Unfortunately I have to disagree with the use of getfenv and client-side anticheat. Hacky methods like these may seem to work in the short term, but any widely used anti-exploit measure used by games will simply be bypassed and I feel they’re a waste of time and potentially harm the user experience.
Instead, I recommend focusing on ensuring your network code is secure and that the server is performing necessary sanity checks. “Don’t trust the client” is a tried and true practice! I would leave low-level exploit detection like this to Roblox’s new anticheat, which is far more effective than anything in this thread.
what I am trying to say here tho is, Dont patch the cheat, just do something simple enough to make the cheat script error or something.
Change the anti cheat’s script name, location or variables, Sure the cheat dev will just have to update the cheat script to find the anti cheat’s name and location, but will he really be able to do it 24/7?
Keep doing small changes every day that take 0 time and every cheat dev will get frustrated at some point.
Yes, as those exploit devs are mostly hub devs, which means they have buyers, so they’ll make sure to bypass it. I recommend patching the exploit as a whole tho, because they can “repatch” it easily.
to me patching an exploit as a whole is a waste of time, because weather you waste time patching it or not they still bypass it. so why would you even do that. Just keep making updates to the placefile constantly with small changes, its not like they will be able to join the most recent server version always anyways.
No, client anticheat’s are not so bad after all.
But… this goes without saying using a client anticheat with a nasty codebase like getfenv() should not be used in production builds of you’re game.
Lets hope that roblox give us better tools to make client anti cheat better, when they release the “Improved anti cheat update and server sided anti cheat”.
I don’t figure Roblox will release a method like protectclientscript() or something as such, I believe there going to stick to “Byfron!” and add zero internal LUA classes to protect against cheaters.
Kinda sucks this is how corporate Roblox now operates.
Funny fact, if they removed the Microsoft-Store version of Roblox all cheaters would be dissipated and forced to crack the current website version of Roblox (the one with Byfron enabled)
Kinda sad that most luau stuff, inside the client is unprotected or doesn’t have enough protection, some things like dex shouldn’t have been possible if there was a way to hide the environment in game without any need of scripting, like an option to hide it from the environment.
Yeah, everything can be hooked, including the player.Character, I think the only things that can’t get hooked easily are the normal lua functions, for example: player = nil.
There’s also a tutorial of how byfron works, and most important details about it, I don’t think byfron will last that long specially when Celestial already bypassed it, unless byfron patches the exploits (somehow), and uses kernel instead of user mode, this might delay the exploits for another 3 - 5 months, If It’s well made.
I’m pretty sure the reason of why It’s taking so long for exploits to come back, It’s because they are using the Microsoft store version of roblox, so they pretty much don’t care about byfron anymore at all.
So that’s why I said the only hope is when roblox gives developers the anti cheats for client and server sided, and maybe if they add an API made for anti exploits, and you can use them to check the amount of objects inside the COREGUI or smth, without the possibility of it being hooked, but I doubt roblox will do something like this in the near future.
EDIT: They will bypass byfron soon, there goes byfron I guess.
