I moved the code away from random:NextNumber() and used my own psuedo-random generator earlier in the thread and updated the code. 
- Exploits arenât really around anymore due to being all patched and the ones that are âworkingâ I can assure you are detected entirely.
- Internal based cheats have the ability to call/modify the randNew function however they please so bear that in mind
- Any new cheats that are released will be detected or shutdown entirely within a month at the minimum
While Iâm sure they are detected and patched quickly, there are still a lot of exploiters appearing in my game. Admittedly, thereâs a fair amount less of them but I think saying they are ânot really around anymoreâ is a little too far for now.
Maybe thatâs just the players of my game though, but who knows.
OP did mention that this code should be obfuscated so this shouldnât be much of a problem.
1 Like
LOL, IB2 is known for having the easiest constant dumping method:
local old = table.concat
setreadonly(table, false)
table.concat = function(...)
local ret = old(...)
print(ret)
return ret
end
setreadonly(table, true)
Also, other obfuscators may be secure from deobfuscating but NOT from their functions being hooked and constant dumping. With a constant dump, it is easy to reconstruct the original script. Obfuscating is generally not worth it, as exploiters have other ways to get the âoriginalâ source code.
This again, can be bypassed fairly easily by an exploiter. If they have any experience, checking the gc (garbage collection) is an easy way to get this script.
local randNew
for i,v in getgc() do
if type(v) == "function" and islclosure(v) and debug.getinfo(v, "n").name == "randNew" then
randNew = v
break
end
end
print(randNew)
Even if the function name was changed, there are exploit functions like getfunctionhash() that can provide a hash of the functions, leading them to find your function based on its bytecode.
Unfortunately there is really nothing you can do that can stop looping through gc with certain parameters, and another way they can find this function is by inspecting the function that fires the remote event. Following down the chain will lead to your randNew function as itâs an upvalue.
Many high-end obfuscaters encrypt constants and adds checks against tampering on run-time.
Even obfucated, obfuscators can only protect their own physical code, not the gc or memory. So, my getgc implementation would still work and I would not even need to touch the obfuscated code. Plus, there is currently a constant dumper available working for Moonsec V3. Please donât let their buzzwords think your code is truly 100% safe.
local randNew = filtergc("function", {Name = "randNew", StartLine = 10}, true)
pwned (filtergc doesnât even exist on the consumer exploit market yet so it doesnât matter)
moonsec v3 isnt good, max security, constant protection, anti tamper wont do anything for you, sorry. its easily deobfable too
just realized it was days not minutes mb
you can still hook the randNew function