Hacking clock at Chess.com

https://support.chess.com/article/423-why-did-the-clock-times-suddenly-change-the-clocks-seem-broken

That completely explains what is happening. In order to hack the clocks, someone would need full access to the server. If they have that, they're not going to be winning a few random games on time by manipulating clocks.

my limited knowledge of computors is that limited but i do have a friend who is a specialist in finding problems of this nature -- and he saids that random servers sometimes lag and then try to get back to where they where and with your cpu doing the exact opposite some times they go out of sync then back then correct themselves after a couple seconds

he said this might explain the main clock problem with chess.com he has seen it before working at nasa with multi time clocks all trying to stay in sync. maybe ?? i don't know -- then it was late at night when he explained this and a few beers where being consumed and i am a gullible guy to a tech story late at night

Right...because if someone was able to reach the impossible God level hacking required to get into chess.com servers, why would they stop at cheating at chess when they could rule the world .. obviously. 🤣🤣🤣

I once had mate in one, because my opponent blundered.

Same thing happened to me, probably just bad luck

And i lost the game, chess.com should make it at least an draw when you are up in position/material and you disconnect

I don't believe in luck. Especially whereas computers algorithms and programs are concerned. Anyone claiming that a computer program cannot be hacked is simply naive or in denial.

No one is claiming something is unhackable, just that someone would need full control of the live server and if they had that, changing the clock times isn't what they'd be doing on occasional games

Unless that individual is you, you can't say Just what they would do with that ability for sure can you. Just because you Apparently feel that that will be a waste of power/control/access Doesn't mean anything about anyone else.It only reflects you and what you wouldor wouldnt do.

But I digress.. assert what you will. "it has nothing to do with luck" was my point.

And since that seems to nearly be a copy and paste statement. I'll say this saying that something is too hard too tedious too difficult to ridiculous too pointless too uncomfortable or any other subjective adjective That you want to put there, has NO bearing on whether a thing is possible or being done. Have you never heard of trolling. Sometimes the goal isn't to conquer the world shut the system down reverse time and and eliminate all of humanity... Sometimes this just fun trolling.

Just because something is remotely possible doesn't make it likely

I'm very confident any and all clock issues are attributable to lag, lag compensation, disconnects, and increments (for those that may not have realized they were playing an increment time control).

That said, if anyone truly believes an opponent somehow hacked the server and modified their clock, they can open a ticket to support.

@Martin_Stahl I congratulate you for your patience when dealing with these ridiculous forum posters.

this is still an issue in 2023… I experience this all the time

Clock changes are due to lag compensation and potentially disconnects. Nothing more than that.

Doubtful.
.
Mods and streamers have been given access to the clock, so that means the capability exists and a malformed request could be targeting that capability. Or simply a disconnect reconnect cycle is being exploited. I helped with a security bug a long time ago, and got all kinds of “That’s not possible” until I gave them a POC. API’s, even unknown API’s, have a high likelihood of being excellent vectors.
.
But even if it’s ping rate compensation, ask yourself why are they compensating instead of limiting based on uniqueId requests as this is supposed to be real-time gaming (despite the fact you can’t directly use UDP in the browser)? Why are auto disconnects even a thing, as they detract from the user experience?
.
If you limit the amount of requests to 10/1000ms, you instantly level the playing field for users with ~100ms ping rate playing against players with ~20 ms ping rate. >>1 and you instantly reduce to 5 requests per 1000ms and level the playing field for 200+ ping rates.
Obviously authentication and gameStateHash per move request/any user data, and security layers used, could be factored into the packet design.
.
I know the guys a chess.com can code, but sometimes they screw up. It’s time to fix this issue, because chess.com has been unplayable for a while now, at least with regard to bullet and blitz games. It’s not just the users, especially with there are this many complaints; it’s on your end.
.
You can blame the server load, but that’s what threaded nodes and load balancers are for.
No matter what it’s your fault and users are finding it unfair.

I post it because that's the answer. Even if there is a bug that is exploitable, which is unlikely, it would either be very uncommon or so well known how to do it that finding a working exploit would be trivial.

Based on posts a lot of members apparently think it's common but the simple fact is the answer of lag, lag compensation and potentially regular disconnects is the actual reason.

If someone has a workable exploit to hack the server clocks, they should provide it to the bug bounty program and get rewarded. I'm guessing no such exploit exists and the coders have the code dealing with clocks sufficiently secured.

Of course, people are free to feel any other explanation is true. It doesn't make it true and nothing the site says or does will convince them otherwise (not even pointing out games where they benefited from lag compensation).

It's likely button spamming. No, you don't have to date Angelina Jolie because only she can shoot the little hook thingy into the orbiting base where chess dot com servers reside in order to give you access to engage in your nefarious google level genius hack....ok you get the picture. Nobody has to "hack" any server code. It's called glitching.

It's where BAD CODERS leave problems in code that can be exploited. So there's likely a button that's really important but is not "active" while playing. Someone is likely spamming that button, causing the server to glitch by say giving the useless button priority and ignoring other inputs and outputs. You don't see this as much anymore in regular gaming because it's shameful programming and gets slammed hard by shooter players. But such weird glitches do exist and they usually involve timing.

Simplest most likely explanation for the observed problem.

The most likely explanation is the one provided by the site and it's about lag, lag compensation, and potentially short disconnects. The buttons that would have an impact on the live server are the draw and resign buttons if that was happening, it would be very obvious.

Button spamming is a thing in online gaming. Mismatches between stated FAQ and manual behaviors vs observed behavior is a thing with....just about everything. Glitching is a thing. You're explanation doesn't explain the reported behavior. Basically you are saying the reports here are inaccurate. But clearly the software is not perfect.

No. Your explanation is just the most convenient given no interest in even entertaining the notion that the reports may be accurate. Once taking the reports as accurate, your explanation is inadequate.

Happily the glitching requires a measure of skill to even get to the point where it can be exploited. And there are many who don't cheat. With those two factors, this will reduce the instances of this odd behavior. If connection is verified by other device on same network while chess.com shows blinking and this behavior happens, then block and report and move on.

Imperfect code really is the best explanation.

The site has a Bug Bounty program: https://www.chess.com/news/view/chess-com-bug-bounty-policy

If anyone has proof any such thing actually works, I would recommend they report it. The site knows how the code works and how they handle lag and why clocks can change. I'm not going to claim that there are no bugs and that it's impossible to cause an issue, just that the most likely reason is exactly was has been described by the site.

In addition, client side attempts to hack, such as with the interface, are more likely going to cause connection or clock issues (as in losing time) on the hacker side, not the opponent side.