Exploiters can pause the script’s execution entirely without changing it’s Disabled property or deleting it.
2 Likes
Could you by any chance tell me how they do this, if it is true as of currently?
1 Like
EDIT: I was wrong in how localscripts worked, see Dandcx’s post for details
I’m pretty sure this would be easy to get around by simply editing the localscript or stopping it from running altogether. Script.Source changes can’t be read by anything but plugins and studio’s command bar, so your thread (itself a hacky solution that might end up patched in the future) will have no way of knowing if the script itself has been tampered with - only if its disabled or deleted.
Does the hash of a script change if Script.Source is changed?
1 Like
It’s undetectable but they can basically stop the script from running any code at all without disabling or deleting it which stops it from doing literally anything, using a remote event to detect it by having it send a request every random amount of time or so wouldn’t work since they can call the remote event constantly effectively bypassing the check.
What they can do is go to the LocalScript and literally halt the execution of the script fully which stops it without disabling or deleting it. (I can’t tell you, I just know that it’s possible.)
1 Like
Exploits actually don’t create local scripts, they create a hacky version that isn’t listed within roblox’s main memory. At least thats how I know Krnl works.
Script.Source doesn’t replicate. LocalScript code is replicated with bytecode sent to the player’s pc. This is why exploiters use decompilers to turn the bytecode back into a readable lua.
GetFullName returns the script’s path minus ‘game’. So if a script is in nil it will just return its name. Else if its in ReplicatedStorage it would return ‘ReplicatedStorage.TestScript’
Also when posting about client sided anti cheats,
just don’t
Synapse, Krnl, dark dex and many other exploits will just read the public post and make a bypass in mostly a day.
1 Like
Yeah I know, I’m taking the risk either ways. That aside, is an exploiter actually able to change the LocalScript.Source of a LocalScript?
LocalScript.Source doesn’t exist on the client
So theoretically it is not possible to stop the Lua Code from running with exploits, other than deleting or disabling the LocalScript, is it?
No
Every post about anti cheats always evasize the fact that the player is in complete control of the client. Maybe you can catch a few skids who don’t know what they’re doing but unless you’re really experienced with exploits. Client-sided anti cheats are useless
2 Likes
They can hook functions to something out or disconnect something, say like Player.PlayerAdded (only can disconnect client only)
So basically they can turn off any events, such as Instance.DescendantAdded or Instance.DescendantRemoved?
Yes
The client is literally on the player’s pc, they can change anything about the game on their screens
1 Like
I’m pretty sure that relies on client memory spikes if I’m pretty sure.
Its the only known client sided method that is actively used but it produces a lot of false positives and doesn’t work 100%
1 Like
Is there any possible way to access Instances which’s parent are set to nil from Studio LocalScrips?
You’re on about injection detection which is possible using checks for client memory spikes like @dandcx said but I’m on about the fact that exploiters can halt the script’s execution entirely without disabling or deleting it.
No.
Parts sent to nil are to be garbage collected, if roblox allowed a method to collect nil instances it would cause a lot of memory leaks with people who don’t know what they’re doing.
There is a lot especially on low end devices that don’t handle memory well
1 Like
Do >
local Backup = script:Clone()
local MyParent = script.Parent
game:WaitForChild("RunService").RenderStepped:Connect(function()
if script.Disabled then
script.Disabled = false
end
if script == nil then
Backup.Parent = MyParent
end
end)
These don’t even work inside Studio, so I doubt it’ll do anything in an actual game where an exploiter can just pause a localscript’s execution without setting .Disabled if they really wanted to.
1 Like