A New World invincibility glitch has rocked the game, and revealed a deeper issue. The news broke via various sources, revealing a major issue with the game and the way it handles damage calculation. The exploit is deceptively simple, You just need to move the window around while playing in windowed mode, for the exploit to trigger, and the server doesn’t calculate damage. This has made players immune to fall damage, but it’s worse than that. Players have already found a way to exploit the idea in PvP.
The problem has exposed a fatal flaw in the way the server is handling connections and authentication. In short, players can do whatever they want, as the game is client authoritative. This means that the server is not checking the code responses being sent back, and simply accepting whatever the client is doing is valid. This is something that should have been found in basic testing.
Games are tested thoroughly before launch, and basic adjustments causing game-breaking issues from unintended behavior is commonly caught. This is often referred to as sanity checking, and it’s a common programming practice. You should never trust the client. Why? For the simple reason that putting the security at the hands of those wishing to abuse it is asking for trouble. Client-side protection is a terrible way to secure any online server, and New World is proving why.
Check out the exploit in the video below.
Thankfully, this single exploit has been reportedly hotfixed shortly after it was discovered, This means that now, if you use the trick of moving the window, you are fully disconnected from the server. The true fix seems like it’s going to take a while. Simply because the game can’t just hotfix a lack of server-side security.
But the issue has uncovered a lack of faith on the part of many players. This isn’t the first time that Amazon Game Studios has run into issues with the MMO. The launch of the new MMORPG was fraught with crashes and capacity issues. The game has started to hemorrhage players as a result. This is a deeper problem, and you can’t just patch out design issues. It’s only a matter of time before these things happen again. And it already has.
The Economy is Wrecked
That’s not all that’s happening either. The gamers have also uncovered a gold duplication exploit as well. By abusing the disconnect between server and client authentication, players have been able to duplicate gold and items. This takes advantage of the way games handle trading. It’s very simple, as the player sending the item is actually copying it, then sending that to another player. The original item is then supposed to be deleted. Players are copying items by severing the connection before that original is deleted.
Players even managed to figure out why this works by messing with network settings. By blocking the game client on specific TCP/UDP network ports on their machine, the game potentially can’t complete the trade. But since the game client says it’s valid, the item is duplicated. And this fed into another problem with the game’s design. One that’s causing a major crisis.
The in-game economy for Amazon’s new massively multiplayer online RPG is in such a bad way that many players have resorted to bartering for goods rather than spending gold. Because items and resources can be produced much faster than gold, the gold is being hoarded. But with this exploit, mountains of gold has been injected into the in-game economy. Now it’s a dance between the developer and cheaters to see who can fix or wreck the game first, respectively.
This economic deflation means that new players who can’t get rare items to trade are priced out of the game. This problem could become worse without developer intervention as more players will be unable to take part in basic gameplay because gold has no value. The old Diablo 2 economy around Rune trading is a classic example of what this can turn into.