Anti-Dupe Exploit Patch

Mr_Wiggles · August 12, 2022, 7:34pm

I was recently informed about an exploit and I don’t really understand how it works, only that it involves a Roblox Security vulnerability and that I seen it in action in my game.

Since I don’t know understand it works, it’s best to let the man explain it himself (blurred out bits of the code so exploiters can’t use the full script):

If you’re an expert in this, feel free to sum up how it works in the comments and I’ll mark it as a solution. In the meantime, I figured out how to put a “band-aid” on it.

Coolsbloxian · August 12, 2022, 7:36pm

Man, another exploit released to the forum

There is a chance that synapse x person can see this and bypass it

Mr_Wiggles · August 12, 2022, 7:38pm

Good point. I’ll edit it to blur out bits of the code.

nonamehd24 · August 12, 2022, 7:39pm

Stuff inside the Player object can be reparented while the Character is nil so this is no exploit but rather some oversight by Roblox or intentional.

nonamehd24 · August 12, 2022, 8:00pm

Altough if the crashing server part IS true then that would be an exploit which you should probably make a bug report about.

nonamehd24 · August 12, 2022, 8:10pm

Update on my first post:
I think it is only possible to reparent them to nil.
Altough about the setting the Parents of tools part, I don’t think that’s true.
The only time reparenting a tool replicates is when it is the Players backpack, workspace or Character.
If this is true then why would it only be possible to reparent tools? I just don’t think this is real to be honest.

Mr_Wiggles · August 12, 2022, 8:14pm

It’s real, and works in about any game that doesn’t have some type of patch like mine.

nonamehd24 · August 12, 2022, 8:18pm

What would the point of doing that even be? You can’t make your own tools and neither should you be able to move tools to StarterCharacter.

Profituber · August 12, 2022, 8:19pm

What patch? I asked my friend to test it on your game, it worked.

Mr_Wiggles · August 12, 2022, 8:34pm

They take their own tools and are somehow able to parent them to StarterPack and/or StarterCharacterScripts.

Mr_Wiggles · August 12, 2022, 8:36pm

Can you provide more information on this? Last time I checked, it worked.

Profituber · August 12, 2022, 8:42pm

Add <>, what’s your <>? I’ll show it working

Mr_Wiggles · August 12, 2022, 8:56pm

He was able to show it worked locally, but it would not replicate to the server. This is still a viable solution.

I created a test/control place to ensure it was none of my personal scripts allowing them to do it:

It is uncopylocked.

Profituber · August 12, 2022, 8:59pm

I’m gonna be completely fair with you, it replicated to the server, how do you think he was able to sell 9000 caiks and get noob lord in your game?

Profituber · August 12, 2022, 9:03pm

It’s very much not that, your Character is still there when you parent it

Mr_Wiggles · August 12, 2022, 9:10pm

I see, thank you. He showed me that he was using his own StarterGear to dupe tools. I updated the original post with a link to the model with a working anti-dupe.

nonamehd24 · August 13, 2022, 12:37am

This really isn’t that bad since this doesn’t even replicate to the server. Also that change only shows on the Client meaning that you can’t detect it from a Server script. Also person in the Screenshot made it sound like it replicates, which it doesn’t.

autumise · August 13, 2022, 1:01am

why you hiding raknet methods lol. ez network exploitation that can replicate (some stuff can) to the server with some stuff until roblox decides to switch from raknet

Mr_Wiggles · August 13, 2022, 1:22am

It does replicate to the server, though. That’s the issue.

Abcreator · August 13, 2022, 3:08am

Anything with-in the player’s character replicates, this means exploiters can give themselves objects that shouldn’t even exist in-game.