devtrackers.gg
edit 1: nvm guys he just hit radiant and lost almost half his levels
edit 2: nvm again hes been on that grind
edit 3: oh hes actually just the devil allg
External link →edit 1: nvm guys he just hit radiant and lost almost half his levels
edit 2: nvm again hes been on that grind
edit 3: oh hes actually just the devil allg
External link →the guy has direct access to a server
They are likely just manipulating the chat presences their game client sends.
Your game client will send information to the chat server such as whether or not you are in a game and the current score. Another example of information sent through chat presences is whether or not you are away from the computer. The chat server sends that information to users on your friends list. I believe we have some data in the chat presence which can not be manipulated since its signed and some which can be manipulated. The level and rank is likely in the data that can be manipulated. Overall it doesn't have much impact besides giving people on your friends list false information. Maybe we could reevaluate whether it is worth investing time into changing it.
I overall wouldn't recommend tampering with your game client since it can get you banned.
The level and rank is likely in the data that can be manipulated.
Why on earth is someone's client deciding what other client receives? Why is this not served by the API? How hard would it be from this point to send information so incorrect that it crashes people's clients?
For some data it makes sense to let the client decide the value. For example if the game has a selector that lets you tell the chat server that you are away or busy. In League we also allow you to type custom messages that your friends can see when they hover over your profile. I think the VALORANT client has code in it that detects whether or not you are using the client and auto marks you as away?
> How hard would it be from this point to send information so incorrect that it crashes people's clients?
That risk exists with chat in general. Not just with presences. You can message other players in your friends list or your team and that message could be constructed in a way to attempt to crash other players. Chat is one of those systems where a lot of care is needed.
If you ever find any interesting chat exploits, you can submit them to our bug bounty page: https://hackerone.com/riot?type=team. I will try my best to make sure our security team pays you... bigly.
What is your stance on a program like Deceive that alters the chat presence in client to make you appear offline your friends list even while in a game. AFAIK that’s the only the only thing it adjusts. I don’t want to get my account banned for using it so thought I would double check…
In general I would recommend not using them.
The way Deceive works is by tampering with internal details of one of our components instead of using official APIs. Since those internal details are only designed for use by other Riot components, engineers at Riot may change them at any point in order to build features or fix bugs. This means Deceive is incredibly risky since it may break violently at any point. For example maybe it will break and cause the game to crash or cause a lot of lag. I believe we already have some future features and redesigns we are working on that will unintentionally break it. Not sure when they will get released.
That being said, I am trying my best to push for the prioritization of an appear offline feature. Will I succeed? Maybe. Maybe not.
