Title says it all, is it possible for exploiters to log _G. and OnClientEvent stuff without even having to look in to the LocalScript? I am making an AntiCheat. I have searched on Devforum and Scriptinghelpers for answers but haven’t quite found any or it isn’t what I was looking for or I’m just not sure.
The short answer is yes, they can. Exploiters can essentially overwrite the behaviour of any functions, properties (either setting or getting them), variables, etc in your code.
Some exploits have features for even accessing the callbacks of event connections, overwriting them, spoofing events being fired, etc.
Exploiters can also access anything in the global environment of your script like _G, and, can even access specific non global variables in your script.
They can overwrite the contents of functions, including Roblox functions without giving you a way to detect this.
Client sided anticheats are unfortunately just not a good way to stop exploiting. Some people do have some pretty good arguments for client sided anticheats in some cases, but, it’s impossible to make something secure against exploiting that’s on the client.
Exploits essentially have the power to see any value used in any script without needing to access that script, and, they can even access things your script can’t. Exploits have what is pretty much equivalent to being able to directly edit scripts in the game and even how the game itself behaves in some cases.
Thank you for your reply and time.