Concept: Client Anti-cheat possible?

Yes, deleted parts can be done through connections and Noclipping.

We aren’t exactly sending “Functions” per se. We are sending scripts that will be parsed.

They need to account for every check. I’ve actually made an exploit bypass before with an executor. You have to make a bypass for every possible string.

I’m not very knowledgable with metatables. In this situation, is there a way for the client to check if game has a metatable set to it, or to overwrite the current set metatable?

1 Like

Not possible. The security level for localscripts are too low. Most exploits are security level 6, and 7-8 in rare cases (Synapse X or Script-Ware)

It would indeed be useful if developers were able to have higher security permissions. Still, it would be a security issue if we can access metatables (Force purchase gamepass, etc)

Yeah, it’s extremely easy for exploiters depending on the “level” of their exploit, one of the most popular exploit also known as Synapse has many functions and some of them allow you to overwrite metatables by unlocking them and locking them.

I think you read his question wrong, pretty sure he’s asking for how to detect it as a developer.

and in Synapse X, the code would look like this:

-- // Metatable \\ --
local RawMetatable = getrawmetatable(game)
local OldNameCall = RawMetatable.__namecall
setreadonly(RawMetatable, false)

RawMetatable.__namecall = newcclosure(function(Object, ...)
    local NamecallMethod = getnamecallmethod()
    local Arguments = {...}
--Stuff here

    return OldNameCall(Object, unpack(Arguments))
end)

setreadonly(RawMetatable, true)
1 Like

Whenever I go about making an anti cheat here’s the first thing in mind

Step one:
Understand that exploiters are going to bypass any anticheat

Step two:
With step one out of the way, what can I do to create an anti-cheat that can expose the basic exploiters.


Personally I like to do a “fake remote value”

local adminRemote = ReplicatedStorage.AdminRemote

local admin = false
local command = "kick"

adminRemote:FireServer(admin, command)

on the server

adminRemote.OnServerEvent:Connect(function(player, hacker, command)
    if hacker then
        -- ban them
    elseif player:GetRankInGroup(123456) > 10 then
     -- do command
    end
end)

Personally this is what you should be striving to do, and you can catch some people in the process :stuck_out_tongue:

5 Likes

Alright, so our new problem is fake workspace detection.

Is it performant to attach .DescendantAdded and .DescendentRemoving to the DataModel, and .Changed events to every single instance in the workspace to keep this table maintained and up to date?

If it isn’t, that leaves a possibility to change some random model’s name somewhere, ask the client if they saw it, and if they didn’t, bingo. Fake workspace.

That is a possibility, although that is applied for a different case than mine.

1 Like

oops, I misread the question;
I’m assuming vLua returns a function or executes code directly by parsing it then using a wrapper, if so, it can still be bypassed.

1 Like

It definitely can. No anti-exploit is perfect, there are just varying difficulties to bypassing. This one is one of the more difficult ones.

Yeah, it would be necessary to attach some events but, you could also index a value on demand and, you can just track values which you’ve changed.

Indeed, that would be difficult. Still, we don’t need to detect everything, we just need to detect the main issues we have with exploiting.

I agree that this would be really difficult to bypass since you could also have custom bytecode to prevent them from using their own parser but, once an exploiter finds their way around, they could release the exploit and, it’ll be a waste of time to constantly patch it since there will almost certainly be a way around, we can hope that parallel lua may make server side detection more feasible.

2 Likes

I believe this is a great time to conclude this conversation. Thank you all for your suggestions and concerns.

2 Likes

Doesn’t vLua have its own interpreter? If so, I don’t understand how this would help. What stops the hacker from just using vLua themselves?

Using vLua’s themselves would just increase the lag, and still get them banned.

Exploiters can easily delete the client side anti cheat script and this topic wasn’t as useful

changing the execution level is literally a line of code

If the exploiter deletes the client side cheat, they will be banned because the server is not receiving a response.

Sorry, I do not understand what you mean. Even if the exploiter executes something on level 8, it still modifies the client, and that is detectable.