I’ve been doing alot of researching on Anti-cheat systems, every developer knows that an anti-cheat is not perfect and there is a slight crack in the wall, however a question has come to my mind;
How can we patch Client exploit software for example:
Dex
RemoteSpy
IY (Infinite yield)
Tried CoreGui however that’s impossible because that returns nil.
What are some options I could take?
The best anticheat is making simple, brainrot slop games that barely use remotes and (now) with Server Authority have no fly hacks.
I’m curious what sort of cheats are we defending from?
A lot of logistics and stats can be saved on the server and as for client sided super speed you can rig up a physics detector to kick/warn players for moving really fast without game design intention.
Its best to think of the client as intentionally malicious, and no matter what you do, there will always be a way around your detections. Exploit scripts have higher security access than LocalScripts, so theres not really a point.
Instead, since they cant modify the server, you need to implement anticheat stuff server side. It’ll still be an uphill battle as you’ve effectively started a cat and mouse game.
Mainly patching the examples (dex) ive seen developers do that
I do secure everything on the server side, Thinking about other protections i could add to my game
They’re changing things in an abandoned service that no one uses, and you can notice it as it changes. Just keep an eye out for any changes in the service. I’m not sure if the method still works, but this was my way to make sure no hacker could hack my game
I used to crash the PC because it was the best way to kick the hacker out. That way the script wouldn’t finish running, because if you only kick them their code or script can still keep running
Just so you know, this video is very old, from 2023 or 2024 so I don’t remember if they changed the method or not. But there’s definitely still a way to detect hackers pretty easily. Some exploit tools are hard to detect, but some of them are very simple to detect
For character based detections ( noclip, speeding ) you should solely rely on the serverside for these, if you wish to seek out detections for client scripts then you can perform stack integrity checks, environment checks and hook checks in specific scenarios. It should also be noted that if you intend on creating a client-sided anticheat don’t leave it unprotected, implement a complex handshake system that is hard to reverse once obfuscated.
example environment check inside of a module:
local module = {}
function module:doSomething()
if getfenv(debug.info(coroutine.running(), 0, "f")).identifyexecutor then
-- punish the user in someway and alert the server to ban them
end
end
Its important that you do not kick the user straight away, if you do, they’ll know they’ve done something wrong. Flag it internally and ban them in a wave.
unless they’re doing something very obvious /shrug
What was the service that you detected?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
