Could this client sided anticheat concept possibly work?

Hey guys!!
I know clientsided anticheats are pretty much useless, and I know there’s definitely some flaws in this but I just want to know what they are and better understand what clients can actually do.

So, lets say for example I want to make sure a player doesn’t change their walkspeed on the client.
Because changing walkspeed on the client doesnt change it on the server, I’d had to have to get the walkspeed from the client.

So I write the localscript that will do this and put it under a server script. When a player joins, the server script clones the localscript and gives it to the player, setting it to a variable before it does so it knows to ignore other scripts responding to the function in the future.

demo 1819×781 8.31 KB

So now, in gameplay, I do a check to make sure players walkspeed is still 16.

Ideally, the local script will just return 16 and everything is fine.
If someone is trying to cheat however, one of three things will happen:

1: The player has a cheated walkspeed, which the localscript reports and the server kicks the player.

demo 3819×781 7.41 KB

2: A different script responds to the remote function, but knowing which script to be listening for, the server kicks the player.

demo 2819×781 8.87 KB

3: No script responds and its safe to assume the script was either disabled, deleted, or the player is lagging really bad and about to DC anyway

demo 4819×781 6.03 KB

So let me know why this would or wouldn’t work friends!

ps: this isn’t a system im planning on using in any games, just curious

i dont think you can identify which script its coming from because the remotefunction cant pass a script object so you cant compare it to the saved variable that holds the localscript

exploiters can also modify the behavior in your local script to always send 16, or they can modify any reading of walkspeed on their client to always return 16

If you’re planning to create an anti-cheat, you need to implement it on the server side—that’s generally what most games do.

For example, instead of reading the speed from the client, you should calculate the character’s displacement on the server to verify their speed.

Using LocalScripts for anti-cheats isn’t secure, as they can be easily bypassed.

Hooking functions in your script environment, and gg bro, you are cooked.
What will you achieve with this anti-cheat? Losing performance and being mocked even by a skid
Client anti-cheats are only useful when there is a weakness in an exploit, but that usually lasts for 2~ days. The thing you are making is a complete embarrassment. YOU ARE NOT HACKING MATRIX bro

me when hooks

I literally said in the post I didn’t plan on using this anti cheat because I knew it wouldn’t work and I wanted to know why. I’d prefer you read the post and maybe explain what hooking means instead of just making fun of someone trying to learn

not unless every few seconds you delete it and clone it and do something like this:
once it is injected into to player (aka loaded because its parented to it), the script will rename itself to any script it finds in the game and parent itself to where it is, since it keeps reappearing and its hidden it is less likely to be bypassed. and if you want a way that most exploits dont use, just destroy the player in players. it gives them a kick message too but it doesnt work with anti kick stuff. also client sidedly destroy everything that is deletable incase they were saving the game.

hook allows exploiters to change a functions behavior, you can do the same with reading properties of Humanoid.WalkSpeed or any other object

--changes Kick() to do nothing
local senv = getsenv(SCRIPT)

hookfunction(senv.Kick, function(...)
  print("kick denied")
  return nil
end)

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.