Hello there!
An HR from my group asked me wether I could make something called “exploitlogs”. It would detect script injections using an exploit, but I personally do not think that is possible. I might be wrong, though.
Ay ideas how to detect when a script gets injected?
Thanks in advance! 
Kind regards,
Jonas
Looks good! Although, my script is going to be used on multiple groups. Do I have to define every time which parts are allowed, which are not?
Unfortunately this will not be useful advice because:
Exploiters can very easily guard against these attempts at detection;
The model you linked is not an obfuscator - and in any case, it comes with a beautifier which an exploiter could use to reverse any effect it has.
You won’t have any luck doing this - it’s too easy for exploiters to get around any client-sided detection you might try to put in place.
Instead, you should address the particular things that these exploits are allowing users to do in your game and look into preventing those through server-sided checks. For example, if an exploit let you perform an action much faster than you should be able to, implement a debounce per-player on the server.
Anyway, how would I know which scripts are legit, @DragRacer31?
Completely agreed, but it’s still better than nothing.
Kind regards,
Jonas
It isn’t an obfuscator in any sense of the term that relates to security.
As for “better than nothing”, this is really just the same as nothing. It’s a waste of your time! All it takes is one exploiter to write a workaround and share their code (as the creator of a popular game, I can assure you this is extremely common).
That’s is very true, there are some scripts that are very powerful when stoping exploits, but @marketmanager1 would have to go to #public-collaboration:public-recruitment if he wants that script, I don’t think anyone would spoon fees a script like that. Who knows, some people are nice
Detecting injected scripts and other objects that are added to the game cannot always be caught. You could use game.DescendantAdded , but exploiters can insert scripts in hidden containers that game.DescendantAdded can’t read or modify. I also believe there is a method to run a script without injecting it in the first place (not sure about this). To get around some exploits, you just need a really good client-Server model that has no loopholes (side note: never trust the client, all important processes should be on the server). Although there are exploits that developers really can’t prevent, there’s no point in wasting a lot of time and money trying to create a 100% exploit proof game, there will always be one way to reverse engineer a security system or whatever system on machines. Let exploiters be, in the end, you still have your game and you had good intentions, but I’m not saying you shouldn’t try to stop exploiters. Do whatever you can in your power to prevent exploits, but if it’s out of your power, at least it was worth a shot.
game.DescendantAdded:Connect(function(Descendant)
pcall(function()
if Descendant:IsA(“LocalScript”) then
--check if the added script is malicious
end
end)
end)
Although this code will detect added/injected scripts, as I’ve stated earlier, this will not always work.
I also typed this on my phone, apologies if this is incorrect or poorly formatted.
Correction: It can never be caught.
When an exploit executes a script, its parent is nil by default, so the exploiter would have to reparent the script themselves for you to be able to detect it.
I believe you mean executing code without creating a LocalScript object. Yes it is possible. In fact, it’s even possible to call functions without running any lua code.
Btw even though your script wouldn’t work anyways, I think you meant to check if the object is a "LocalScript", not "Script".
What I meant by injecting was based on the DescendantAdded event. It can’t be detected if the parent is nil, if it’s parent is CoreGui etc, DescendantAdded will return an error.
Edit:
Also yes, thanks for pointing this out.
While you can’t detect injected scripts, surely you could check the effects of the script and try and stop that. For example (a simple example): if someone begins walking, make sure their walkspeed has not exceeded 16 and therefore if it is > 16 then you can tell that they are exploiting. This was a simple example but there are several different exploits that you can check for. Sadly, you’d have to wait until they’ve exploited your system to do anything because of the blindness we have against when a script is injected.
Easier said than done.
What you would probably do is use GetPropertyChangedSignal("WalkSpeed") and then check if Humanoid.WalkSpeed > 16?
Well an exploiter can get around that in two seconds by spoofing __index of the Instance’s metatable, or disconnecting your event.
If you want to discuss this further, hmu in PMs, as it would be getting a bit off-topic and cause unnecessary bumping (especially since the thread is marked as solved).
I think a few of your responses are dependent on the fact that LuaSourceContainers exist but what if I told you - gasp - that an exploiter doesn’t need to use a LuaSourceContainer to execute code!?
Trying to look for a script instance won’t work if an exploiter doesn’t parent a LuaSourceContainer to the DataModel, because that script will only exist in memory. On the other hand, don’t rely on the sentiment that an exploiter will keep a LuaSourceContainer in nil. They don’t even need to use one to run code locally.
LuaSourceContainers are only physical objects that facilitate the execution of code. No exploiter explicitly needs to use a LuaSourceContainer to run code on their client. Banking on the assumption that they use one is unwise. Focus on the code being ran rather than if they’re inserting an Instance into memory/the DataModel or not.