Hello, everyone again!
Today I am releasing a VERY lightweight script that can easily detect RSpy (a very popular tool used by exploiters to log into Remotes). The script is simple and cannot fail under normal conditions, as it uses a RemoteEvent created in nil.
The central idea is to check the weak metatable (__mode = "kv") to monitor whether the object is still referenced. If the exploit retains the object (for example, by saving it in a table), it will not be collected by the garbage collector, which can be detected. All objects should ALWAYS be removed at the same time, but when referenced, they remain longer.
Please note that if it is obfuscated, it may give false positives. Obfuscators may save some references and break it. Test it before putting this detection in your game.
local RemoteEvent = Instance.new("RemoteEvent") -- Fake RemoteEvent to prevent references
while true do
local Proxy = newproxy() -- RSPY has an function called deepclone, clones tables, Instances and all values inside of it, but not the userdata
RemoteEvent:FireServer(Proxy) -- RSPY only allows "FireServer", "fireServer", "InvokeServer" or "invokeServer"
local Refer = setmetatable({{}, Proxy}, {__mode="kv"}) -- Its important to have a table that never has a reference, in order to know how long it should take to “delete the refer to the remote.”
Proxy = nil -- If we leave the reference, we will detect ourselves
while Refer[1] do -- We wait for a table WITHOUT REFERENCE to disappear
task.wait()
end
if Refer[2] then -- The only way it can exist is if a reference is made to it; it cannot exist in the table yet.
return warn("RSPY DETECTED") -- Change here for your detection, this is an example
end
end