How are you going to hide the decryption key? The key has to be stored in memory even if programmatically generated. Even with heavy obfuscation you can find the key
i didnât know this was an exploiting forum jeez at least let us have an obfuscated place file
again you are here. if you have any better methods then come back to me else then go away. i understand there are ways to bypass this but theres no other method. everything can be bypassed by looking into the memory. the key itself is not obfuscated lol i just told you that the encryption key is periodically changed so they would have to find a new one every new request also this key is only stored in memory for the time it takes the anti-cheat to send the ping to the server.
I donât feel it is good enough to be publicly distributed.
guess iâm not gonna bypass it then
i mean you can still bypass it lol without it being able to be copied i didinât remove the print statements and you can use exploiting tools like an explorer to get more depth into how it works
no man you donât understand itâs not gonna be bypassed because this is devforum not v3rmillion most of us donât download ratsploits
1 Like
understandable ill look into commissioning a script dev or something to find vulnerabilities
1 Like
Upon further verification setting the scripts parent to nil is an effective method. After verification with remotespy an exploiter tool to spy retrieve and modify remote event requests the script source is âNilâ meaning if an exploiter ever attempts to find out where the requests are being responded to they will not know as its listed as nil.
Additionally when attempting to decompile the source script using remotespy it errors because the source cannot be found. meaning it will be extremely hard to decompile the client script even then the script is obfuscated so decompiling will be virtually useless.
it appears that iâve found no plausible way to interact with the local anti-cheat script after its been set to nil. which means it will be extremely hard if not impossible to interact with the script after its initialisation
1 Like
This method only works cuz the decompiler you are using sucks. This whole âparent to nilâ âparent to actorâ type methods dont work as in order for the code to run it has to be in process memory which means it can be easily found. Saying its âimpossibleâ just shows a clear lack of understanding of basic computer science
I chose my wording carefully for this very reason. Never did I say it was impossibleâI said it would be difficult, and using the tools that was used, nearly impossible. The decompiler that was used is premium; it is a paid, high-quality executor that the average exploiter probably uses. This executor, for example, is paid. I can seek to it that another range of executors is tested if youâd like.
I canât discuss specific executors on this forum, but you can hit me up offline, and Iâll use a wide range of debugging tools if youâd like. I never said it wasnât in memoryâit needs to be in memory to run. But in the Roblox environment, it is set to nil. nil is a way of storing trash memory that is not easily accessible. When you delete a file on your system, it is not truly gone; it is somewhere in your memory. Never have I claimed it wasnât in memory. I said it was hard to accessânear impossible with normal exploiting tools. Iâve also said many times that it doesnât even matter if the memory is accessed.
I suggest you donât respond to my thread again if you arenât willing to read what Iâve previously said. The reason you skip a lot of the things I say is because youâre looking for conflict, not trying to help me develop the anti-cheat or brainstorm ideas. If you want to look at the full picture, I suggest you adopt a neutral mindset before responding to ensure youâve taken in all the context.
PS: reading memory is not interacting
1 Like
You got the wrong idea about me. Iâm just preventing misinfo from being spread. Also its funny you say âpaid high quality executorâ as if every public executor for roblox isnt made by a skid
1 Like
preventing misinformation from being spread? thats a great excuse. its also a long reach to say that every executor is made by skids you have to congratulate the exploiting community for things like synapse and scriptware nowadays you just have to sift through the skids theres also UNC tests.
1 Like
It is incredibly trivial to access nil instances. All injectors I am aware of have built in functions that allow them to get a table of all nil parented instances.
UNC tests have nothing to do with skidding or quality.
Synapse and scriptware are both long gone.
You donât even need a decompiler to find out most information needed when it comes to bypassing. You can just look at the bytecode which basically every injector can grab.
The exploiters donât even need to find your keys in memory. You pass the key when you call your encryption/ decryption functions. It would be easy to hook the functions and just read what the key is whenever you call them.
The things you are saying are very misleading to the uninformed. Its great to want to contribute to efforts against exploiters but drawing conclusions on things you have no proper knowledge of is damaging.
3 Likes
another reply that didint read the thread im aware synapse and scriptware are long gone the reason i bring them up is because even if an achievment is long gone it was still achieved 
anyways UNC tests do display some sort of quality because it lists all the functions it supports and therefor telling you what scripts it can run
i never claimed setting a parent to nil is very effective its just something to add to make it more difficult
and the scripts are obfuscated so the bytes cannot be read
and for your last point this is countered from the above mentioned
i suggest you read more into the thread because you dont even know the process for decryption/encryption and the swapping of encryption keys.
1 Like
i never claimed setting a parent to nil is very effective its just something to add to make it more difficult
it appears that iâve found no plausible way to interact with the local anti-cheat script after its been set to nil. which means it will be extremely hard if not impossible to interact with the script after its initialisation
âextremely hard if not impossibleâ
I had a whole paragraph written out but this alone shows your level of knowledge on the matter. You have no clue what you are talking about and yet you still insist so much upon yourself. Your default key can be grabbed In the exact way I outlined earlier, and from there, itâs smooth sailing.
1 Like
there is no default key i dont know hOW ANY OF YOU can provide criticism of a system that you dont even know how it works and it shows people who support this system know how it works and everytime theres criticism against it very often the people who are providing criticism of it dont even know how it works
1 Like
You said there was a default key yourself. Regardless, there has to be something to initiate communication at some point, whether that be a hardcoded value or something given to the client when it joins. It can be grabbed as soon as you use it, or if the exploiter feels like going to further lengths, they can grab it before you ever use it.
1 Like
Obfuscation doesnât prevent anything. You can easily deobfuscate by throwing the bytecode in a vm
2 Likes
obfuscation isnt just bytecode it involves multiple methods like creating anti tamper and things obfuscation for roblox isnt just bytecode anymore
and also i never said there was a default key please point me to where i ever stated that you are just making up lies atp
1 Like