No. I had scripted for the SCPF genre for a while.
Found out there are still clients out there, I’ll address the first client as X. (its not its actual name as I do not want some random person to try downloading random things on the internet)
X paired with another client, that I forgot the name of, is able to be injected into roblox.
How it works is it can target events and functions, i.e. We had an issue with the gun system.
Someone could just find the event it calls (and it also returns the script it sends from the client to the server for instance: eventName:FireServer(target,damage,etc)) - then loop through each player and change the damage output, they fired the event back using these new inputs; they could kill everyone.
This was reported to us in late 2023 (post synapse joining roblox).
My friend whom works in various scripting environments also discovered exploiters popping up.
Though you will not see it often, exploiters are still around. It’s just people who know how to script and know how roblox work now, its less of people being able to buy clients and mess about.
Cheat Buddy Uses CPU Sandboxing, which basicly just prevents byfron from taking action on any third party softwares. Byfron / and or Roblox currently can’t do anything to currently patch from the knowledge I have
Exploits are not gone at all, there is a working exploit currently that is so far undetected by hyperion (though time will tell), you should mantain normal security practices such as sanity checks on your remotes etc.
If this is the case then @azashere , exploits are still very possible to happen. A smart hacker can use a mobile device and inject code using a foreign background app into the mobile infrastructure…
Then it’s just a race between hackers and byfron on the mobile battlefield.
You can detect who fired the event on the server, as well as verifying parameters sent.
A basic, definite example is typechecking:
local functio onServerEvent(player, expectedString)
if typeof(expectedString) ~= "string" then return nil end
end
RemoteEvent.OnServerEvent:Connect(onServerEvent)
Currently, I have no information on the Mobile battlefield… I don’t know what is and what isnt possible. I don’t know if there are any restrictions on what mobile players can do.
The player only sees a screen of colors. When they want to do something, they ask “server do this for me” and then the server does it and display any new changes on the player’s screen. So, nothing is given to the player. The player and only use remotes to ask the server, not tell the server.
You should verify the arguments passed to the remote, say you’re making a clicker game and you want to fire a remote to the server to say that’ve clicked, you wouldn’t do
ClickRemote:FireServer(1)
to say they’ve clicked once as this can be exploited via firing the remote with something like
ClickRemote:FireServer(999999)
what you want to do is just fire the remote with no arguments.
Just ensure that all arguments the server recieved are reasonable and within expected results from the client.
Theres an exploit script called remote spy, it can see which remotes were fired and what parameters are there. Can’t an exploiter just change some parameters and use them for an unfair advantage?
you can have a cooldown serverside for each player, you could also monitor the rate of which the remote is being fired by a specific player to know if it’s abnormal
