a really bad suggestion but could work idk, you could try editing the base animate script to detect this stuff
they’ll have a lot of trouble trying to figure that out
this isnt done on the server??
all client acts to those things(base character) are replicated to the server anyways (its the only way they can notice a change) so idk why theyre doing it on the client but thats a really bad idea
I fully support using the client, but please have some protection against simple hooks and also use the server for checks that the client doesn’t have to do for-example everything in this anti-exploit can be done fully on the server using magnitude and ray cast checks.
Also, I still don’t know why people use two scripts to check if they’re both alive; you can disable both at the same time. This is one of the worst methods that exist; try using a handshake.
A handshake is basically when the client sends a remote event to the server with an encrypted key, and the server resets a time variable for the user. If the key is incorrect or the server doesn’t receive a remote event in a valid amount of time, the script is disabled or destroyed, or the remote event was blocked/destroyed.
Flair Bypasses
local Old
Old = hookmetamethod(game, "__namecall", newcclosure(function(self, ...)
if getnamecallmethod() == "FireServer" and type(self) == "Instance" and self.Name == "PropertyChangedEvent" then
return
end
return Old(self, ...)
end))
local function DisconnectSignal(Signal) --> Lazy Function
for Index, Connection in next, getconnections(Signal) do
Connection:Disable()
end
end
DisconnectSignal(HumanoidRootPart.ChildAdded)
DisconnectSignal(Humanoid:GetPropertyChangedSignal("Health"))
DisconnectSignal(Humanoid:GetPropertyChangedSignal("MaxHealth"))
DisconnectSignal(Humanoid:GetPropertyChangedSignal("WalkSpeed"))
DisconnectSignal(Humanoid:GetPropertyChangedSignal("JumpPower"))
Give these a read:
PS: Also, if a user joins after the game has already loaded, the blacklisted words check will not work for him.
5 Likes
I’ve patched those bypasses just now.
It isn’t done on the server, it’s just listening for property changes on that client, in fact this can even harm innocent players or cause a hassle to the customer who used this asset (because this hinders the server from freely changing the walkspeed, jump power and such or client-sided actions like sprinting, highjumps, etc)
The code piece
local isAllowed = remoteFunction:InvokeServer("JumpPower")
and alike can easily be hooked to always return true
local old; old = hookmetamethod(game, "__namecall", function(self, ...)
if getnamecallmethod() == "InvokeServer" and self.Name == "CheckAntiCheat" then
return false -- because the code expects isAllowed to be true to fire the kicking part
-- return false instead
end
return old(self, ...)
end)
And then just doing
workspace["Flair AE"]:Destroy()
is enough to break your anti-tampers; and again, this code is enough to thwart 90% of your anti-cheat
local function disconnect(signal)
for _, connection in ipairs(getconnections(signal)) do
connection:Disable()
end
end
disconnect(humanoid.RootPart.ChildAdded)
disconnect(humanoid:GetPropertyChangedSignal("WalkSpeed"))
disconnect(humanoid:GetPropertyChangedSignal("JumpHeight"))
disconnect(humanoid:GetPropertyChangedSignal("JumpPower"))
disconnect(humanoid:GetPropertyChangedSignal("Health"))
disconnect(humanoid:GetPropertyChangedSignal("MaxHealth"))
well you dont need specific property changes for the client because since the entire character is replicated using network service, the humanoid is included… right?
try adding TOTPs for client server communication
makes it really, really, REALLY hard to fake
Changing the properties of a humanoid in the client won’t replicate to the server.
ohhhhhhhhhhh
tysm for clarifying