Not gonna lie, you are kinda just stating the obvious here. Synapse is engineered in such a way that it is pretty hard to get round it. Unfortunately, there is no way to stop these exploits indefinitely. The best thing you can do is watch the players movement on the server, if you aren’t experienced in programming then I suggest taking a look at this. While it is experimental, maybe you could polish these rough edges and maybe learn something from it.
That’s so weird to me that such a high number voted against this! We need to be able to learn all we can if it is our own game on the line. Roblox does a certain amount to prevent this but we still end up having to do much more. Please do give us this information since documentation is hard to come by!
I’ve seen a lot of attitude that nothing can be done. How can that be the answer? That sets you up for 100% chance of failure. “Nothing can be done so it’s best just to let the entire platform be ruined by exploits, bots, and copies.”
Based on what the poster has said, they are not bringing anything new to the table. This one has a whole section discussing place stealing already. You can’t stop client-sided exploits because they run on the client – there will always be a way around for exploiters because they control their own device. Geometry and local source will always be up for grabs since the client needs to have a copy of it.
I applaud their attempt to share knowledge though!
I’d like to see what the poster has to say in long form because when you are starting out developing on Roblox it’s not clear how many ways your game can be messed with. There is no one saying btw, the models and plugins on the official marketplace have viruses. Then the virus scans don’t really do anything, not like a real virus scan anyway. There’s all kinds of things that end up happening, some of which makes national news or goes viral on Youtube.
We are on our own with these problems in many ways and with little documentation. Perhaps the OP has some secrets.
I still feel like doing it, I am thinking of releasing a anti exploit to the public anyway, It stops exploiting but it probably won’t last long as exploiters might get around it’s frame work.
A lot of people have made attempts to stop exploits with various client-sided ways. Most of them can be bypassed by exploiters, while the rest usually only works in isolation, not in an actual game, or tends to have false positives.
If you search around on the devforum, you can find ideas such as detecting memory changes, output messages/errors, and other similar stuff which you rather shouldn’t rely on. There are also other methods which do work, but only check for certain cases, i.e. whether a specific function acts differently than it should, which might never be the case if the exploiter knows what they’re doing.
That being said, I don’t think anything super new can be figured out. The only case of client-sided anti exploit I’ve seen to give exploiters a headache was an obfuscated WalkSpeed check script which checked the speed of the running animation, and used OnClientInvoke
as a form of a return check.
tl;dr focus on server checks for now, use devforum resources to find examples of i.e. a server-sided anti speed and learn how it works
It is absolutely possible to write a "cheat free"player controller for roblox, I’ve gotten it working a couple times now. However, only having access to raycasts and not better sweeps makes writing one as good as the original humanoid really difficult.
This means you can have a game where the movement is 100% unhackable, but they could still aimbot or esp.
As long as it is server-authorized and client-predicted, sure. However if the client has full control over their character movement and the server does not check whether the movement is correct, then just because it is different from the default avatar movement does not mean it’s automatically “cheat free”.
If it runs on the client, it can and will be exploited. Using non-default systems just makes it more tedious / harder for exploiters to do so (i.e. you’re raising the bar, not making it impossible to reach).
That is exactly what I’m doing To put it as simply as possible; I only send client input to the server, the server sends down where you ended up, and then you fast-forward the remaining input to end up back exactly where you should be. Same as every first person shooter in the last 20 years has done it
You have to do a fair bit of proper engineering to make this work, but I’ve proven out its possible. Would have been a LOT easier if I had access to a swept sphere or capsule check, because fast forwarding the player to where they should be has to happen all on a single frame once the snapshot comes down, meaning you can’t use the roblox physics engine for collision, in fact you can only really use raycasts.
Here’s a gif of it in action.
The server is sending down “confirmed” player positions at 10hz (the trailing guy)
The smooth moving player is the locally predicted player, same as most FPS’s use.
Yet another unfinished project
Is it true that Exploiters can not steal your whole game and leak it? I heard in the past some exploiters have stole friends of mines maps.
They can only steal the geometry (parts) and eventually LocalScripts & ModuleScripts. What they cannot steal is your server scripts (without which the game is useless) and also the contents of ServerStorage and ServerScriptService.
This was an amazing post. I’m starting to understand how this whole exploit thing works and it’s awesome Roblox is trying to do something about it. (I just wish more people will realize that one day)
Unfortunately there are ways to steal an entire place if you know the place number. I’ve seen it in action and doesn’t even take much to do. I’d gladly show a Roblox staffer the link but I assume they know about it.
I’m hopeful but skeptical they can stop it… at its core the entire platform is a web server so serving files is the whole point.
My other question is have they made a plug in to prevent them from even stealing your game in the first place? Will they is what I am questioning. I also seen plug in’s saying “Anti Save instance game steal plug in”. This was on roblox when I saw it I was afraid to use it because I do not my stuff stolen could someone explain?
This is very helpful and it explains alot! it’s nice to see this in here.
But regardless can a hacker make a roblox plug in that just grabs the assets from the game when the plugin is enabled by that user?
I can’t stress to people enough that you should only team-create with people you trust.
I agree with that statement because if you didn’t you have a high chance of them letting steal your game and you one even know it. Plus in my opinion I mostly do TC if it’s a long commission and I at least known them for 1 year.