This has been bypassed by Script-Ware and via an executed script (despite claims by some of it being near impossible) within just the past hour or two. I do believe the scripted bypass only works on “competent exploits” and the detection will still work in some cases.
Sorry to rain on anybody’s parade, but it is highly likely that other exploits will follow incredibly soon.
Still, nice method, and I respect you for releasing it.
Check back next week for my second Script-Ware detection!
I’m not arguing with someone right now.
You don’t see my point so I’m not gonna use up time explaining it further. I made an edit, please read that.
Synapse just patched this also
If anyone lurking wants a reliable way of stopping exploiters, don’t trust the client. Sticking to the phrase can be a bit frustrating or time consuming sometimes, but it’s worth it. Whenever you’re adding new content to your game, think to yourself, “How can an exploiter abuse this?”, and start adding sanity checks to it.
Among the other issues people pointed out, I don’t see how this would prevent exploits that hook onto Roblox as soon as it launches. If the exploit injects before your code even runs, they can stop your code from ever running. On-launch injectors are already widely available and have been for years.
Yes indeed you are correct I have loads of them
Also you guys should know this is patched already, on most executors.
I’d just like to point out that this does not in fact detect any script in particular and was targeting behavior solely exhibited by exploits. These kinds of fly-by-night exploit detection methods are not effective long-term and are not a substitute for good, server-sided sanity checks. I speak from experience.
Please make tons of Synapse X, ScriptWare, Dx9 detections and just post them here for tons of devs to use it and make it so common that it doesn’t mean anything anymore. Waste everything good. Send all your detections to the Roblox Engineers team to make sure they patch it up so that none of us can use these ever again.
Make a meme and mockery out of all sacred inventions.
As the wise programming scripture states:
It’s good to rely on open source code, but never the people who actually make it.
So in this case you should just make it yourself.
Couldn’t it all be done directly to the memory without injecting anything?
The code is running on the exploiter’s machine, so technically they could just disable it by changing/removing a few values from their device’s memory.
Hi, I just want to know. Where will I put this? Is this a Module Script or a LocalScript? I am only an average scripter and there’s a lot for me to know about!
Script-Ware has no known detections at the moment.
haven’t tested this but i am pretty sure this will find sw, at least the mac version
Fluxus (well, Fluxus M) also has no known detections.
It’s had a long history of sloppy mistakes but it’s pretty solid now.
Fluxus M hasn’t existed for almost a year at this point.
I have been able to get confirmation that the successor to Fluxus M (developed by the same person) is vulnerable to this.
SWM uses the exact same code as Fluxus M. It even has the exact same FLUXUS_LOADED
variable. It’s the same codebase just rebranded.
The Fluxus M product isn’t being sold anymore, but Fluxus M lives on as SWM.
Prove it.
(no offense of course I’m just linking a post that tells you what you’re doing wrong)