Exploit Prevention Update

Are the bans made by bots or by humans?, if so is there any plan for automatic ban system?

Is the HWID bans going to get a rework soon, since as of rn, cleaning the disk/uninstalling literally removes the HWID ban, so is there any plan to change that? :grinning:

What cd cleaner has to do with it?

It refreshes your net.user or whatever it was called, which basically bypasses the HWID ban, there are other ways, like using spoofers but they aren’t even needed.

The HWID ban right now is pretty much a joke, real HWID bans send the HWID to servers and then check if the player is using that HWID, if so they don’t let the player join

2 Likes

My guy, i could tell you definitely tried using Rune which runs cd cleaner on launch which gets path of NTUSER and clears it, you got exposed right there :slightly_smiling_face:. But believe me if you try to interact with NTUSER and something goes incorrect, your PC turns into brick and you’ll have to reinstall windows.

The disk clean thing was a thing since byfron on windows released, you can even search videos about it, and pretty sure bitdancer knows this already lol

Sir, how would using a windows feature turn your pc into a brick?, the tool is used by multiple people, in case they don’t have enough space in their disk

and you exposed yourself too, lol.

that was known already back at the time, that using cd cleaner removes any ntuser ban as roblox stores that type of bans on there, meaning on the user profile.

stupid stuff like creating a new user account on the computer, also works surprisingly so.

First of all, the Disk Cleanup trick is publicly known, and is even proposed as a solution to some Hyperion issues on this forum. It works perfectly fine and will not “brick your PC”. It is, however, true that Rune’s spoofer relies on it. Rune does not look for any entries in NTUSER.dat, nor for the file itself.

If you really knew what you were talking about, which, I assume you really don’t, you’d know that Rune’s creator doesn’t even know what format a HWID follows. Wouldn’t want to trust someone like this to spoof a hardware ID, now would you? More so, trust them to bypass a state-of-the-art anti tamper?

Using his own repository on Github for an application which is intended to be used on Roblox, we can see this little function which spits out a random string with the entire alphabet plus digits.
image

Would it be a surprise if I told you that a hardware ID is not a string of “random numbers and letters”, but rather a GUID? A globally unique identifier (GUID) consists of letter A to F, digits 0 to 9.
Guess what is written to the key?


A random sequence of characters split by dashes, which is clearly not a GUID.

image
(Screenshot is directly from the repository, I did not launch the spoofer)

That might explain why the supposed “hardware IDs” it generates look so fake even to the human eye.

5 Likes

My guy, if you know what purpose NTUSER.dat follows, and briefly saying, containment of parts of user windows registry - everything that follows thread HKEY_CURENT_USER e.g all settings of your account in system (position of labels on desktop, settings of Windows Media, Internet Explorer and much more), and if it gets corrupted a lil then it means windows registry will have the same fate as other account settings, so i do not recommend changing anything besides NTUSER.dat since any little corruption will lead in unsuitability of your account and you’ll have to create new ones.
img_5c45a0cb2dc42

I’m 100% sure that you will never take the big step of releasing a kernel-mode anticheat. You would lose an abnormal amount of users, remember who Roblox’s main target is. You’ll be good at IT but the rest leaves something to be desired.

5 Likes

I see no problem of creating personal kernel driver, that would fix everything, most likely hyperion will become new VAC.

what about anyone who cannot use (almost) anything without admin privileges?
one day this update rolls out and i cannot play roblox due to this

That’s probably why it’s not going to happen

1 Like

I believe its going to. Look at other games with kernel anti-cheats, they don’t lose players nor any money because its only 0.01% of people who needs to run everything as administrator.

And currently TeleportService being the only way to exploit legally. :boom:

Isn’t Electron released?, It works for web version, and hasn’t been detected yet

2 Likes

Because its obfuscated internally by crypt32.dll, believe me it doesnt mean it cannot be cracked yet.

detectron on top!?

8 Likes

detectron on top!! :bangbang: :baby_symbol: :speaking_head: ​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

ZClientWatcher is really fire :fire:

I know I’m a little late, but I made a module just for this!

3 Likes