A couple of years ago, Roblox exploiters used to insert instances inside of PlayerGui - which was easily detectable by utilizing the ChildAdded event. Times have since changed and exploiters began to insert their instances inside of the CoreGui service.
Exploiters have more access to the client than game developers do, and unfortunately you’re unable to utilize the ChildAdded event for CoreGui instance detection like you were with PlayerGui.
And then you realize, exploiters can just prevent the local player from being kicked. So you decide to just crash them instead! Then you realize that exploiters can just protect their guis (if they are using Synapse). Oh good! Then we can get other exploiters that use Hydrogen, Krnl, and the other ones that are not synapse.
Synapse and Script-Ware (for Windows) are no longer functional. They have both been inactive since Hyperion’s release, with no updates or news about their potential return. The recent integration of Hyperion into the UWP app has also made KRNL and other exploits that relied on the UWP client patched, unless they can find a way to bypass Hyperion. Some exploits still use an older version of the UWP app, but it is likely to become unstable and stop working as time goes on.
This is a great resource to stop new or intermediate exploiters who have no clue how gui protection works. It may not catch EVERY exploiter, but it’ll surely catch a few!
There are many ways to get around this, such as using cloneref ( exists in most exploit environments ). Even if a measure isn’t great, it’s still good to have something standing in the way of exploiters - it may stop more of them than you think.
This type of detection has been around for years, just not widely known by developers but this is a solid method of detecting CoreGui exploits. if you know what you’re doing its not that hard to bypass on its own, so I threw together a different version with a few basic sanity checks, feel free to use its not anything that advance but should help.
task.spawn(function()
while task.wait(1) do
local Name = math.random()
local Trap = {Name}
local Bait = setmetatable(Trap, {__mode = "v"})
if Bait[1] ~= Name or Trap[1] ~= Name or getmetatable(Trap).__mode ~= "v" then
print("wow great hook")
end
end
end)
task.spawn(function()
while true do
local HoneyPot = setmetatable({game:GetService("CoreGui"), {}, newproxy(true), newproxy()}, {
__mode = "v"
})
while HoneyPot[2] and HoneyPot[3] and HoneyPot[4] do
task.wait()
end
if HoneyPot[1] then
print("wow coregui exploit")
end
end
end)
I don’t know if you realize, but exploiters can modify pretty much anything local, or anything client sided. This would be super cool if they couldn’t, but they can. By being able to modify anything local, they can do so many things to counter this, like:
just prevent the local script from running by disabling it or deleting it
changing the local script to remove the part that either kicks or crashes them (yes, they can change the code in local scripts)
im pretty sure they can also prevent the script from even spawning in the first place? not 100% sure on this one but i’d imagine they could
Even Bitdancer said that there’s no way to eliminate client exploits, but rather make it harder to exploit (and thats literally Byfron’s goal)
No client anticheat is perfect and will get bypassed one way or another. It’s rather a protection later against “script kids”, since I highly doubt they’ll get technical enough to make a bypass.