Anticheat System

  1. What do you want to achieve? I want to make an anticheat system like ERLC

  2. What is the issue? I can’t seem to find the right functions

  3. What solutions have you tried so far? I searched everywhere but I couldn’t find anything

When an exploiter tries to call a module in ELRC, it does some checks to see if it is a malicious caller, then if it is it abuses the executer’s built-in functions to make files or open up new tabs. I tried getfenv() but that just returns the script that is calling it which I cannot exploit. How would I do this?

I’m confused on what you are exactly wanting to achieve, could you provide more information so we could try and assist you? I have a few ideas in mind although not sure if it’s the thing your looking for.

local hasSynEnv = false

for i = 0, 2 do
  if hasSynEnv then break end

  hasSynEnv = pcall(function()
    getfenv(i).syn
  end)
end

you probably mean something like this

1 Like

Yes, something like that. But they fail when I execute them on syn.

(I’m not trying to log ips of others, I’m just gonna make a popup like this which says please do not exploit)

Here’s an example of what I mean:

Video

I hope you didn’t use the main computer. If you use it, you will have to reinstall Windows

That’s not my video, someone reported it in a dev group.

It’s actually a very useful thing. ( I mean anti-cheat)

I doubt their actual anti-cheat gets their IP, it would be randomized numbers and the location would be the one you can get from ROBLOX themselves from the Server, how to do this I have a few ideas although it depends on how it would work, you could make it so each client has a client-id key that gets destroyed a few seconds after all the ModuleScripts are loaded and required from all your other scripts, if another thing tries to require per said that module and they did not have the client-id that was generated it would pop something along the lines of that.

Although, I do believe that some popular exploits allows Developers to pay money for their games to not be exploited therefore it could be on something on the exploits behalf. :person_shrugging:

It does indeed get the exploiter’s IP as they are able to access to their environment.

You cannot get someone IP Address through ROBLOX Itself, although considering they are using an exploit like I have said already, I do not think it’s the actual game itself and rather than the executor.

1 Like

Maybe check for suspicious localscripts?

It accesses the executers environment, which provides a request function, they just call that function to a ip giving website and thats all. The thing is how did they do it, they also opened a window using rconsoleprint, which is full proof that it accessed the executers environment.

I support your idea of them paying the executer owners because the module script isn’t decompile-able, but that’s probably not the case here since I’ve asked some people and they don’t even know a game like that exists. When the victim ran the command the game lagged a bit, same happened for when I used getfenv(2) but it just errored after that, maybe the executer is preventing itself from getting accessed to its environment but the game has managed to break through during the lag. This is just my theory though, it could be a whole different story but I suggest it’s something like this.

Also it is possible to do something like that with a client-id but what I’m trying to say is that the game magically accesses the executer’s global environment, I’m not really trying to make an anticheat system. I’m just trying to see if I could access the executer’s environment which could be useful for punishing the exploiter, such as making files in their directory.

Overall, I don’t think it’s only getfenv() because roblox has alot of debug functions that do stuff with the environment that can help, anyways thank you for your help. I’ll try to figure this out by surfing through the documentary or finding a workaround.

I’ll know if the executer has required the module only if I can access their global environment, otherwise they can just tamper with their calling method or thread type. Even though there’s other secure ways I’m trying to see if I can create a script such as ELRC where I can punish an exploiter that way, it’s much more believe-able that I used rconsoleprint (function for making a new roblox window and writing something in it) so that they think that I’m in their computer or something. This is probably enough to keep skids (script kiddies) out of my game.

1 Like

I don’t see any other way how a ROBLOX game can detect firstly if they are using an executor in the first place (you could do checks but it’s normally isn’t detectable). Not to also mention if they did detect it - how are they accessing the main backend of the executor, which leads me to believe the owners of the game paid for executors to not work for their game. Considering that the game is highly viewed and popular it would make sense that something like this has been arranged. Although there’s nothing to back that up with. Especially if they are accessing the Players IP is even more confusing. Unless they are using some out of roblox service where they can grab that, who knows. :person_shrugging:

1 Like

Hackers run code directly into the game so that wont work what you have to do is check if what your player is doing is part of the game

my friend figured it out lo and it works showed me a vid

If you’re taking about the recent thread about that it’s fake, it was probably trying to get ER:LC to get banned

I think you might be on to something. I highly doubt any normal script has the access to be able to see the executors environment. Your idea also had me thinking that it might be the developers uploading fake scripts to youtube

1 Like

my friend just showed me it and the source and showed a clip of it working its def real!