Flair Anti-Exploit

flair logo2 (1)

Our Anti-Cheat system is your game’s guardian against unfair advantages and exploits. We’ve designed a strong defense to ensure a level playing field for all players. Say goodbye to hackers and cheaters ruining the fun – our Anti-Cheat is here to protect the integrity of your game.

  • :no_entry_sign: No more unfair advantages.
  • :lock: Protection against cheats and exploits.
  • :star2: Fair and competitive gaming experience for all.
  • :wrench: Constantly updated to stay ahead of emerging threats.

With our Anti-Cheat, you can focus on creating exciting gameplay, and we’ll handle the rest. Let’s keep your game fair, secure, and enjoyable for everyone!

Protectors:

  • Fly
  • Walkspeed
  • JumpHeight / JumpPower
    (More coming soon!)

Features

  • Settings
  • Tampering Protection
  • Blacklist Text

Why should we use Flair?

  • Flair is always being updated to the latest protections. Protecting your game is our #1 priority. We also include other features just in one model!

Want to see it in action?

Watch the video!

Interested in our Anti-Exploit? Feel free to take the model!
Get the Model!

19 Likes

This looks really nice! Just a question though, if you had a legitimate local script changing speed, how would you allow that through the anticheat?

7 Likes

Yeah, just thought of that aswell.

5 Likes

You can’t use InsertService when loading assets not published by yourself so this wouldn’t work for anyone other than you, this is also a client side anti-cheat which can be bypassed easily especially since it’s open source, you should consider researching and developing a server side solution instead.

8 Likes

I didn’t think that through too well- I’ll implement this ASAP.

4 Likes

Kicks are handled on the server so they can’t be bypassed. You also cannot tamper with any of the Anti-Exploit Remote Events, client scripts, etc. otherwise you’ll be kicked.

4 Likes

A quick question, how are you detecting if the scripts are being tampered with?

3 Likes

Through a client script to detect when tampered on the client.

3 Likes

But how are you actually detecting if the scripts are being tampered with? Like are you checking if it’s nil or something?

It could be unreliable.

2 Likes

Yes, I am checking if they are nil or disabled. If they are, it will kick the user.

3 Likes

That’s cool! I think the direction this is going is good; but you should also consider adding something on the server that is checking if stuff is reasonable like @Ax3nx mentioned.

And yes, I’ve seen your reply. Adding something on the server is still good though.

2 Likes

I was easily able to bypass your anti-cheat by deleting the scripts
https://gyazo.com/4b2f218ae9a9e73858a0892e50ce031d

(Don’t mind the twitching my roblox is bugged)

The issue with this is that its all local and exploiters have pretty much full control

I noticed that you only get detected when the scripts are deleted from StarterCharacterScripts, parenting the anti cheat scripts to the character is a terrible way to make an anti cheat just because with a little bit of searching any skilled exploiter can find it within minutes.

I recommend hiding the main “anti” and “detected” scripts, potentially even make more copies and checks
I unfortunately cannot give any more tips on how to improve it because I’ve never made an anti-cheat so I wish you best of luck with your project!

5 Likes

I’ll send out a fix to this. Thank you for reporting!

3 Likes

I’ve updated it so if you delete the detected script or disable it, it will kick the user.

2 Likes

The Remote tampering protection seems weak. The kick is performed on the client and could be bypassed.

if not remoteEvent then
	localPlayer:Kick("[Flair AE] Tampering detected.")
	break
end

A better solution would be for the server to expect a signal from the client every ~5 seconds. If the server doesn’t receive the signal, it suspects tampering and kicks the player.

3 Likes

I’m sorry I should’ve explained better

Now it’s true that your system detects deleting these scripts from “StarterCharacterScripts”
image
image

Though that is only because those 2 scripts are cloned into the character when you first join the game
Screenshot 2023-08-26 193137

Deleting these 2 scripts from your character completely removes the anti-cheat
image

No longer detects deletion

FULL VIDEO

3 Likes

I’ll look into it to detect if it gets deleted in the character.

1 Like

This seems incredibly weak, I wouldn’t use this.

  1. Exploiters can disable the Kick method when used on the client.
  2. They can delete the remote event and put a new one with the same name.
  3. Same thing with the scripts.
  4. They can also hang any part of that script to cause it to stop working.
  5. Or of course, they can delete both scripts within a 1 second timeframe.
3 Likes

Honestly, it’s best to do this on the server, anti-tampers aren’t likely to work most of the time.
On top of that this anti-cheat can be thwarted with a simple

local old; old = hookmetamethod(game, "__index", function(self, key)
   if key:lower() == "Kick" then
      return task.wait(math.huge)
   end
   return old(self, key)
end)

local function disconnect(signal)
   for _, connection in ipairs(getconnections(signal)) do
      connection:Disable()
   end
end

disconnect(humanoid.RootPart.ChildAdded)
disconnect(humanoid:GetPropertyChangedSignal("WalkSpeed"))
disconnect(humanoid:GetPropertyChangedSignal("JumpHeight"))
disconnect(humanoid:GetPropertyChangedSignal("JumpPower"))
disconnect(humanoid:GetPropertyChangedSignal("Health"))
disconnect(humanoid:GetPropertyChangedSignal("MaxHealth"))

dude i was thinking of just posting the same thing here LOL yeah no this is quite an easy way to do things