Anticheat Methods

Resources Community Resources
,
#82

Okay

--// Put your stuff here

--// Detection
local getDictCount = function(dict)
	local i = 0
	
	for _ in next, dict do
		i += 1
	end
	
	return i
end

local methods = {
	"dumpheap", "getmemorycategory", "resetmemorycategory",
	"setmemorycategory", "profilebegin", "loadmodule",
	"profileend", "info", "dumprefs", "traceback"
}

local SanityCheckDebug = function()
	local dType = type(debug)
	if dType ~= typeof(debug) then
		warn("Failed N1")
		return false
	end
	
	if dType ~= "table" then
		warn("Failed N2")
		return false
	end
	
	if getDictCount(debug) ~= 10 then
		warn("Failed N3")
		return false
	end
	
	for _, method in next, methods do
		local methodFunc = debug[method]
		
		if not debug[method] then
			warn("Failed N4,", method)
			return false
		end
		
		if debug.info(methodFunc, "s") ~= "[C]" then
			warn("Failed N5,", method)
			return false
		end
	end
	
	return true
end

print("Sanity Succeeded:", SanityCheckDebug())

That proves yet again your lack of knowledge concerning the subject, if I put this on top of my script it will still run :slight_smile:

#83

Sure. I can modify the debug library and what it returns to suit what this local script needs and my bypass will still continue to work. What are you trying to prove here?

#84

Where am I in refusal?

When I said this, it also works the other way around. At then end of the day it is just a cat and mouse game, until new vulnerabilities get found, then get patched. At no point in time have I ever said this was false.

#85

Okay give me an example and I will show you everything that can be detected in it :slight_smile:

Also a smarter way of preventing that would be to literally just hook that Sanity function to make it return true since you have access to the source as you said earlier, a simple bytecode decompilation will surely reveal it, lol

#86

See? Not that hard to find bypasses.

Depends on the anti-cheat I’m working with. As you mentioned, I can do a simple bytecode decompilation to reveal the source code and modify the debug.info() function to return whatever the script needs. In your case: “[C]”

#87

This is not an example, this is just a description of what you are gonna do. Write an example so I can point out what can be detected or not.

#88

these are simple examples that liker gave you. there are many more ways to detect exploiters tampering with global tables. if you want to see an actually good anticheat then check my friend XoifailTheGod’s anticheat out (or you can take a look at my open source anticheat Valkyrie Anti Cheat). if you dont have an executor (i highly doubt you have one) you can just join the discord server and take a look at the “anti-cheat-info” and “anti-cheat-logs” channels

1 Like
#89

Not easy to give an example here. As I said, it really depends on the script I’m working with. One script might use the debug.info() function to return a specific value for their client-sided anti-cheat. Or maybe a method to prevent hooks, depends on the case here.

#90

Oh, I already saw it. Still doesn’t invalidate my points though.
(Took you long enough to reply btw)

#91

It really does not.

Let’s apply all of my methods in one imaginary anticheat script, which is hidden. Try to write a hook which spoofs debug.info to make it return “[C]” for one specific function.

#92

what…? the anticheat was never bypassed (same with valkyrie) and probably never will with these temu quality executors. Xoifail has working PoC for detecting every executor on injection except krampus and every executor’s hookmetamethod including krampus.

1 Like
#94

I didn’t really give an example of one definitive executor, I’m talking about the possibility of bypass, which is possible with the methods I’ve mentioned above.
Though you’re right, the current executors in this industry can’t even properly bypass Hyperion lol.

#95

there are various ways to detect these bypasses. after a point the exploiter will have to write their own bypasses to these detections instead of relying on hooks, setmetatable, getrenv and lets be real… most exploiters wont get far as they still struggle with bypassing adonis lol…

1 Like
#96

the best anticheat:

local plr = game.Players[game.Players.LocalPlayer.Name]

while task.wait() do
   task.spawn(function()
     while task.wait() do -- nested loop for double protection
        if plr.Speed > 100 or plr.IsExploiting or plr.HackInjected then 
           plr:Kick("hacker")
        end   
     end
   end)
end
5 Likes
#97

bro :skull::skull::skull::sob::sob: I’m dying

script.Disabled = true task.defer(script.Destroy, script)

do atleast this in the start of the script (op methods!!!)

1 Like
#98

Lol. Well, you’re right. After all, once again I’m not really against client-sided anti-cheats like these. They can work pretty well against skids who cannot do anything without browsing v3rmillion lol

#99

Hello rapid please stop leaking top tier sacred anticheat methods given to us by the savior builder man. Thx.

Anyway, Liker, u made very nice topic . I like it.

4 Likes
#100

what’s your favourite onion sir?

1 Like
#101

Perhaps the tor one, Very nice and Tasty. Deliciously nutritious !!! 140g of Confidential USA GOV Data!!!

1 Like
#102

For certain functions you can do game.Clone and game.clone and they won’t be equivalent.
As for the “returned function” argument, the null byte can help protect against __index hook attacks, where they try to check if the property argument of self is “Clone” (and don’t check if there are null bytes and act accordingly).

A much better way of hooking game.Clone is simply doing hookfunction(game.Clone or game.clone, deter)

I didn’t really read that much of the argument that ensued, so I’m not really sure if this was stated already, but there you have it. :slight_smile:

1 Like