Anti Brick/Hat Spawn Exploit Script

Christbru01 · July 26, 2017, 6:54pm

This is a script I created with assistance from TheFurryFish to block the brick/hat spawn exploit shown here: https://youtu.be/QpFw7xv-Dm0?t=149

--Anti Brick/Hat Spawn exploit by Christbru01 and TheFurryFish
function Scan_Item_For_Accoutrement(Plr,Item)
	if Item:IsA("Accoutrement") then
		local connect = Item.AncestryChanged:connect(function(obj,newloc)
			if newloc and not game.Players:GetPlayerFromCharacter(newloc) and not game.Players:GetPlayerFromCharacter(obj) then
				Plr:Kick("Brick spawn exploit detected")
				repeat wait() until obj.Parent == newloc --This prevents "Trying to set parent while setting parent" warnings from being spammed in the server logs
				repeat Item:Destroy() wait() until not Item.Parent
				repeat obj:Destroy() wait() until not obj.Parent
			end
		end)
	end
end

function Search_Item_For_Accoutrement(Plr,Item) --Don't want to make it too easy and let them simply hide/bury the accoutrement to avoid the scanner
	if Item:IsA("Accoutrement") then
		Scan_Item_For_Accoutrement(Plr,Item)
	else
		for _,NewItem in pairs(Item:GetChildren()) do
			Search_Item_For_Accoutrement(Plr,NewItem)
		end
	end
end

function New_Character(Plr,Char)
	Char.DescendantAdded:connect(function(Item)
		Scan_Item_For_Accoutrement(Plr,Item)
	end)
	Search_Item_For_Accoutrement(Plr,Char)
end

game.Players.PlayerAdded:connect(function(Plr)
	Plr.CharacterAdded:connect(function(Char) New_Character(Plr,Char) end)
	if Plr.Character then New_Character(Plr,Plr.Character) end
end)

ConvexHero · July 26, 2017, 7:24pm

You should also be able to listen for changes to StarterGear. This exploit works because StarterGear’s contents get cloned.

Christbru01 · July 27, 2017, 1:47am

Wouldn’t that require it being placed in a localscript which may or may not be disabled by the exploiter’s exploit? The solution I posted is completely server-side and provides both exploit prevention and player detection. I’m just curious as I didn’t think the StarterGear changes replicate to the server from the client. o.o

wravager · July 27, 2017, 2:15am

script.Parent=nil or call Destroy on the script on the client.

Christbru01 · July 27, 2017, 3:25am

Some exploits are capable of still disabling any localscript regardless whether it is nil-parented or not.

einsteinK · July 27, 2017, 11:23am

Destroy the StarterGear!

pauljkl · July 27, 2017, 12:03pm

Should also check StarterCharacterScripts. That was an old one that worked the same as this and I am unsure if it was fixed. @ConvexHero can confirm?

ConvexHero · July 27, 2017, 5:57pm

Instances under StarterPlayer should now be filtered in FE places. In a strange twist, they actually were filtered in experimental mode places in the past.

Destroying StarterGear is not entirely effective. For legacy reasons, StarterGear is created on the client. The server will accept exactly one StarterGear parented to the Player object.

Christbru01 · July 28, 2017, 2:05am

Awesome, another exploit patched. Thanks for acting on this exploit/glitch quickly.