Anti-RemoteSpy and Anti-Dex?

This would be bypassed in like a day because remotespy can see what arguments you fire with.

4 Likes

If you want more info on how to patch dex I recommend this post I made. As for remote spys don’t worry about it just make your remotes secure.

i dont think there is a way to stop DEX due to it having a randomized name but you can maybe stop rspy by spamming remote events thru a script.

This would get bypassed in about 5 minutes. Exploiters can just hook the password change it to the correct password on event call.

I actually haven’t attempted to detect Remote spies but the most Ideal way I can think of is to check a Luau stack, If it changes when a remote spy gets executed then punish (NO CLUE IF THIS WOULD WORK)

Hmm, just like this why you won’t leak this method? (I just wanna know why, nothing more)

Script Developers can look everywhere and just patch your method.

ah yes like what happened to the old anti synapse script

You can make a script that looks at the current running processes on the user’s computer. You could search for processes like Dex Explorer, or other exploits that fall under the same concept as Dex.

Not sure if you have any form of coding knowledge in Luau or if I just don’t get what you mean.

Dex scripts always run in CoreGui, you don’t check for processes on a client’s computer since It’s literally impossible doing it on roblox’s security limits.

There’s over 10 ways to detect CoreGui objects but none of those are through processes.

4 Likes

Simply dont bother, make good remotes that are hard to exploit.

You can’t. At least not from inside Roblox due to their security. The best that you can do is secure your remotes and don’t trust the client.

Care to explain how to do this? To my knowledge, you can’t access the player’s computer through roblox scripts…

Your best bet here would be Sanity Check and Server Authorization
I don’t want to rant about it cuz I’m 80 percent sure u know what this is and if you don’t there are others who explain it better than me.

The issue with Dex on Synapse is that it really hides itself. You can use memory checks, but you have to make allowances for mobile users (If they have a touchscreen, then they are most likely mobile.). Remote spy on the other hand can be defeated by encryption. I use RSA to send the client the key and after that, the client/server uses that key to communicate. This is what I have done. They can’t even see the key because RSA uses an asymmetrical key. Granted, they could probably see the key on the client, but once the key is used to setup the tables and such, it’s deleted.

I did some reasearch, the only thing I could find is that the only way to bypass it is to set metatables

Code is not 100% safe, but here are steps to make it more difficult for Dex to see your game stuff: (Also general tips here too) (There is only 1 tip for RemoteSpy lol)

  1. Obsfucating code and making code confusing
    Obsfucating makes code more confusing for exploiters, you can obsfucate your code, rename variables and functions with random letters, remove helpful comments and so much more. You can also use trash code insertion, encryption and more. I just put entire obsfucated code on Line 1. This makes it harder for exploiters to understand code.

  2. Use HTTPS when using HttpService.
    HTTPS is recommended, since it encrypts all data sent. It’s important to ensure that all third-party services and APIs used in your game also use HTTPS. This prevents attackers from intercepting sensitive data in transit.

  3. Never trust the client
    One of the most important principles of game security is to never trust the client. In the context of Roblox games, this means that you should never rely on client-side code or data for critical game logic or security measures.

The reason for this is that the client-side code can be easily modified by players using exploits. This can allow attackers to bypass game security measures or perform unauthorized actions, such as granting themselves in-game currency.
Also, NEVER EVER STORE SENSITIVE DATA ON A LOCAL SCRIPT!!!

Dex can see the scripts, but server-side scripts cannot be modified (or viewed, I think, correct me). Only use LocalScripts for beauty client stuff, even when I use these, I obsfucate them A LOT!

  1. Secure your RemoteFunctions and RemoteEvents
    You should secure this stuff, it is literally needed, there are tutorials, I don’t wanna write how to secure them. Just search on the forum or YT.

These are some of the ways of securing your code against Dex/RemoteSpy, remember no code is 100% secured!

1 Like

I want to point out the ‘Never Trust The Client’ part:

It depends on how you actually do it, AFAIK developers are not aware of the
methods to hide calls, nor do they make handshakes. I am tired of seeing that you should never implement something on the client, implementing some client
detections are better than nothing, but you should not only rely on them.

Regarding the Obfuscation Part:

During game development, it would be very difficult to keep a copy of the original script and the obfuscated one (You’d have double the scripts). Only obfuscate some that would be critical and especially when they are on the client (They could be decompiled).

Regarding the Remote Part:

There is a good YouTuber named Suphi Kaner that actually explains in good ways on How to Secure your Remotes

And finally, to answer the OP’s question, some people have indeed found detections to Dex V2 & V3
(even Secure Dark Dex V3) and RSpy, But I will not give them as some of them are unknown to the public and I don’t want them to go public (They do not rely on Memory or PreloadAsync).

Thanks guys, my JdubMyDev account got banned because of a UTG in my private game. Again, thank you for all the support and help.

if you knew anything about exploits you would know that obfuscating code only confuses the devs, as when exploits read scripts, it decomplies it from compiled which will remove all types of obfuscation. 2. http is completely safe to use as the server gets the information either way and there is no network attacks. it does however show safety concerns of what roblox themselves do with this info.