I’d like to mention the default string number formatting had not been changed since the introduction of Lua and then over night a change to it broke many games.
He is right. You are relying on undocumented observations and it will likely have consequences.
I don’t think you understand the point of this script. This prevents exploits from injecting as most exploits and scripts to use with them hook the Instance __namecall method. They have no time to hook the Kick function and if they do, you can always just crash the client using while true do end which is far more difficult to prevent. As for rawset etc, these do not work on userdata and if they did, this would break normal behavior of instance properties.
If tostring() adding one extra digit somehow broke your game I think it’s fair to say your code was not perfect to begin with.
I’d just like to make a meme.
People: local scripts for anti cheats are useless and can be bypassed easily.
this one dude: makes an anti inject local script which actually prevents exploiters
That is irrelevant. The fact is your assertion is wrong and it doesn’t matter how long something is established for. Luau team has made huge changes before to behavior for performance reasons.
@regexman this doesn’t prevent anything more than any older methods of detection. They prop up, they get patched, the cycle repeats. When people criticize client anti cheat it’s for a good reason.
Sure, one day an exploit is gonna patch it, but use this as a temp solution as it’s actually affective for now
A lot of them already did after this, and a lot more did in the past before this post
If you are (quite understandably) paranoid about this false flagging players, simply make sure the namecall function can be retrieved properly and check the maximum call depth using pcall in a similar recursive function at the top of the script before using it in the second one. People have been using hacky CoreGui detection vectors for years now and if anything this is far more reliable.
Doesn’t make sense to use something as security then it gets breached in a matter of days or weeks.
People would place this in their game as some long-term or permanent alternative to combating exploits. They’d even use it now then months past when their game releases, this method would have been patched already and they’d have exploiters evading them.
Many companies like Google use AES which is a type of encryption method. If they expect that to be breached in a matter of months afterward then they wouldn’t use it.
You know you have no better argument when you have to compare an encryption algorithm such as AES to an exploit detection. You can claim client side checks are useless, yet all the top Roblox games often targeted by exploiters have implemented client-side anti cheats. In reality, most exploiters have no clue what they are running or how it works, and will be deterred by even the simplest checks.
Edit: you mention Google using AES, yet forget that their reCaptcha service uses obfuscation on client-facing javascript, performing the equivalent task as a client side anti cheat in our case.
LOL, did I compare it in any way?
Did you read what I said?
How did I compare an encryption method to an anti-exploit?
I literally said if Google used AES and it got breached in a matter of days or months afterward, and they KNEW it would be they wouldn’t use it.
The same argument goes for here
Doesn’t make sense to have something in your game PROTECTING IT if it’s gonna be breached in days or months.
The difference is encryption has to last forever or will become pointless in the future, while exploit detections only have to work until the player’s client closes and have no real consequences of failing to detect exploiters (at least over having no detection whatsoever).
Why are you comparing both of them then coming after me for it??
You still don’t get the point I’m saying:
Of course it does. Would you rather have banned everyone who exploited your game this week, or have them all still playing?
Yeah, but they have access to alts don’t they?
Access to VPNs, Virtual Machines, etc
So, what was the point of that statement?
Isn’t that the point of the exploit detection, it bans any account that injects.
My statement was this, am I right?
True, but it can still be used temporarily. Especially if the game is exploited regularly, they wouldn’t even see it coming when they join and immediately get banned after injecting.
Please refer to this reply I made on someone’s elses comment:
By this logic you are also saying server-side checks are pointless, and that kicks and bans in general are pointless. Roblox does not allow you to ban players by IP or HWID anyway so I don’t see why you would bring those up. Additionally if your game has saved items or stats, or costs Robux to play (such as Deepwoken which has a reputation for its strong anti cheat, and I believe also used the same detection I am giving out here) then bans become a much more effective punishment.
Edit: worth noting that Roblox itself has client side checks and preventions against exploit injections, which is one of the reasons it updates itself each week. If Roblox themselves use this strategy why shouldn’t you?
