Can Exploiters Read IDs

bura1414 · December 26, 2024, 3:49pm

no theres thing called garbage collector they can also require modules and view upvalues and constants of the localscript like people say everything done on client can be exploited because client is basically your pc and you have full control over it

deIuxor · December 27, 2024, 3:52am

It’s just the way Roblox’s systems are set up that is so bad. I used a memory editor to change my star points in Clash Royale. 5 seconds later after I did and upgraded the star level of one of my cards the entire app crashed and it reverted my data back to the previous save without the changes I made to it. They also have a thing where if you change the health of the enemy towers it shows on your screen but on everyone else’s the changes don’t happen. So really it’s a Roblox issue. Other apps and platforms can play around with exploiters like ping pong balls.

deIuxor · December 27, 2024, 3:57am

They delete your local script and replace the code with their own. There is nothing you can do to prevent them from doing this. The only thing you can do is create 100+ local scripts that make it much more difficult for them to do it. Even then they can still bypass it but I’m sure it will take a lot more time for them to read 100’s of scripts.

sangolemango · December 27, 2024, 10:46am

The reason why it didn’t work in clash royale is because clash royale is server sided

Rinpix · December 27, 2024, 12:37pm

A good rule of thumb is to assume that nothing you do on the client is secure from exploiters.

GameMaster4268 · December 27, 2024, 2:11pm

They would still be kicked for deleting the local script because there is a remote function and when the remote function fails to invoke the client, it recieves a warning and when it doesn’t go through, it kicks them. I tried executing several code to bypass the remote function thing and I would always get kicked.

deIuxor · December 28, 2024, 6:54am

Completely bypassable. You don’t need to delete the local script to bypass your anti cheat. Kicking them for deleting it is only going to stop the lower class of exploiters that have a small amount of experience with scripting

NyrionDev · December 28, 2024, 11:51am

Depends on where you store the variable. If the variable is stored in a module script or in a client script and that script is replicated to the client(for example under folders like ReplicatedStorage, Player, StarterGui, etc) the exploiter will be able to read and tamper with it. However if the variable is stored either in a server script(normal Script) or in a module script/client script in a non-replicated folder(for example ServerScriptService, ServerStorage) the exploiter will be unable to read it.

The fact that this is an id doesn’t change anything, this is true for most variables(in this case this is a string variable).

If you want to take measures against exploiters on the client side I suggest implementing rate limits that prevent a player from triggering the actual security checks on the server side. That can act as a protection layer for normal players and also as a way to be more certain someone is exploiting before kicking/banning them.