Exploiting Explained

My game used no plugins meaning it had no backdoors nor had HTTPS Request on. No one had legitimate access to the place except me, my account is secured with a pin, and 2FA. The place also was never uncopylocked. This has been done not only once but twice from the hacker I maybe figured out who did it which was AcentrixTheYouTuber which was a known person to attack many transit groups.
I know this is impossible but I think it’s true cause Synapse has multiple developers developing the software trying to find any backdoor with the ROBLOX System to exploit. If I can I’ll try to see if I can go undercover to see how hackers actually do it.

There is absolutely no way to get server sided scripts from an exploit like Synapse. More developers is not anything special.

7 Likes

Dex Explorer is nothing new, it has been around for a long time. SaveInstance is nothing special, it can not get server sided scripts either. Buying Synapse X just to investigate or whatever is a waste of your time and money in my opinion.

2 Likes

I took a look at the place. This was not done by a local exploit, period. The scripts are not decompiled, and instead straight out copied from source. The fact that there are still comments and indentations means that it’s as Tochigi explained, one of those bullet points.

8 Likes

I’ll try to see and investigate it further cause this was very recent like 20 minutes ago.
Hopefully it turns out to be that way. At this point I don’t know if it is cause I’m getting mixed messages from other devs saying it was from synapse or something else.

2 Likes

I’m actually apart of the airline’s group and it’s actually true that the game was Decompiled by a local exploit aka Synapse. We have been trying to see if it was from the source but there no possible way it could have been done as this is not the only game this has occured to, here’s another game by the same exploiter with similar scripts that shows the game has not been leaked directly from the game’s source. NTA Map (Working WAVE buses) - Roblox
Unfortunately it is true that there has been a decompiler that is used to receive these scripts.

As for what Tochigi stated, there are no scripts that any of our developers have that has a backdoor in them as we check with out developers regularly, same thing with the second bullet point, each and every developer chosen to work with us has proven that there’s no reason for them to leak anything from either groups. We also never uncopylocked the game.

We are taking into consideration that it could have been a developer, but we aren’t the only people that have received this issue with people leaking the transit games.

This was in no way achieved by a client exploit, even though it has been stated multiple times and you for some reason refuse to understand it, server scripts are NOT replicated in any shape or form to the client.

And regarding any client scripts you have, they retain comments and proper indention alluding to the fact that your place was in fact leaked by a rouge team member, or stolen with a bad script.

7 Likes

No, this didn’t happen. I just stated that the code comments and formatting was still in place in the file, which means that the place code was in no way decompiled. It was most likely one of the things Tochigi mentioned.

The output for the scripts I saw in no way at all matched what a decompiler does.

3 Likes

It honestly makes no sense but I guess it is what it is. I’m basically out of ideas here.

Comments are not compiled when your script is turned into bytecode, meaning decompilers can not see comments. Seeing as comments are in the leaked place according to @Tochigi and @AMD_chan that means that a local exploit was NOT used. End of story.

10 Likes

Since no one is breaking the news to you, I’ll do it

your game was probably leaked from the inside ( It’s either one of your developers or someone who has/had access to the game in general )

7 Likes

Basically, exploiting should be done for awhile when the new Roblox VM comes out. Many threads were posted on hacker forums (that are strictly related to exploitation for roblox) about the new VM and how it could make exploiting extremely hard. In this case this is a good thing.

2 Likes

Not entirely true. Some of the developers who know what they are doing will update relatively fast (Not as fast as they would with the old VM) but it definitely wont be a long time. The only thing that may be patched (Not forever) is decompile due to the changes with the bytecode.

Actually, the exploit devs are already prepared for the VM to come out, since it’s already present on the client, which let’s them experiment on it. They might need to change some stuff as the VM changes, but it shouldn’t take more than a few days after the VM release for exploits to catch up.

The hard part however is going to be making a new decompiler, as they have to basically rewrite unluac to support the new bytecode format, new opcodes, etc. So exploiters won’t be able to steal your localscripts & modules for a little while.

4 Likes

Great information, thank you. This clears up a lot of stuff about Exploiting, and how it can affect your games.

The best protection from exploiters, as for me, is to make exploiting in your game as unsatisfying and uninteresting as you can.

21 Likes

Alright, so… I said a while ago that I’d try out writing an “unhackable” player movement system based on just sending player commands to the server like how FPS games do their multiplayer.

Good news, it’s totally possible :smiley:

Bad news, at the end of it I basically had to write the entire player system from scratch. But there is no way to fly or teleport with this system, or even speed hack.

So if you’re crazy enough to try it, well, at least it’s doable.

7 Likes

Hate to break it to you, but not one game has ever bypassed every single speedhack, flying, or noclip.

3 Likes

This is in fact possible, but it comes at a price of latency. If your client only sends the server inputs (i.e “hey I’m holding down W”) and your server handles the physics, yes, the problems stated are completely solved. The issue this creates is you now have to wait for the server to register these key strokes or actions, which depending on the connection could cause very noticeable input to action delays.

6 Likes

Yeah, the system I built does this correctly. There is no latency, same as moving in a first person shooter. The client and server are both running a player simulation based on inputs, and the one on the server is the only one that counts. The player never sees any input latency, but will occasionally get corrected when the two simulations disagree with each other.

5 Likes