Author Topic: Is hacking/cheating possible in CryoFall?  (Read 6745 times)


  • AtomicTorch Founder
  • Hero Member
  • *****
  • Posts: 1670
    • View Profile
Is hacking/cheating possible in CryoFall?
« on: November 13, 2018, 12:25:40 am »
No, hacks are NOT possible in CryoFall as it uses authoritative-server model and any client-side changes are irrelevant.

And now, the longer version below:

The issue
Some players have asked us about potential hacking/cheating in CryoFall. Whether it is possible and what our approach is.

The bigger picture
Such concerns are expected nowadays - there are multitude broken online games released in the past few years. If fact, cheating is almost expected in multiplayer / online games nowadays. And even big successful games like Fortnite and PUBG are suffering from cheaters and their developers are even suing the cheaters. Mass-blocking the accounts of players suspected in cheating is something people are already used to.

Naturally, why would anyone expect a new indie project from a small team to be any different? But in reality the above mentioned problem doesn't have to be the case!

The simple reality
We're using authoritative server architecture which means that the server never trusts the client - it simply executes a limited set of allowed input commands and runs its own world simulation.

Normally this approach means that the client will have to wait for any changes to take effect but in our case the latency is concealed by using the client side prediction algorithms (basically client-side simulation for player movement and most of the actions including items management).

The server also doesn't send any information the client which it should not be receiving. For example, your visual scope is limited by server and attempting to hack the client to zoom out the camera more will provide no benefits as the server simply doesn't stream the world objects and characters outside the visual scope of your character on the server side. It means that the "map hack" (or any other hacks for that matter) not impossible.

Benefits of open source
Please also note, that all the game-related code is fully open source and its possible to see how everything is done and understand how it actually works.

It also means that any person could try to locate the places where we might have forgotten to put some necessary checks (which is quite unlikely, but could still be the case). There are dozens of remote procedures (such as "eat food") and we have multiple checks there to ensure that you met all the prerequisites to invoke such an action for the particular item in your current character's state.

As the code is available in open source it means that there will be many eyes reviewing the code and reporting any of the possible exploits - something which could never be possible with a closed source game.

Hacking attempts
Since the game has full support for client side modding it is possible to make any client-side changes. Some "hackers" may be impressed by the "results" they get with their attempts - like increasing their health points, weapon fire rate, inventory capacity or setting the technologies unlock price to zero.

But naturally, such changes could not be propagated to the server as it has its own persistent state inaccessible to players and running independent world simulation with it. There will be a discrepancy with the server and that's it - the server will not agree to the hacker's actions and they will have no actual effect what so ever.

The only one such "hacks" will fool is the hacker himself :)

Is there ANY hacks/exploits that are possible then?
This leaves us with really only one class of exploits which are still technically possible and that is bots and aimbots to assist players with the game. Yes, it's perfectly possible to write a bot that would automate certain action (e.g. gathering items) or assist in performing other actions (aiming).

Yes, these types of mods are possible and we neither could nor want to prevent this. The game is moddable to the maximum extent possible and there is no way of preventing this kind of modding without removing the modding capability altogether. But given real impact of such modifications there isn't much actual harm. Not to mention - all of these mods are available publicly and could be used by anyone. And we are even considering making some of them a part of the base game to remove the last reason to even attempt to do something like that.

The bottom line is, there is really no possibility for cheats in CryoFall due the authoritative server model we are using. Hopefully with this approach - CryoFall could be one of the very few games where there are no cheaters and everyone plays under the same rules! :)

« Last Edit: November 13, 2018, 01:37:02 am by Lurler »


  • AtomicTorch Founder
  • Hero Member
  • *****
  • Posts: 1292
    • View Profile
Re: Is hacking/cheating possible in CryoFall?
« Reply #1 on: February 20, 2020, 01:40:55 am »
In addition to the above, we would also like to explain our approach to this issue in greater detail.

1. Approach to modding
Our approach to modding is very simple. Since it's not possible to implement any actual cheats which are prevalent in other games from small indie title to juggernaut projects like CS:GO—we allow ALL types of client-side mods. Rather than trying to fight a battle that can never be won and only create problems to honest players—we develop the game in a way where any client-side changes won't bring any tangible benefits while making it impossible to develop any actual hacks and cheats.

CryoFall server has its own independent simulation and it doesn't care what changes players do on the client. So cheats like moving or shooting through the wall, interacting with inaccessible objects or any other such cheats are simply impossible, since the server never trusts the client. Again, the server simply accepts raw input from the client and runs its own independent simulation regardless of what happens on the client. After which the server tells clients "this is what happened". People can try any modify the client in any way, but it won't have any effect on what actually happens on the server.

2. How it's done in other games?
Surprisingly, most online games decide to completely skip this and just ask the client "so, tell me what happened?" allowing cheaters to introduce any changes to the world such as "I killed that guy, honest!" even, though that guy might have been behind a wall. This is why hacks and cheats are so prevalent in other games. This approach is just easier to implement. But thankfully CryoFall is completely immune from these types of attacks as explained above.

3. Client-side changes
Changing (whether modding or hacking) client is possible in any game. Whether developers want it or not. This is simply the reality of life. This is a battle that cannot be won. Despite developers spending millions trying to develop some kind of protection or banning thousands of people every month who engage in this type of activity—it is simply not possible to stop. This is so bad that many developers resort to practically installing malware on your computer trying to monitor your every move in hopes to prevent this. But it's not possible. The only thing it does is create a black market for hacks/cheats where only the honest people suffer.

So, rather than fight this battle which cannot be won—we decided to take a completely different approach:
- Make it impossible to hack the server (done!)
- Allow ANY kind of client mods (since it's impossible to stop anyway!)

This way we can be sure that ALL people play under the same rules and have the same opportunities available to them. Plus we don't have to engage in witch-hunts and try to "ban the cheaters".

Any client-side mods are perfectly legal for anyone to use. Want to have increased zoom—please go ahead and use it (though, it's pretty much useless since the server simply doesn't stream data which you aren't supposed to see). Want to have "laser sight" for your weapons—use it! Want to have a mod that would "automatically collect resources" for you—download it and use it. When all such mods are available for all players—it at least levels the playing field for everyone.

We have many such useful mods in our modding section.
Such as "Automaton"—
Or "CNEI" which is essentially in-game wiki—

4. Making mods even more accessible
Some of the features which were initially suggested or implemented as mods have also since been implemented as a part of the game itself. We are always open to new suggestions to try and remove any advantage such mods can provide. For example one of the recent mods which adds laser sight to weapons have since been released as a public mod and we are even considering implementing similar feature directly into the game, so there won't be even a need to use a separate mod.

5. What's the worst that can happen?
The worst that can be developed would be an aim-bot. Currently, we do not believe that it exists as there are no indications for it. However, we have already taken the necessary steps to make even this type of mod useless.

The first reaction from most players to hearing "aimbot" would probably be "AAA!!!!111 it's cheating!!!!" and it would be entirely understood as aimbots in first-person shooters give incredible advantage to the hackers. Essentially it allows them to one-shot any other players giving them almost god status and making it impossible for an honest player to compete.
However CryoFall was designed with this in mind, so even if someone were to develop and aimbot it would be almost useless or marginal at best.

- Aiming in 2D is incredibly easy, you just need to point your mouse in the general direction of the enemy and that's all! You don't need any actual skill like you would need in a 3D FPS game since in 2D you are aiming using 1D input—which is a direction (angle). You don't even need to actually point your mouse at the enemy, just point in general direction and your shots will be successful.

- Additionally, to reduce the effect of single accurate shots like for example CS:GO where you can one-shot an enemy and immediately win the fight, in CryoFall we made sure that all gunfights last a good while, sometimes as much as several minutes. So, most of your success comes from tactical choices (where to run, what weapon to use, taking cover, what boosts to use and so on), rather than accurate shooting. Your equipment, your friends and your weapons also play a major role.

So, the overall impact of an aimbot would be absolutely minimal if any at all. But as said above, no such mod currently exists anyway.

6. "But, but... cheats are bad! You should not allow this!"
But that's the thing. Even if we made it illegal to use mods of this type—hackers would STILL USE THEM! And it would only hit honest players who won't be using such mods.
So, rather than fight and lose this fight by default—we took a more sensible approach and allowed any mods that players one to use while making some of the typical cheats useless by developing the game in a certain way.

This way you don't even need to worry about cheats, hacks, exploits in the first place!

And if something comes up that does actually give someone an unfair advantage we would either make this mod public for everyone to use or simply change the game in such a way to make it useless, as we did for example with zoom mod, which made it possible to zoom the view past the default value. Now you can still zoom past the default value, but the only thing you will see is a black void since the server doesn't stream the data outside of your view scope, thus making zoom mod completely useless.

7. Comparison with other games
If you compare the situation in CryoFall with the majority of other online games you will quickly see that this comparison doesn't look good for other projects. Hacks are prevalent in practically all other games from tiny indie games to huge online games developed by large AAA studios. Cheats there is a huge black market with some cheats selling for hundreds of dollars and with a constant arms race between hackers and developers. But honestly, this is just silly... With all this—the only result is that honest users are suffering from this crap. Cheats still exist and will continue to exist in other games simply due to the nature of their client-server interaction, where the server has to trust that the client is honest.

We wanted to avoid this altogether so we developed CryoFall with server-first authoritative architecture. So, we don't even have to think about these typical cheats since they are impossible.

We don't want to ban any players and we don't want to fight a war that is impossible to win. So we embrace client modding while ensuring it's impossible to gain an advantage that would be actually significant!

And if someone were to create some mod which we didn't anticipate and which does give the user some tangible advantage—as always we would either make this mod public for everyone or change the game such that it will no longer give any advantage to the user. Or both! :)

8. Conclusion
We believe that this approach is the most sensible one, especially given our tiny team size (just 3 people!) and in this explanation, we tried to offer you the reasoning behind our approach and all of our decisions. Hopefully, you can understand our viewpoint on the matter.

We never ban people for using mods. We make the game such that cheats/hacks are impossible and any mods that give advantage become public for everyone to use or we change the game such that this advantage is minimized or completely negated.

Thank you for reading! And we always welcome your advice and input on this matter. We are committed to make CryoFall the best experience for honest players it can be! :)
« Last Edit: February 20, 2020, 08:57:01 am by ai_enabled »


  • AtomicTorch Founder
  • Hero Member
  • *****
  • Posts: 1670
    • View Profile
Re: Is hacking/cheating possible in CryoFall?
« Reply #2 on: August 01, 2020, 07:31:28 pm »
A player suggested we could implement some sort of system to notarize/whitelist the mods.
Here is my very detailed response that you might find interesting
« Last Edit: August 01, 2020, 08:21:59 pm by ai_enabled »