Can exploiters view values sent by the server to the client?

Dec_ade · August 3, 2020, 11:27am

For example, if the server send this value 12345 to the client, can exploiters see the value 12345 ?

TheBristlefrost · August 3, 2020, 11:34am

Exploiters can see anything that’s on the client.

Dec_ade · August 3, 2020, 11:57am

So does that mean the can see the values sent by FireAllClients() and FireClient() ?

Evercyan · August 3, 2020, 11:58am

Yes, anything that is replicated from the server back to the client (whether it be data sent via remotes or instances that are not in ServerScriptService or ServerStorage) will be shown to the client.

ReturnedTrue · August 3, 2020, 11:58am

Yes, they can Connect to any event which is visible to the client.

Cerulean7 · August 3, 2020, 12:49pm

Exploits have special functions that allow them to do things that a normal client can’t. In this case, an exploiter can use hookfunction() to listen to when remotes are fired. An example of this is on the synapse documentation, at https://x.synapse.to/docs/development/function_hooks.html.

(here’s the example that they provide on that page)

local OldFireServer
OldFireServer = hookfunction(Instance.new('RemoteEvent').FireServer, newcclosure(function(Event, ...)
    if not checkcaller() then
        local Args = {...}

        print(Event)
        for i, v in pairs(Args) do
            print(v)
        end
    end

    return OldFireServer(Event, ...)
end))

Syclya · August 3, 2020, 3:46pm

Yes (…)