funny that another person didint read the thread because it doesnt matter if the exploit injects or not the anti cheat is still going to have all of its anti cheat and security measures???
If an exploit doesnt inject, you cant detect said exploit, which makes your ac useless
it doesnt matter if i cant detect the exploit on the client i have access to a wide range of detections i can use for the malicious code they run
If the malicious code runs outside the roblox process you cannot detect that
you know i can detect its effects right?
Good luck detecting an aimbot, esp, autoparry or saveinstance when even a human moderator cant. Only thing you can detect is a macro bot
my Critical Components Protection System detects if any of the elements in the experience got deleted and if any of the elements with the is_protected tag gets deleted it will shutdown the server
a human moderator uses visual eye sight to detect those types of things. with access to the client detecting them will be made a-lot easier
Except human moderators cannot detect those things as you can mask unnatural aimbot movement easily. Access to the client wont show you anything either because you simply dont have access to the exploit running
Just stop commenting on my post you keep trying to say that the anti cheat is entirely useless just because of one specific exploit type
its not just aimbot, its anything that works without editing process memory including autoparry, esp, saveinstance and macro bots. Any other exploit can be prevented on the server side easily
a human moderator Does detect all of those since every single exploit is detectable
could you make a discord server for updates? Im really invested and are looking to use this
Not anymore. Exploits are good enough these days to mimic human movements so its basically impossible to tell if the player is really good or an exploiter
Demo place is now available please read information carefully i edited the post.
This is ⌠cool. What would happen should the client exceed 2000 ms of ping? Just curious
you get kicked, if your game freezes you also get kicked
That seems so cool!
I might have so many questions in my mind!
-
When the server receives the response back from the client, how does it know that it is exactly from the original anti-client script and not other injected scripts by exploiters?
â When I say âother injected scripts by exploitersâ, I mean you could create a new script, write a code that automatically listen for the remote event and receives the message from the server, and inject that newly created script into the game.
â Yes, I know you use encryption and password/code, but letâs imagine you have one geniue anti-cheat script and one injected script from the exploiter, and they both send the exact same instruction that the server gave in encrypted form. How does the server know who is sending what even when they both have the same code (Assuming the injected script automatically grabs the instructions sent from the server via Remote event).
- Can the exploiters just use the tools that the original client script used to decrypt/encrypt the message from the server? (aka what you can see is what you can edit / manipulate)?
Still great work by the way!
Great question! Iâm currently working on a system to detect and monitor client lag. This system will provide leniency if the game server identifies that a client frequently experiences lag. If lag is detected, the server will automatically allocate additional time for the client to respond to missed ping requests. However, if the client fails to reply even after this extended timeframe, it will be kicked as usual.
Additionally, if the client consistently lags, the server will dynamically adjust its response time frame. This adjustment optimizes communication and accommodates the laggy client to maintain smoother communication between the client and the server.
iâm also thinking about adjusting the response time frame based on the device being played on.
The reason the server can correctly identify the anti-cheat is that, while both scripts can receive the encrypted message, they cannot decrypt it. This is because decryption requires the encryption key to retrieve the secret âprompt.â The server decrypts the message and verifies if the prompts match.
If exploiters were able to access the encryption system, it wouldnât matter much. This is because the encryption system itself is just a tool for decryption and encryption. The critical element is the encryption key, which is required to decrypt the message. Without the key, the message remains secure.
To clarify further: modern encryption systems use algorithms to encrypt data such as tables, messages, and more. However, the algorithm alone is not sufficient; an encryption key is also required. The encryption key is necessary to decrypt the encrypted data. Even if a hacker gained access to the encryption algorithm, they would still need the encryption key. Furthermore, the encryption key is periodically changed and exchanged with the client, making it even harder to exploit.
where the script is saved on the client
The scriptâs Parent property is set to nil in its first line. While this technically makes its parent nil, the script still executes as expected. If there are any drawbacks to this approach, please let me know.
Iâve been attempting to find a way to interact with the script after its Parent is set to nil, but so far, I havenât succeeded. The script does not appear in the Explorer or the console. Additionally, attempting to get the children of nil results in an error, as does trying to retrieve the parent of a script whose parent is nil.