Wednesday, June 5, 2013

Server-sided values

Someone (Jazy) mentioned server-sided values in a comment today-ish, so I've decided I'm going to do a long-ass post explaining in detail just what server-sided means in hacking.

server-sided is a term used too often and too generally, usually by people who don't understand it.
The concept of server sidedness is relatively simple.
data that is stored and processed by the client is said to be client sided, and data that is stored and processed by a server, or any other computer you don't have direct access to is said to be server sided.
However, these phrases are a bit ambiguous, and the more hacking you do, the more you will find that there is in fact a fair bit of overlap between them.
In reality, the vast majority of the time when people say something is "server sided", it means that no one has discovered a way of hacking it, as opposed to it being unhackable.
in theory, the only way of changing fully server-sided values, values which the client has absolutely no influence on, is by gaining access to the server the values are stored on, which is not only usually incredibly difficult but also highly illegal. Like, jail time illegal.
However, since the majority of the time people use the term "server-sided" much more loosely, a lot of the time it is still possible to hack things people have deemed "server-sided". It usually requires doing some pretty low-level hacking (hacking with very little abstraction), though.

Packet editors are wonderful for this, as packet editors give you raw access to the communication channel between the client and the server. As a general rule, if a value on a server is hackable then a good packet editor can hack it.

A good example someone told me of how server sided values work:
Imagine you are playing a game with a friend. They pick a random number, and you have to guess it.
Your friend picks the number 5.
You guess the number 7.
He tells you you are wrong.
In this situation, your friend is the server and the number he picked is the server-sided value.
You have no control over the number he picks. The only thing you can change is the number you guess, which is a client-sided value.
Trying to hack a server-sided value is like trying to tell your friend that he cannot have chosen 5 because you said he chose 7, which makes no sense.

An example of a "server-side" value hack would be my boxhead bounty hunter money hack.
In boxhead bounty hunter, money is server sided. Every purchase you make with the in-game currency is processed by the server, and there is no way to directly set your money. You can't even tell the server you gained X money. I did however manage to indirectly hack the value by sending a packet to the server whenever a new money pickup was dropped saying "I picked up money drop #X", which meant I would gain money so fast it was effectively the same as being able to change my money directly.

In summary, there are two ways people use the term "server-sided":
1) A value stored/processed/ect by the server
2) A value stored/processed/ect by the server that the client has no influence on
Personally, I find it's best practice to only use the second use of the word.

And a tip to everyone out there: use the terms "server-sided" and "impossible" as sparingly as you can, cause when it comes to hacking almost anything is possible if you know how.

Also, for the record: most hackers just throw the term "server-sided" around to scare newbies. It's usually their way of politely saying "stop spamming me asking me to hack this goddam game" or "hacking this game is probably wayyy above your skill level".

10 comments:

Jazy Zooyork said...

Well written and very informative bro. However for those who are newbies and had no experienced in this field still needs to spend lots of time to learn. I'll try to use of every tools that you have mentioned recently and the first one I've tried is the WEP Pro but I just don't get all this alogarithms...

Abdullah Jadoon said...

Hi dude,

Can you make something new for BBH. A hack? Is is possible to remove someones verified email and exchange it with your own? If you have a wallet is it possible to increase the percent that flows in ( from 10% to maybe 40%)? Is it possible to find someones password? Is it possible to remove a account which is perma banned? Is it possible to tell if someone is online (so you wont duplicate them if you share accounts)

I know that those are a lot of questions! But it would be greatly appreciated if you could answer them. Any other hacks that are possible please tell me. BBH is kind of getting boring and I am awaiting something new like a hack. Please reply as soon as possible and tell me if any other thing is possible that no one has yet. Maybe change your name? Change the colour of text you talk it?
If you are worried about releasing such hack please email me any hacker and instruction. And yes , i would love the turret hack and please email me any hacks and tricks at : n3rd12@live.com. Also i worked out a good way to earn bp super fast. By opening up bbh release and attaching the aob code for cash hack i kept pressing suicide when i am in first place. When i died i collected my own cash and retrieved 3 bp. By using cheat engine to make my spawn time occur faster i was able to die 150 times in a game and get like 400+ plus bp. And this was without any wanted. Also as you can run lots of bbh releases at a time i was able to run 11 whiteout lag. I got my brother to get 2nd on my wanted account and keep suciding like me. He didnt have cash hack so he gave me 3 bp (wanted plus 2nd) and i was worth 2 bp (11 player game plus first). I did this this consecutively for 2 hours and I managed to retrieve 5,000 bp. But as a result of this I had to sacrifice my K/d. This is a good trick for getting wanted but email be any more stuff like this.

Anywaya you know what I mean.

Thanks, Please email me as soon as possibe.

Raza Bhai said...

thx bro but if i hacked into the system which store server sided data , and i am in different country will then also get jail time.

Mr. Santorum said...
This comment has been removed by the author.
Mr. Santorum said...
This comment has been removed by the author.
Mr. Santorum said...
This comment has been removed by the author.
András Tóth said...
This comment has been removed by the author.
András Tóth said...
This comment has been removed by the author.
Mr. Santorum said...
This comment has been removed by the author.
András Tóth said...
This comment has been removed by the author.