The Canadian Intercollegiate Lumberjacking Association’s team presents to you today a fully-fledged, instant, on-injection detection for SirHurt v4. We’ve spent countless nights developing this amazing method and are proud to release it to the general public for use in games. This flaw has existed for multiple months in the exploit and has went unnoticed by the clueless developers. The owner is also notorious for grooming minors. SirHurt has no auto-inject and the message we detect gets outputted before you inject by the custom launcher (which is forced) - this means that there is no way to mitigate this detection from working.
How to secure your game:
Create a LocalScript inside ReplicatedFirst
Set its source to the following code:
-- credits to Federal#9999 for the method
while true do
task.wait()
for i,v in game:GetService("LogService"):GetLogHistory() do
if v == nil or v.message == nil then continue end
if v.message:find("validateBootstrapperVersion Error: HTTP 403") then
-- change this
while true do end
end
end
end
Sirhurt isn’t outputting anything, the “custom launcher” the developers of it implemented unintentionally outputs the log because a core script couldn’t request “validateBootstrapperVersion”
This is a continuation of the ridiculously stingy exploit culture we currently have.
Client-sided anti-exploits are always going to be bypassable, require updates, and vice versa. What I’m saying is that there’s an expiration date on client-sided anti-exploits.
What makes this ‘not a waste’ is that it increases community knowledge on these methods. Think about how many developers didn’t know that you can check for exploits using LogService (maybe you did, but I didn’t). The reason for that (besides just the limits to what I know) is that there are very few threads about how to even begin detecting exploits on DevForum or anywhere else (yes, there are a few scattered in #help-and-feedback:scripting-support but none in #resources ).
If more people actually know how to even approach the concept of anti-exploit, that’s better for everyone (players and developers both). I’m not going to tangent the thread further, but for further clarification, the point is made pretty clearly here: https://devforum.roblox.com/t/our-anti-exploit-culture-needs-to-change/1845284 Happy to continue talking in DMs as well
OP thanks for sharing the knowledge and methods. Are you able to provide any details on how your team actually approached making this method (did you have some indication that this was an issue in the exploit, was it just trial and error, is this apart of a larger philosophical approach, etc.?)
This method was discovered by simply injecting SirHurt and checking the console output before and after. There’s plenty of other ways to detect this exploit but I decided to release the most simple one.
Interesting method, how long do you think this will take to become patched? And if it does get patched, will you release some of the other ways to detect it?
Keep it private, perhaps sell it to big companies, and/or obfuscate the code (probably not the best idea but it’s a price to pay for hiding the source)