Exploiting Explained

Only local stuff, and not perfectly. This is an issue every major game has.

This is exactly what this post was aiming to stop because it’d take more time than it’s worth. :sob:

14 Likes

For me what is interesting is if you have set your game up “correctly” there is only a few things a hacker can do right now:

  1. Run any localscript they want, at all
  2. Access any code you put in a localscript
  3. Move the player however they want
  4. Edit the local view of the world however they want (add remove parts)

Which leaves two lists of consequences - stuff that doesnt matter and stuff that does:

Trigger any client to server events with any data they want (meh)
Steal any art you make (also meh)

And

Aimbot
Fly
Speed-cheat
Esp

Its possible to build games in roblox that are still vaguely fair despite this list but its hard work.

What I would love to see is an alternative predicted player mover, like the ones used in most popular first person shooters. Eg Player position/motion is no longer trusted and is reconstructed from inputs on the server. You would lose a lot of neat free physics interactions but for some games I think itd be worth it. You wind up with the following list:

Aimbot
Esp

Which is a big improvement without requiring an anticheat and would make obbys and platformers basically cheat free.

I wonder if I could tinker up a prototype…

13 Likes

Limited ESP fix = remove humanoids from character models aka make custom characters without humanoids, fixed that pesky esp hack going around perfectly.

7 Likes

I agree with you @wravager However theres more than just ESP but yea. Thanks!

7 Likes

This would only be effective for about the first hour it’s used. Humanoid don’t have anything that makes them specifically vulnerable to ESPs, and your custom system will be too.

Actually, I like this idea. If it were something you could toggle for a game and such so that games that don’t need super player controlled physics could benefit from server position and nullify those kinds of exploits then it would be a great improvement. Of course, it comes with its own flaws, but I can see it being very helpful for a large assortment of current games.

9 Likes

The copy and paste dll esp uses humanoids, they would need to write their own esp for custom character systems. I specifically wrote “limited ESP fix” because I knew you would reply with something along the lines of “it wont work blah blah blah”.

6 Likes

It won’t work because the majority of ESPs are done from within the Lua end. This is seriously not a solution. There isn’t one “copy paste” ESP. And a “limited” fix will at most stop it for about an hour before they figure out how your custom humanoids work.

I’m not sure what dlls have to do with this when the Lua end is usually used for this kind of stuff.

6 Likes

I’m talking about the most popular dll exploits for esp. They only show objects with a humanoid in the model for the esp.

3 Likes

And because these more powerful anti-cheat systems require a signed kernelmode driver, they would still leave iOS and Android just as vulnerable as they are now (and probably the Windows 10 App too, depending on the Store guidelines).

Also, what is ESP referring to in this thread?

5 Likes

Wallhacks, huds with extra information the player should not see Eg no fog of war in a rts

Extra sensory perception

7 Likes

This is an old bump but I noticed a few posts in dev support/discussion asking about game security. Figured this might be relevant for some people to read.

3 Likes

Funny enough I feel like the reason we don’t see as many hackers on games as you’d expect with battle eye is because being that it is quite good, people are afraid of getting IP banned since they don’t want to go through the hassle and money to install a VPN to bypass it. On Roblox there’s virtually no consequence for exploiting you can enforce, unless they bought things in the game. (Since we can’t IP ban, and probably for good reason)

12 Likes

That’s why I don’t bother banning people unless they challenged me and they had a datastore I know they’d hate to get banned. All it does is annoy them and make them anonymous again. I just log their attempts in their datastore and leave them be/kick them if necessary.

9 Likes

This is all very upsetting. My project for the past year+ has been Lua Learning, and recently it went Front Page overnight.

The next day, I found people sharing copies of my work. This is not okay.

image

53 Likes

A post was merged into an existing topic: Off-topic and bump posts

1 Like

I think this is a actually helpful post, with the amount of developers now days people misunderstand what is exploiting and assume ROBLOX doesn’t do anything about it, I think one thing to note however is the fact of the ease of gaining these making it so hard to counter, none the less this is extremely helpful for developers who have no knowledge or experience in countering or identifying exploiters.

3 Likes

This is really helpful. I have a friend that exploits every time they’re on my game. He doesn’t have admin but he’s often seen noclipping. I know it’s all in good fun but I don’t know how to turn it off.

1 Like

You’d have to make an anti-noclip script to stop noclippers (or just ban your friend from the game since he’s exploiting??).

5 Likes

Well I wouldn’t want to ban him, he doesn’t act like he’s doing any harm and when I tell him not to he stops for a bit. We’d both be upset if I banned him. Plus I’m using Adonis and there’s anti-noclip scripts in place.

1 Like

I am not sure if Adonis’ anti-exploit is working but from what you say it definetly doesn’t.
I suggest making raycast and / or Humanoid.StateChanged checks on server.

and there’s anti-noclip scripts in place.

Does that mean there are free models in the place? If so, I suggest making your own checks (if you don’t know, you could learn from tutorials or free models), but make sure it’s on server. Doing it on client will just let the exploiter bypass it.

1 Like