A simple, yet effective, detection for all mobile exploits

Resources Community Resources
,
#1

Salutations, my fellow Developer Forum users.

Today, I’m glad to present a detection for almost all, if not all, mobile executors:
Evon, Codex, Hydrogen, Delta (X), and possibly others.

Don’t forget to thank the unbelievably competent mobile exploit developers, and us too, of course!

We will be pleased to answer all questions in this topic for several hours, then we will happily log off.

Quantum.lua (4.9 KB)
Sorry for the messy code! Did it rushing :hear_no_evil:

Create a LocalScript in ReplicatedFirst and insert the code, you’ll be good to go. :wink:

Thanks to:

  1. @MakeSureDudeDies (The Great)
  2. @HexadecimalLiker
  3. @daily3014TheGod

Electron detection: A quick way to detect exploiters that use Electron - Resources / Community Resources - Developer Forum | Roblox
Cheat Engine detections: Ruining lifes of Cheat Engine pseudo-“exploiters” - Resources / Community Resources - Developer Forum | Roblox

Tags

cheat anticheat anti-cheat anti cheat anti exploit exploit antiexploit antiexploit cheat engine cheatengine cheat-engine ce detection hack antihack anti-hack speedhack antispeedhack anti-speedhack anti-speed hack anti speed hack anti-speed-hack antispeed-hack antispeed hack security protection protect sanity check sanity checks sanitary check sanitary checks electron synapse krnl prevent exploits stop exploits delta codex code x code-x hydrogen delta delta x deltax delta-x delta(x) delta (x)

38 Likes
Ruining lifes of Cheat Engine pseudo-"exploiters"
#2

Damn… those mobile exploits really be lacking :rofl:

7 Likes
#3

Thanks to musli for this amazing release :heart:

3 Likes
#4

thank you @AverageOnionUser AverageOnionUser for this unfathomably godlike contribution that you have brought upon us

1 Like
#5

Imagine getting detected by a luau script in 2023 :joy:

1 Like
#6

A lot of the asset IDs just point to 404s, I think Roblox deleted whatever images they were.

Also one of them just points to the Montserrat official Font asset.

In fact it appears twice because there’s a duplicate.

EDIT: Nvm this was likely because of a bug:

3 Likes
#7

I see, but hey, the asset ID collection was automated by my bot and it collected them from their init (initialization) scripts,
but it didn’t validate them at all, so sorry about that.

It still doesn’t matter if they 404 at all, because if one GUI uses that asset ID then
t will get detected anyway, as for the duplicate, you can freely remove it.

2 Likes
#8

Forgot something! Here are all important initialization (init) scripts for those mobile exploits:
evon.lua (22.8 KB)
hydroui-obf.lua (126.0 KB)
ui.lua (1.2 KB)
undtc_beta.lua (23.0 KB)
deltax_ui.lua (247.7 KB)
codex.lua (144.3 KB)

Memes

image

image
image767×129 17.6 KB

Quite undetectable.

image
No comment.

image
image961×122 14.4 KB

Who even uses variables?

image
image
Tables?

image
What even is the point of this…

image
wait(1); wait(1); wait(1); wait(1)

image
game.Loaded:Wait() totally does not exist.

image
image951×344 31.8 KB

I don’t even want to talk about this code.

7 Likes
#9

the preload callback on coregui thing is genius

1 Like
#10

It’s a known method but mobile exploit devs are so competent they refuse to patch it i guess

#11

It’s impossible to patch it, quite literally. There are thousands of ways to check if PreloadAsync was hooked or tampered with, the most popular one is just error checking with different arguments, and I’m sure it will be tough to account for every single possible argument, considering it’s a vararg too.

So, if they “patch” it, I will find a thousand more ways to detect it.

1 Like
#12

They can patch this fast by Random names

#13

like @Zulauf75333 said, this can be bypassed by either spoofing their uis name to a random string, or copying a uis name thats in coregui by default.

#15

Once again I see you in my threads talking about my script being “bypassable”.

Your, and @Zulauf75333’s “genius” idea literally won’t work if you just use a whitelist of GUIs instead of a blacklist, which any competent scripter should be able to do

Even then, randomizing your GUI’s name won’t help you aganist PreloadAsync technique, but once again, you skipped over the entirety of my code and decided to nitpick my snippet.

Rethink your commentary.

1 Like
#16

Please read what I said to IBuildFunGames for a lot more detailed response.

Renaming your GUIs is a temporary fix that won’t help if any person with basic scripting abilities will look through your exploit’s code (“init script”).

Have a great day.

1 Like
#17

PreloadAsync doesn’t actually give you the guis in the CoreGui (The actual instance), the reason this works is that some exploits, like dex, use images/Icons from the marketplace or smth like that, so they get an impossible asset ID, you get the idea, so renaming with PreloadAsync wouldn’t work iirc.

#18

About the “PreloadAsync” It is not a problem to change the id anytimes.

#19

PreloadAsync Won’t help for you if you can to change the id anytime…

#20

I can’t keep arguing with a person who cannot read what I have previously already said, thrice.

It’s a temporary fix, which can be patched in seconds by any person, and I’m 100% sure the exploit developers won’t even do because of how lazy and incompetent they are. :rofl:

1 Like
#21

Man this is awesome. Is there also a script for doing this on Desktop Clients? (PC, Laptop)

Edit: nervermind i found that

1 Like