also most remote spy’s are absolute trash and can be spammed with remote events in order to prevent them from seeing the code. You can exclude events but devs already have an edge on this because it’s pretty easy to flood their remote spy. So yeah a good remote spy is probably worth a lot of money to exploiters out there
Because clash royale doesn’t rely on client side for gems related stuff. Just because something is made in c doesn’t mean you can’t read it. Reverse engineering exists and is free
1 Like
1000% there is exploitable client sided functions in clash royale. Why does nobody do it? Because the people who have tried, failed. Simple as that
I wouldn’t even think that far lol people found ways to get free stuff by turning their wifi off and on, ddos attacks on the opponent, glitch that makes it so their deck only has 1 card, etc. This is why I’m trying to tell people that exploits are not everything. They are small in the grand scheme of things
Because all gem transactions go through the server and the server does the transaction processing. You can’t do anything on the client side to stop that. Only way to exploit is with a backdoor. You don’t seem to have any idea on what you are talking about
I do. There’s much more to a game than just a data store. I’m not going to sit here and explain detail for detail what exploiters can and can’t do lol. There has been 0 successful exploiters in that game. Do you think pulling a card out of your deck to place it into the arena is a server sided function? No.
It is server sided because it goes through the server. You don’t know how video games are made
2 Likes
This is an incredibly naive solution, and not good advice.
The system you are describing is extremely common, and extremely easy to bypass.
You seem to be forgetting; exploiters can decompile and read all of your client-sided code.
This means that they can decompile, and read your anticheat code, and figure out what algorithm the client uses to validate itself to the server.
Once an exploiter has this figured out, all they need to do is disable your anticheat, and have their injected code spoof the response the server wants.
There is also no guess-work needed, as you seem to believe.
Any message the server sends to the client, can be intercepted by exploiters.
This means that exploiters can simply hook the event that the server is firing to the client, and thus they have the exact value that is supposed to be your line of protection.
Once again, this is horrible advice, don’t do this.
3 Likes
The server knows which cards the player has in their deck and which cards they have previously placed successfully and thus it also knows which cards the player should have available at the moment. The server also knows how much elixir the player has at the moment. The server can also check whether the location where the player is requesting to spawn the card is valid. So the server can easily determine whether it should accept the player’s request to place a card.
In a game like Clash Royale, I don’t see a reason why all critical game logic couldn’t be handled on the server. I mean, the player just chooses which card to spawn and where to spawn it. After that the player can’t control the troops further and thus the server can do all the movement and fighting logic without having to consider the validity of any further player input.
So the client just sends requests to the server and renders things. Any invalid client side behavior will stay on the client. I believe the requests are relatively simple to validate in a game like this.
This simple player interaction avoids problems present in some other genres like FPS-games where it can be difficult to determine whether a player is skilled or using an aimbot, whether their movement is legitimate or whether they are shooting through a wall or legitimately when they are near a corner.
It’s been years since I played Clash Royale so correct me if I’m wrong about how the gameplay works. But if it works as I remember, what kind of things can the client try to exploit in Clash Royale?
The only thing I can think of is that the exploiter could have an algorithm do the card placement decisions for them if they find an algorithm that playes better than them. But the algorithm will still only be able to do valid card placement.