Concept: Client Anti-cheat possible?

OminousVibes0 · May 15, 2021, 4:56pm

That is a possibility, although that is applied for a different case than mine.

Unknownstaffmembe · May 15, 2021, 4:57pm

oops, I misread the question;
I’m assuming vLua returns a function or executes code directly by parsing it then using a wrapper, if so, it can still be bypassed.

OminousVibes0 · May 15, 2021, 4:59pm

It definitely can. No anti-exploit is perfect, there are just varying difficulties to bypassing. This one is one of the more difficult ones.

Unknownstaffmembe · May 15, 2021, 4:59pm

Yeah, it would be necessary to attach some events but, you could also index a value on demand and, you can just track values which you’ve changed.

OminousVibes0 · May 15, 2021, 5:00pm

Indeed, that would be difficult. Still, we don’t need to detect everything, we just need to detect the main issues we have with exploiting.

Unknownstaffmembe · May 15, 2021, 5:02pm

I agree that this would be really difficult to bypass since you could also have custom bytecode to prevent them from using their own parser but, once an exploiter finds their way around, they could release the exploit and, it’ll be a waste of time to constantly patch it since there will almost certainly be a way around, we can hope that parallel lua may make server side detection more feasible.

OminousVibes0 · May 15, 2021, 5:03pm

I believe this is a great time to conclude this conversation. Thank you all for your suggestions and concerns.

ToldFable · May 15, 2021, 6:55pm

Doesn’t vLua have its own interpreter? If so, I don’t understand how this would help. What stops the hacker from just using vLua themselves?

OminousVibes0 · May 15, 2021, 6:59pm

Using vLua’s themselves would just increase the lag, and still get them banned.

GiantDefender427 · May 16, 2021, 4:11am

Exploiters can easily delete the client side anti cheat script and this topic wasn’t as useful

rohrkatze · May 16, 2021, 12:54pm

changing the execution level is literally a line of code

OminousVibes0 · May 16, 2021, 2:22pm

If the exploiter deletes the client side cheat, they will be banned because the server is not receiving a response.

OminousVibes0 · May 16, 2021, 2:22pm

Sorry, I do not understand what you mean. Even if the exploiter executes something on level 8, it still modifies the client, and that is detectable.

Officiall_Studios · May 16, 2021, 6:33pm

I think the key to anti-cheats is to have multiple methods of checking something. For example, something as simple as walk speed:

The first method to add to your script is the basic loop that checks the walk speed value. That will defend against inexperienced exploiters that just change client values.

Then you want another script to check the CFrame value of the HumanoidRootPart every few seconds. Fine-tune it to see what the max CFrame traveled can be.

Use these methods in separate scripts, just to make it a little bit harder to disable both methods easily. The next thing is to copy and paste both of these methods into other important client scripts so that the methods can’t be disabled without breaking other parts of the game.

To summarize, the main key, no matter what type of client anti-cheat you use, is to have several different methods that are harder to combat.

seppdemeij1234556 · June 4, 2021, 7:12am

As a result of false positives, if a player has high ping he will get kicked. And if the exploiter deletes the anti-exploit the exploit could take it over, firing the remote.

OminousVibes0 · June 4, 2021, 9:25am

The exploit would have to use loadstring, essentially defeating its own purpose.