Developing an Anti Exploit script. Would love corrections

node_modules1 · April 11, 2020, 1:21am

Developing an Anti Exploit script, with these specific antis.

Would love all kinds of corrections.

----------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------CONFIGURATION-------------------------------------------------------------

local AllowedItems = {
	["Item1"] = true;  -- Edit Item1 name and so for the others below
	["Item2"] = true;
	["Item3"] = true     
}

local GroupID = 123 -- Edit this to your GroupID


local GroupRank = 1 -- Edit this to the Group rank you would like to whitelist (All ranks above this will also be whitelisted)

local Max_Health = 100 -- Edit to the max health

local Max_Speed = 16 -- Edit to the max speed

---------------------------------End Of Configuration, please whitelist group again in the config section of the next script------------------
----------------------------------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------FEATURES-------------------------------------------------------------------

local Anti_Fly = true

local Anti_Health = true

local Anti_Humanoid_Destroyer = true

local Anti_Lightning = true

local Anti_PartInsertor = true

local Anti_Speed = true

local Anti_Teleportation = true

local Backpack_Control = true
----------------------------------------------------------END OF CONFIGURATION AND FEATURES----------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------


local Players = game:GetService("Players")

local LocalPlayer = game.Players.LocalPlayer

local Character = LocalPlayer.CharacterAdded:Wait()

local HRP = Character:WaitForChild("HumanoidRootPart")

local Backpack = LocalPlayer:WaitForChild("Backpack")


local NoDisabling = script.Parent:WaitForChild("NoDisabling")


repeat wait() until LocalPlayer
repeat wait() until LocalPlayer.Character

local Body = {

["BodyVelocity"] = true;
["BodyGyro"] = true;
["BodyPosition"] = true
 }

local Parts = {
	["Part"] = true;
	["Model"] = true;
	["MeshPart"] = true
}




--No Speed
if Anti_Speed == true then
	if Character.Humanoid.WalkSpeed > Max_Speed  then
		LocalPlayer:Kick("No Exploit")
	end
end


-- Anti part inserton
if Anti_PartInsertor == true then
	game.Workspace.ChildAdded:Connect(function(Obj)
		if Parts[Obj.ClassName] then
			Obj:Destroy()
        end
    end)
end

-- Anti Lightning
if Anti_Lightning == true then
	game.Lighting.ChildAdded:Connect(function(Obj)
	if Obj:IsA("Sky") then
		Obj:Destroy()
		end
	end)	
end

-- Backpack Control
if Backpack_Control == true then
	Backpack.ChildAdded:Connect(function(Obj)
    if Obj:IsA("HopperBin") or not Obj:IsA(AllowedItems) then
	LocalPlayer:Kick("No Exploiting")
end
end)
end

-- Anti Fly
if Anti_Fly == true then
	HRP.ChildAdded:Connect(function(Obj)
		if Body[Obj.ClassName] then
			LocalPlayer:Kick("No Exploiting")
		end
		end)
end

-- Anti Humanoid Destroyer
if Anti_Humanoid_Destroyer == true then
	Character.ChildRemoved:Connect(function(Obj)
		if Obj:IsA("Humanoid") then
			LocalPlayer:Kick("No Exploits")
		end
	 end)
end

-- Anti Health
if Anti_Health == true then
	if Character.Humanoid.Health > Max_Health then
		LocalPlayer:Kick("No Exploits")
	end
end

--Anti Teleportation
local PreviousPosition
if Anti_Teleportation == true then
function NoTeleport()
	if HRP == nil then
		LocalPlayer:Kick("No Exploits")
	end
	local PositionFirst = HRP.Position
	delay(1, function()
		local PositionSecond = HRP.Position
		if(PositionSecond - PositionFirst).magnitude >= 140 then
			LocalPlayer:Kick("No Exploits")
		end
		end)
end
end


local Player = game.Players:GetPlayers()

while wait() do
	if LocalPlayer:GetRankInGroup(GroupID) >= GroupRank then
		script.Disabled = true
	elseif NoDisabling.Disabled then
		NoDisabling.Disabled = false
	elseif script.Parent:FindFirstChild("RealAnti") == nil then
		LocalPlayer:Kick("Nope") 
	end
	NoTeleport()
end

nulllifeleft · April 11, 2020, 1:41am

I recommend you not kick a player locally, but have them fire a remote and have the server kick them. A lot of exploiters already happen to have scripts that prevent local kicks and make scripts that do that yield forever. But still, you should really employ some server-sided cheat detections.

Autterfly · April 11, 2020, 2:38am

There are a few issues from the script; here’s what I found going top to down.

The whitelist configuration part is redundant; if you’re checking for exploits, you shouldn’t need a whitelist. If someone is exploiting, they’re exploiting, and should all be treated the same.

local Players = ... is defined but not actually used as a variable anywhere.

Character is defined by waiting for the CharacterAdded event, which doesn’t account for the event in which the character is already present.

repeat wait() until LocalPlayer is redundant because LocalPlayer will never be nil, and if it was, the variable value would never change from under your nose without your own code setting it anywhere else.

repeat wait() until LocalPlayer.Character is redundant because you already waited for the character to be present when you defined Character.

Some of the checks only run once, which makes them effectively nil when it comes to someone exploiting.

Minor detail, but checking if a == true can just be shortened to if a.

PartInsertor check might interfere with genuine replications of models and such in the map to the client.

AntiLighting check only checks if a sky was added, which isn’t something to be worried about, especially on the client.

AntiHealth won’t work because of what nulllifeleft already mentioned.

PreviousPosition is declared but never used.

The check for if HRP == nil is redundant, because of what I mentioned before about variables changing values from under you.

The NoTeleport function is also only defined if Anti_Teleportation is enabled. If this is disabled, your script would error on the second to last line because it’d attempt to call a nil value.

Player is defined again but never used.

while wait() loops are something you should be wary of; here’s a post on that. Avoiding wait() and why

In the loop, you constantly check GetRankInGroup, which would only be needed to run once.

Lastly, the kick messages seem to be inconsistent. Some are No Exploits, some Nope, and others many variations of the former.

Hexcede · April 11, 2020, 2:40am

This can all be done server sided. (RootPart.Velocity*Vector3.new(1, 0, 1)).Magnitude will be their current horizontal speed (roughly their walkspeed if walking). Doing this client side means they can simply disable the script, fake properties, disable function calls, completely modify functions, and more. I never do anything client side.

nulllifeleft · April 11, 2020, 2:49am

All those times the script had LocalPlayer:Kick() made me want to slap my face hard. Kicking from a LocalScript is incredibly unreliable, as an exploiter can easily hook the function and make the script yield forever. Just having the script fire a remote and have the server kick the player is much more reliable than having the client kick itself.

Autterfly · April 11, 2020, 3:13am

It’s not any more reliable to fire a remote. It’s unreliable to expect the client to kick itself in any way. The same way kick can be hooked, remotes can be too.

ZeezyRed · April 11, 2020, 3:38am

There is one major flaw in your anticheat, I’ll act it out for you.

opening an average exploit…

game.Players.LocalPlayer.PlayerScripts.AntiCheat.Disabled = true

I should mention however, most exploiters aren’t at all familiar with scripting and will fail to do something as simple as this. As far as other flaws go, there are ways for exploiters to walk faster without tampering with Humanoid.WalkSpeed, such as binding a key to teleport them forwards a small increment every frame when held down.

Also, Anti_Lighting seems redundant. What if your game has a map cycle and changes the skybox? And, if the exploiter for some reason wants to add a sky, how would that affect other players? It just doesn’t make too much sense for an anti exploit. You should focus on preventing things that will harm the experience of other players first (such as fling scripts).

olivesrbx · April 11, 2020, 1:34pm

I would make the exploit server-sided, and client-sided.

starmaq · April 11, 2020, 1:35pm

Good stuff you have going on!

But just wanted to correct you about something very important, which is this.

if Anti_Speed == true then
	if Character.Humanoid.WalkSpeed > Max_Speed  then
		LocalPlayer:Kick("No Exploit")
	end
end

Making sanity checks client side for speed or health or any other property isn’t affective, because exploiters actually have the power to change how the property is viewed. Meaning if an exploiter set the WalkSpeed property to 1000, and you checked if it was higher than normal, he can make it so it only shows up as 16 which is the normal speed, thus the if statment fails.

Check out the VII section of this for more info.

Doing sanity checks in the client in general is not advised. A way to replace this might be to check if the player’s position is being changed faster than usual, because since even if the WalkSpeed is still 16 in the server, he’s fast in the client and his position will replicate anyways.

keeptheluck · April 11, 2020, 1:50pm

Even if that happens in the client, a player can still hook the kick method of the player and yield it forever with an adaptation of that method of spoofing the walkspeed.

bajascripts · April 12, 2020, 6:12am

As Zeezy2204 said, you can easily disable Anticheat. I recommend, and I do this a lot if your game has any core scripting such as camera scripts or anything core related, you can nest your anti-cheat into those. If the script is disabled then it will break the game completely. Another thing I’d reccomend is detection of script disabling from other scripts all on the client.

PysephDEV · April 27, 2020, 3:18pm

the whole script being local is an issue.