unfortunately, while it did hide the custom functions from callinfo, it did not account for the stack size change
Thank you soo much! This is one of the best releases of the game
This seems like a good script, however, someone could just:
game.Players.LocalPlayer.PlayerScripts['AntiHook']:Destroy()
-- or with any other root.
Unfortunetly DEX programmes cannot be fully stopped, and if a DEX programme gets in, it’s easy mode for the exploiter.
You can put LocalScripts in nil and if you set its name too just “LocalScript” and not “AntiHook” exploiters won’t think much of it. While still possible to disable it they wouldn’t know it was there until they tried to hook something.
Edit: One of my friends dmed on Discord about this reply saying “legit the first thing I think is there scripts in the nil.” So I just wanted to say you could also hide it in the default Animate script inside the character.
Exploiters are likely to scan local scripts anyways.
Destroy won’t stop the script, neither will .Disabled = true if it has managed to spawn another lua state (e.g. with coroutine.wrap)
How would you run Dex or delete the script if you can’t inject your exploit?
An injector can update to patch this, and it is possible.
Bro, you cannot inject, and delete the script after. The script will ban you before you can even execute
tip: until it’s patched, do while task.wait(.1) do as it still runs when the script is disabled not destroyed (known bug) but it will be patched soon anyway but use this temporarily cuz dex people will delete it
How long do you think this will work for before the developers of script injectors find a workaround?
Dex people cant use dex, cuz it detects them before they even injected lol
So what’s making the people think it can be bypassed? This one localscript is a legend. The people who said localscripts are not good we’re false! Haha!
this is pretty damn impressive
took me a while to understand how it worked. taking advantage of the call stack is something I never thought about. it’s kinda risky but smart at the same time. well done
It can be bypassed by the people who actually make the script injectors themselves. By this I mean the developers of script injectors will be quick to add a system that renders this check completely useless.
Relying solely on localscripts to prevent exploits is never going to be a be all end all solution to anti-exploits because the client is the player’s computer, not a computer that you or Roblox are in full control of.
That’s very true and I have nothing against it, I guess we will just use this as a temporary solution
hahaha you can wait, soon everything will be, I will do better =)
Adding on
It is possible to disable client sided kicking, however it does require injection.
Lua also has rawset
and rawget
which allows you to bypass __index
and __newindex
. Meaning that people who have experience won’t be too too affected.
Though it isn’t a bad resource and could help get rid of some exploiters
Edit: See reply from @TopBagon
I think you misunderstood something. this script detects an injection and kicks right away
Which is impossible if you can’t inject in the first place.
people who have experience in C++ and can write their own exploits*
I’d suggest playing around and analyzing the code for more details. it can only be bypassed by the exploit creators, not people with just lua knowledge.
please don’t reply with “but it’s impossible to detect an injection…”
I’d like to mention the default string number formatting had not been changed since the introduction of Lua and then over night a change to it broke many games.
He is right. You are relying on undocumented observations and it will likely have consequences.