[removed]

Usually when someone “hacks” in an online game, or in other words cheats, as the two terms are used interchangeably, they’re using an external program to give them an advantage. A common example in shooters is an aimbot. Some aimbots work by scanning you screen and looking for specific shapes and colors. Some secretly access game data that reports to the client what enemy player positions are, and so forth. Alternatively people often refer to disruptive glitches as “hacks”. GTA God Mode glitches are sometimes called “hacks”, but they’re just exploits based on existing glitches.

ACTUAL hacks do exist for some online games, and they make use of security flaws on the game’s server. A good example is GTA Online on PC. Hackers discovered a security flaw that allowed them to intercept the online server with their own custom code. These kinds of hacks are actually quite rare.

Because multiplayer are usually server authoritative, meaning the server takes the most important decisions (who shot who, when, how), this leaves a very small attack surface for cheaters.

The first thing is reading the data fetched from server either from network traffic or game client memory, if the server told you where the enemies are, well you could know about them despite not actually seeing them (eg: wallhacks). As a server you can not really detect that so devs used to detect godlike abilities instead (did just noscope that dude on the other side of the map, which you're not supposed to see through walls ?). Then a new response from the industry was to make you install a spyware grade lowest level software called anti-cheat to monitor your game binary and their realtime access to memory to check if you've tampered with or if it's exposed.

On the other hand, you don't want to just access data but modify it. Because it relies on a authoritative remote server, this involves careful analysis of the traffic in order to try making some sense out of it and decrypt the language your client speaks with the server. Eventually the cheater will send specifically crafted data packets to the server about a specific parameter the client is trusted with (if the server trust the clients to give him their position, they could lie and tell him they're everywhere). The server can not compute everything, so it would be 100% secure, because it would be too much for him, so there has to be tradeoffs.
Though, it's easier said than done, traffic is usually compressed and probably encrypted too and eventually obfuscated, so pretty much unreadable. On top of that some games will only leave insignificant parameters to be computed and fed by the clients (and other games like GTA online will let them annihilate reality). It all boils down to how the client/server architecture was designed and implemented, whats important enough for only the server should have authority on, but adding to that the anti-cheat mentioned previously, best of luck.

There are generally two ways people use the term: client side modifications that assist or automate what a human would do, or direct communication with the server. There can be overlooked things that allow you to talk to the server in a way the official client never does, but can be used to get significant advantage. Since the server is usually what hold the "truth" of the game world, just modifying the client won't in and of itself give you ability to alter the game state in beneficial ways.

[removed]

[removed]

[removed]