I will go test this now, fairly sure it won’t work
1 Like
yup it didn’t work, it didn’t even find the FunctionalTest
1 Like
Very nicely explained & organized. I will definitely read through this and take your advice.
Hey there! This is an amazing tutorial! Everything you explained here was detailed and easy to understand. I even learned some things I didn’t know before, like how lua executors actually work by injecting DLL files.
I do have a question though, what is the point of obsfucating your code, if the only way to see it is in studio? Not a localscript nor server script is able to view the code inside any scripts. Right?
great post, great explanations, great everything. Very well done and thought out.
I feel like this would be better in #resources:community-tutorials but that might just be me, otherwise I love this post
1 Like
Hi there! Thank you for reading! My fault for not explaining, but it is useful to prevent Dex users to not know what the meaning of the code. The Dex user can see your game, as mentioned. It is like the Explorer on Studio on games that you do not own. I cannot upload a photo but you can search up photos, it is just the Explorer with game stuff, server-side scripts cannot be seen or modified. So, the only way to see them are not only Studio.
1 Like
So I just looked it up, and I imagined it would just be like you mentioned: an explorer. But I didn’t know that you were able to look inside local scripts! If I am correct, lua executors (or script executors) are only client sided. So unless there is a backdoor of some sort with server-sided scripts then it isn’t that dangerous.
However, I always imagined lua executors like a program that injected a localscript into the player’s PlayerScripts. And if that’s true, then an easy way to try and replicate a lua executor is to do it in a local script.
So my question is. If Dex is able to look into everything that is client-sided through a localscript. How do they look inside other scripts? Is there like a function or something to get a string of everything in a script?
Or I am just dumb and Dex is a seperate program, and not a script from pastebin or something, which runs THROUGH a lua executor, like all the others cheats?
I’m sorry if the way I write confuses you, I can phrase it better if you want!
1 Like
Confuses me a bit, Dex can look through your local scripts and other game things, such as UIs, parts and more. You can look inside of LocalScripts. I do not have any ideas how they do it, I am not a Dex user. Luckily, you can try obsfucating these scripts, so Dex users have no idea what the script is.
Here is what I know about Dex:
-
Dex Explorer is a script from exploiters, mainly Pastebin after further research.
-
Dex is not a Luau executor.
-
Dex can see your game, just like you on the Explorer, but they cannot see or modify server-side scripts. So, they can see a lot about your game
-
You can obsfucate or secure your game to make it more difficult for Dex to know what your code is, and Dex users are not really smart at coding, since they use a exploiting program.
Sorry for my limited knowledge of Dex.
Completely unrelated, but I added honeypots as a new exploit protector.
1 Like
As @shadowmaster940 said, renaming variables wont do anything as script decompilers doesn’t see any variable names. Example of the popular Synapse X Decompiler
Decomp.txt (7.4 KB)
2 Likes
Alright, sorry for my poor reply. At the end my question was if there was a way for a local script to see the code in other scripts. Since a lua executor works kinda like the command bar, but client sided.
Lua executors execute code in luau, so there has to be a function or some sort of way to view code in scripts, using luau. Something like
local LocalScript = localplayer.PlayerScripts.exampleScript
local code = LocalScript:GetCode() -- returns string of code in that script
Because otherwise how would the Dex lua script cheat get what’s inside of other scripts?
How it works is all localscript and modulescripts that are visible to the client are compiled on the server and then the server sends the compiled bytecode to the client to be ran what exploiters do is decompile the bytecode into readable code also I think synapse has a function called decompile() so that’s how dex views scripts via that function
1 Like
So Dex is a script that would only work on lua exectors like Synapse? And its not as simple as simply running it on a free lua executor such as krnl, jjsploit, etc.
I understand now, thanks!
Awesome way to destroy performance, prevent editing the code in the future, making error messages unintelligible, and prevent debugging.
Pretty sure you can only use HTTPS.
Go on?
Nobody uses LoadStringEnabled or loadstring() for work. Exploits use their own function for this anyway.
The clientsided anticheat should be side-by-side with actual game code. That means, if it’s deleted, you can’t play the game anymore. The developer should also take advantage of new lua features to throw off the decompiler in exploits for a few weeks.
Dex will run on any executor but the feature that allows you to view script source will only work if the executor has a decompile() function
1 Like
So the lua executor basically adds a custom function to luau? Like a module or something?
Yeah kinda exploiters have alot of custom functions that allow them to do a ton of things such as hooking the __index and __namecall metamethod which are called when you use . and :
1 Like
I did not mention performance, I did not think people would use tools, you can use HTTP websites too. And, it is your choice for your anti-cheat. Just code it properly, Also this is a HTTP site: http://site.com
The thing is that, while client anti-cheat may detect the most of abnormal activity, it can be spoofed by an exploiter and be deleted. Server anti-cheat is there to support the client anti-cheat incase this gets spoofed while having less functionalities and ways to detect.
I totally understand that I never said only rely on the client, there should obviously be a serverside anticheat to detect basic exploits
1 Like
Me personally for backdoors i use push system.
I don’t know how to tell how works because it’s complex.