Give regular scripts permissions to read Core GUI

marcus760 · June 30, 2018, 12:52am

Exploiters can insert their cringey GUI’s and hide them by parenting the GUI to game.CoreGui.

I tried to bypass this with the following

game.CoreGui.ChildAdded:connect(function(gui)
	print(gui.Name)
end)

I did the print to make sure I am not removing anything thats essential to the Roblox core GUI.
Turns out I cant even edit this and got the following error

20:46:09.477 - The current identity (2) cannot Class security check (lacking permission 1)

Therefore I cant stop these losers from inserting GUI’s into my game which allows them to teleport around (without the use of remote functions).

Either stop exploiters from entering GUI’s into game.CoreGUI or give us permission so I can stop certain GUI’s from entering that.

(PS I already have security that checks for foreign GUI’s being entered into the PlayerGui)

Mikastrae · June 30, 2018, 12:58am

They technically don’t need a GUI to teleport around the map because the MoveTo function replicates. The GUI is to just make the teleporting around easier. Even if you could access the CoreGui, you wouldn’t stop the teleporting. Instead of focusing on a way to detect foreign GUIs to “prevent” teleportation, try focusing on fixing the issue (anti-teleport detection).

marcus760 · June 30, 2018, 12:59am

So how would you detect if players are teleporting across the map? Do you have a specific method or a wiki thread I could use as reference?

Mikastrae · June 30, 2018, 1:01am

Let’s say that a player is able to walk 30 studs every second. That means that they logically shouldn’t be moving more than 30 studs every second. Thus, for teleport detection, just constantly look for sudden changes in one’s position that’s very large.

marcus760 · June 30, 2018, 1:03am

Thank you man I really appreciate that!

Kampfkarren · June 30, 2018, 1:03am

Remember to also factor in ping, physics, etc.

Extuls · June 30, 2018, 1:58am

It seems like a pointless reason to have access to core GUI. Rather than risking (unlikely) security holes to give developers a weak way of preventing exploits, it’s better for Roblox to focus their efforts elsewhere.

I will always stand by the idea that you should have client-side exploit prevention, though you should never rely on it. I could go into more detail, but I would just be repeating the same thing you probably hear at least weekly, and this is also a public thread.

In the end a change like this isn’t really necessary and doesn’t provide any protection for developers’ games.

ConvexHero · June 30, 2018, 3:44am

This is possibly something we can look into. An issue is if this would allow a place to detect which users report the game. That would allow a game owner (or free-model maker…) to retaliate against users who report games to moderation.

–edit: also, any anti-cheat based on corescripts might be fragile. There can be several versions of corescripts out at any time and they also change at times you don’t control without any warning.