Exploit Prevention Update

Bitdancer · February 23, 2024, 10:17pm

Please stay with me, this is going to take a bit:

Imagine you are really into bicycling and bicycle racing. Also, imagine you spent a lot of time and effort to be really good, in fact, so good that you participate in competitions every week. Your goal is to become the best bicycle racer there is.

You are doing well and are on your way to becoming number one. Recently, however, in every competition, there is a motorcyclist competing. Needless to say, you stand no chance of winning, and you are well aware of it.

You think, “Oh well, there are more competitions to come, so I’ll have my chance.” Unfortunately for you, some less gifted bicyclists observed your last competition and realized that by using a motorcycle, they too can win without any repercussions because the rules of the umbrella organization that all competition organizers adhere to allow for it. So, the next competition has one or more motorcyclists competing, leaving you with no chance of winning again.

Now, would you continue competing, knowing that you will never have a chance unless you use a motorcycle yourself? Do you expect other folks who compete fairly using a bicycle to keep going, even though they, too, know they have no chance of winning?

For the sake of argument, let’s assume you are very persistent and still want to do something within the realm of bicycle competition. You decide to create your own competition, your own race. Naturally, your competition falls under the umbrella of a larger organization that regulates bicycle racing. You dedicate a lot of time and energy to make this competition happen. Initially, everything goes well, you make some money, and you can enjoy bicycle racing, your true passion.

Sadly, slowly but surely, motorcycle racers start entering and competing against your bicycle racers. You can’t prohibit it because the umbrella organization’s rules permit motorcyclists in bicycle races. As the motorcyclists show up, bicycle racers leave, having no chance of winning. Eventually, you have only motorcyclists competing, but they too stop showing up because there are no easy wins, and in their minds, easy wins and humiliating bicyclists were the only reasons they participated in the first place.

Now, you are left with a competition in which nobody competes. Nobody is interested in it, and all the hard work you put into making it happen is wasted. On top of that, you don’t see any more money either.

Eventually, you give up, start a new hobby that has nothing to do with bicycling, and you stay as far away as possible from the umbrella organization responsible for bicycle competitions.

Now, you’ve lost a near and dear hobby that you invested a lot of energy in. After that, you lost your business, into which you again poured a lot of time and energy. Last but not least, the bicycle race umbrella organization lost an organizer capable of bringing in bicycle racers.

I’m sure it is clear what I am getting at by now. Everybody lost in my story, except the motorcycle racers and the motorcycle manufacturers.

TwistyTies · February 23, 2024, 10:29pm

I didn’t directly compare them, I did that to point out how illogical the original sentence was lol. The question against it shouldn’t be because it’s against ToS, but rather why it’s against the ToS, similar to how laws against things are put in place and not justified by the substance of the law but rather why the law was proposed in the first place.

prostoRobot · February 24, 2024, 6:14am

I still didn’t got my c&d so far because of sanctions lo.

prostoRobot · February 24, 2024, 6:19am

script

powering_poop2 · February 24, 2024, 2:29pm

Nice story, it really does suck that there are exploiters aka the motorcyclists in your story that ruin the players aka the cyclist’s fun. But what prevents the developer from scripting their own anticheat? Yes you included that “umbrella organization” in your story but roblox clearly doesnt allow those “motorcyclists” in their platform. And roblox anticheat developers exploited and used exploits to test their anticheat, what if hyperion is bypassed so its very hard to patch that bypass? How are developers gonna be prepared before that happens? Making an anticheat is hard if you dont know anything about exploiting, and even if you did its gonna take a long time and players are gonna quit the game because of the exploiters. Let’s hope that hyperion never gets bypassed that patching that bypass is very hard because exploiters are becoming more of a menace in games (there are good exploiters but those are uncommon).
My suggestion here is to add tools that exploiters use (like rspy) in roblox studio as a built in feature so developers can use those tools to script an anticheat to prevent exploiters that use emulators or use a private method that bypasses hyperion.
Im not a executor developer so Idk if the suggestion im talking about can be weaponized.

MrJake092209 · February 24, 2024, 6:53pm

There are tools on roblox that can help you emulate a simulation of an exploit, while not to the full capability of an exploit (obviously), and those can help you get a grasp of any potential attack vectors on your game.
Even then, there are threads that give you some vital detections for these attacks, like this thread (by Liker) Anticheat Methods, which can be very useful for defending your game against a high majority of malicious users.

prostoRobot · February 26, 2024, 11:51am

ER:LC was the smartest using messagebusservice against synapse x

prostoRobot · February 26, 2024, 12:01pm

obviously your idea about adding forbidden scripts to investigate the possibilities of exploitable script is bad, since you can literally look into source of a script (especially any of remote spy), even if its obfuscated, what makes you think that every of remote spy will be obfuscated? Like if one has their script obfuscated, then second wouldn’t, aswell as that concept of every remote spy is equal to one another. Also i don’t think that in-game anti-cheat could be this great, since there’s plenty of methods that could bypass most of in-game anti-cheat detections, so atp when you’re creating an anti-cheat for your game, you should count on preventing a skid auditorium from exploiting in it, since im doubting that skid could be capable of bypassing anti-cheat if you didn’t pull it from toolbox or someone else exactly.

SussyZets · February 26, 2024, 6:57pm

There is nothing we can do

MrJake092209 · February 26, 2024, 10:22pm

Dont those kinds of detections usually get patched within a week max

davidslevs · February 27, 2024, 3:11pm

Why can’t you consider taking an approach to letting developers choose whether to have hyperion running on their game or not? Specifically coming from a developer on linux’s viewpoint. So much roblox tooling and whatnot is amazing on linux, Roblox Studio is amazing on linux as well. However, I can’t even play my own game that I created? Do you understand that my situation is experienced among many other developers who most likely have no other choice but to use linux? I use Roblox as my source of income, and I can’t even play my own game. You probably have your reasons over there at Roblox, but it’s just a little saddening to me.

VinnyMiddleMan · February 27, 2024, 9:44pm

It may just be that synapse are bypassing whatever roblox are trying to find/ have found.

VinnyMiddleMan · February 27, 2024, 9:45pm

All you need is more blockers, and update security measures like autobanning players that do things out of the ordinary, like if the script notices a player is above a certain level of the ground / flying you get auto banned

VinnyMiddleMan · February 27, 2024, 9:48pm

I’m not sure if Synapse itself condones what the players do but the individual company I think you can talk to, but yes, they are the cause for ALOT of exploiting that goes on as its a safe paid exploit you can use.

RRadlord · February 28, 2024, 9:35am

It feels weird and how nice of Bit dancer to be answering to all those nonsense questions you are all making. I am sure Bit dancer is probably more than 30 years old and is answering to 15 year olds who beg and trying to find an angle in exploiting.

This is funny to watch not gonna lie, but hats off from me to Bit dancer he has been wayyy too open unlike anyone else I just love how this man takes his job so seriously and has so much dedication in answering here all of these. Because I am sure bit dancer doesn’t need to be spending his time answering all of these I think he does it because he likes it. Hats off to the Hyperion project as well, finally we can enjoy Roblox fairly.

VinnyMiddleMan · February 28, 2024, 9:56am

Not even in the question, exploiters are very reckless yes, but nothing compared to that, a very silly comparison at that.

MrJake092209 · March 1, 2024, 12:09am

Can you give an example of one of these “nonsense” questions, other than the one asking about developers having exploited and made anti-cheats themselves? Because that was pretty stupid, but I’d like to know what else.

WizardBrand · March 7, 2024, 10:56pm

great answer, was not expecting a staff to explain

tr3yg · March 8, 2024, 8:45pm

It is truly unfortunate that the motorcyclists ruined the entire race for us bicyclists.

Hopefully some day we can start the bicycle races again with rule changes from the umbrella organization.

I want to ride my bicycle.

Voidage · March 9, 2024, 1:57am

One of Roblox’s recent updates broke compatibility with Wine on Linux. Again. I remember support was briefly added with this new anti-cheat update but it seems Roblox has taken that back. I can’t find much info about this.

I would assume Roblox has a plan to bring this back, yes? Doesn’t sound like such a good idea to prevent an entire OS from playing your game because of some exploits. Especially when this is something that could be fixed.