How did/do teleport hacks work?

[radarlove]

Hi,

I primaly read the WoW memory to retrieve all sorts of data from WoW to put it on a radar-application. But now I want to take it a step further; teleporting/flying/wallhacking/speed-up.
There used to be hacks, some still working on private servers, that allowed characters to do this. I'm wondering;
- How did these hacks basically work? (Memory writing?)
- How did Blizz fix these hacks?
Can anyone explain?

thx,
RL

[Sychotix]

Been a while since I messed with it, but here's my knowledge.

Basically, teleporting is usually done by modifying player coordinates. Player position is handled by the client in some games, and the server tends to trust it.

One thing blizzard did to make it more difficult was to ensure that you didn't "teleport" more than a certain amount since the last time you talked with the server.

I don't know how they work nowadays if any do... just some background info.

[Xecis]

In retail I believe there is a hidden opcode movement packet which accepts all types of movement flags, or so I've heard. If you look at all the movement opcodes, you will notice they should be +1 or -1 from each other. Well, there apparently is a hidden opcode of movement that is accepted, which your client should never send. This movement packet I've heard can handle all types of movement packets, but I never full tested. I didn't mess with movement that much, mainly because of how many variables inside the structure and also need correct XYZ + timestamp I believe.

There are teleport hacks that exist on retail as of right now, which can instantly port you anywhere but I wouldn't be so focused on the movement packets them self but rather the state in which your character can send movement packets and how the server handles them. Take a look at all types of movement packets, how the client normally sends them and how the server reactions, also look at movement while on vehicles like boats or elevators. I can only imagine how many server-side exploits exist with all the data in these packets.

Private server teleports exist, only hint I will give is when you first login the game, might be worth figuring out how the server handles your movement packets. For both retail and private, think of what packets the server requires from you, what packets can you block from sending, and how sending things in out of order than intended. Because of how complex these packets are in all the data contained in them, I would imagine there are several teleport exploits waiting to be found, but would require some clever way of updating the server on your position.