Client Anti Cheats: Aren't as bad as you think!

Its basically just hooking RunService.IsStudio

Example: (this example is easily detected)

hookfunction(RunService.IsStudio, newcclosure(function(...)
    return true
end))
2 Likes

Kinda sad that most luau stuff, inside the client is unprotected or doesn’t have enough protection, some things like dex shouldn’t have been possible if there was a way to hide the environment in game without any need of scripting, like an option to hide it from the environment.

Yeah, everything can be hooked, including the player.Character, I think the only things that can’t get hooked easily are the normal lua functions, for example: player = nil.

You are aware of how exploiting works right? You can only “hide” the environment for so long

__newindex metamethods hook do indeed exist

1 Like

There’s also a tutorial of how byfron works, and most important details about it, I don’t think byfron will last that long specially when Celestial already bypassed it, unless byfron patches the exploits (somehow), and uses kernel instead of user mode, this might delay the exploits for another 3 - 5 months, If It’s well made.

I’m pretty sure the reason of why It’s taking so long for exploits to come back, It’s because they are using the Microsoft store version of roblox, so they pretty much don’t care about byfron anymore at all.

So that’s why I said the only hope is when roblox gives developers the anti cheats for client and server sided, and maybe if they add an API made for anti exploits, and you can use them to check the amount of objects inside the COREGUI or smth, without the possibility of it being hooked, but I doubt roblox will do something like this in the near future. :skull:

EDIT: They will bypass byfron soon, there goes byfron I guess.

1 Like

I think using Debris:AddItem() would work, It’s basically the same as destroy but without calling destroy in the player, even though It can get disabled, I think using it with this “Hiding” script trick would work perfectly fine, as nobody would hook that function if they don’t know what’s causing it.

EDIT: just found out, that you can kick the player using Player.Parent = nil, this index or function can get hooked but if the exploiter hooks it, the engine will spam the exploiter console with errors, and warnings, and even if Player.Parent doesn’t kick them, the exploiter will most likely crash at that point anyway, or the game will become unplayable for the exploiter, so I think It’s the best way to kick an exploiter, using a local script, the only bad thing is that It doesn’t show a message when the exploiter gets kicked.

2 Likes

I don’t know your mindset but just because it got bypassed doesn’t mean it’s like deprecated or discontinued, the team will still work on it, after all roblox didn’t invest and buy the company for no reason.

8 Likes

Sorry for bump

Yes, i’ll try to make a devforum post about encryption and stuff

1 Like

Thanks! There aren’t many great recourses so would love to learn from a pro like you!

1 Like

For anyone who would like a more in depth tutorial on handshakes take a look at this tutorial by my great friend @HexadecimalLiker

3 Likes

Also using this method doesn’t mean that exploiters can’t disable the script before it runs and see the source code with a decompiler, so I guess, in case someone is making a client sided anti cheat, they need to obfuscate it, so exploiters can’t see the source and easily bypass the anti cheat.

Pretty sure there are a lot of obfuscators out there.

2 Likes

The problem is that regardless of purpose, you can’t obfuscate scripts because roblox won’t allow us :')

1 Like

You can obfuscate scripts, you just can’t publish them

Hey I actually learned something lol. But I’m a bit confused on something (I think you addressed it but Imma ask anyways :sob:) wouldn’t the remote still be fired with the cooldown? Sure we have an if statement to stop the function but the remote can still be spammed.

We already have a handshake that kicks the player if the script stops responding. Unless they get the exact key we had for that remite then good night script kiddie!

2 Likes

The exact error is “Player removed from DataModel.”

2 Likes

You can just make the hook not error.

1 Like
local Players = game:GetService("Players")
hookfunction(Players.LocalPlayer.Kick, newcclosure(function(...)
    return
end))
local Success, Error = pcall(Players.LocalPlayer.Kick, workspace)
if Success then print('Detected') end
2 Likes

With the new byfron anti cheat - This will be obsolete. This might age badly, But so far it did a very good job on the windows client, Its still not rolled out to other platforms at this time, which after that, will make all anti cheats obsolete, The script ware screenshot is probably using the UWP client which does not have byfron yet.

Again, this may age badly.

1 Like