Lately I’ve been spending time making anti-cheats, and one of my goals which started today is to figure out where injectors inject their LocalScripts. A friend helped me out with his exploit injector, as for obvious reasons, I do not own any exploits.
The main question is: What is the full, specific location of a LocalScript which’s “script:GetFullName()” equals to its “script.Name”.
The testing LocalScript my friend injected used for testing:
script.Name = "Test Script"
print("This is a test local script, and it was inserted in the following location: "..script:GetFullName())
A screenshot of what his client logs printed in the Developer Console:
Just a note, exploiters have full control over their client, so this probably isn’t worth making. They can just delete your anti-injector script, and you can’t make it a server sided check because its only local.
The best way to prevent exploiting is to do lots of sanity checks on the server. There’s no way you can prevent people from doing stuff locally, its literally on their computer.
EDIT: I was wrong in how localscripts worked, see Dandcx’s post for details
I’m pretty sure this would be easy to get around by simply editing the localscript or stopping it from running altogether. Script.Source changes can’t be read by anything but plugins and studio’s command bar, so your thread (itself a hacky solution that might end up patched in the future) will have no way of knowing if the script itself has been tampered with - only if its disabled or deleted.
It’s undetectable but they can basically stop the script from running any code at all without disabling or deleting it which stops it from doing literally anything, using a remote event to detect it by having it send a request every random amount of time or so wouldn’t work since they can call the remote event constantly effectively bypassing the check.
What they can do is go to the LocalScript and literally halt the execution of the script fully which stops it without disabling or deleting it. (I can’t tell you, I just know that it’s possible.)
Exploits actually don’t create local scripts, they create a hacky version that isn’t listed within roblox’s main memory. At least thats how I know Krnl works.
Script.Source doesn’t replicate. LocalScript code is replicated with bytecode sent to the player’s pc. This is why exploiters use decompilers to turn the bytecode back into a readable lua.
GetFullName returns the script’s path minus ‘game’. So if a script is in nil it will just return its name. Else if its in ReplicatedStorage it would return ‘ReplicatedStorage.TestScript’
Also when posting about client sided anti cheats,
just don’t
Synapse, Krnl, dark dex and many other exploits will just read the public post and make a bypass in mostly a day.
Every post about anti cheats always evasize the fact that the player is in complete control of the client. Maybe you can catch a few skids who don’t know what they’re doing but unless you’re really experienced with exploits. Client-sided anti cheats are useless
You’re on about injection detection which is possible using checks for client memory spikes like @dandcx said but I’m on about the fact that exploiters can halt the script’s execution entirely without disabling or deleting it.
