Exploiting scripts are able to parent to RobloxReplicatedStorage

gravitycoil828 · February 7, 2025, 10:08am

Currently, on Roblox exploiting executors such as Xeno, they parent to “RobloxReplicatedStorage”, a part of the client, to store their exploits. For example:

I thought this would’ve been patched a part of Byfron, or something.

I’m not adding system information, because this is a client issue.

What happens:
Script successfully parents to RobloxReplicatedStorage, despite it being locked

Expected behavior

What is expected to happen:
The client denies access, no matter what

A private message is associated with this bug report

bvetterdays · February 7, 2025, 10:34am

This is a known issue and isn’t a bug per se. Roblox is addressing this by continuously updating Byfron to counter new bypasses. This report won’t achieve much.

AMisspelledUsernaem · February 7, 2025, 11:30am

This is because exploits use a higher level/identity. Each script has it’s own identity with it’s own permissions and exploits usually have level 7 or 8 which is RobloxScript or CoreScript and for that reason they’re able to access things that a regular script can’t, such as RobloxReplicatedStorage or CoreGui.

Meanwhile, you can possibly detect exploiters that use xeno by using LogService and finding “RobloxReplicatedStorage.Xeno” in an error output message

system · February 21, 2025, 11:30am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.