A while ago, my friend Daily (daily3014TheGod) and I started working on an anti-cheat called Valkyrie, but we never finished it. There aren’t many comments in the code, so please don’t message us about how to get around it or if you find any problems. We’ve decided to stop working on this project for good, which means we won’t be updating or supporting it anymore.
And just to be clear, don’t try to sell this anti-cheat. Instead, use it as a learning tool.
Comments like these are the reason im losing faith in humanity, its a bad advice because people often use it as a last line of defense against exploiters, They rely on patching cheats by the client when it can be done by the server and theres no reason to do it from the client if its gonna get penetrated.
Client security is only usefull against cheats impossible to patch via the server such as aimbot, and wall hacks.
Pretty sure he meant, that nothing is impossible, if you saw the source code, you would see that It tried or could detect namecall, index, and newindex hooks, same for remote spies, and function hooks.
It’s just that only a small % of devs know how to properly make client sided anti exploits.
This is literally the argument every company makes for their anticheats and yet they get bypassed in a matter of days, I will not further reply to this as its not up for debate.
We are talking about roblox though, if you know how to patch the bypasses and reverse engineering, It doesn’t take more than 1 hour in most cases, you can see that in Citadel an anti cheat made 2 years ago, there’s not a single public bypass for it, and the anti cheat itself doesn’t ban people, so even though everything is “bypassable”, It doesn’t mean that the client sucks, It’s true that It can’t be trusted, but making a client anticheat isn’t bad either.
Mine anticheats are more or less the first line of defense, data sent through the anticheat remote are encrypted with the keys stored inside the obfuscated anticheat (obfuscation plays a big part in anticheats). Unless you had the source to the anticheat, it would be really difficult to reverse engineer the exact encryption it uses and the key it uses for the encryption. Things like this make client anticheats reliable enough to use in big games without them getting bypassed in a matter of days.
Client anticheats are much much better at detecting what the server could detect. A serversided walkspeed detection will false positive a lot because you can’t check for the WalkSpeed property changing unlike on the client. You could hook the property on the client but no hook is perfect and valkyrie for example has a function made for detecting those imperfect hooks (PropertySpoofCheck), however for this release I snipped the function but Liker’s post has a simple method to detect most spoofs
Valkyrie and my past anticheats never had a full bypass. In Valkyrie nobody managed to bypass the serversided walkspeed checks OR the clientsided walkspeed checks. Nobody even came close to bypassing any of the clientsided checks. You are the prime example of a devforum user that replies with “You should never rely on the client” to every post about clientsided anticheats
The popularity of my games doesn’t matter. If it was popular i’d have 5 skids there 24/7. The games attract actually competent exploiters through discord servers & etc, not through advertising the game through advertisements
Compare my newest anticheat (Valkyrie) that had only one testing session that lasted 2-3 hours to my older anticheat that was public for weeks then COMPARE those to my even older anticheat (that I still work on) which had a lot of testing sessions that would last hours but was never public for long periods of time
It was mainly released because of byfron. You can also see in xnx’s post
“And just to be clear, don’t try to sell this anti-cheat. Instead, use it as a learning tool.” so it’s a learning tool for people
Hyperion biggest weakness is that It’s still usermode, so a kernel driver can easily bypass it, unless they make it kernel as well, so anti cheats aren’t going to be useless, for example, if an exploiter managed to bypass hyperion with a private executor, and there’s a remote event that gives money, they can easily get an absurd amount of money in the game, so protecting remote events and making anti cheats are still good.