Yeah, not really. It’s better to instead write code in a way that makes it hard to exploit. The pro-anticheat poster is largely making a case for ugly code (obfuscation, etc) and playing cat and mouse with specific cheats.
4 Likes
Literally this
That isn’t to say it might not worth keeping up against the latest cheats, though. But robust client side anticheat is more resources than most studios can afford.
Making ugly code will not be a problem if I have no need to change it anytime soon. That said there have been no cat and mouse incidents with me since people don’t know how to patch that stuff since it’s all unreadable nonsense 
Ugly code will be a problem for optimisation and future you! And anyone else who might need to read it. If you’re using some sort of compiler I guess it’s less awful.
Nope! I’m only obfuscating one method which in turn does not cause much of a performance hit. I am most definitely NOT obfuscating all of my game’s code.
if youre gonna make a client sided anticheat:
- obfuscate it
- make it use a handshake with some sort of key
- use an anti decompiler method
it obviously can still be read as bytecode and converted into hardly readable code with enough effort, and from there bypassed, but at that point its just not worth the effor
for best results, just dont trust the client and do your important checks on the server
I mean in terms of writing code that has good performance. Obfuscation (done properly) should increase performance if anything. The issue is you don’t always know the potential performance impact of what you write. Making your code hard to understand is an issue here.
Again - I am not saying that client sided detections are a permanent and efficient solution. It’s only a problem when people decide that client sided detections are “Not worth the time since it can be bypassed anyways.”
The problem in this situation is I am not trying to read my own anticheats. I know how it works and operates and i’m practically never touching it. The real goal is to stop exploiters from reading it.
Worth the time really depends on cost/benefit. We can both agree writing solid server code is the priority!
2 Likes
- It will be deobfusticated
- Exploiters will spoof the handshake return value
- That doesn’t exist on roblox
- not if you use an anti decompiler
- not if they cant decompile the code
- yes it does
1 Like
Listen bro the code you get is a computer generated re-compiling of the bytecode from your scripts. when it’s trying to read obfuscated code it’s guaranteed to return broken code.
That most definitely exists. It all depends on the exploit you’re using and how it recompiles the code
Was outlining that the original poster had mentioned other devs disliking client-sided antiexploits…
I was speaking about the general hatred towards client-sided antiexploits that is (now) evident in this thread… was not implying that anyone specific in this thread had mentioned them being useless
Also wanted to point out that I was not replying to you but rather the original post
1 Like
What was the point of you outlining that? There are ways to keep your code running using threads.
Of course this can also be tampered with if you mess with the garbage collector, but that’s too much effort.
What you are doing is something called Security through obscurity. Sure, the code will stop exploits but only for a limited time. It only takes one exploiter to find out what your script does and exploit it. And then all of the exploiters who don’t know what they’re doing will also know how to get through your obscurity.
The best way to make any kind of anti-cheat is to just make simple sanity checks on the server. For example, if a player wants to pick on an item, you should use the server to check if the item actually exists and if the player is in range of the item.
4 Likes
Of course server sided checks come before client sided checks. However, the problems that I’m solving on the client are strictly client sided effects like saveinstance and dex explorer.
In the end of the day, you will never be able to truly stop client-sided exploits. You simply don’t have the tools to do so. Kicks from the client can be bypassed, Dex-Explorer’s GUI takes on a random name so there is no good way to detect that either (at least not that I know of).
You should build your game in a way that even if they use Dex-Explorer or saveinstance exploiters still would not be able to completely exploit your game.
1 Like
You do this by like I’ve said above, using server-sided checks, not trusting the client with anything, ensuring nothing important can be accessed by the client, and more.