I think it makes sense even for a game like league to have some stuff be client side and low hanging, as long as you can detect abuse with heuristics. It works as a "honeypot" of sorts and can be used to weed off would-be cheaters more easily.
Hi ryscu just wanted to say I like the new style of videos you've been trying out lately. Don't worry about taking ur time on them, they have all been great so far
I wonder what's scarier, being a new dev at Riot and only knowing legends and myths about the mess of a code one of the largest video games on the planet is built on or being an OG who knows how paper thin and fragile everything actually is.
Well league isn't bad coded game.... for 2009 I think the league code will be the worst rabbit hole a game dev/coder can go in. Once you start going down you lose yourself in the sauce.
@@DevilDrako666 Yes thats still the case I believe. To make many of the summons able to be hit by auto/attacks and spells they coded most of them as minions for simplicity, which unintentionally but id say predictably caused issues over the years. I also once heared that Jayce's E was coded as a line of non-interactable minions. If thats actually true or not im unsure of.
The problem is that League suffers from same issue of all the long-time-going softwares: some of the code is VERY old, but it's referenced in so many parts you can't just "edit it and be done". Like a lot of old softwares, it'd require a complete engine overhaul, which as you can imagine is not something you do overnight and often not even worth doing over just dealing with the bugs when they come up (which just contributes further to the whole spaghetti issue).
Wrong info about Ashe exploit, it was the Old Ashe Q, which was a toggle that slowed the champ he was AA'ing, so she would have it on for the whole game and not only 6 second, but apart from that, i did not knew the details, great Job
But it cost most mana, so you wouldn't really have it always on, especially in early laning phase with minimal poke. I remember low level mana being a pretty significant issue back then. The point still stands, it basically swapped her AA from being one type of attack to a slightly different attack with the slow status effect attached to it.
@@NatiiixLP There was an another exploit on Old Ashe's Q. You could spam it and it wouldn't cost you a mana but you can still use the benefits. Slow etc.
The tiamat crash was probably the most annoying exploit ever discovered. For at least a couple of weeks, if not a month, every other game was crashed by people who didn't want to lose. Even ARAM wasn't safe from that bullshit. Also damn, I can't believe these exploits are all so old. Feels like 5 years ago at most
About the Ashe exploit: the explanation was right, but it was pre-rework Ashe. The Q changed the spell slot for AA until Ashe pressed Q again, not for 6 seconds. Ashe's Q was basically Jinx's Q, it switched from normal arrows to freezing arrows, which was basically the same as regular arrows but had a slow and used mana. Also, there are other gigantic cheats/exploits, like: - The BotRK instakill: the cooldown for BotRK and Bilgewater Cutlass was completely client-sided, so they built a script to send requests to the server to use these items on a target while they were on cooldown in the client. - The Poppy Hexflash+Q at fountain: the Q hitbox would hit and kill all the map because the cast hitbox for some reason was divided by a float close to 0 in the server (and btw, this exploit still works with scripts). - The custom room exploit: the format of the game could be changed by a cheater during the lobby, making the game start a 4v6, 3v7, 2v8 or literal 1v9. This also allowed to turn custom games into custom ranked games which granted LP. - Lobby drop: just another dropper, but this one ends the game in the lobby. The game doesn't begin and there is no dodge penalty for anyone in the lobby. - Sion's dorifto: the most famous of them all, having 0 resistance turning during SIon's ult. It's so famous it even was in one of Riot's official videos.
The drophacking days were genuinely the most frustrating… League was legit unplayable and it took Riot forever to remedy the problem (ban people + fix the exploit).
You used to be able to client side modify your items in habbo hotel :P I didn't get banned for that, but did for telling someone else that if you put a certain alt+ character infront of your chat then the profanity filter wouldn't apply. The ban was client side...
i still remember this one exploit i saw in a ranked game, only ever saw it once, and it was a twitch who just permanently had a health and mana potion popped at all times. it was absolutely useless at the end of the day and we won lol, but i never saw it again after that!
amazing video i miss classic league but i dont miss that flash thing. I remember seeing that back in the day i was so confused glad i got my answers a decade later lol.
Guy i know is scripting since years, master Elo, 0 Bans. He took a break after vanguard, and now does the same thing. But thankfully we need Chinese Spyware on our PC now to play league.
Awesome video, as always. Ryscu, can you do an update about T1 DDOS? It seems, it is still going. Did Korea replace xingcode3 with Vanguard? Is Vanguard vulnerable too?
Had an arena game where every player got vanguard error, and took 4 reconnects to even get the post-game screen, to re-queue. No idea, but i think some hack, or exploit
Rendering always happens on the client side, except for when the game is streamed, as in google stadia. That is because rendering is the processing of the game's graphics. The correct term here is "Server authoritative" vs "Client authoritative". That is, who is the authority that has the final say on the data? If the client says he is at the mid tower, but the client says he is still at base, some times it is better to believe the client to prevent him from feeling the lag, if the game is casual. Some other times it is better to believe the server to prevent the client from cheating, that is the case if the game is competitive.
There was one that if you got a kill with gp you can buy mejias and sell it and buy back and it would give you stacks and you could get 25 stacks instantly in 1 back
Azir have his passive on ashe q slot he was used to win games under 10 min im surprised he didnt talk about it azir was the reason this exploit was so brutal
Is the ashe exploit what lead Riot to make a gamemode where a champ can have different abilities? Or am i having a fever dream of a non-existent gamemode?
I enjoyed most walking trough walls by setting height of character ;) so you could walk above walls. after source went public it was patched in 12-24 hours :D
Keeping up with something as empty as League is quite insane once you have stopped playing for a while >.> Too bad it's a 'good' game, makes us waste all that precious Time currency, the only currency we have and yet cannot grasp.
What about the old BOTRK active? I was a victim of someone that had no cooldown on botrk's active so they could suck the life out of everyone in no time, was so fkin goofy
ngl, if I knew about this, I would have put one extra point into something on a single page just to have that tiny edge that nobody would feasibly detect and leave it like that to see how long it could take me. Then whenever this Dr. Insanity guy popped up, I'd have gone scorched earth about it - having never touched the page since it happened once and then claim that it was a glitch I never noticed due to being a one-trick and just always having the same page up for every game without interacting.
The method of detecting cheat engine is by seeing if it's active in the background and if another process is trying to mess with the memory of the game. You would've been caught :p
@@MizManFryingP Not once it was saved into memory. You only needed to have it open for the initial changing of the page, then it stays like that until interacted with again.
@@sauvagess In order for the actual game to use this data, it needs to have been saved in memory at some point in the game's client. I'm talking random access memory, not storage. At this point, what _should_ happen is: (1, client-side) Check if the game client's memory is being tempered with (which it is through cheat engine!) and (2, server side) check if the data sent by the client matches what you predict it to be. The server should never take client data at face value as it can be messed with easily, even without memory editing. The server needs to check that the data is reasonable, and if it suspects that the data was tempered with, it should reject it, or silently correct it. In this case, any number above the maximum number is clearly tempered with. Both times, even if you just change the number a little, you would still be caught.
@@MizManFryingP Did you not watch the video? It literally explains there was nothing server-side. It was all client-side. That's how it happened in the first place.
@@sauvagess I've never argued against that..? I'm replying to your comment about how you would only give yourself a slight advantage, and then once the exploit became public you would've denied using it. All I am saying in response to that is that you would still be banned because one, updates to the client would probably happen faster than you expect it to, and two, even if you stopped doing it before the patch was implemented, your match history and masteries are still recorded and even public. You would've gotten retroactively banned. The point I'm making is that it doesn't matter how little you cheat as its completely binary.
Download Outplayed for free today
www.influencerlink.org/SHKX3
Cheat engine "hacking" was a wild time 😅
minecraft ahh client
How so?
I'm still using cheat engine, on CK3 (don't tell Paradox, the recent DLC is just unbearable)
I think it makes sense even for a game like league to have some stuff be client side and low hanging, as long as you can detect abuse with heuristics. It works as a "honeypot" of sorts and can be used to weed off would-be cheaters more easily.
CE still working in modern games won't ever be not funny to me
Hi ryscu just wanted to say I like the new style of videos you've been trying out lately. Don't worry about taking ur time on them, they have all been great so far
I wonder what's scarier, being a new dev at Riot and only knowing legends and myths about the mess of a code one of the largest video games on the planet is built on or being an OG who knows how paper thin and fragile everything actually is.
Arent league still spaghetti code? Like almost everything champion made coded as minions? xD Or "TO THE SKYYYY" bugs :P
Well league isn't bad coded game.... for 2009 I think the league code will be the worst rabbit hole a game dev/coder can go in. Once you start going down you lose yourself in the sauce.
the ones who's stuck around long enough to know how to code in that mess with little to no issues are coding savants
@@DevilDrako666 Yes thats still the case I believe. To make many of the summons able to be hit by auto/attacks and spells they coded most of them as minions for simplicity, which unintentionally but id say predictably caused issues over the years. I also once heared that Jayce's E was coded as a line of non-interactable minions. If thats actually true or not im unsure of.
The problem is that League suffers from same issue of all the long-time-going softwares: some of the code is VERY old, but it's referenced in so many parts you can't just "edit it and be done".
Like a lot of old softwares, it'd require a complete engine overhaul, which as you can imagine is not something you do overnight and often not even worth doing over just dealing with the bugs when they come up (which just contributes further to the whole spaghetti issue).
Wrong info about Ashe exploit, it was the Old Ashe Q, which was a toggle that slowed the champ he was AA'ing, so she would have it on for the whole game and not only 6 second, but apart from that, i did not knew the details, great Job
But it cost most mana, so you wouldn't really have it always on, especially in early laning phase with minimal poke. I remember low level mana being a pretty significant issue back then. The point still stands, it basically swapped her AA from being one type of attack to a slightly different attack with the slow status effect attached to it.
and Azir was best!
@@NatiiixLP There was an another exploit on Old Ashe's Q. You could spam it and it wouldn't cost you a mana but you can still use the benefits. Slow etc.
@@utreah1337 Average Riot Games engineering. I'm not surprised at all, haha.
"shows the old rune system" then proceeds to say about putting a 1% crit chance and then showing it proct on a enemy, good times
4:15 gave me a chuckle with "ooh naughty word" 😂
The tiamat crash was probably the most annoying exploit ever discovered. For at least a couple of weeks, if not a month, every other game was crashed by people who didn't want to lose. Even ARAM wasn't safe from that bullshit.
Also damn, I can't believe these exploits are all so old. Feels like 5 years ago at most
that 1% crit won me so many games in early days
7:08 Ah yes, the curse of the *D O G*
riot : (in plankton's voice) what? It's just a cute dog emoji.
also riot : OOOOOOOOHHH FFFFU-*game disappears in oblivion*
damn, thats an insane video..
The depth, the info, thats just amazing
i just wish that the video was longer :D
man that singed clip with the infinite flash is so nostalgic
Dodge runes on Jax were the real heros of the original runes.
Good times lol
tryndamere or gp crit only
@@Golden2Talon ap tryndamere was the real win back in the day pre season 3
Nashoors tooth and lichbane was an unstoppable backdoor machine that could spin away and heal to full after 3 autos lol
@@DakotaZ162 master yi ap was awesome too
The quality of your videos is so crazy now damn gj
About the Ashe exploit: the explanation was right, but it was pre-rework Ashe. The Q changed the spell slot for AA until Ashe pressed Q again, not for 6 seconds. Ashe's Q was basically Jinx's Q, it switched from normal arrows to freezing arrows, which was basically the same as regular arrows but had a slow and used mana.
Also, there are other gigantic cheats/exploits, like:
- The BotRK instakill: the cooldown for BotRK and Bilgewater Cutlass was completely client-sided, so they built a script to send requests to the server to use these items on a target while they were on cooldown in the client.
- The Poppy Hexflash+Q at fountain: the Q hitbox would hit and kill all the map because the cast hitbox for some reason was divided by a float close to 0 in the server (and btw, this exploit still works with scripts).
- The custom room exploit: the format of the game could be changed by a cheater during the lobby, making the game start a 4v6, 3v7, 2v8 or literal 1v9. This also allowed to turn custom games into custom ranked games which granted LP.
- Lobby drop: just another dropper, but this one ends the game in the lobby. The game doesn't begin and there is no dodge penalty for anyone in the lobby.
- Sion's dorifto: the most famous of them all, having 0 resistance turning during SIon's ult. It's so famous it even was in one of Riot's official videos.
matches with dr.terrible were insane, it was actually hilarious but terrifying
hi ryscu big fan, research is impeccable
Now this is quality content.
Infinitely better than streamer drama and unironically educational, will hopefully get some more kids into Infosec
I am huge fan of new format videos. Gj bro
Whoever came up with the transition at 3:53 is a GENIUS.
Ryscu upload so fast after the last one? Wow
I've been playing since when rengar came out, and this is the first time I've seen the ashe exploit.
As a former Riot Dev... Classic!!
really miss the "what's new" content like skin leak, skin sales or incoming buff and nerf. hope u bring it back
We trash on Riot for making the game visually clutered but HOLY SHIT that flash VFX is an eyesore. especially spammed THAT MUCH
The drophacking days were genuinely the most frustrating… League was legit unplayable and it took Riot forever to remedy the problem (ban people + fix the exploit).
You used to be able to client side modify your items in habbo hotel :P I didn't get banned for that, but did for telling someone else that if you put a certain alt+ character infront of your chat then the profanity filter wouldn't apply. The ban was client side...
i still remember this one exploit i saw in a ranked game, only ever saw it once, and it was a twitch who just permanently had a health and mana potion popped at all times. it was absolutely useless at the end of the day and we won lol, but i never saw it again after that!
I love the edits in this videos - looking forward to your next ones :)
Today very Champ blinkt like DR.Terrible with out any form of hacking or Cheating.
RYSCU YOU MAKE MUSIC????? ITS FREAKING FIRE
only 622 players got done for it? damn i remember playing against an urgot who did it. almost feels like i met a celebrity.
Bro forgot the BOTRK thing, was wild
9:00 that ashe problem when she had a toggle for slow
amazing video i miss classic league but i dont miss that flash thing. I remember seeing that back in the day i was so confused glad i got my answers a decade later lol.
7:07 CURSE OF DAWG I WAS WAITING FOR THIS
Is your next video going to be bug abusing/exploits? Like the BoRK bug, Xerath/Poppy hitting everything on the map, etc?
the ending to this one feels really abrupt.
3:39 the vayne player seems very friendly toward the cheater
As a old league player myself, I love these video's
Man I love that little hooded cat animation.
I never saw the mastery hack myself, but I have experinced the drop hack. Wild times. 😂
Holy hell your editing is pretty good mate
Aww was hoping to see more on the Bork and Azir passive towers exploits
Bro keeps cooking 🔥🔥
Singed rocking that Hammer of Dawn gameplay
Hi ryscu, Great video. However at 2:08 wasnt the points scaled by level up to 30 (max level)
Seeing that 1% crit Darius one more time was glorious.
Take a sub mate. Just watched the last 4 vids b2b and super entertained. Cheers!
Great job with the subtitles
Edit: oh, it petered out and disappeared after a while, oh well
I forgot how much I didn't like runes and how much I miss old "talent tree"
Top quality videos as always. Your videos are very appreciated.
Guy i know is scripting since years, master Elo, 0 Bans. He took a break after vanguard, and now does the same thing.
But thankfully we need Chinese Spyware on our PC now to play league.
yeah I have also recently watched someone scripting in a discord stream he said bypassing Vanguard is easy and it only impacts real players lol.
@@skeley6776 Bro forgot to switch to his 3rd account
Awesome video, as always. Ryscu, can you do an update about T1 DDOS? It seems, it is still going. Did Korea replace xingcode3 with Vanguard? Is Vanguard vulnerable too?
7:43 we call this "Foreshadowing" lmao
god drophacks where so annoying, why would you do that at all, even in europe silver rank back then in 2014, i have no idea!
Had an arena game where every player got vanguard error, and took 4 reconnects to even get the post-game screen, to re-queue. No idea, but i think some hack, or exploit
Rendering always happens on the client side, except for when the game is streamed, as in google stadia. That is because rendering is the processing of the game's graphics.
The correct term here is "Server authoritative" vs "Client authoritative". That is, who is the authority that has the final say on the data?
If the client says he is at the mid tower, but the client says he is still at base, some times it is better to believe the client to prevent him from feeling the lag, if the game is casual.
Some other times it is better to believe the server to prevent the client from cheating, that is the case if the game is competitive.
There was one that if you got a kill with gp you can buy mejias and sell it and buy back and it would give you stacks and you could get 25 stacks instantly in 1 back
ah yes the 1% critchance that somehow worked every 2 or 3 autos for 5 years , good times
Fun fact the first ever 10 time same chanpion was a hacked run, i believe it was amumu
Where's the list of the effects of the Ashe exploit? I'm interested in seeing the full list
Azir have his passive on ashe q slot he was used to win games under 10 min im surprised he didnt talk about it azir was the reason this exploit was so brutal
*talks about exploit in 2024* "fast forward to 2014" I must be missing something here😂
6:28 This is what Hashinshin used to be known for. Good thing he kept being a POS in the end, so karma eventually got him.
ngl i prefer the shorter low quality vids about news regarding league universe (news, dramas, patch, esport)
Riot never learned to check their APIs
Bro been in the kitchen with this editing wtf
Is the ashe exploit what lead Riot to make a gamemode where a champ can have different abilities? Or am i having a fever dream of a non-existent gamemode?
I enjoyed most walking trough walls by setting height of character ;) so you could walk above walls. after source went public it was patched in 12-24 hours :D
Great video! ❤
No BOTRK shout out?
Where can i get modern cheats for league today? You forgot to link that
Ah thats how i had my games frozen back in the game.... fucking tiamat
3:39 chat lol
Keeping up with something as empty as League is quite insane once you have stopped playing for a while >.>
Too bad it's a 'good' game, makes us waste all that precious Time currency, the only currency we have and yet cannot grasp.
3:07 you stil needed to do some tweaking like toying with your internet connection, it was not as easy as you say lol.
I had no idea you could self cast an ability with alt + 😭😭
Iirc you could drop hack a game with Leona and Zhonya too
I remember the ashe bug, I was playing brand one game and a ASHE told me how he was doing it.
Come on man. We all know that Jhin W was a feature not a bug. That's just difference in Map elevation.
Because they tried to make a 2d game 3d
aw maaaan old masteries.. i miss them. old runes were busted tho lol
It’s still a massive issue league put out a report like last year about it we just don’t realize it
What about the old BOTRK active? I was a victim of someone that had no cooldown on botrk's active so they could suck the life out of everyone in no time, was so fkin goofy
3:00 2137 🇵🇱🏔🦅spotted
Those "no cd sum" clips just look like average dota 2 gameplay lmao
Famous Last Words
2:50 poland mentioned
with a single press of a download button you get -50% fps
What about the ruined king exploit
you forgot the one that people could see enemys names on lobby and bann theyr main champ i also used this back in the day :P
I got PTSD just looking at the runes and masteries 💀
Why is the video not long
good content keep it up
What about BOTRK?
mad shade on Cheat Engine
ngl, if I knew about this, I would have put one extra point into something on a single page just to have that tiny edge that nobody would feasibly detect and leave it like that to see how long it could take me.
Then whenever this Dr. Insanity guy popped up, I'd have gone scorched earth about it - having never touched the page since it happened once and then claim that it was a glitch I never noticed due to being a one-trick and just always having the same page up for every game without interacting.
The method of detecting cheat engine is by seeing if it's active in the background and if another process is trying to mess with the memory of the game. You would've been caught :p
@@MizManFryingP Not once it was saved into memory. You only needed to have it open for the initial changing of the page, then it stays like that until interacted with again.
@@sauvagess In order for the actual game to use this data, it needs to have been saved in memory at some point in the game's client. I'm talking random access memory, not storage. At this point, what _should_ happen is: (1, client-side) Check if the game client's memory is being tempered with (which it is through cheat engine!) and (2, server side) check if the data sent by the client matches what you predict it to be. The server should never take client data at face value as it can be messed with easily, even without memory editing. The server needs to check that the data is reasonable, and if it suspects that the data was tempered with, it should reject it, or silently correct it. In this case, any number above the maximum number is clearly tempered with. Both times, even if you just change the number a little, you would still be caught.
@@MizManFryingP Did you not watch the video? It literally explains there was nothing server-side. It was all client-side. That's how it happened in the first place.
@@sauvagess I've never argued against that..? I'm replying to your comment about how you would only give yourself a slight advantage, and then once the exploit became public you would've denied using it.
All I am saying in response to that is that you would still be banned because one, updates to the client would probably happen faster than you expect it to, and two, even if you stopped doing it before the patch was implemented, your match history and masteries are still recorded and even public. You would've gotten retroactively banned.
The point I'm making is that it doesn't matter how little you cheat as its completely binary.
10:31 is jarvans r2
YESSS CURSE OF THE DOG
Zoom hack back in the day
If you don't validate the data the client sends you don't deserve any better.