Concept: Client Anti-cheat possible?

OminousVibes0 · May 15, 2021, 4:50pm

Yes, deleted parts can be done through connections and Noclipping.

We aren’t exactly sending “Functions” per se. We are sending scripts that will be parsed.

They need to account for every check. I’ve actually made an exploit bypass before with an executor. You have to make a bypass for every possible string.

NotAstrain · May 15, 2021, 4:51pm

I’m not very knowledgable with metatables. In this situation, is there a way for the client to check if game has a metatable set to it, or to overwrite the current set metatable?

OminousVibes0 · May 15, 2021, 4:53pm

Not possible. The security level for localscripts are too low. Most exploits are security level 6, and 7-8 in rare cases (Synapse X or Script-Ware)

It would indeed be useful if developers were able to have higher security permissions. Still, it would be a security issue if we can access metatables (Force purchase gamepass, etc)

Unknownstaffmembe · May 15, 2021, 4:53pm

Yeah, it’s extremely easy for exploiters depending on the “level” of their exploit, one of the most popular exploit also known as Synapse has many functions and some of them allow you to overwrite metatables by unlocking them and locking them.

OminousVibes0 · May 15, 2021, 4:55pm

I think you read his question wrong, pretty sure he’s asking for how to detect it as a developer.

and in Synapse X, the code would look like this:

-- // Metatable \\ --
local RawMetatable = getrawmetatable(game)
local OldNameCall = RawMetatable.__namecall
setreadonly(RawMetatable, false)

RawMetatable.__namecall = newcclosure(function(Object, ...)
    local NamecallMethod = getnamecallmethod()
    local Arguments = {...}
--Stuff here

    return OldNameCall(Object, unpack(Arguments))
end)

setreadonly(RawMetatable, true)

kingerman88 · May 15, 2021, 4:55pm

Whenever I go about making an anti cheat here’s the first thing in mind

Step one:
Understand that exploiters are going to bypass any anticheat

Step two:
With step one out of the way, what can I do to create an anti-cheat that can expose the basic exploiters.

Personally I like to do a “fake remote value”

local adminRemote = ReplicatedStorage.AdminRemote

local admin = false
local command = "kick"

adminRemote:FireServer(admin, command)

on the server

adminRemote.OnServerEvent:Connect(function(player, hacker, command)
    if hacker then
        -- ban them
    elseif player:GetRankInGroup(123456) > 10 then
     -- do command
    end
end)

Personally this is what you should be striving to do, and you can catch some people in the process

NotAstrain · May 15, 2021, 4:56pm

Alright, so our new problem is fake workspace detection.

Is it performant to attach .DescendantAdded and .DescendentRemoving to the DataModel, and .Changed events to every single instance in the workspace to keep this table maintained and up to date?

If it isn’t, that leaves a possibility to change some random model’s name somewhere, ask the client if they saw it, and if they didn’t, bingo. Fake workspace.

OminousVibes0 · May 15, 2021, 4:56pm

That is a possibility, although that is applied for a different case than mine.

Unknownstaffmembe · May 15, 2021, 4:57pm

oops, I misread the question;
I’m assuming vLua returns a function or executes code directly by parsing it then using a wrapper, if so, it can still be bypassed.

OminousVibes0 · May 15, 2021, 4:59pm

It definitely can. No anti-exploit is perfect, there are just varying difficulties to bypassing. This one is one of the more difficult ones.

Unknownstaffmembe · May 15, 2021, 4:59pm

Yeah, it would be necessary to attach some events but, you could also index a value on demand and, you can just track values which you’ve changed.

OminousVibes0 · May 15, 2021, 5:00pm

Indeed, that would be difficult. Still, we don’t need to detect everything, we just need to detect the main issues we have with exploiting.

Unknownstaffmembe · May 15, 2021, 5:02pm

I agree that this would be really difficult to bypass since you could also have custom bytecode to prevent them from using their own parser but, once an exploiter finds their way around, they could release the exploit and, it’ll be a waste of time to constantly patch it since there will almost certainly be a way around, we can hope that parallel lua may make server side detection more feasible.

OminousVibes0 · May 15, 2021, 5:03pm

I believe this is a great time to conclude this conversation. Thank you all for your suggestions and concerns.

ToldFable · May 15, 2021, 6:55pm

Doesn’t vLua have its own interpreter? If so, I don’t understand how this would help. What stops the hacker from just using vLua themselves?

OminousVibes0 · May 15, 2021, 6:59pm

Using vLua’s themselves would just increase the lag, and still get them banned.

GiantDefender427 · May 16, 2021, 4:11am

Exploiters can easily delete the client side anti cheat script and this topic wasn’t as useful

rohrkatze · May 16, 2021, 12:54pm

changing the execution level is literally a line of code

OminousVibes0 · May 16, 2021, 2:22pm

If the exploiter deletes the client side cheat, they will be banned because the server is not receiving a response.

OminousVibes0 · May 16, 2021, 2:22pm

Sorry, I do not understand what you mean. Even if the exploiter executes something on level 8, it still modifies the client, and that is detectable.