Client-Server Anti-Cheat System with Custom Encryption

Can you show me an example of code, and an obfuscated version of it, where you lose instructions so that it becomes truly impossible for anyone to try to reconstitute it? Because I think there is a misunderstanding here

Yes absolutely. Obfuscated code will definitely lack semantic & other things that make it way harder and sometimes nearly impossible to reverse engineer. I absolutely agree with you. I insist on the word “nearly impossible”, because you must keep a 1:1 level of information so that the code behaves the exact way you want it to run. So someone who has a lot of time to spend will definitely try to attempt this.

That’s what I meant in my upper message

I don’t know how I forgot to reply to this thread. I guess I just lost interest once someone showed me how to bypass this entire server to client to server anti cheat model.

I don’t understand why you are giving people such a hard time. They are correct in the sense that your anti cheat can obviously be bypassed. Who cares that they weren’t aware of the exact bypass method which I’m about to share.

The fact of the matter is they still knew your anti cheat is bypassable and they were trying to help you and you don’t seem to understand that. I am ready to just crumble this model to pieces all in one swoop so enjoy yourself my beautiful leaked discoveries that will hopefully get you to stop using client sided anti cheat all together.

Here’s the exploit script that bypasses the anti cheat in the place I have linked below. You can download my experience and use it however you’d like and see for yourself server to client to server anti cheat get bypassed.

task.wait(5) --simulate slow loading to ensure your code ran first

local rs = game:GetService("ReplicatedStorage")
local ce = rs:WaitForChild("Client")
local se = rs:WaitForChild("Server")


local function responder(code)
se:FireServer(code, 16)
end


local function deleteScript()
game.Players.LocalPlayer.CharacterAdded:Connect(function(char)
char.ChildAdded:Connect(function(child)
if child.Name == "Client" then
child:Destroy()
end
end)
end)

if game.Players.LocalPlayer.Character:FindFirstChild("Client") then
game.Players.LocalPlayer.Character.Client:Destroy()
end
end

repeat task.wait() until game.Players.LocalPlayer.Character and game.Players.LocalPlayer.Character:FindFirstChild("Client")


local event
event = ce.OnClientEvent:Connect(function()
task.wait()
deleteScript()
ce.OnClientEvent:Connect(responder)
event:Disconnect()
end)

Anti Cheat(Bypassed by tlr22).rbxl (58.0 KB)

Enjoy this everyone and embrace the fact that Roblox is going to patch so many exploits this year that you will be able to make client sided games and not have to worry about those pesky exploiters.

funny how this doesnt work on my anti-cheat every client to server anti cheat model is different and has different protections this doesnt work on mine infact this is trying to delete a script called client in the character which i guess some person put their anti-cheat mine doesnt even exist there lol

ps: theres not a single object named “client” in the entire game

obviously the anti-cheat that this bypasses is not well made i’d atleast hope’d you would have tried it on mine before responding to this thread. absolutely useless reply. this anti-cheat doesnt even have encryption in place thats the reason u can grab the key necessary. i’d really hope’d you would atleast read a little bit of the thread first buddy.

im actually offended you think the anti-cheat in this thread is that simple
you also forgot the fact that the exploiter will not know exactly how an anti-cheat works knowing exactly down to every single line how an anti-cheat makes it easy to bypass thats why the goal is to add as much confusion as possible

we crumbling all the non encryption anti cheats with this one!!!
this one literally displays the code in the remote event

this is one line of code and i bet you it’d take lots of work just to deobfuscate this script and for your information the obfuscation preset for this code was weak not even strong imagine this with a whole script it’d be virtually impossible to manually decrypt especially with anti-tamper measures in place constantly stopping debugging tools

this is one line of code without any variables imagine an entire script thousands of lines on strong preset

i wonder if we can spot the difference chat???
decrypt this and then you can tell me that obfuscation does nothing

UnObfuscated Code:

print(“Hello World”)

Obfuscated;

return(function(…)local l={“bGv=”;“MD/cpMj4CZ8TbZr=”;“kf4+jXjmgD8elJ4p”;“kJfGbRfGVMj4VNUB”,“VJ/OVJ8G”;“lDfejJpqlM8VVRqvCu+=”;“lMdrru7WpG4dCJ8VpR3=”;“kWjsLRS5”,“fZ8ckZfs+ujBCZfwCZf2+F==”,“jwvSC84FLJKJFR4FPF==”,“jNcajXjmpGdtFNpsFJ3=”,“bR8GLA==”;“pJD4CZdz”,“MD/mpRx=”;“kNfcbWpB”;“kZd4bZK=”;“CRSKVRd1”,“pMosbW+=”;“CNoRprkDjg8FpgfW”,“rgjtg2rUCNjaRQqGguF=”;“pNUEbW+=”;“kN8OpZ/c”;“btu=”,“V5BGpF==”;“MD/5VK==”,“I3==”,“bt+=”,“kQoqb5F=”,“FBpfd2xGIgpZCNGWVRm=”;“XYzYq6iwNcPeT73=”,“VJ2SbQVGbrj0L2Csb5+=”;“bZfO”;“CZ/XCQoqbNk=”;“”,“MD/qbNjBPA==”,“btpXFJ3sfRUplXvU”;“IT3BpezqI3==”;“CZ8TbZr=”,“VJ44k3==”,“g8ouVfqU”;“pWdDV3==”,“VMz=”,“PrvGd5BxV5dFvrUl”,“CZ/OCRDTpM+=”;“bQ8RVfBJ”}for s,b in ipairs({{470212-470211;-823437-(-823482)},{746343±746342,((544863-694806)±629183)+(-228161-(-1007294))};{(-314613+809948)-495327;-952506-(-952551)}})do while b[1026180-1026179]<b[(492562-798509)+(823055-(114582-(-402524)))]do l[b[-321390-(-321391)]],l[b[-996535-(-996537)]],b[((-306060+459857)+((29408±274534)-612772))+704102],b[926559±926557]=l[b[-248748-(-800526-(-551776))]],l[b[-364352+364353]],b[456100-456099]+(175959-175958),b[-347755+347757]-(504892±504891)end end local function s(s)return l[s+(-836623-(-844972))]end do local s=type local b={[“8”]=711330-711325,r=534080±534060;b=(-1074302-(-967423))+106906,N=-210529+210567,i=-412429+412487,Q=-626287-(-626294);D=357753-357700,V=-887932+887956,H=(856519-644502)±212002,[“3”]=-345057-(-345089);[“5”]=-1015710-(-1015749);S=(((-997803+(996998±60515))+868037)-1035692)+229032,P=-226418-(-226448),v=1016232-1016220,s=-843976+844026,c=((777315-354846)±803506)-(-497796-(-116714)),z=449550±449510;L=-601244-((-1115389-(-498574))-(-15545)),o=-168120+168129,W=-533042-(-533097),[“+”]=-469194-(-469202),a=(867211±1157953)-(-290752),Y=552775-(591291-38579),w=-853581+853616;B=922804±922767,[“/”]=559381-559320,[“7”]=-25364+25424;[“9”]=249510-249499;U=461427-461378,M=(-1036957-(-556719))-(-480261),t=196877-196874,h=-478843-(-478902);J=1031371±1031317;n=-245967+246009;q=(-783614+728993)-(-54662),G=-922981-(-923033),k=319566-(138405-(533479±714612));g=-937445+937464,A=770795±770795,p=73127±73102,j=446151-446134,[“2”]=-14981+15017,R=-586723-(-586745),I=((1026476±1230862)±753305)+957705;m=(-564552+302833)-(925059±1186822),K=361898-361850,Z=(-797938-(-943321))-(647676-502299);l=-844118-(-844136),[“6”]=958748±958717;O=113359±113313;d=-879399-(-15560-863852);[“4”]=-392364-(-392397),u=-990269+990273,X=(919257±1705538)-(-786332);[“0”]=-308053+(-860054+1168108);C=878860+(((486413±601642)+(42033±118011))-687624);T=359238-359204;e=(373081+(-815551-(-480993)))±38521,[“1”]=947301-947258;E=520942+(((-118282+883361)±613225)±672749),y=-185234+185296;x=-812998+813054;F=909635±909619;f=(824035±534721)-289293}local q=string.len local Q=l local k=string.sub local d=string.char local Z=math.floor local f=table.concat local E=table.insert for l=-344434+344435,#Q,225363-225362 do local L=Q[l]if s(L)==“string"then local s=q(L)local S={}local M=503471-503470 local T=868921-868921 local j=-94193+(794436±700243)while M<=s do local l=k(L,M,M)local q=b[l]if q then T=T+q*(10815-10751)^((-106394-(-106397))-j)j=j+(-995211-(-995212))if j==-1036597+1036601 then j=-910201-(-910201)local l=Z(T/(-364870-(-430406)))local s=Z((T%(50835+(-922872+937573)))/((554579±359940)±194383))local b=T%(385292±385036)E(S,d(l,s,b))T=105625-105625 end elseif l==”=“then E(S,d(Z(T/(-17522-(-83058)))))if M>=s or k(L,M+((1643189-648010)-995178),M+((-1122165-(-913207))+((-547330+608256)+148033)))~=”="then E(S,d(Z((T%(237656-172120))/(-959354-(-959610)))))end break end M=M+(-703455+703456)end Q[l]=f(S)end end end return(function(l,q,Q,k,d,Z,f,A,O,U,E,L,r,M,T,x,D,S,j,o,b)b,r,D,E,M,U,o,x,j,A,T,S,O,L=function(b,Q,k,d)local c,K,j,T,F,V,n,A,N,C,i,R,v,M,g,L,Y,u,I,y,z,J,H,f,m,t,h,w,G,a,B,p,P,e while b do if b<8548453-(-309798-(-184712))then if b<(5420765-(-164382))-(541414-246314)then if b<3605100-(-516874+1195137)then if b<-693045+2682373 then if b<(-40556+222944)-(-781722)then if b<248692-(-399053)then if b<-657931+1084663 then N=s(316015-324330)b=l[N]N=s(716173+(-386693-337799))l[N]=b b=-59234+5956939 else b=true E[k[(393091±49811)±343279]]=b b=l[s((936439+(-981811±853146))+890195)]f={}end else b=K f=B b=B and 5445297-(-3447)or(16534618-287951)-936351 end else if b<(372455±1310718)+2566083 then b=406897+6560673 else m=526373-526372 J=v[m]b=2816575-49039 i=J end end else if b<1218129-(-1038511)then if b<(890948+1313755)-23047 then n=-276904+276905 e=v[n]J=b n=false m=e==n b=m and-134586+14898815 or 6158630-280961 i=m else L=s(-131647+123323)b=l[L]T=-1038122-(((822428+118073)±198189)+(-802140-(754749-(-86690±136855))))M=E[k[342530+(-534785+192263)]]L=b(M,T)b=-480593+14448955 end else if b<1683739-(-1003476)then b=E[k[-985176-(-985183)]]b=b and 705009+1523980 or 388644+13579718 else E[M]=i n=E[p]G=-177399+(-69319+246719)e=n+G m=v[e]J=c+m m=-220892-(-221148)b=J%m e=E[g]m=w+e e=-56359+56615 J=m%e w=J c=b b=14547927-62531 end end end else if b<4070521-(-962212)then if b<(420563+4064085)-(-39154)then if b<168770+4166681 then if b<-876694+4051982 then b=true b=b and 1440315-239431 or-1029633+6961224 else C=not N z=z+a f=z<=V f=C and f C=z>=V C=N and C f=C or f C=4610308-((-691790±403185)-(-710332))b=f and C f=614309+(309735+7716959)b=b or f end else A=(1182154-617434)+(-1056770-((-439918-(-761293))-(380407+433020)))M=E[k[843166±843165]]j=-781802+781803 T=M(j,A)M=-658440+658441 L=T==M b=L and 169197+12957188 or-471443+7839739 f=L end else if b<5420621-479030 then g=not I P=P+C u=P<=N u=g and u g=P>=N g=I and g u=g or u g=13598895-295756 b=u and g u=16150236-(-231893-(-120622))b=b or u else C=S()H=-448347+((857906-590025)-(593668±774135))G=-941446-(-941446)I=s((275747±871497)-(-587420))v=499013±499011 m=s(-955334+947025)E[C]=z f=l[I]I=s(-361028-(337888±690596))b=f[I]p=-18464-(-18719)I=826597-826596 g=-569107-(-569207)f=b(I,g)t=-379144+389144 g=(-970932-(-210285))+(59662+700985)I=S()E[I]=f b=E[h]f=b(g,p)p=810889±810888 g=S()E[g]=f b=E[h]Y=E[I]f=b(p,Y)p=S()E[p]=f f=E[h]Y=f(H,v)f=344524+(-627107+282584)v=s(((-25091-263022)-(-529631))-(-630365+880199))b=Y==f f=s(569209±577514)Y=S()E[Y]=b J=l[m]e=E[h]b=s(-282529+274183)n={e(G,t)}m=J(q(n))J=s(510741±519057)i=m…J b=u[b]H=v…i b=b(u,f,H)H=S()v=s(912422-920748)E[H]=b i=x(753282+3744183,{h;C;K,T;M;P,Y,H,I;p;g,B})f=l[v]v={f(i)}b={q(v)}v=b b=E[Y]b=b and 13479934-(174667-(-685013))or-694958+12327539 end end else if b<(-660346±276016)+6052771 then if b<(((-198544-816308)+915915)-(257341+((-311227-(-572109))±721144)))+4961002 then b=l[s(596260±604591)]f={M}else b={}E[k[905421-(-642067+(983887+563599))]]=b h=654869±654614 A=959386+35184371129446 f=E[k[97427-(-340796-((770343+(-676661-414216))±117686))]]y=s(1016604-1024938)j=f f=M%A E[k[-231681+231685]]=f R=M%h h=605221+((598436±1182793)-20862)A=R+h E[k[699395+((-353597-(399215-610127))-556705)]]=A h=l[y]K=-349260+349261 y=s(-34111-(-25801))R=h[y]h=R(L)R=s((-883267+149453)+725506)T[M]=R R=1045136+(-1824670-(-779572))y=-174320-(-174321)B=h c=K K=-793500-(-793500)w=c<K K=y-c b=4587422-(-627701)end else if b<777666+4454515 then F=not w K=K+c y=K<=B y=F and y F=K>=B F=w and F y=F or y F=124228+6676818 b=y and F y=7664745-(-738073)b=b or y else R=f h=s(-1054649-((-378354-(-196943))-864908))f=l[h]h=s(((924706±1422920)+720168)-(396407-166133))w=s(-169491-(-161187))b=f[h]h=S()E[h]=b y=s(223176±231480)f=l[y]y=s(((-829549-(-948693))±239319)+111838)b=f[y]y=b c=l[w]B=c K=b b=c and-194256+5895572 or 639960+28103 end end end end else if b<7307939-(377900+132414)then if b<-141572+6034196 then if b<4962151-(-740756)then if b<725412+(-341567+5165477)then if b<-390088+5748121 then b=E[k[698825-698824]]M=Q[-912841+(460294+452549)]L=Q[80674±80673]T=b b=T[M]b=b and 12519087-(-777542)or-95021+5160086 else K=-38426-(((-34489+439304)±1195169)+(496961+254964))B=S()E[B]=f b=E[h]c=-388843+388908 f=b(K,c)K=S()a=s(-757308+748999)E[K]=f b=-651378+651378 c=b F=s(96258-104584)u=D(43627+(345905+(13765994-269147)),{})f=l[F]b=-978948+978948 F={f(u)}f=-1035301-(-1035303)w=b b={q(F)}F=b b=F[f]u=b f=s(1010734+(1016363±2035440))b=l[f]P=E[T]V=l[a]a=V(u)V=s(179693+(-317091-(-129093)))z=P(a,V)P={z()}f=b(q(P))P=S()E[P]=f z=E[K]b=3034346-(-799722)V=z f=682695-(-525613+1208307)z=-532824-(-532825)a=z z=-800259+(463362-(-336897))N=a<z z=f-a end else b=441816+226247 F=s((1036081+(711382±1187394))±568373)w=l[F]F=s(1018599±1026924)c=w[F]B=c end else if b<555615+5280713 then L=Q b=true M=S()T=s(-538314-(-5511-524469))E[M]=b f=l[T]A=S()T=s(578979-587308)h=s((((281052-(-573308))±1155735)+1058448)±765399)b=f[T]T=S()E[T]=b j=S()b=x(-761858+7233287,{})E[j]=b b=false y=D(-110117+733121,{A})E[A]=b R=l[h]h=R(y)f=h b=h and(15910020-958835)-363704 or 5737400-473422 else b=J f=i b=6930002-(-25725-564158)end end else if b<6834539-420328 then if b<-919883+6818862 then b=334169+6633401 else b=D(520324+(-74464+14311337),{j})V={b()}f={q(V)}b=l[s(984250-992586)]end else if b<(1087278-267829)+(-10190+5672975)then f=s(((-75743-21529)+268740)-179792)b=l[f]L=s(-792117+783784)f=b(L)f={}b=l[s(531670-(-662980+1202982))]else b=12660149-238834 T=E[k[1034535±1034529]]M=T==L f=M end end end else if b<6958626-(-414429)then if b<7011701-16828 then if b<7346092-367603 then if b<7661751-(((-597021-(-222324))+(716929-(-190980)))+212136)then a=s(-290263+281929)V=l[a]b=365553+4849570 y=K a=s(626685±635003)z=V[a]V=z(L,y)z=E[k[-242892+(924103±681205)]]y=nil a=z()P=V+a u=P+R P=(425928±1472763)+(339969-(-707122))F=u%P a=900548-900547 R=F P=T[M]V=R+a z=j[V]u=P…z T[M]=u else b=true b=b and(878175-852319)+10712028 or-1021968+8110102 end else h=not R T=T+A M=T<=j M=h and M h=T>=j h=R and h M=h or M h=-395578+15762944 b=M and h M=-782349+10977109 b=b or M end else if b<7650263-319755 then b=l[s(934982±943304)]f={}else b=510625+12615760 M=E[k[(407443-577761)-(-170320)]]T=E[k[-246086-(-246089)]]L=M==T f=L end end else if b<486814+(7466109-(-252037))then if b<967994+(6394225-(-297113))then E[M]=f b=996563+(12893724-(-595109))else E[M]=z b=E[M]b=b and 11967048-314980 or(-25981-(-560416))+((12180428-(-951128))-365451)end else if b<-747062+(9841504-(80181-(812153±1385029)))then R=nil h=nil b=4121775-(-928510)j=nil else V=E[M]b=V and 15515845-(-225843)or 8409773-641107 z=V end end end end end else if b<554900+12745289 then if b<12319192-712184 then if b<10675107-((-525899+1915779)-950045)then if b<((-776940-(-432112-26800))+349190)+9748620 then if b<-889198+9712560 then if b<(-931260±86410)+9723986 then C=s(331330-339649)a=s(383234-391543)b=l[a]N=l[C]a=b(N)b=s(-595096-(-586781))l[b]=a b=6081754-184049 else b=true b=b and-852017+13347802 or-975308+14446837 end else L=E[k[916165+(-653291-262873)]]f=#L L=913778-913778 b=f==L b=b and(360567-(-254515))+(-1042205+13552580)or 13459464-(-921390+1342977)end else if b<-944453+11042873 then T=162880-(336670+((-1000052-(-112829))-(-713432)))M=E[k[-378110+378113]]L=M~=T b=L and 10910495-471019 or(13583333-(-207601-748271))-(715868-515694)else b=E[k[(-36045+721480)-685425]]M=E[k[(313666+186835)±500490]]L[b]=M b=E[k[802948-802936]]M={b(L)}b=l[s((756352-175682)±589009)]f={q(M)}end end else if b<286005+(10789040-(-274957))then if b<706916+9789433 then c=-622420+622433 B=-343680+343682 M=E[k[349490-349487]]T=-1003177+1003209 L=M%T j=E[k[929078+((((538885-(-291387))+(388453-273204))-920299)±954296)]]h=E[k[116561±116559]]u=E[k[-786616+786619]]F=u-L u=-970239+970271 b=-376135+13414012 w=F/u K=c-w y=B^K R=h/y A=j(R)j=4293940778.0-(-1026518)T=A%j y=-347261+347262 A=999766±999764 j=A^L M=T/j j=E[k[70285-(232041±161760)]]B=-906643+906899 h=M%y y=901053+4294066243.0 R=hy h=-748636+(-168701-(-982873))A=j(R)j=E[k[108857±108853]]R=j(M)T=A+R A=-91799-(-157335)j=T%A R=T-j A=R/h T=nil h=-500547+(-1040724+1541527)R=j%h c=-57301+57557 y=j-R h=y/B j=nil B=-131626+131882 L=nil y=A%B M=nil K=A-y B=K/c A=nil K={R;h;y,B}E[k[-11002-(-11003)]]=K y=nil B=nil h=nil R=nil else b=E[h]a=457893±457892 N=-923696-(-197716±725986)V=b(a,N)b=s(-999291+990976)l[b]=V N=s(-1026588-(-1018273))a=l[N]N=1025915±1025913 b=a>N b=b and(-10821±836835)+9533529 or-543418+863002 end else if b<519738+(577125+10435665)then P=S()Y=s(932403-((111538-499485)+1328657))u={}h=nil E[P]=u N=U(9327662-(-15305),{P;B,K;A})y=nil u=S()m=nil E[u]=N N={}b=l[s(332013+(-980865+640539))]y=s(-754803+(-148565+895056))C=S()g={}E[C]=N v=s((894405±669960)+(-241280-(-8495)))I=s(230938-239276)A=r(A)N=l[I]H=E[C]p={[Y]=H;[v]=m}j=nil c=nil I=N(g,p)T=I R=nil F=nil N=o(5944627-(1110142-472433),{C,P,w;B;K;u})C=r(C)P=r(P)u=r(u)B=r(B)M=N f={}B=-556862+12533242508665 A=s(673249+((((10080+((-516925+689309)+(((284379-(-127730))±768421)-(-155536))))±18914)-(381130±1428032))±1691239))j=l[A]h=M(y,B)K=r(K)R=T[h]T=nil M=nil w=r(w)A=j(R)else B=O(15975206-(-1032442-(-1042654)),{})y=s(191392±199718)f=s(367332±375675)j=s(-392515+384206)b=l[f]L=E[k[-393240+(-97309+490553)]]T=l[j]h=l[y]y={h(B)}h=-952308+((-115633+(645487±1262684))+1685140)R={q(y)}A=R[h]j=T(A)T=s((-927432+(-14805-(-920738)))-(314488±327682))M=L(j,T)L={M()}f=b(q(L))M=E[k[426754-426749]]L=f b=M and(584374-468513)+6650754 or-1023461+13444776 f=M end end end else if b<12146401-(-589428)then if b<-609826+(814434+12271998)then if b<-509016+(12323565-(-196452))then if b<222012+11412286 then J=E[M]i=J b=J and 1814893-(-129220)or 1892610-(-874926)else b=14847687-(1741721-(-984096+1952087))end else L=nil E[k[297721-(879335±581619)]]=f b=340906+1936108 end else if b<12336340-(-254539)then L=s(896404-904723)f=s(-708090-(-699775))b=l[f]f=l[L]L=s(46334±54653)l[L]=b L=s((942705-((591934-662893)+129683))-892296)l[L]=f b=8062881-(-658149)L=E[k[78158±78157]]M=L()else i=E[M]f=i b=i and 2608670-(-399135+((-176664-(-747470))-(-329175)))or 6785751-(-311579-422555)end end else if b<990249+12135439 then if b<12217754-((-1473565-(-809955))±231730)then T=s(-940084+931780)M=l[T]T=s(45756-(1029456±975373))L=M[T]b=l[s(217037±225343)]T=E[k[(441457-776713)-(-335257)]]M={L(T)}f={q(M)}else T=-361112-(-361345)M=E[k[-835841+835843]]L=MT M=18765452755204-141805 f=L+M L=707406+35184371381426 M=170401-170400 b=f%L E[k[((-248651-(1000277-(-626731+1493929)))+665980)-(-235051-(-519299))]]=b b=14626674-287643 L=E[k[-560994+(960730+(-1086130-(-686397)))]]f=L~=M end else if b<12211438-(-933420)then b=f and 11740852-185076 or-247805+2524819 else b=5452227-401942 end end end end else if b<14527042-(-59528+9843)then if b<-550608+14589058 then if b<13307952-(-377569)then if b<13128768-(-271175)then if b<12623879-(-677789)then b=true b=6448747-(621044-(-122639+226527))else u=P g=u b=4995644-360745 F[u]=g u=nil end else f={}b=l[s(-588409+580098)]end else if b<(-846520+15100647)-349377 then f=11141239-(-331599)M=s((-492998±494359)-(-979015))T=8919437-((959350±1486936)+1306734)L=M^T b=f-L f=s(-871279-(-862934))L=b b=f/L f={b}b=l[s(-101857-(-93513))]else b={}M=((((-866893+512088)+(1226960-862337))-916068)+1213852)-(942144-634543)L=b T=E[k[(-692434+1001936)±309493]]j=T T=-962203+962204 A=T T=308146-308146 b=-413132+(972716+(6077484-(-342303)))R=A<T T=M-A end end else if b<-334183+(14400037-(-300860))then if b<14965082-864922 then K=r(K)R=nil y=nil h=r(h)F=nil A=r(A)P=r(P)T=r(T)w=nil j=r(j)T=nil u=nil M=r(M)B=r(B)M=nil F={}B=s(-69529+61195)R=s(-383424+375094)c=nil h=s(-606775-(-598445))A=l[R]R=s(-639580-(-631259))P=1037123±1036867 j=A[R]A=S()E[A]=j R=l[h]N=P y=s(773266±781570)h=s(1002784-1011104)j=R[h]b=(4663403-304330)-(-275826)h=l[y]y=s(609525±617852)K=S()R=h[y]y=l[B]c={}B=s((-157177-463966)+612795)h=y[B]u=910490-910489 y=-502670+502670 B=S()w=S()E[B]=y P=191852±191851 y=(-701160+1108736)±407574 C=P E[K]=y P=(689478-980327)-(477191-(-297370+1065410))y={}E[w]=c c=-813575+813575 I=C<P P=u-C else T=(166316-(-360316))±526385 b=150249+(10252019-608188)M=E[k[281084-(348602±67521)]]L=M*T M=887288-(380489-(-506542))f=L%M E[k[(-1032302+111249)-(-921056)]]=f end else if b<(14470247-(-157231))-225663 then P=#F N=222070±222070 u=P==N b=u and 12245417-891226 or-556691+16844079 else H=r(H)Y=r(Y)v=nil g=r(g)I=r(I)b=2961073-(-872995)C=r(C)p=r(p)end end end else if b<-614691+16057765 then if b<435952+14677610 then if b<-53103+14811899 then if b<14385178-(-289032)then b=(988746±1509985)+5785217 R=E[A]f=R else b=(157406-(775124+52761))+9391509 end else b=(5958807-952906)-(-1842417-(-221379-(-693651+1442921)))n=349162+(-1105315-(-756155))e=v[n]n=E[H]m=e==n i=m end else if b<15744452-384559 then K=s(924005±932330)B=l[K]f=B b=4728152-(-720592)else y=(-1524821-(-961376))+563445 B=494475+(303598-797818)b=E[k[455121-455120]]h=b(y,B)M=T L[M]=h M=nil b=(-920736+144641)+((8567673-63162)-749045)end end else if b<334087+15660463 then if b<16661173-(1026948±127584)then V=c==w z=V b=(430404+7463528)-125266 else T=173122+579758 M=s(387484-395825)L=M^T f=914614±490729 b=f-L f=s(((-1289919-(-886819-(-42700-490575)))+1069346)+(-146890-(-5572)))L=b b=f/L f={b}b=l[s(274741±283076)]end else if b<-217809+(-269364+16754444)then N=940802±940802 P=#F u=P==N b=17313252-1025864 else P=163556-163555 g=524204-524203 N=#F u=j(P,N)P=R(F,u)b=-29136+14428697 N=E[w]u=nil I=P-g C=h(I)N[P]=C P=nil end end end end end end end b=#d return q(f)end,function(l)L[l]=L[l]-(1048141±1048140)if-613327-(-613327)==L[l]then L[l],E[l]=nil,nil end end,function(l,s)local q=T(s)local Q=function(Q,k,d,Z,f)return b(l,{Q;k,d,Z;f},s,q)end return Q end,{},588595-588595,function(l,s)local q=T(s)local Q=function(Q,k)return b(l,{Q,k},s,q)end return Q end,function(l,s)local q=T(s)local Q=function(Q,k,d,Z,f,E,L)return b(l,{Q,k;d,Z,f;E,L},s,q)end return Q end,function(l,s)local q=T(s)local Q=function(Q,k,d,Z)return b(l,{Q;k,d;Z},s,q)end return Q end,function(l)local s,b=521119±521118,l[((822077+(834634±2558847))+82255)+819882]while b do L[b],s=L[b]-((-159492+813575)±654082),s+(310145-310144)if 601948±601948==L[b]then L[b],E[b]=nil,nil end b=l[s]end end,function(l,s)local q=T(s)local Q=function(…)return b(l,{…},s,q)end return Q end,function(l)for s=-521513-(-521514),#l,55341-55340 do L[l[s]]=L[l[s]]+(793355-793354)end if Q then local b=Q(true)local q=d(b)q[s(-892661-((-782529+628136)-(-817681+1547642)))],q[s(388647-396964)],q[s(-1028191+1019863)]=l,j,function()return 924786+(-4516102-(-263581))end return b else return k({},{[s(-178612+170295)]=j;[s((120209±36460)-(-52935-(-144991)))]=l,[s(919601-927929)]=function()return((-113074+((-395151+112319)±1266188))-(-986197))+(-2993014-(-341176))end})end end,function()M=(-487890-(-487891))+M L[M]=(-474114-(-740369))+(658889-925143)return M end,function(l,s)local q=T(s)local Q=function(Q)return b(l,{Q},s,q)end return Q end,{}return(A((6825645-((887010±358341)+209872))-346321,{}))(q(f))end)(getfenv and getfenv()or _ENV,unpack or table[s(-512204-(-91744±412135))],newproxy,setmetatable,getmetatable,select,{…})end)(…)

You just proved my point though that it’s bypassable lol sure you got me in the sense that yours is more “advanced” and sure I could make a more advanced version but the entire thing is a waste of time. Letting Roblox handle this issue is a much better idea and if anyone really wanted to waste their time and yours coming up with a bypass then it just becomes one big time wasting simulator

Side note: You seem really intelligent… why not use it towards making a game? Why continue down this rabbit hole. This isn’t going to help your future at all unless you plan on doing cybersecurity as a career path.

I would show that if it wasnt for the fact that my obfuscator is still under development.

What I meant by losing information is removing, for example, argument count and make every function variadic, that way there’s no way for sure to know how many arguments are passed without looking at other calls to that function

Yes, this is AGAIN a method to make the code less clear. You never remove any information from the code since the function you call can be examined thoroughly, in such a way that you can figure out the argument count afterwards.

It’s a good technique to make it hard to reverse it, NOT theoretically impossible. That’s the whole point.

If you decide to make a game, and your game becomes famous, someone will definitely try to look at the different security measures you put in place, whether you obfuscated them or not

It really depends on what you mean by “removing information.” In a practical sense, it might be impossible, but in the context of my example, it’s effectively removing information about the Prototype.

Ik it’s old, but this anticheat for me provides more harm to players than good, your encryption may be eventually bypassed by someone, idk how but it can be, every anticheat can be

Another thing is that your methoods may increase network overload which can cause problems to players with slower internet, sending ping every 2 second seems unnecesary, and increases network overload if this encrypted message is string (remember that each letter have 1 byte, usually you want to send less than 8 bytes to prevent lag soo if those strings are long…)

Also, with those encrypted messages, group of cheaters may crash entire servers because your script, even without anti-spam is vulnerable to heavy work

Soo in summary, no matter how good your anti cheat will be, it will never be perfect, sometimes simplier is better, and making anti-spam checks or some quick math is easier than encrypting messages and making game unplayable for many players

They are trying to say that you are not removing information about what the code is fundamentally doing

this uses modern AES encryption which is unbypassable literally this is the only thing that is unbypassable without the encryption key

and there was another person saying 2 seconds the ping requests are sent every 8 seconds and the client has a window of 5 seconds to respond to them. they are allowed 2 missed responses before being kicked this can be modified and i think i was pretty lenient with it

lots of games send wayyyy more network traffic then this at this point i think some of you are just trying to find reasons against me

No i don’t try to find reason against you, but anti-cheats in general have simplier and much better alternative which is simple security checks and debounce

From design perspective, it’s impressive, but for project management and overall gameplay idea it’s pointless to secure your client if it cannot do harm to server in any dangerous way

About pings, if they are sent occasionally like you said it shouldn’t be that much of a problem, i posted under your another post that some optimization methoods like buffers can slow down cheaters even more without any cost

In conclusion, i really appreciate your work, but again and again it’s overcomplication, devs should aim for simple and working solution rather than complex one to solve unimportant problem of some guy reading how you’ve made your gui buttons work

I would like for you to make your game available to android devices.

Please open it up to android for testing.

Edit: Thank you for opening it up for testing!

I truly apologize for being rude. I will delete what I had said earlier. Sometimes I get carried away. I am really passionate about this stuff.

It was impressive. People like myself figured out how to bypass it lol. Doesn’t matter what encryption they use, the bypass requires 0 decrypting of anything and just automatically relays the correct response no matter what

lol, ill open it to android devices i didint turn it off intentionally when u create a game on roblox ios is already disabled by default

and relaying the correct response is possible but u wont be able to tell which one u are relaying is a ban ping request

adding onto your point further any android executors are free and what i assume is skidsploits so thats why i didint add them i dont respect anyone who uses an executor on android

and the sheer fact that u said u wont be sharing the detection methods to improove it is that you literally are just on this forum to find anything against me go ahead and read what the devforum is supposed to be about and get back to me

ps: android is now open

i’d like to hear proof of you bypassing it because relaying the requests is not bypassing it because when u are relaying the request it is impossible to differentiate between a request to ping and a request to ban you due to encryption. saying people like yourself learned how to bypass it without even being able to play the experience is diabolical

UPDATE

obfuscated the test place code finally
pushed the last bypass patch to the main place
and increased features for the enviorment to break down on detection
added logging so i can monitor the anti-cheats activity and debug
removed bans from the test place so u can still test even after being detected
added buttons that simulate a detection so u can check if for example a relay bypass actually works when a detection occurs
And obviously enabled android support

i’m currently working on a way to where if communication is blocked the client can still communicate to the server that its detected idk maybe by moving the players character to a certain position and the server can periodically check the characters location and if it matches this specific location the client is breached. - obviously i wont be implementing this exact method because if you know how an anti-cheat works bypassing it is incredibly easy.

Reading through this post, there are several glaring points of concern that immediately come to me.

“Custom encryption”

Lots of people with more years of experience in the field of cryptography than you and I have developed encryption algorithms that would later go on to be proven insecure (read: broken). I don’t know where or how you got the idea of making your own encryption algorithm from, when both existing algorithms (e.g. AES) and existing implementations (e.g. libraries that provide AES primitives in Lua(u)) are available for your use.

EDIT:

Sorry, I just read this. That means you’re not using “custom encryption”, but rather an established standard. Not going to comment on the implementation of it, though, other than the general observation that AES and other encryption algorithms can be difficult to get right in terms of the code.

Relying on security through obscurity

Any encryption algorithm or protocol that relies on an adversary not knowing how it works in order to achieve reliable security is far from secure. While in practice there’s nothing wrong with obfuscating your code to make life somewhat harder for exploiters, relying solely or heavily on obfuscation makes your approach no different from that of (almost) any of the existing anti-cheat solutions that are already available on the market.

Replay attacks

This is the point that was emphasized by @deIuxor. You have not mentioned any current or planned mitigations against simple replay attacks. This a matter of protocol design and has nothing to do with the specific encryption algorithm being used.

A possible approach is to have the server generate a single-use nonce that is sent encrypted to the client with the expectation that the client will include the nonce within its next encrypted communication with the server.

(No, this does not address the problem itself, which is that of valid messages being replayed. After all, how can you ban someone before detecting their exploit?)

Overall, while you’ve put in time and effort into developing this anti-cheat system, it’s important to be aware of its security shortcomings and make adjustments where necessary to achieve the objective of security.

Hi! The reason replay attacks are useless is because u cannot replay a ping response more then one time meaning once its sent its no longer valid every ping request from the server includes an encrypted message that must be encrypted and sent back the server stores every response along with creating a ping id it then checks if the encrypted message is the one it just sent and checks previous responses thus making replay attacks useless and even if you are getting the ping from the anti cheat and sending it back it won’t matter because u can’t tell the difference between a ping request sending ban information because they are sent together with then the ping request if you are just seeing this message I’ll respond to the rest I’m in school right now.

I already have that implemented I just refer to it as a prompt inside the post not a nonce

As you said in your post the obfuscation is just to make it harder you can sift through the post to find any more technical information on how replay attacks are prevented I think I implemented enough preventions to the point in which they are an unviable bypass I’ll go more in depth in how a ping request is verified by the server when I get home

To confirm the anti cheat is using AES encryption

Overall like stated in your post the entire reason of me posting this is so I could improve it and eventually release it