Hello! Hopefully this is the right category, if not please let me know and I can fix it!
Recently, I decided to take a bit of a plunge and change from using Adonis to BAE.
I, admittedly, prefer BAE, especially for flexibility etc. But there’s one minor issue which is the fact there isnt “Dex” in BAE 2.0..
It’s my understanding that DEX originted as some sort of exploit (please correct me if im wrong!) and I am slightly concerned that if I make an attempt to implement this into my game but using Basic Admin then my account may risk being moderated..
Has anyone tried this or knows a definitive answer to this before I try it?
If you’re just adding a server-side explorer/admin tool to your own game for normal moderation or debugging, that’s not really the same thing as exploiting.
The main risk is more in how it’s made and what it can do. If it includes exploit-related functionality, pulls code from sketchy exploit sources, bypasses Roblox systems, exposes things to the client that shouldn’t be exposed, or gives regular players access to mess with the game in unsafe ways, that’s where you could run into problems.
As for Dex, it usually means “Dark Dex” or “Dark Explorer.” Either way, it’s basically just a hierarchy explorer — pretty similar in concept to the Explorer you already have in Studio or in other game engines.
So intheory if I implemented some version of dex (literally using it as an example; i more just want some form of ingame explorer which certain people can access) then I would be alright with it?
Technically it’s fine as long as it’s for certain people who won’t abuse it. You can imagine what would happen if you gave everyone access, they would potentially do harmful things.
Just make sure it doesn’t have any harmful or rule breaking functions.
Is this AI? Because the entire middle paragraph is basically irrelevant.
“exploit related functionality” like what exactly?
“pulls code from sketchy exploit sources” no. Not an issue. Use Dex by moon or any other dex if you wish.
“exposes things to the client that shouldn’t be exposed” that’s a decent general guideline but won’t really be an issue for moderation.
“gives regular players access to the game in unsafe ways” yeah both roblox and luau are designed to prevent that you know.
“Bypassing Roblox Systems” if you manage to bypass roblox systems do NOT put it in a dex and instead report it on HackerOne and claim a bug bounty.
In general dex should pretty much always be fine, although i haven’t found a good serversided standalone dex explorer yet
Exploit-related functionality can range from anything involving a vulnerability to something like a backdoor, where a user can run code on the client and have it replicate to the server.
Yes, pulling code from sketchy models is definitely an issue. If you download a random infected model, or in this case a model pretending to be a DEX explorer, then yes, it could leave a backdoor in your game or try to exploit a vulnerability. Things like this have happened before — for example, the Crossroads incident, which tricked people into getting banned. That issue was fixed, but you never know what new vulnerabilities might appear.
Giving regular players unsafe access in-game is also very possible. You give them a LocalScript where they can run code, and then another function replicates it to the server. What’s stopping them from inserting bypassed assets as decals, or building inappropriate things out of parts? That is basically access to an in-game executor, which Roblox and Luau cannot really stop, because it is not an external executor — it is simply game code written into the inserted free model. If you do not check scripts, this kind of thing can absolutely happen.
I never meant access to Studio or permissions outside of the game.
When I said bypassing Roblox systems, I meant it in a more general sense. Not bypassing anything outside of the game, but bypassing things like the chat filter or reporting-related functions, such as kicking a player if they press Esc to report, and so on.
So yeah, DEX itself is not bannable. What matters is what you do with it — just like with any other script, module, or tool.
I know these are not reliable which is why I asked.
I know what dex is which is also why I know that “exploit related functionality” is a meaningless phrase. Dex by moon for example does to my knowledge not offer any major “exploit related functionality” and if it does it’s most likely irrelevant here as it won’t work in a normal game (viewing instances parented to nil, writing to non scriptable properties, using CoreGui for the UI, etc.)
That is not “exploit-related functionality” and I doubt that you were explicitly referring to backdoors with that phrase, as backdoors are not desirable in general and almost never constitute “functionality”. Also having a backdoor won’t get your game moderated.
No. “sketchy exploit sources” (lets ignore the fact that exploit sources usually won’t contain an explorer) generally don’t contain game backdoors. Why would they? They are not designed to be run from game scripts. Also why are you shifting the goalpost from “sketchy exploit sources” to “sketchy models”. Crossroads is 100% unrelated and I fail to see why you brought it up.
It’s hard to accidentally replicate everything from a client to the server. If you open up functionality to replicate C2S, it’s on you to make sure it’s secure. Bypassed assets won’t automatically get you moderated. For example if you have a spray system, whats stopping people from just placing bypassed Decals?!??!?!?? Yeah exactly, literally nothing, and yet tons of games have such systems.
Cool so you meant things that are unrelated to dex in any form. So… why bring them up exactly?
I really don’t care to respond to this further as this will just spiral into an offtopic conversation, and the topic is solved anyways.
