Exploiters & Global Functions (On the client)

Are the scripts that important? Is it worth sacrificing user experience and server performance for their security? These are something you should ask yourself because a paranoid developer rarely succeeds

1 Like

Yes they are, they’re the whole purpose of the game,
So if they get stolen, then other people can use them for profit and I don’t want that

The game works with them being on the server, I was just hoping that I found a decent solution to stop exploiters from being able to access the scripts

To answer your question:
Exploiters can still access instances even after deletion. So this would not stop them from decompiling the script.

1 Like

I’m guessing it gets stored in the clients memory?

I’m not entirely sure if it is due to how Roblox handles deletion, or if the exploits sinply store the data even after deletion. I just know that it is true.

Not always, there are some methods to stop this from happening.

Such as something like this.

script.Parent = nil
getfenv().script = nil

The exploiter cannot get the local script even using
for i,v in pairs(getgc(true) do end

This does not stop exploiters. While it varies from exploit to exploit, take former exploit Synapse X as an example. That program kept track of instances even after deletion, and made them accessible through a function called getnilinstances. You cannot stop exploiters from accessing anything client-related.

1 Like

It is not visible in getnilinstances().

Quotes from users prove this aswell.

1 Like

The only thing you are doing here other than deleting the instance, is removing it from your own function environment. This should not affect exploiters. Even if it does somehow prevent Synapse X from accessing the script, this isn’t a sureway to achieve this, it is merely a loophole found in an exploit, which could easily be patched, making this approach redundant.

How could it be patched? Here we are using the Lua Garbage Collector to our advantage. To prevent this they could either use getreg or getgc, although I can block skids from using both of them. lol!

I never knew you could detect getreg, that’s quite interesting.

It’s a matter of fact that you are trying to hide data from the exploiters. Data which they are in possession of, on their PC. No matter what you do, it will always be possible for exploiters to access the data. They may not have the tools to do it, but it is possible.

With your logic you are basically saying “Let’s just not add another line of defense” which is a very bad mindset.

This “other line of defense” complicates development and takes time away from productive development, with very little benefit. You are much better off just securing your game with proper design instead. And I simply answered the question which was asked, no this will not hide your code from exploiters, which is a fact.

May you educate me on how a such “line of defense” complicates development? I don’t see how it does complicate development considering I have worked on multiple games’ anticheats.

Please define “proper design”.

I’d like to see where you got that “fact”, especially when I don’t mean “permanently hiding”, but rather an additional protection vector. You should be smart enough to know what I implicitly said.

Guys calm down, classic DLL exploits are dead for a long time and new methods throught tampering local script’s can be easily detected even before exploiter would get access to execute scripts.

1 Like

It complicates development in the sense that you have to change the way you structure your code, and you are now dealing with a nil-instance scripts which complicates debugging with very little gain.

By “proper design” I mean properly securing your RemoteEvents and Functions, and doing sanity checks on the server to prevent exploits.

The fact of the matter is that the original creator of this thread asked if deleting a script hid the code from exploiters, which it does not. The post is not about “temporarily hiding code” or “slowing exploiters”, it was a question of whether deleting a script hides the code from exploiters, which it does not.

You don’t need to change the whole game’s code structure? You can just have the client antiexploit in one script and the rest in others? Would you SERIOUSLY implement it IN EVERY SCRIPT? That sounds pretty dumb to me

He did not say permanently, so I said it can temporarily, or even permanently (in some way) if he knows what he is doing.

I should have been more specific, I did mean permanently :sweat_smile:
Anyway the script that I was making completely works on the server, it just relies on Animation Events. (Which is annoying when it’s on the server, because sometimes the client loads an animation too late or the player lags while the animation is ongoing causing the timing to be off)

That’s why I was hoping to be able to find a way to put it on the client without exploiters being able to decompile my scripts. I’ve just gone with the solution of not trusting the client

Thanks for your input, I’ll definitely look into what you suggested

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.