BitAntiCheat - A server-sided, general purpose anti-cheat!

BitAntiCheat

What is it?

BitAntiCheat is a new anti-cheat I’ve developed. Its purpose is to help developers create secure games, with little to no exploiters. While the anti-cheat is still in early development, I have already created numerous features, such as an anti-speed hack, anti-state hack (prevents invalid state changes), and numerous other checks to help block some of the most common types of exploits.
Additionally, for added developer support, there is a small API currently available, which is being actively expanded upon.

What it’s not

BitAntiCheat is not a “one solution fix all” system. There will still be exploiters in your game, as BitAntiCheat cannot do everything, such as patch manmade vulnerabilities in code.

How to install BitAntiCheat

BitAntiCheat’s installation is quite simple. In order to install the anticheat, simple insert this model, and place it under ServerScriptService.

Configuring BitAntiCheat

BitAntiCheat’s configuration can be edited in the Configuration module under the main model. Right now, the configuration is very simple, and contains instructions inside the module on what everything does.

Videos of BitAntiCheat

A client attempting to use models created on the client, which do not exist on the server:
https://gyazo.com/6c54de47d24b9a704fed697fa93975e0

A client interacting with models existing on the server:
https://gyazo.com/90d40267076e69b53d28227ffe56c0dc

A client attempting to set their speed above the speed they have registered on the server:
https://gyazo.com/5526c7176ac6d3c6d137d05dd551d6e4

Source module: https://create.roblox.com/marketplace/asset/12725281377

If you have any questions, comments, or concerns, please do not hesitate to comment or PM me about it!!!

Latest Update:

  • Added plugin support! Plugins should return a function, which is called by the anti-cheat with a table containing all services running internally. Plugins are given direct access to the service table, so please be careful when using plugins.
  • Plugin startup is last, as to attempt to prevent issues from arising during startup.
  • Plugins all run under the main startup thread, so if one plugin yields it will yield the startup of any other plugins.
  • Introduction of the whitelist category in configuration. The players under this are immune to being flagged.

Update 0.1:

  • Optimized individual player system. Instead of utilizing ~3-4 threads per player, now each player has one thread that manages all events and checks bound to the player.

If you find any bugs with this change, please let me know!

17 Likes

Looks very good! Did some testing on it and it is absolutely great!

1 Like

hi i added anti cheat to this game but when use the teleporters, it thinks im hacking and im kicked

2 Likes

can you add a whitelist to it so like admins can’t get anti-cheated?\

1 Like

He means that if the game teleports you to somewhere, the anticheat will ban them.

bruh that’s not what i meant what i meant was a table that is you put a user id or name it will disable the anti cheat the the player ONLY

What? If a server script teleports the player, it will kick them. This has nothing to do with admin, it’s just how the game works.

Now that byfron is here, I dont think adding an extra layer of anti exploit that might also give false positive is needed.

byfron, to my knowledge, is a client-side anti-cheat that detects injections and moderates users accordingly. like all client-side anti-cheats, it can be bypassed, so having an in-game anti-cheat is still generally the way to go.

I don’t know if you’ve read recent news but, synapse & ScriptWare have discontinued their respective exploits, In addition to that the synapse x server has been deleted by the owner himself this morning, So far exploits are patched by 90%, those 10% left are MacOs users (ScriptWare) and as far as im aware its PRETTY unstable and has poor execution power and IOs (also ScriptWare) users which also has a poor execution power it literally has the powers of JJSploit if we look at it lol.

Byfron is more of a outside of the platform anti exploit that mostly detects injections such as blacklisted DLL’s, undetected/harmful DLL’s it cant really be bypassed as the main source code is inside the ROBLOX.exe, which would be a pain in the ass to bypass which is why they pretty much gave up

But in short let me answer to this : it can be bypassed, so having an in-game anti-cheat is still generally the way to go.

No, it cannot be bypassed (if it is then oh well, roblox lied to us?), Yes a small anti cheat can be needed if you wanna protect yourself from these silly mobile/macos exploiters who have the power of a jjsploit executor

2 Likes

i hadn’t heard about that at all, interesting. if all of that is true then i suppose you’d be right about an anti-cheat being generally unneeded but if implemented correctly it’s not like an anti-cheat could be any harm to have in a game

1 Like

injecting programs such as krnl,synapse,scriptware or any third-parties app to exploit is a HWID (Hardware) ban & permanent roblox ban too, i forgot to mention that and as i’ve mentioned above yes

Yes a small anti cheat can be needed if you wanna protect yourself from these silly mobile/macos exploiters who have the power of a jjsploit executor

2 Likes

Thanks for the heads up! Right now, this anti cheat is still in early development, so there will be a few bugs. However, I am actively working to patch the bugs, and I should have a patch / work around done soon. Additionally, if you wouldn’t mind, could you please send me a video of the bug happening?

The anti cheat does not punish anymore than a kick, as there can still be false-positives no matter how fine-tuned a system is. Considering I made this for public use, I decided that banning would not be a plausible option.

Sure. I’ll add this as a feature in the next loader update I release.

please don’t spread false information that exploits are all discontinued. exploits continue to be worked on and eventually will bypass byfron. (synapse x, for a fact, is not discontinued)

This means discontinued, at least for the time being. Byfron for now has put a halt to most executors, however is likely only a temporary fix.

I think exploiters already bypassed byfron on the official client, I mean, script-ware have made an announcement of them using infinite yield, on the 64 bits roblox client, which means they already bypassed it, It’s just not out yet because they want to have the best “experience”.

This message purpose isn’t to confirm that exploiters can already use exploits on the 64 bits roblox, I’m just saying that I saw an announcement of them using infinite yield.

1 Like

Never the less if executors are gone or not, they will always be something to come. If there really was a solution to exploiting, then other games even outside of Roblox would be using it. The fact is every game is vulnerable in some shape, but some play it more safely and remove the clients ability to do things unchecked.

However, like Byfron, self-made anti-exploits will fault in some shape or form too. They take longer to crack simply because they’re used by less. Simply put, games using custom anti cheats aren’t popular enough to warrant someone making a fully fledged bypass. If every game uses the same anti cheat however, that would change.

General PSA on anti cheats:

The best anti cheat will always be your own, source private. If an exploiter knows you’re using an open sourced anti exploit they wouldn’t even need to reverse engineer inputs and outputs, as it would be public information. To me at least, anti exploit resources aren’t to be used, but instead analyzed, broken apart, ripped to shreds. Find what makes it work, find what makes it break. Then, with that knowledge you have enough information to make your own anti cheat off of.

One thing I’ve realized with most exploits, the vulnerability being abused is usually made by the games developer or developers. Of course, it’s hard to make flawless code with no holes, but there’s a lot of caution that can be put into it. Usually minus vulnerabilities being attacked through the client, Roblox’s main issue is character ownership. Server authoritative systems do exist for character models, but of course, like everything, will at some point find a fault.

“false informations”. Please before replying make sure to inform yourself, as Alex said, They’ve discontinued it for the moment. I’ve DM’ed 3ds (synapse developer) to know more about it and he openly said that he did not care about continuing it as Byfron(Hyperion) seem to have ruined all of synapses way to inject itself

1 Like