Exploiting Explained


Only local stuff, and not perfectly. This is an issue every major game has.

This is exactly what this post was aiming to stop because it’d take more time than it’s worth. :sob:


For me what is interesting is if you have set your game up “correctly” there is only a few things a hacker can do right now:

  1. Run any localscript they want, at all
  2. Access any code you put in a localscript
  3. Move the player however they want
  4. Edit the local view of the world however they want (add remove parts)

Which leaves two lists of consequences - stuff that doesnt matter and stuff that does:

Trigger any client to server events with any data they want (meh)
Steal any art you make (also meh)



Its possible to build games in roblox that are still vaguely fair despite this list but its hard work.

What I would love to see is an alternative predicted player mover, like the ones used in most popular first person shooters. Eg Player position/motion is no longer trusted and is reconstructed from inputs on the server. You would lose a lot of neat free physics interactions but for some games I think itd be worth it. You wind up with the following list:


Which is a big improvement without requiring an anticheat and would make obbys and platformers basically cheat free.

I wonder if I could tinker up a prototype…


Limited ESP fix = remove humanoids from character models aka make custom characters without humanoids, fixed that pesky esp hack going around perfectly.


I agree with you @wravager However theres more than just ESP but yea. Thanks!


This would only be effective for about the first hour it’s used. Humanoid don’t have anything that makes them specifically vulnerable to ESPs, and your custom system will be too.

Actually, I like this idea. If it were something you could toggle for a game and such so that games that don’t need super player controlled physics could benefit from server position and nullify those kinds of exploits then it would be a great improvement. Of course, it comes with its own flaws, but I can see it being very helpful for a large assortment of current games.


The copy and paste dll esp uses humanoids, they would need to write their own esp for custom character systems. I specifically wrote “limited ESP fix” because I knew you would reply with something along the lines of “it wont work blah blah blah”.


It won’t work because the majority of ESPs are done from within the Lua end. This is seriously not a solution. There isn’t one “copy paste” ESP. And a “limited” fix will at most stop it for about an hour before they figure out how your custom humanoids work.

I’m not sure what dlls have to do with this when the Lua end is usually used for this kind of stuff.


I’m talking about the most popular dll exploits for esp. They only show objects with a humanoid in the model for the esp.


And because these more powerful anti-cheat systems require a signed kernelmode driver, they would still leave iOS and Android just as vulnerable as they are now (and probably the Windows 10 App too, depending on the Store guidelines).

Also, what is ESP referring to in this thread?


Wallhacks, huds with extra information the player should not see Eg no fog of war in a rts

Extra sensory perception


This is an old bump but I noticed a few posts in dev support/discussion asking about game security. Figured this might be relevant for some people to read.


Funny enough I feel like the reason we don’t see as many hackers on games as you’d expect with battle eye is because being that it is quite good, people are afraid of getting IP banned since they don’t want to go through the hassle and money to install a VPN to bypass it. On Roblox there’s virtually no consequence for exploiting you can enforce, unless they bought things in the game. (Since we can’t IP ban, and probably for good reason)


That’s why I don’t bother banning people unless they challenged me and they had a datastore I know they’d hate to get banned. All it does is annoy them and make them anonymous again. I just log their attempts in their datastore and leave them be/kick them if necessary.


This is all very upsetting. My project for the past year+ has been Lua Learning, and recently it went Front Page overnight.

The next day, I found people sharing copies of my work. This is not okay.


split this topic #56

A post was merged into an existing topic: Off-topic and bump posts