Fix My Anti Cheat Script

noob913245ALTS · March 19, 2025, 7:20pm

Fix My Anti Cheat localscript Testing

-- UTILS
local function toZeroBase(tbl)
	local newTbl = {}
	for i, v in ipairs(tbl) do
		newTbl[i - 1] = v
	end
	return newTbl
end

local function toOneBase(tbl)
	local newTbl = {}
	for i, v in pairs(tbl) do
		newTbl[i + 1] = v
	end
	return newTbl
end

local function overflow(n)
	local max_uint32 = 4294967295
	return ((n % (max_uint32 + 1)) + (max_uint32 + 1)) % (max_uint32 + 1)
end

-- XXTEA IMPLEMENTATION
local DELTA = 0x9E3779B9

local function xxtea_mx(sum, y, z, p, e, k)
	local p1 = bit32.bxor(bit32.rshift(z, 5), bit32.lshift(y, 2))
	local p2 = bit32.bxor(bit32.rshift(y, 3), bit32.lshift(z, 4))
	local p3 = bit32.bxor(sum, y)
	local p4 = bit32.bxor(k[bit32.bxor(bit32.band(p, 3), e)], z)

	return bit32.bxor(p1 + p2, p3 + p4)
end

-- V: array of numbers - what you want to encrypt
-- K: array of numbers - encryption key
function xxtea_encrypt(v, k)
	local v = toZeroBase(v)
	local k = toZeroBase(k)

	if #k < 2 then
		return v
	end

	local n = #v

	if n < 1 then
		return v
	end

	local z = v[n]
	local y = 0
	local sum = 0
	local e = 0
	local p = 0
	local q = 6 + math.floor(52 / (n + 1))

	local run = 0
	while true do
		if not (q > 0) then break end
		q -= 1
		run+=1

		sum = overflow(sum + DELTA)
		e = bit32.band(bit32.rshift(sum, 2), 3)
		for i = 0, n - 1 do
			p = i
			y = v[p + 1]
			v[p] = overflow(v[p] + xxtea_mx(sum, y, z, p, e, k))
			z = v[p]
		end
		p += 1
		y = v[0]
		v[n] = overflow(v[n] + xxtea_mx(sum, y, z, p, e, k))
		z = v[n]
	end

	return toOneBase(v)
end

-- V: arary of numbers - what you want to decrypt
-- K: array of numbers - encryption key
function xxtea_decrypt(v, k)
	local v = toZeroBase(v)
	local k = toZeroBase(k)

	if #k < 2 then
		return v
	end

	local n = #v
	local z = 0
	local y = v[0]
	local sum = 0
	local e = 0
	local p = 0
	local q = 6 + math.floor(52 / (n + 1))
	sum = overflow(math.floor(q * DELTA))
	while sum ~= 0 do
		e = bit32.band(bit32.rshift(sum, 2), 3)
		for i = n, 1, -1 do
			p = i
			z = v[p - 1]
			v[p] = overflow(v[p] - xxtea_mx(sum, y, z, p, e, k))
			y = v[p]
		end

		p-=1
		z = v[n]
		v[0] = overflow(v[0] - xxtea_mx(sum, y, z, p, e, k))
		y = v[0]
		sum = overflow(sum - DELTA)
	end
	return toOneBase(v)
end

-- Helper
function string_to_bytes(str)
	local byte_table = {}
	for i = 1, #str do
		byte_table[i] = string.byte(str, i)
	end
	return byte_table
end

function bytes_to_string(byte_table)
	return string.char(table.unpack(byte_table))
end

print("Loading Anti Cheat v1.0")

if not game:IsLoaded() then
	game.Loaded:Wait()
end

local data = game.ReplicatedStorage.GetScript:InvokeServer()
local KeyString
game.ReplicatedStorage.Script:GetPropertyChangedSignal("Value"):Connect(function()
	print("Getting key")
	KeyString = game.ReplicatedStorage.Script.Value
	local decrypt_data = xxtea_decrypt(bytes_to_string(data), KeyString)
	print(decrypt_data)
end)
``` Im using xxtea luau, i downloaded In https://github.com/GuilhermeBrazilianSamurai/xxtea-luau, localscript didnt print In "print("Getting key")"

lunarrest · March 19, 2025, 7:56pm

im going to assume this is a joke post because I’m not even sure what is going on here what is the point in decryption and encrypting?
On the off chance it isn’t a joke.

Your doing all this fancy stuff.
Anticheat implies your going to block basic things such a client ownership, flying, noclip, cheating etc.

May I ask what this is for?
If this is to just conceal a value there’s no point, people will just decompile your localscript just to find out the value if there bored enough.

TheRealANDRO · March 19, 2025, 8:09pm

There’s no description of the bug and the intended behavior, do not make a post on the forum like people are here to give you a free solution to your problems.

GE_0E · March 19, 2025, 8:14pm

client anti cheat can be bypassed by exploiters

idk what that script is doing but ig it’s an obfuscated local script to detect exploiters which again can be Un obfuscated by an exploiter

deIuxor · March 19, 2025, 8:15pm

Ever considered using a server sided script to prevent cheating? Local scripts are not anti cheat… more like “let’s entice experienced cheaters to bypass my local script that I wasted hours of my life to create”

RuinedSanctuary · March 19, 2025, 10:15pm

Thanks, that’s the most obvious thing when making a client anti cheat. Guess what?
I still make client anticheats. Just in ways that would take an exploiter more time to find a way to get around it, or not actually get around it at all.

GE_0E · March 19, 2025, 10:19pm

the thing is that all it takes is 1 exploiter to get around the Anti cheat and then he will publish the exploit for anyone else to use

RuinedSanctuary · March 19, 2025, 10:21pm

No, even the similiest of anticheats can take around 100 exploiters until one goes, “Oh hey, let’s have some fun and open dex to find this anticheat”

Besides, mine is still harder to actually bypass. Though it only checks for very basic stuff that most exploiters would do without expierence.

GE_0E · March 19, 2025, 10:24pm

that is actually fun for some people, there are people who like to understand how an obfuscated code works and then try to find ways to combat it

and i did the same to free models’ backdoor scripts (which took a long time)

ZodiacSignsDxntExist · March 19, 2025, 10:24pm

tenor

RuinedSanctuary · March 19, 2025, 10:25pm

I mean this OP’s code is obs but mine isn’t, so it’s pretty clear how it works. Though I don’t think an exploiter can fire a destroyed remote? What I should be afraid of is an exploiter getting variable values from a localscript. I mean like how it shows var_1 if the exploiter can get that value, then my anticheat would be bypassed.

noob913245ALTS · March 19, 2025, 10:41pm

im sending my server script, GetPropertyChangedSignal didnt work

-- UTILS
local function toZeroBase(tbl)
	local newTbl = {}
	for i, v in ipairs(tbl) do
		newTbl[i - 1] = v
	end
	return newTbl
end

local function toOneBase(tbl)
	local newTbl = {}
	for i, v in pairs(tbl) do
		newTbl[i + 1] = v
	end
	return newTbl
end

local function overflow(n)
	local max_uint32 = 4294967295
	return ((n % (max_uint32 + 1)) + (max_uint32 + 1)) % (max_uint32 + 1)
end

-- XXTEA IMPLEMENTATION
local DELTA = 0x9E3779B9

local function xxtea_mx(sum, y, z, p, e, k)
	local p1 = bit32.bxor(bit32.rshift(z, 5), bit32.lshift(y, 2))
	local p2 = bit32.bxor(bit32.rshift(y, 3), bit32.lshift(z, 4))
	local p3 = bit32.bxor(sum, y)
	local p4 = bit32.bxor(k[bit32.bxor(bit32.band(p, 3), e)], z)

	return bit32.bxor(p1 + p2, p3 + p4)
end

-- V: array of numbers - what you want to encrypt
-- K: array of numbers - encryption key
function xxtea_encrypt(v, k)
	local v = toZeroBase(v)
	local k = toZeroBase(k)

	if #k < 2 then
		return v
	end

	local n = #v

	if n < 1 then
		return v
	end

	local z = v[n]
	local y = 0
	local sum = 0
	local e = 0
	local p = 0
	local q = 6 + math.floor(52 / (n + 1))

	local run = 0
	while true do
		if not (q > 0) then break end
		q -= 1
		run+=1

		sum = overflow(sum + DELTA)
		e = bit32.band(bit32.rshift(sum, 2), 3)
		for i = 0, n - 1 do
			p = i
			y = v[p + 1]
			v[p] = overflow(v[p] + xxtea_mx(sum, y, z, p, e, k))
			z = v[p]
		end
		p += 1
		y = v[0]
		v[n] = overflow(v[n] + xxtea_mx(sum, y, z, p, e, k))
		z = v[n]
	end

	return toOneBase(v)
end

-- V: arary of numbers - what you want to decrypt
-- K: array of numbers - encryption key
function xxtea_decrypt(v, k)
	local v = toZeroBase(v)
	local k = toZeroBase(k)

	if #k < 2 then
		return v
	end

	local n = #v
	local z = 0
	local y = v[0]
	local sum = 0
	local e = 0
	local p = 0
	local q = 6 + math.floor(52 / (n + 1))
	sum = overflow(math.floor(q * DELTA))
	while sum ~= 0 do
		e = bit32.band(bit32.rshift(sum, 2), 3)
		for i = n, 1, -1 do
			p = i
			z = v[p - 1]
			v[p] = overflow(v[p] - xxtea_mx(sum, y, z, p, e, k))
			y = v[p]
		end

		p-=1
		z = v[n]
		v[0] = overflow(v[0] - xxtea_mx(sum, y, z, p, e, k))
		y = v[0]
		sum = overflow(sum - DELTA)
	end
	return toOneBase(v)
end

-- Helper
function string_to_bytes(str)
	local byte_table = {}
	for i = 1, #str do
		byte_table[i] = string.byte(str, i)
	end
	return byte_table
end

function bytes_to_string(byte_table)
	return string.char(table.unpack(byte_table))
end

local Character = "TEST"

local text = "Encode"
local key = string_to_bytes(Character)

local encrypt_data = xxtea_encrypt(string_to_bytes(text), key)

game.ReplicatedStorage.GetScript.OnServerInvoke = function()
	game.ReplicatedStorage.Script.Value = Character
	return encrypt_data
end

noob913245ALTS · March 19, 2025, 10:46pm

deIuxor · March 22, 2025, 5:36am

They sure can lol exploiters can get nil instances unless it was destroyed on the server side.

You just disproved your own point about client anti cheats.

Logic: Worries about exploiters exploiting nil instances, Worries about exploiters exploiting variable values, yet simultaneously wastes their own time and energy on client anti cheats and teaches people to also waste time on it.

Solution: Stop using client anti cheats and start using server scripts

Qwerty927Jr5 · March 22, 2025, 5:44am

It’s best for both client and server anti

RuinedSanctuary · March 22, 2025, 5:52am

Yes, I know I did. I know client anti cheats can be unreliable but I still make them because I am a programmer on Roblox and sometimes I just have freetime, so I just spend that freetime working on any feature I want.

That’s good to know, and gives me more ideas on how to prevent more exploiting too, especially knowing they can’t view destroyed server objects.

Having a client anti cheat prevents a lot more exploiters than you think, even if basic, but I will work more on the server. I already do checks on the server to see if the player is doing an action too fast and if so they get kicked. No idea why you added a skull at the end acting as if some random kid that just downloaded an executor is suddenly going to know how to code on Roblox along with knowing everything about exploiting. Doesn’t work like that unless that kid literally used to program on Roblox, a lot more exploiters are prevented with some of the simplest anti cheats. Literally there have been exploiters on main accounts that fell for “free money” remotes so I’m pretty sure that a simple client anticheat can catch most.

I don’t care if an exploiter “deletes” or bypasses my client anti cheat. I made the anti cheat because I have nothing to do, and I know it prevents inexperienced exploiters.

Elemental_155789 · March 24, 2025, 5:55am

I am also trying to do a powerful anticheat like yours BUT it doesnt work can you help me?

game.Players.PlayerAdded = function(PlayerInfo)
       if PlayerInfo.Ip == 0.0.0.0 then
              warn("Exploit detection v1")
       end
end

if game.Players.LocalPlayer.getgenv then
       warn("Env detection v1")
end

game.CoreGui.ChildAdded.Connect = function(c)
       if not c:Verified() then
              warn("CoreGui Detection")
       end
end

Madonox · March 25, 2025, 12:31am

Alright, I see what you’re trying to accomplish here, and I’m sorry to say but it won’t really stop exploiters at all.

Encrypting your network traffic is great on a cybersecurity level (being connected to public wifi), but not all that great when the client can self-modify those values.

Exploiters can just hook your functions, and decode the outbound packet, modify it’s contents, and then re-encode it, rendering your anticheat setup useless. If you’re looking to develop a better anticheat, then consider making your server more secure. If you really want a client based anticheat, consider looking into memory integrity checks (hooking the garbage collector is a great way to do this), as well as monitoring for any suspicious activity (unauthorized instance creation, etc).

bro_proxiomFun · March 25, 2025, 1:08pm

Client-side anti-cheats should go to hell, because they don’t make sense.