Here is a simple way to detect exploiters. It works by checking for a specific ID in Coregui, which some scripts provide on execution / Injection.
Detections: Dex detection, Infinite yield, JJSploit and more
I’m not providing full security for this, I’m just giving you guys ideas to turn into reality.
local Execs = {"137842439297855", "1204397029", "2764171053", "1352543873"}
local ContentProvider = game:GetService("ContentProvider")
local CoreGui = game:GetService("CoreGui")
--// loop this btw
ContentProvider:PreloadAsync({CoreGui}, function(assetId, status)
local AssetID = assetId:gsub("rbxassetid://", ""):gsub("http://www.roblox.com/asset/?id=", "")
if table.find(Execs, AssetID) then
print("Detected: " .. AssetID)
end
end)
--// made by ysf
This method has been around for a while, but it’s often easily bypassed. Client-side solutions like this tend to be unreliable as they can easily be manipulated, so NEVER have this be the main line of defense for your game.
i dont recommend using this as a main defense, as @KingMeblo said anyone who wants to do something like this should have more protection along with it.
Sometime’s I actually lose hope in this community, How will you bypass if you cant even inject and most people don’t even know how to bypass any client sided check’s +++ You can easily add a handshake to the client script which will make it not destroyable + You can add a server sided kick thru remotes and done!!!
And as I said “I’m nott providing full security for this” As its used for educational purpose.
its almost like this is a copy paste message posted on everything no one ever said it has to be ur main line of defense adding detections to ur game on the client does you no harm how about instead of spam pasting this message you say thank you and move on with your day
The handshake is bypassable but everyone forgets that disabling reject character deletions allows you to detect when a client deletes anything inside their client.
If someone spent enough time on it, they could patch every single client sided exploit that can be ran on the client since the server can detect anything replicated by the client when that property is disabled.
I just don’t think anyone cares enough to do it lol.
There’s 100’s of client sided exploits and it would quite frankly take you weeks if not months to patch every single possible client sided Roblox exploit and even then a memory editor could probably do worse things to Roblox if they really cared enough to use one.
Edit: It did not take weeks or months and I ended up creating a really cool anti cheat with RDC disabled
On the exploiting side, there’s a UNC fucntion called cloneref which litterly just makes a fake service that works like the real one. They could simply do the following
Thank you for visiting It is the intended behavior because it patches a huge variety of exploits and the main use for this anti cheat would be games that are very limited in movement. For example, games like dollhouse roleplay and classic baseplate.
The main concern I have is with complete bypasses but if this anti cheat holds up, I will gladly improve that specific problem and might be able to fully resolve it. I appreciate your feedback!
Found something funny when using something like this, when you loop the preload it can actually prevent horribly made exploits from actually initialising or increasing the time for it to “be ready” by a very long time.
I have spent the entirety of 5-ish minutes writing this but also watching my phone as I expect it to initialise completely but it has not. Right now I am just looking at the “Please wait a while!\nWe are currently setting everything up for you” menu.
So exploits like Delta will take a very long time for the user to actually be able to interact with its menu since it seems that exploits like this depend on something to be loaded before it allows the user to execute scripts etc. Even the auto execute does not work since this exploit requires (what I assume) everything to be loaded first.
You can test this your self. I don’t run computer based exploits/versions of said exploits so this was tested on mobile. Specifically IOS 16 using the troll store exploit to sign the IPA.
Throw the code from OP into any RunService loop and it should bring the exact same result.
I know some people would rather this be quiet like my self but I had been harassed and cussed out in my pms for apparently not caring about the community for not disclosing such things so I will contribute this here to prove I am actually caring for said community.
For a proof of concept video please look below. I added this for the same reason above and also was accused of looking for attention too which I don’t appreciate.
watch the full video before replying to this comment thanks.
If you do not believe the recording I have included everything you need to reproduce the same exact result. Although the recording should be, believable and enough.