CG-Gun-Framework | #1 In Security | PrisonLife Version |

CG-Framework

Hello, today I’m releasing CG-Framework.

What is CG-Framework (CGF)?

CGF is an extremely well-made gun framework with security in mind. It has been in development since 2/1/2023 and was originally a private framework. However, I am now making it fully public and free for anyone to use, modify, or learn from. If CGF becomes more popular, I am committed to making it even better.

CGF Releases

Beta - 0.0.1 [PUBLIC] CGF - Roblox (latest)

CGF Snippets

Real-Time Spoofed Remotes/Scripts | Showcase

Packet-Limit | Showcase

Gun | Showcase

Q&A

Q: How good is the security?
A: The security in CGF is very good. All gun modules and gun settings modules are loaded from the server, preventing any spoofed or changed values. Additionally, we perform remote-name changes for every action/event. This prevents exploiters from attempting to fire certain remotes. We also verify every shoot action on the server. A lot of thought has gone into making CGF the best security-driven framework.

Q: Who owns CGF?
A: CGF is owned by BugleBoy#6467(719972719336226897) or NotBugle(1017808453), who is the solo maintainer of CGF.

Q: How easy is CGF to use?
A: CGF was not originally intended to go public, so some values (both client-side and server-side) may require coding knowledge to change. These values are a bit advanced, so if you’re setting up a simple shooter, there’s no need to worry about them. However, we aim to improve the usability of CGF.

Q: Who is CGF for?
A: CGF is for anyone. If you’re looking to have a fun time with friends, you can download CGF and set it up. If you’re looking for a more competitive edge, you can make a full game with CGF!

To-Do

We are focusing on the following core functionalities:

  • ADS (Aiming Down Sights)
  • ViewModels (Better VMs)
  • Security (More improvements to security and functionality)

Known Bugs

  • Enum.RaycastFilterType.Blacklist is now deprecated, A fix will be released soon.
  • Shotgun shoots super-duper fast, there’s some type of problem with using a RemoteFunction for shooting a shotgun, A fix will be released soon.

Security Overflow

Here, I will outline some of the security features provided in CGF:

  1. Client Security
  • Nothing important is done on the client side, preventing exploiters from tampering with it. Here’s a small example list of things we do server-side:
    • Reloads
    • Firing
    • Value Controls
    • Damage & Verification
    • Gun Settings (load & use) and much more!
  1. Server Security
  • Everything that normal gun systems do on the client is done on the server to prevent exploiters from performing actions like fast reload or firerate modification. Here’s a small list of things we do on the server:
    • Reloads (Verifying the state of the gun and its ammo)
    • Firing (Verifying the shots of the gun)
    • Gun Settings (Loading from a config located on the server to prevent exploiters from modifying it) and much more!

Assets

The example weapon models used in CGF are ripped from Prison Life by Aesthetical.

Note: The following models/sounds/animations could not be credited because the original owner is not known at this time or could not be found during the revision process of this readme.

Unknown Assets:

  • AK-Model
  • AK-Sound
  • AK-Animation
  • M9-Model
  • M9-Sound
  • M9-Animation
  • Remington-Model
  • Remington-Sound
  • Remington-Animation

Known Assets:

  • Client CGF by NotBugle
  • Server CGF by NotBugle
  • FastCast by Xan_TheDragon
  • PartCache by Xan_TheDragon

Used By

No one yet ;(…

Thanks for reading! If you encounter any problems, feel free to post them!

NOTE: This is a clear advisory note for any reviewers.
Many claims made in this post suggest that I have “stolen models.” This is not true, as it falls under fair use/educational use. These models are placeholders and should not be used in actual production games. This service could also be classified as a parody.

38 Likes

If projectiles are handled on the server how do you get away with the server to client latency/delay and make it look seamless?

12 Likes

You can download the source, Zektonn, for the CG-Framework. In this framework, projectiles are managed using parts, which is a common approach in modern gun engines. The server takes care of creating and moving these parts. Much of this functionality is already implemented in FastCastRedux. If you’re interested in developing your own gun engine, I recommend starting with FastCastRedux.

#CGF

10 Likes

can you add r15 support? i would appreciate that a lot!

7 Likes

Sadly the code is terribly structured and will tank performance quickly. Events, animations, and scripts are placed within each individual gun which is a terrible practice. I do not recommend using this for large scale games at all. Not to mention the readability either, piles of if-else statements that give me a seizure each time I look at them. Some other issues is that you use value bases instead of attributes, and the fact that you just make your functions global for no reason.

21 Likes

I plan on adding R15 later on,
I did R6 for simplistic viewmodels.

7 Likes

Have you tested CGF using any specific account? It appears that I couldn’t find any records of you adding it in the purchase logs.

Besides that,
Regarding the code structure, it is true that placing events, animations, and scripts within each individual gun may not be the most efficient approach for large-scale games. However, this structure could be suitable for smaller projects or prototypes, where modularity and scalability are not major concerns. It allows for a quick implementation and testing of different gun functionalities.

As for the readability issue, it is subjective to some extent. While it is true that having excessive if-else statements can make code harder to follow, it is not necessarily indicative of poor overall quality. Well-commented and properly indented code can mitigate the difficulty in understanding the logic. Additionally, the use of conditional statements may be necessary in certain situations where different actions need to be taken based on specific conditions.

Regarding the use of value bases instead of attributes, it depends on the specific requirements of the game. Value-based implementation can provide simplicity and efficiency in certain scenarios, especially when dealing with straightforward variables. Attributes, on the other hand, can be useful for more complex data structures and offer additional flexibility. The choice between the two approaches should be based on the specific needs of the project.

Lastly, the argument against making functions global “for no reason” may overlook potential design considerations. While it is generally advisable to encapsulate functions within appropriate scopes, there may be cases where global functions serve a purpose. For example, if certain functions need to be accessed by multiple modules or scripts, making them global can simplify their usage and promote code reusability.

In conclusion, while the points raised against the code structure, readability, use of value bases, and global functions have some merit, they do not consider the specific context and requirements of the project. Depending on the scope, scale, and goals of the game, the mentioned practices may be reasonable or can be adjusted and optimized for better performance and maintainability.

I would suggest contributing to the project before making claims!
Thanks for the criticism, I hope to fix some of it in the up-coming updates.

17 Likes

There’s no need to test it. If you know how code works then you know how it performs.

The point of a framework is to be used on a large scale, a framework isn’t needed on a temporary project. If you want this to appeal to everyone you must overhaul backend.

That’s why guard clauses exist :man_facepalming:.

More Instances = More Lag

That’s not how the global scope works. I honestly have a feeling this was written by ChatGPT.

Overall solid framework?

14 Likes

“There’s no need to test it. If you know how code works then you know how it performs.”
What’s this supposed to me? You can’t XRay the code? Before making such judgment’s you would need a perception on how to make theses judgements.

“The point of a framework is to be used on a large scale, a framework isn’t needed on a temporary project. If you want this to appeal to everyone you must overhaul backend.”
Ok, How do you suggest you would want me to approach this?

“That’s why guard clauses exist :man_facepalming:.”
As mentioned this has 0 performance impact.

“More Instances = More Lag”
You have massive contributions in the community I would hope you have more common sense then that,

“That’s not how the global scope works. I honestly have a feeling this was written by ChatGPT.”
I have horrible English, but… lets make sure!


Testing using GPTZero a well known and tested ChatGPT tester.

10 Likes

have you added r15 support yet?

4 Likes

Why are you distributing a public resource that has assets that were stolen from another user?

9 Likes

Yeah you’re right, he basically stole from @Aesthetical

12 Likes

Why would you steal from Prison Life then post it as a community resource?

7 Likes

Is it really necessary to constantly change remote names over time? You should only randomly generate a unique name once. How do your local scripts know which is the correct remote? If those scripts know, the exploits can know too.

7 Likes

I’m not usually one to use another person’s content, but this I will definitely pin this for later when I get the chance to try it out!

4 Likes

The remotes don’t obsfucate their names at the start, and you can store references of the fire and reload remote.

(script in SPS, waiting five seconds to let your scripts run assuming users need time to inject)


image

my code isnt the best but it still can show that the second the hacker knows which remote is which they can immediately cache it and all your spoofed remotes

the fact that you handle all of your logic on the server is a good thing, it means hackers can’t touch them. But it also means that latency is going to affect the logic


set roblox studio to simulate 250 ping

This would ruin the fluidity of your inputs if they are delayed, notice how every shot i take delays from the actual location of the mouse.

To be fair though it does stop aimbotters in their tracks if nobody can actually aim accurately :wink:

real talk though a really secure system like this stops hackers but it also takes away from the player experience

Big rant on real fps engine security (open at own risk)

All of this is purely text based, I don’t feel like writing an actual framework that demonstrates these concepts.

For most “advanced” engines that feature projectile based bullets, they don’t have any serversided bullet logic. clients are in complete control of creating bullets, they send the shoot bullet remote to the server, then the server sends the remote to all the clients for them to cast their own cosmetic bullet to visualize. Which lets the clients have fluid bullets.

For the client to have the most fluid experience possible we want them to be able to perform all of their logic by themselves.

However a common mistake made by these engines is no validity checks. For example, whenever a bullet gets shot, the server just says “okay i guess” disregarding all ammo and fires the bullet. and whenever the bullet hits the client sends a “damage remote” to the server with the target and the damage dealt, and the server’s just like “okay i guess” and deals damage.

So lets take this not ideal system and add some validity checks! How do we add validity checks if the client is performing all of their logic for themselves? Well we simply perform the same logic on the server of course!

Imagine the client is a student taking a test and the server is a teacher. The client inputs their own answers, but then the teacher goes through and checks the test’s answers marking any incorrect as it goes along

So lets take this concept and put it into an ammo validity check.
whenever the client wants to shoot a bullet they see if they have enough ammo, if they do they continue on with their logic, fire a bullet, and then notify the server with the bullet registration. Then the server performs the same checks the client did. If the checks check out then the server sends the “make bullet message” to all of the other clients

However an ammo validity check will do nothing if there’s just a damage remote to deal infinite damage to players.

So now lets figure out how to code a validity check for the bullet hits. We would need to make the server “remember” bullets somehow, we can do this with a bullet id system. whenever the client fires a bullet they specify a bullet id, then the server stores and remembers the bullet for up to 10-20 seconds depending on how long bullets would exist. Then on the server have a big table with the id’s as keys and a data packet as a value (including but not limited to: the player that fired the bullet, the gun that fired the bullet, any bullet specific information like maybe origin and direction if you need it.)

Now whenever the client wants to say the bullet hit something they can perform damage finding logic to make hitmarkers. but they only send the bullet id and certain things from the raycastresult to the server. The server then does the same logic and deals the correct amount of damage to the target, and then invalidates the key (or if you add wallbanging then does some more processing)

With these security updates you get fluid gun logic but then block ammo hacks and damage hacks. Unfortunately aimbot can still exist and you can finesse the logic to deal damage to anyone on the map

This is just scratching the surface of the server checks you can do, you can do other things like range checks (if you have a bullet range), and if you really want security you can perform advanced Line Of Sight checks.

(there goes like an hour and a half of my time lol)

12 Likes

Not sure about this entire post as whole. The gun models, audio and UI are all created/owned by @Aesthetical & I’m not sure how he’d feel if he saw his work being ripped and then posted onto the DevForum as a community resource - I know I wouldn’t be very happy.

5 Likes

Does this account for flawed values? I have seen these kinds of frameworks with distance and raycast checks get entirely bypassed by just passing in a certain value.

1 Like

Half of Aesthetical assests are stolen from other public domains.

5 Likes

He’ owns 0 scripts, and then his “assets” he “made” are ripped off public domain sites.
I.E the shotgun,m9 sound,

4 Likes