Exploitable Perk

Zohair_028 · August 30, 2021, 2:16pm

Hello everyone so I recently planned on adding X-Ray vision to one of my games(under development).
I realized this would be highly exploitable because the exploiter can easily just change transparencies for himself.
I actually planned to make a gamepass for this so if it is highly exploitable and if there is almost no way to counter it I may just dispose of the idea.
If incase anyone wonders, the perk works like Mm2’s X-ray perk(If you have played it) (almost exactly like that)…

Nightmare4into96 · August 30, 2021, 2:25pm

I’m guessing that the X-Ray vision will be enabled when a remote is fired. To secure it I’ll highly suggest adding sanity checks that checks if the player owns the ability to use X-Ray vision and the other sanity checks is up to your choice.

Ex:

if player.OwnsTheAbilityToUseXRayVision == true then
    -- Use X-Ray Vision
end

XDify01 · August 30, 2021, 2:34pm

That is not what he meant, he is talking about when exploiters set the transparency from the client-side without affecting the server

VoidException · August 30, 2021, 2:50pm

Perhaps, you could do all the checks via the server side (if user has gamepass, gamepass purchased etc), then clone a UI containing all the X-Ray vision to that players GUI via the server, preventing every user from having the X-Ray already in their Player GUI.

MixedConscience · August 30, 2021, 3:06pm

You have something called Basepart.LocalTransparencyModifier.
You don’t even have to switch to the server for X-Ray.

https://developer.roblox.com/en-us/api-reference/property/BasePart/LocalTransparencyModifier

Just check if that user owns the gamepass and when a button is pressed in the UI, active it and change the transparency.

Of course it would be exploitable since it’s on the client but then again exploiters would have to pay for a gamepass just to use it.

Could even do the idea above (the reply). The server checks if the user bought/has the gamepass then make some sort of check to set it as true. You can also fire a remote to tell the client to activate it or just wait around in the client until an instance value changes (boolean value) and when it does give the user the UI.

XDify01 · August 30, 2021, 3:17pm

Yes I do know, but I thought he is worried about exploiters being able to just do the perk easily by setting the transparency of BaseParts on the client (without even having the gamepass)? Or did I misinterpret op?

MixedConscience · August 30, 2021, 3:22pm

Ohh, yep I think they can do that, not quite sure.
Most likely since they can change anything on the client.

GolgiToad · August 30, 2021, 3:24pm

If they make themselves transparent on the client, what advantage does that give them on someone else’s client or the server, where they are still visible?

Nightmare4into96 · August 30, 2021, 3:32pm

I know this isn’t a fool proof plan but, it could stop some exploiters.

for _,v in pairs(Map) do
   if v:IsA("Part") then
       v.Changed:Connect(function()
          if v.Transparency ~= 0 then
             --- Kick LocalPlayer
          end
      end)
   end
end

synical4 · August 30, 2021, 3:33pm

Yeah, that is extremely exploitable. Exploiters could literally just do this:

for i,v in pairs(Map:GetDescendants()) do
  if v:IsA("BasePart") then
     v.Transparency = 0.75
  end
end

I guess you could add some checks like @Nightmare4into96 said but they can easily disable them.

Zohair_028 · August 30, 2021, 3:41pm

Hm as far as I get there is no real way to actually make it fully efficient.
Checks from local script can easily be bypassed by deleting the local script.

Maybe I should not add such a perk after all that can be used by the exploits without even having to buy the gamepass.

Thanks

Zohair_028 · August 30, 2021, 3:51pm

Not themselves but their surroundings.
In my game there are some sniping and camping spots from where you can shoot or throw missiles.
So if the exploiter makes his surroundings transparent he can see where people are camping.
So it is a very easy for him to exploit the game out and ruin it.

GolgiToad · August 30, 2021, 3:54pm

You probably can’t stop that anyway, but you can double check LOS during anything that matters, like the shot. A good ricochet would discourage that.

TigerLeo77 · August 30, 2021, 4:46pm

Unfortunately I don’t think you can really get around it. You can’t do this on the server since the server won’t see that the parts are invisible for the hacker. This means you can only do it with a local script, but exploiters can just delete that script.

Luckily a lot of exploiters are just salty kids that copy paste Synapse scripts they found online and don’t have any knowledge of how anything works, so you can probably stop some of them by using @Nightmare4into96 's suggestion. This is just a completion of his code:

-- Local script
local kick = -- Some RemoteEvent placed in ReplicatedStorage

for _, v in ipairs(workspace:GetDescendants()) do
   if v:IsA("BasePart") then
       v.Changed:Connect(function()
          if v.Transparency ~= 0 then
             kick:FireServer()
          end
      end)
   end
end

-- Server script
local kick = -- Some RemoteEvent placed in ReplicatedStorage

kick.OnServerEvent:Connect(function(plr)
   if playerDoesntHaveGamepass then
      plr:Kick()
   end
end)

Keep in mind that this isn’t full proof though. You can obfuscate the script, although de-obfuscators also exist. A better way is to design your game so it doesn’t have camping spots.