That way I can just gather the RemoteEvents from the server once, parent them to nil, and at least hackers that have explorer can take longer to figure out they can’t hack my game with just RemoteEvents.
2 Likes
Crash the client when game:service’Selection’.SelectionChanged is triggered (preferably not with Player:Kick() )
I know this isn’t the solution you wanted, but it’s a solution to the explorer.
Don’t players have special explorers now? I saw someone with a screenshot of my game and its remote events and the explorer was translucent. I know that script was the solution years ago in my game.
There are Lua explorers that look like the real thing.
Also, the C-side explorer isn’t part of the client anymore, so SelectionChanged is useless.
RemoteEvents have to be replicated for them being able to send/receive the signals.
I just tested it and it seems they do require to have a valid parent indeed.
(just being replicated doesn’t count)
(valid as in: all its ancestors are replicated, so somewhere in ReplicatedStorage etc)
Realistically what you should be doing, though, is making it so that a request sent through a remote event or function can’t be abused, regardless of whether it comes from your script or from someone exploiting.
4 Likes
This really wouldn’t help much. Anyone who makes a program to observe network traffic and recreate the place in an exploiter explorer as the place is being downloaded can observe network traffic to see what responses and requests your remoteevents and remotefunctions are using, even if they have no parent. They can then spoof their own network traffic to make the game think a request/response was sent to/from one of those remoteevents/functions parented to nil.
That’s exactly why you should be making sure requests are safe on the server side, like I said. Because it doesn’t matter if they can find the reference to the remote event, they could always just send their own network requests to do the same thing anyway. The only way to ensure any request can’t be exploited is to only process requests that are safe regardless of if they were made correctly or through an exploit and ignore ill-formed or abusive requests.
1 Like
My game doesnt trust the client one bit, so exploiters cant screw with my remote events, but I’d still like to hide it from them.
That’s fine, but at the end of the day you can’t 100% hide it. They control the machine the client code runs on, they can snoop the network data and the ram.
Unfortunately you can’t. Even if you parent them to nil, exploiters are still going to find out about them the same way they do now (by observing network traffic).
Yeah I see that now. That sucks, but those are heavy duty exploiters right? The average schmuck I see on v3rmillion(I have an account to snoop on exploit talk on my game) seems to think nearly every game can be hacked 100% just with leet haxes on the remote events.
Those average schmucks use tools created and sold by the heavy duty exploiters. They would never be able to do anything on their own.
Exactly. Like I said, just assume every request you receive through a remote event or function could have been sent through an exploit. It shouldn’t matter if the thing they’re sending is something they could have sent normally like through ui element or keypress.