Can exploiters change the module script? (Last post for me in 2021)

Daeny1000 · December 31, 2021, 6:57pm

I know that exploiters have access to local scripts and edit them. But can they also edit code in module scripts?

If they don’t have editing access, does that mean I can view their values locally in module script?

local module = {}

module.__index=module

function module.Init(plr)
	local self = setmetatable({},module)
	self.Player = plr
	return self
end

function module:Run()
	print(self.Player)
	self.Player.Character.DescendantAdded:Connect(function(descendant)
		print(descendant)
	end)
end

return module

Note: Local script code for requiring this module: require(game:GetService("ReplicatedStorage").Anti).Init(game.Players.LocalPlayer):Run()

ClientCooldown · December 31, 2021, 7:34pm

As far as I know they can get and disconnect any connections easily, so this would likely do nothing but waste your time

regexman · December 31, 2021, 8:14pm

Maybe no, the same as you can’t view code of a modulescript in a script.

ScandalousSolution · December 31, 2021, 8:42pm

They can edit connections, spoof stuff, and get upvalues and constants but they cant fully edit the code.
They thing close to editing it is to removing the real script and instead running the fake and edited local script code inside their exploit. This can’t work with modules.

VortexColor · January 1, 2022, 4:05pm

They can edit anything on the client, but it doesn’t replicate to the server.

The only stuff that replicates from client → server is:

Some properties on the local Humanoid
Sound playback, when SoundService.RespectFilteringEnabled is set to false
ClickDetector input events
AnimationTrack playback
Physics simulated on BaseParts which the client has network ownership of
Firing of RemoteEvents/RemoteFunctions
Equipping/Unequipping of Tools, can equip multiple Tools
Can fire Tools .Activated and .Deactivated events
Can fire mouse events of a GuiButtons that exists on the server
Can stop the automatic respawning of the local players character
Can destroy descendants of the player’s character model , including individual server scripts, textures, and joints

So this does not fall under the behavior, however if you are relying on any client-sided measures to stop exploiting, they are always very easily defeatable. You should never rely on security through obscurity and should always practice security by design measures instead.

Client-sided anti cheats are always useless and should be always avoided, you should instead use server-sided methods instead. Try to think of stopping exploiters as more of a firewall rather than a “ban the exploiters” thing.
The only acceptable usage of client-sided anticheats is where the behavior cannot be prevented with security by design measures are Aimbot, MapStealing, Autofarms etc.