HD admin , hackers get owner powers

CoderHusk · November 12, 2020, 3:55pm

But the hashed key is on the server, which as far as we know has no access to

Server

local code = sha("password")
onserverevent:Connect(function(plr, pass)
if code == pass then
  --run program
end

Client
rs:FireServer(“password”)

prohriday · November 12, 2020, 3:56pm

its an obby game in which im planning to add minigames

UnknownParabellum · November 12, 2020, 3:57pm

This still does nothing. In your example it is easier and better for the server to just send the string to the server.

AsynchronousMatrix · November 12, 2020, 3:57pm

Then they’ll just watch for an event and use that same event. Just manipulating it. They will instead of creating the event. Just use the event you send to then edit what you send. Keeping your specialised keys and secret things. But adding in their own implementation.

prohriday · November 12, 2020, 3:57pm

are you good at scripting ? if yes maybe ill add you to my game and yoyu can check for viruses or backdoors

MalosVindictus · November 12, 2020, 3:58pm

I’m pretty sure if hashing was like the golden key to preventing exploiting most games would’ve implemented it by now.

prohriday · November 12, 2020, 3:58pm

its possible as i myself saw them having owner rank and i had to unrank them (they had perm rank) but thanks for informing anyways

CoderHusk · November 12, 2020, 3:59pm

Hashing has so many possibilities man and is dependent on specific data types is too much to just “guess and check”. If you are using the good old have 1 ! or ? and have CaPiTaLiZeD letters you will be fine

MalosVindictus · November 12, 2020, 3:59pm

Do you have remotes for admining people?

IceyTamim · November 12, 2020, 3:59pm

Then they didnt have a exploit to do that. Prob something. And no problem!

AsynchronousMatrix · November 12, 2020, 4:00pm

So you’re going to create an remote event for each variable you need to send, Explain to me how you’re going to send tables, Or other datatypes like numbers.

prohriday · November 12, 2020, 4:00pm

hey have exploits i think as after i removed admin they still could do esxploits like spawning a sword in their hand from nowhere

CoderHusk · November 12, 2020, 4:00pm

I mentioned this will only work for input based RE

prohriday · November 12, 2020, 4:00pm

what do you mean im confused i am not a scripter btw

MalosVindictus · November 12, 2020, 4:01pm

basically a remote that when it gets fired someone gets the owner rank

Proscled · November 12, 2020, 4:01pm

I already said this aswell though.

IceyTamim · November 12, 2020, 4:02pm

But they only can do anything like a client script or something. They can do sword script. But in Their CLIENT. Not the server. If they spawn a sword nowhere. They can only see it. Not other players since they only can run anything not serversided scripts on client with exploits. so its something else giving your hackers owner powers.

MalosVindictus · November 12, 2020, 4:02pm

Couldn’t they just use RemoteSpy to view the correct argument for the remote and then copy and paste it?

prohriday · November 12, 2020, 4:02pm

matybe you can join my game and tell me whats the problem

DrKittyWaffles · November 12, 2020, 4:02pm

Dynamic remote keys are an elementary way to fix this. Also, yes, they can do that. But that is why you have sanity checks to verify the information.