Exploits use a different type of luau with more stuff, such as allowing loadstring on the client, getgenv, getglobal, getvenv (i dont remember the exact names, its been a while since ive done some funny stuff) but yeah dev console doesnt work very well
it cant even replicate hookfunction and hookmetamethod, which is basically what every script is built on and how most exploits even bypass anti cheats
For anyone wondering, this does not affect Bloxstrap because it doesn’t modify the client, it just launches it.
How will this affect Linux users? If you block patched binaries like Sober then Linux users won’t be able to run Roblox at all, unless they stream it
How does this negatively affect you?
Only legitimate users I’ve seen affected are Linux users.
I recieved a warning for a “modified client” on beaks, it said ExploitDetected. I was using Bloxstrap at the time. Could this mean anything for Bloxstrap?
The lack of directly addressing popular third-party solutions such as Bloxstrap is confusing, but I also recognise it’s a possibility that you are still internally evaluating things for what is considered safe for the user to change and what not to change.
While this does put you in a rock and a hard place for wanting to communicate progress when dealing with account farming and exploits, not being given the green light to tell us about the status of the most popular third-party tool for Roblox leaves many of us with more questions than answers.
Hopefully as decisions are more-firmly made internally there will be the possibility to clarify on this thread; Bloxstrap serves as an amazing tool in my use-case by allowing me to use all of my CPU cores in Parallel Luau workloads. Restricting this specific FFlag would kill any viability my custom rendering solution has, so I hope you are working internally to better define these types of restrictions you are placing in mind of security.
Even though RbxStu fits into the definition of “Modified Client” you have to think, Studio simply doesn’t have Hyperion to detect such usage, and there is no reason Roblox would need this either.
Since Roblox Studio can be only used to play your own games, there is no reason for Roblox to add Hyperion into the Studio.
(someone else said this but I go into higher detail) The dev console doesn’t have functions like “hookfunction” or “hookmetamethod” which exploiters use, those functions are used by remote spies (scripts that tells you what remotes are ran) or even prevent client side kicking, it has essentially 0% UNC (this number tells you how many custom functions the executor has essentially, there’s also sUNC, which has further checking and tells you if they’re faked or not I think, UNC stands for Unified Naming Convention, you can search this up if you want), remote spies are easy to replicate and anti client kick is easy to bypass by telling the server to kick (although remotes can also be prevented from being fired), or crashing the player, but there are a bunch of other functions you can’t really have in studio like the debug library that allows you to change up values, fireclickdetector, firetouchinterest, fireproximityprompt (you’d have to write a bit of code to make these work, these can be replicated in studio though, unlike hooks), gethiddenproperty, sethiddenproperty, etc… but yes you can test a lot from studio, although it is limited, adonis has an anti cheat and I think it’s pretty interesting, it can detect stuff added to CoreGui (kinda), and detect anti client-side kick, and from what I know it’s really hard if possible to change what a script does, but I think it might be possible, if you can change a function in a script, like for adonis set its anti-cheat “Detected” function to do nothing, that’s a bypass.
Bloxstrap cannot be detected by Hyperion, and the reason is simple:
Bloxstrap does NOT modify the client process’s memory, threads, or execution in any way, shape, or form. Bloxstrap only uses official features of the client (like FFLags) to change certain settings or uses the Roblox Logs file to see which game you are playing.
All of this doesn’t trigger any detection on Hyperion in the slightest.
Nice FAQ guys this answers almost nothing and simply makes more questions than answers
I understand what you are saying, although it is worth noting that Roblox staff have on other threads mentioned that FFlags will eventually be locked down too; the extent of which we currently don’t know which ones (if any) will remain open to user configurability.
Sure that can happen, however it’s hard to say if anyone using those FFlags that can be used for cheating will be banned in the future, as it’s unlikely Hyperion has any checks that see if certain FFlags are enabled and then flag you.
Additionally locking down FFlags is kinda hard, as anyone with enough determination can enable them unless they are fully removed from the client.
I imagine they want us all to just trust that roblox’s automatic/forced systems won’t absolutely ruin the gameplay experience (which it very much does)
I sincerely do not think, this post will result in anything, as in good thread of a fellow ex-exploiter has said: “Byfron isn’t allowed to ban exploiters because Roblox is supposed to grow their metrics, not shrink them.”
I have a question: would this affect the unofficial Roblox port for Linux, known as Sober? Would the Linux users be caught in the crossfire between Roblox and the exploiters?
If so, then guess it’s time to go back to dual-booting.
It’s very likely because Hyperion is securing the Client, they obviously want to avoid any environment where the user can control what is happening (like VMs), since Sober runs Android version in specialized environment, Hyperion could indeed see it as unsafe environment and simply not run.
Yes, those should be safe to use.
ROBLOX doesn’t hate you, they just don’t care about or have an interest in maintaining Linux users 
most exploits don’t work on roblox studio, so how do you use roblox studio to test exploits in your game?
Okay, how do you do when a script uses loadstring, is obfuscated, uses coreGui and more?