Anti Remote Exploit Help?

Help and Feedback Scripting Support
#1

I’ve been thinking of an Anti Remote Cheat to prevent exploiters from firing remote events from their client. But I wasn’t really sure if my method was going to work.

And here was my method:

  1. Adding an attribute number as a password to my local script.
    image

  2. Then storing the attribute inside a variable in the client side and then it removes the attribute password from the local script:

Client Side

local Remote = game.ReplicatedStorage.RemoteEvent

local Password = script:GetAttribute("Password") -- stores the password in a variable
script:SetAttribute("Password",nil) -- removes the attribute from the local script

Remote:FireServer(Password)

Server Side

local Remote = game.ReplicatedStorage.RemoteEvent

Remote.OnServerEvent:Connect(function(Player, Password)
	if Password ~= 5555 then -- if the password was not correct
		Player:Kick() -- kick the player
	else
		-- script here
	end
end)

If the exploiter have the ability to View the local script. He would still not be able to see the password since the exploiter can’t print out the value of the local variable and at the same time the attribute password was removed once the script ran so he can’t view it.

And my question is: Will the exploiter be able to see the argument which were sent to the server? If he can then how can I protect my remote events from being fired by exploiters?

#2

If you wanted to be really safe you could use basic encryption. I can’t remember what the method is called by it’s where you have 2 public keys that get sent from the server to the client, and two private keys that stay on the server. There is some fancy math that lets the public keys encrypt, and the private keys decrypt. If I can find the name I will try to link an article about it.

1 Like
#3

You cannot prevent an exploiter from viewing your remotes, encryption will slow them down but it wont stop them and they will find a way. Just have good sanity checks on your server when handling remotes.

4 Likes
#4

The exploiter can still see the arguments that are being sent to the server. Exploits can hook onto the game’s metatable to find the arguments when FireServer is called.

1 Like
#5

It’s called RFA encryption, it was an industry standard, there are newer methods now. A quick google search should help you to find how to do it.

2 Likes