I guess It’s because of that 5 in the normal result, in some tests they were really close, but actor was still faster, ngl I expected task.spawn() to be the fastest during the tests
1 Like
One of my friends could actually deobfuscate it (it is obfuscated with Luraph)
1 Like
For anyone still reading this topic, there’s a chance that your local scripts might get found in “PlaceScriptMemory” using developer console, this only happens if your local script has a name, and I have the solution.
Create a Server script in ServerScriptService, then copy and paste the code below:
Normal Local Script (Aka without actors):
local ReplicatedFirst = game:GetService("ReplicatedFirst")
local LocalScript = ReplicatedFirst:WaitForChild("SCRIPTNAME")
LocalScript.Name = ""
If you local script is using an actor, then use the code below:
local ReplicatedFirst = game:GetService("ReplicatedFirst")
local Actor = ReplicatedFirst:WaitForChild("ACTORNAME")
local LocalScript = Actor:FindFirstChild("LOCALSCRIPTNAME")
LocalScript.Name = ""
Actor.Name = ""
This will fix the local script appearing in “PlaceScriptMemory”.
(Dunno, if this is exploitable, but there’s it is)
2 Likes
Wow! This is useless!
Yes, that will still run, but RemoteEvents firing won’t, which makes your handshakes incompatible with this 
1 Like
Unless player:Kick() actually works on the client, there’s no way to “punish” the exploiter if they are detected exploiting.
1 Like
A simple crash like this, is enough for any hooks for :Kick(), but again, for the 500th time: THIS IS NOT RELIABLE!!!
while true do
end
1 Like
Won’t this just crash the client?
1 Like
That’s the point, if you can’t kick the player then you can crash their game.
( From the client )
RemoteEvent firing does work? You are probably doing something wrong.
Try it yourself, I copy and pasted exactly like it is and the Remote isn’t firing.
There is a way to punish exploiters the intended way, aka using kick(), just use actors and basically the same code as before but make sure to add getfenv().script.Parent:Destroy(), if you use the regular method then just crash the player like the other people would normally do.
Using actors won’t suddenly make the metatable hooks disappear. If you can’t kick the player because they hooked “Kick”, they hooked “Destroy”, they hooked “ClearAllChildren”, and they hooked “.Parent”, then you can’t crash them either because they will find a way to prevent that.
We need to focus on how to stop hooking, before we do anything else.
Unfortunately, there is nothing you can do to stop hooking. Any hook detection you come up with will be bypassed, and usually quite easily.
I get that the point of this thread is to come up with ways to make effective client-sided anti cheats, but the sad reality is that isn’t going to happen within the scope of Roblox.
Someone already tried to hook, in my test game, and none of the hooks worked, with every single executor.
You can’t stop hooking, It’s pretty much undetectable, even when you connect every single object in the game and look for changes, there are some hacky way to detect them, but most of the time they are unknown.
It’s a temporary solution, as with every other method described throughout this thread. Actors will be bypassed and certain currently unreleased executors already do. If it’s only temporary, it’s not good enough, and when I say temporary, I mean it will be completely redundant, not that it will need to be updated.
Synapse already bypassed actors, with their run_on_actor, but fortunately, It requires an instance, and since the instance gets destroyed, and It doesn’t even have a name, assuming that you’re using the nameless method, so It doesn’t show up in script memory, I guess It’s literally the best method rn without doing these hacky ways that can kick innocent people, the best thing exploiters can do rn, If I had to guess is to get every single thread and somehow get the threads that are made by local script and stops them (Even then, handshake should still work, and It should still kick them), I think handshakes using this method only works with remote events, and not remote functions
What about obfuscation? Can we try that?
Obfuscation, isn’t needed on this method, since It runs faster than executors, the only reason why the test didn’t show up as 0, It’s because It’s doing the getfenv() process, and It only prints after It finishes it (It’s still stupidly fast), so we can confirm It loads before the game starts, ofc If you add services and stuff on the top, executors are going to be probably faster than the script, so you need to make sure to add the getfenv() on the top of the script just to be safe, I don’t know if the loading is different in big games, since most anti cheats test are done in a baseplate, Obfuscation is only needed with scripts that don’t hide themselves and stay in the game environment as normal, or to protect your code from being stolen, and since the executor’s decompiler aren’t even accurate at all exploiters need to fix the problems to have a fully running script, which will be pain If I had to guess.
You can go and obfuscate if you want to make sure that exploiters aren’t stealing the code, but again It isn’t needed, at least on baseplate games.
Fun fact: Remote Spies don’t work with actors 