Can remote event or function detect which localscript fire them

Milkytillys · March 29, 2021, 12:12pm

How can we know which localscript call remote event or function
I want it possible to much because this will make your game hard to exploit.

XdJackyboiiXd21 · March 29, 2021, 12:35pm

Sadly there is no way to do this. If there was then everyone would use it, but even if you could, the exploiter could just insert a local script and rename it with the same name as the original script. You just have to secure the server, handle everything important like cash on the server. If you have any specific scripts I can help exploit proof them.

Milkytillys · March 29, 2021, 12:42pm

just want it return script object

remote.OnServerEvent:Connect(function(script,player)
    if script == player.Backpack.LocalScript then
        --code
    end
end)

by the way there is no way.

ib_ppa · March 29, 2021, 12:44pm

RemoteEvents/RemoteFunctions have an automatically assigned argument when using :FireServer() or :InvokeServer(), and that’s the player instance that triggered the RemoteEvent/RemoteFunction. Using that argument, you can loop through the scripts on a player’s client and see if any changes were made. There are places that many inexperienced developers are unaware of that exploiters may parent their scripts/UIs to. Most commonly, it’s CoreGui.

Keep in mind that this really won’t work for many advanced exploits, since they generally regenerate themselves automatically upon deletion. You can run a while loop or make some sort of custom event to detect script instancing in the client, but neither are foolproof or completely precise either. Many developers have messed this up and banned people from their games automatically due to false positives.

SOTR654 · March 29, 2021, 12:49pm

As @XdJackyboiiXd21 said, you can’t, but you could use a key for each local script, I don’t know what you would do it for or if the exploiter can read the attributes, but it’s an option, right?

local HttpService = game:GetService("HttpService")
Object:SetAttribute("Id", HttpService:GenerateGUID(false))

ib_ppa · March 29, 2021, 12:51pm

Speaking of ‘keys,’ there are ways you can use metatables to detect changes in the client pretty precisely. But, that seems too advanced here. @Milkytillys I’ll make a post on it later if you’re interested!

Mastermahmoudpip · March 29, 2021, 12:53pm

Maybe I misunderstanded it but you can use print(“”) and use dev console for it lol

Milkytillys · March 29, 2021, 12:54pm

thx, I don’t understand anything about metatables,
and idk why people use setmetatable({},varible)

Mastermahmoudpip · March 29, 2021, 12:55pm

I don’t understand datastore lol

Milkytillys · March 29, 2021, 12:56pm

even idk how to use updateanyc

Mastermahmoudpip · March 29, 2021, 12:57pm

I don’t understand anything about datastore so you are at least lucky with SetAsync() and GetAsync()

MrchipsMa · March 29, 2021, 1:11pm

sadly its difficult but not impossible what you can do is whenever you are firing the event send the local script path like script:GetfullName() which return the path of the local script (like game.workspace.sccript or game.replicatedStorage etc…) which you then use another remote event to fire the client and look up if there is the script on the client if there is then you can proceed with the code if there is not then you can cancel the script or kick the player

ib_ppa · March 29, 2021, 1:51pm

That wouldn’t work, unfortunately. For that data to reach the server, it’d have to be an argument of :FireServer(), and exploiters will obviously choose to keep that field empty. Though, your solution could work if checks were made on the server side to not run the function if the field is empty or doesn’t reference the specific script required to run it-- again, this can be worked around by removing the original script and replacing it with one that has its exact name. At that point, you would have to use plugins to check the sources of your own scripts or scripts which are instanced into the client.

starmaq · March 29, 2021, 2:11pm

I can see this working. In fact if you sent player.Backpack.LocalScript from the event, script == player.Backpack.LocalScript is true due to how replication works. Although I don’t see how this can be useful (besides limiting what script to listen to), but what you are trying to do is doable and you just did in that little piece of code you wrote.
(of course as TacticalGory pointed out, switch the arguments of the event)

Milkytillys · March 30, 2021, 2:26am

how about make server change localscript name then check script args is same name
then exploiters cant know name if set moudule script parent to nil while running
and if empty argument or no script argument just kick

THECOOLGENERATOR · March 30, 2021, 8:32am

Maybe you could add the name of the script in the arguments passed via the event/function? Like so:

-- // Remote Event, Server // --
RemoteEvent.OnServerEvent:Connect(function(Player, ScriptName)
Player.StarterPlayer.StarterPlayerScripts[ScriptName] -- Do stuff here
end)

MrchipsMa · March 30, 2021, 1:17pm

I think the problem is that exploiter can mess with these parameter like putting another script name that exist in it

RoloTheDevBunny · May 7, 2022, 5:17am

Yeah. I would recommend not using these methods to stop hackers. I find it is best to run almost everything on the server. You can have a script where when the player presses a key, it tells the server what key they pressed. It can cause lag having most things run on the server. You can also use remote functions for the server to send information back to the client on what to do. The server makes all of the necessary calculations and runs the game as such, then tells the client what to do. Even if hackers intercept these remote functions there really isn’t too much they can do.

Milkytillys · May 21, 2022, 6:30am

i’m interesting now, because i learned metatables and what exploiter can do with metatable