1.32+ exploit: fatLOS should not be netsafe

PTR Discussion and Bug Report
1

There is an issue with the unhardcoding done to many fields in object data, making them netsafe (able to be changed separately for every asset mode or even any 2 players in any case). Many fields profit from this change, and if the skin system gets fully exposed to mapmakers this will make SD+HD maps much nicer to make, BUT one field should not be included, fatLOS.

This field dictates whether to show objects through fog, and it has found uses in malicious modification of the game where it being locally set to true provides extra information about opponents. I would like to recommend Blizzard deletes this post as soon as they document this, but also making this field no longer netsafe (changeable locally) asap as the exploit is not unknown around the communities.
[One of the easy and most powerful ways to do this is to make fatLOS of every unit a part of its checksum, as this still allows a unit’s fatLOS toggle to be changed dynamically given proper functions, but not locally]

If you need me to provide test cases, I will only do so in private

2 Likes
2

Can the units be targeted through the fog of war? If so it is already not net safe since a desync will occur the instant an attack is triggered locally that should not have happened.

Or is this purely visual? Similar to how some spell effects showed through the fog of war to give away where action was happening in legacy versions of Warcraft III.

There is also a chance that such modifications get detected by anti-cheat since the client is then loading data which fails integrity checks (data was not part of the CASC archive even if it was hacked to be inside local storage). Assuming such systems are enabled.

3

They can be seen through the fog of war without desynching from my previous tests, which is what makes this problematic: you know the race and position of everything your opponents have. Breaks melee very easily, and even if targetting objects would make you desynch, you need just not target them directly, but next to them. And anti-cheat systems do not stop this at this time