Players spoofing humanoid values

Hey, so I have been working on a cheat detection script for a game, and have ran into an issue. Pretty much, im trying to detect people changing walkspeed via admin scripts, there is a certain script that is spoofing the humanoid walkspeed value to 16 for scripts, while it says its at a high number for the cheater, if that makes any sense. So like if I were to print the amount of walkspeed the player has in a local script, it would print 16, but if the cheater went to their walkspeed via dex or/ some other cheat it would say it is higher than 16. Does anybody know if there is a fix for this? Here is my code:

local RS = game:GetService("RunService")
local Plr = game.Players.LocalPlayer
local Char = Plr.Character
local Hum = Char:WaitForChild("Humanoid")

RS.Heartbeat:Connect(function()
	if Hum.WalkSpeed > 16 then
		Plr:Kick("Attempt to change walkspeed.")
	end
end)
1 Like

You can’t check this, and your code could be bypassed pretty easily.
(rawset, its a metatable thing)

The way to check if a player is upping their speed is to compare their position to their previous one every second, and check if they are moving beyond 16 studs per second.
Because of lag and other issues, I would set the max limit to a bit over 16 and put the player at their previous position if they bypass the limit.

(check the magntiude of currentPos.Position - previousPos.Position to some limit like 18, then use an if statement to handle it)

Sorry for the late response, but would that look something like this?

local RS = game:GetService("RunService")
local Plr = game.Players.LocalPlayer
local Char = Plr.Character
local HRP = Char:WaitForChild("HumanoidRootPart")
local db = false

RS.Heartbeat:Connect(function()
	if db == false then
		db = true -- Debounce times so it doesnt constantly check
		local StartPos = HRP.Position -- Get Start/End pos after 1s
		wait(1)
		local EndPos = HRP.Position
		local Mag = math.abs((StartPos - EndPos).Magnitude)
		
		if Mag > Char.Humanoid.Walkspeed then -- Check if mag > plr.walkspeed
			print("Kick plr")
		else
			print("Clear")
		end
		
		wait(1)
		db = false
	end
end)

Also sorry if im doing this wrong, this is my first time working with Magnitude lol

Kicking the player might be a bit drastic as there is a high chance of laggy players triggering it, i would suggest also taking delta time into account.

Yeah, also I ran into the error of when a player jumps it affects the Magnitude. Is there a way to prevent the magnitude from changing via jumping?

You don’t need a debounce for this, in fact I would encourage checking on heartbeat.

Yea, im not using it anymore. But about what I said two messages above this post, any idea?

Current code is:

local RS = game:GetService("RunService")
local Plr = game.Players.LocalPlayer
local Char = Plr.Character
local HRP = Char:WaitForChild("HumanoidRootPart")
local db = false
local totalTime = 0
local TotalDelay = 2

RS.Heartbeat:Connect(function(deltaTime)
    totalTime += deltaTime

    while totalTime >= TotalDelay do
        totalTime -= TotalDelay

        local StartPos = HRP.Position -- Get Start/End pos after 1s
        wait(1)
        local EndPos = HRP.Position
        local Mag = math.abs((StartPos - EndPos).Magnitude)
        print(Mag)

        if Mag > Char.Humanoid.WalkSpeed + 0.1 then -- Check if mag > plr.walkseped
            print("Kick plr")
        else
            print("Clear")
        end

        wait(1)
    end
end)

Got tired of waiting and figured it out on my own. I set the EndPos Y to the StartPos Y which fixed the issue.

1 Like

You actually COULD check the walkspeed in a Server Script. Doing that in Local Script will just check the walkspeed on a client side which is easy to spoof.

game.Players.PlayerAdded:Connect(function(player)
	
	player.CharacterAdded:Connect(function(character)
		
		character.Humanoid:GetPropertyChangedSignal('WalkSpeed'):Connect(function()
			if character.Humanoid.WalkSpeed > 16 then
				player:Kick('lol noob')
			end
		end)		
	end)
end)
1 Like

Exploiter can change walkspeed as it doesn’t replicated to the server.
Even though you may implement client anti cheat, the can easily destroy em and use hookfunction or other function, rendering em less usefull.

Client can change the walkspeed to 1000 and it won’t replicate to the server.

Checking the player lastpos and currentPos can be used with lots of check to reduce false positive.

2 Likes

Lmao different timezones, when you posted that it was 11:00 for me

You also don’t want to do this, you just made it so that an exploiter can fly.

That’s not the goal of this function though, so it doesn’t matter

Theoretically, could you have a local script using findfirstchild in a loop to check it a script has been destroyed via dex or something?

Uh, no that kinda does matter for having a good anticheat.
I’m assuming you don’t want your players being able to just fly around with hacks, but if that is the intended behavior then good job.

Im saying that being able to fly is not the goal of player walkspeed checks lol. Im not saying that Im not going to allow players to fly.

Mk, just know you could do it right now and not have to ever worry about it again.

Lmao i was confused earlier.

What stopping them from destroying that local script first then other script later?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.