About hacking and what hackers can/cant do

Resources Community Resources
#1

Post is completely outdated with new hacks, go to THIS post for new info

Old Post (OUTDATED)

Now, I know hacking cant be fixed; its as old as time, but I would like to explain how ROBLOX hacking works so you can prevent it.

Now this list may not be complete, some things may not be accurate, but is just a general overview of hacking today on ROBLOX. Hopefully this list covers your questions for making an anticheat.

What @Bullfrogbait said should be read as well, see the solution to read

What can hackers do?

  1. Insert anything; and I mean anything into the local character (the hacker’s body), only visible on the client

  2. Insert items into the local GUI, also only visible on the client

  3. Change anything that is default in the local character, but cannot delete anything, excluding shirts/pants/hats, such as moving limbs, visible on the server and to other players, also includes StarterCharacterScripts and StarterPlayerScripts, this also includes teleporting, noclip, fly, and a lot of other movement hacks

  4. Modify anything in Workspace, only visible on the client

  5. Copy and view only LOCAL (keyword) scripts outside of server services, and anything in Workspace excluding server scripts

What cant hackers do?

  1. Change anything about other players

  2. Change anything on the server, including but not limited to ServerStorage or ServerScriptService

  3. Insert scripts or GUI’s into other players that they can see

  4. Change things other players can see outside of the local character (the hacker’s body)

2 Likes
#2

Thank you so mush this can help me to prevent exploits

#3

The problem is the remote events lets say you have give coins event like this

RemoteEvent.OnServerEvent(connect(function(plr)
       local cash = plr:WaitForChild("leaderstats" ) :WaitForChild("cash") 
cash.Value += 5000
end

And the biggest problem he can do it on while loop and get billions of cash

#4

There’s some extra information that you didn’t mention.

Exploiters can use Server Side Exploits if the developer(s) of the game has a backdoor script which gives exploiters the ability to access the server and do things normal exploits can’t.

If exploiters have access to your game’s server then they can basically destroy your game if they wanted to.

You can get more info on exploiting on this topic:

1 Like
#5

I did think about that, but a lot of game developers already know about it so I didn’t include it.

#6

You should handle giving cash on the server so it can check who actually fired the event o.O

A good way to troll hackers is just making a folder called ‘Admin’ with a bunch of dummy remotes like ‘LoopKillAll’ or ‘BanAll’, etc

1 Like
#7

Most of the lists can be trimmed down to you explaining clientside versus serverside. However, still a neat resource.

Also it should be noted that exploiters can fire RemoteEvents with whatever parameters they want. Don’t trust the client.

If you’re looking to make an anticheat, learn about raycasting. It’s essential (in my opinion, open to debate I suppose) when making an anticheat. You’ll likely have to use it to detect flying (when checking if the player is standing on an object or not) and noclipping (check if their raycast from previous to new position went through something).

You can check current walkspeed by doing HumanoidRootPart.AssemblyLinearVelocity.Magnitude. (You’ll have to set LinearVelocity.Y to zero however)

Nice topic.

2 Likes
#8

Alright, thanks for the help!

(just bypassing minimum post limit)

#9

Edited post a bit, fixed some punctuation