Why didn’t you test this out on your own?
You could’ve run a server-sided script, delete it from the client and check the result. Please avoid doing this again.
Uhh I just didn’t want to download any exploits…
You don’t need to. Roblox Studio is an thing.
Also, you do realize that this is the section where you ask for help and ask stupid things right? “Please avoid doing this again” is basically saying please avoid asking a question an go figure it out yourself, which I obviously tried, I only created this post because I was confused.
4 Likes
In the about page of the #help-and-feedback:scripting-support category, it clearly states that it (The post) should rather mention if you tried something. It was very clear you could’ve done something to get the solution to this.
You don’t need to. When you run test you have the client and server at your disposal.
It cannot be used to replicate every exploit, but it can tackle a lot of simple client manipulation to determine how much control the client has over your game.
To clarify my answer to your initial question:
Think of the code running on a server script as code inside of a separate game.
The client has its own version of the game to work with. The local scripts are what are used to communicate with the server (the other “game”) and that “game” sends that information to every other client.
The client can delete the moving part or make scripts against the moving part, but the script that moves the part will be unhindered, meaning the brick will still move the same way on every other client because no information is being sent from the exploiter to the server.
The script object can be removed locally, but scripts that are not local, typically run on the server, meaning that exploits cannot manipulate the code in any way. They can only – on their own screen – manipulate the objects that the script may manipulate.
ie If you are trying to make a part spin, an exploiter can make it spin the other direction, delete it, or make an entirely new one but it will only happen on their screen (their “version of the game”).
8 Likes
If this makes you feel better: I haven’t tried any solutions yet as I didn’t know the options without an exploit.
2 Likes
Oh so SSSpencer413 was actually not right in the sense that he said the code would still be the same for the exploiter on their end if they deleted the script which yeah I thought was a little bit off too.
In studio, you will find a section called “Test”. This creates a server and a client (or multiple clients) which you can use to test if the client has too much power.
https://gyazo.com/6ea54c5d1a93e7a3104d7fe0fa3bafc8
This is how ^
Don’t mistake “Play” for that, it works differently.
You can delete objects in the client’s workspace or scripts or test whatever and it would have a similar result for exploiters.
1 Like
The code would still be the same. I’m just saying the exploiters can manipulate the object that the code targets on their own screen.
While the code would be the same, nothing stops the exploiter from simply deleting the part in their version of the “game” (the client).
If for example, an exploiter deletes a script that is meant to kick someone from the server for doing a or b, then if they do a or b they will still be kicked because the code in the server is unaffected by the client.
However, if a code specifically targets an object that can be manipulated by the server (ie a spinning brick) then the exploiter can simply delete the part.
Actually it would still happen the same way. The code would still be the same for the exploiter because the exploiter never gets the code. As @Lametta said, you can make scripts against the moving part or delete the moving part, but the code will still run the same to the exploiter as it would for any other player (do note, however, that deleting the part that moves would obviously cause the exploiter to not see the part while everyone else does see it - but you are talking about deleting the script not the part)
Basically - deleting a Server Script does nothing for the exploiter. Nothing will change. you can test this by testing in Roblox studio as the client and deleting a server script - there will be no difference in functionality
1 Like
Ok got it thanks, but what if he deletes the script that is spinning the part, my hypothesis is that the it stops spinning only for the exploiter, is that correct?
Ah, ok got it, so actually it wouldn’t change even for him.
what about the exploiter deleting a Script inside its character (notice, not a localscript)
Also, if it doesn’t change anything deleting it, why can he even see the script object in the first place?
If you put it in ServerScriptService he will not see it.
Workspace is what is replicated from the game-model to the client. Meaning if you have a script in Workspace then roblox perceives it as information that should be sent to the client.
Server scripts run on the server though, so regardless if it is in workspace or not they cannot manipulate the code but they can remove the un-necessary object from their client since it has no affect on “their version of the game”.
1 Like
From my testing (and I am not an expert in exploiting or Script replication) - I have found that scripts inside characters that are deleted do replicate from the client to the server. This means that technically an exploiter may be able to delete essential scripts inside their character. (Server Scripts in workspace still function if deleted locally). This is purely just from testing in studio - I have not used exploits/real server to test it so idk
It could be used for just instance functionality. There are many times when you need to parent an instance to a script, so they most likely replicate the object so that way a local script can access ServerScript.Child or something, but I’m not an expert. I do not believe that exploiters can even read the code of a server script in workspace, but I haven’t looked into that.
There are places that you can put scripts so that they don’t replicate to the client and so the client cannot even see them (such as ServerScriptService)
1 Like
dark dex user can do it.
its a server sided one but basic dex cannot.
note : dark dex is only for synapse "created by the annoying sir meme kid "
Yeah but I’ve learnt recently that it doesn’t change anything with any client-side exploit as the bytecode is never sent to the client, so if a localscript is deleted it’s just deleting like the representation of the script because everything in the workspace must replicate to the client to it’s just there although the code doesn’t replicate because of server script’s (Script) default behaviour of not sending the bytecode to the client.
1 Like
when i was an kid i used to exploit on roblox. back then 2016
there was basic but really harmful scripts btw. like drop hats “its still not patched lmao”
crash server , server pinger etc.
but yeah my old acc banned for that and i changed my acc due to this.
im no longer exploiting.
but i remember sum stuff abt it