hacking this game is probably wayyy above your skill level".
