Oh i didnt read your messages. I had to reply without reading these of messages accidentally.
Then they would just find out the method to getting the dynamic keys, itâs better to just do sanity checks.
Hashing shouldnât be necessary if you have good sanity checks.
If you have time to put in the effort to design an anti exploit system on the client, then do it. It still detours many exploiters, primarily those who are not experienced enough to reverse what youâve done.
Of course it will always be exploitable though, as, you canât protect the client from itself.
I think we canât see the problem when we join the game.
No because once one finds out how to reverse it they tend to spread it. Skids exist
Yeah we cant if hackers are not here.
ill try finding a scripter who can help me with that
Recently I made my own admin commands. You can use them if you want: JAdmin Commands - Roblox. You can also find the Module that my admin uses, so you can know that it doesnât have any viruses. It has also a global ban function that allows you to ban a player thatâs not on the server that you are. The commands will also kick him if they find that player on one of the game servers. My admin doesnât use HTTP Service now, but it should have access to Data Store Service- it saves bans.
Join the game and open dev console. Go to the scripts tab and look for anything you donât think you created.
Also, if you have HTTP service enabled, look at the network tab. If you see âweirdâ network activity like HTTP requests to domains like discord, builderman.xyz, etc. that you are not making then your game probably has a backdoor in it.
You might be able to find these malicious models by pressing ctrl + alt + f in studio and searching for getfenv or require. Youâre likely to unuse getfenv and lots of malicious models use it to obscure what theyâre doing.
2 Likes
If they cant still remove backdoor then they have to do this. A backdoor disguised as a "fast load" place - #9 by BankrollHero
1 Like
Why donât people make exploits for their own game and sell them lol. Itâd be the ultimate pro gamer move.
Then when you feel like it, âpatch outâ the exploits and come up with ânew onesâ.
But yeah you should check httpservice
1 Like
lol thats a good idea but itll ruin the game for players who cant buy those exploits
When you said hackers even had exploits after you removed HD admin, do you mean they were still able to ban players? Or just exploits in general?
Either being caused by an insecure remote or a serverside backdoor. (would probably be the latter)
Backdoors are caused by infected free models or plugins.
(Donât freak out, removal is as easy as 1, 2, 3!)
Go through your plugins, and see if one is not created by a trusted source.
(With the BTRoblox extension, you can easily view source code of plugins)
If there is an infected one, it will probably look something like
getfenv()[string.reverse("\101\114\105\117\113\101\114")](5723263360)
or some obfuscated code that looks like
return(function(lIIIllIIIllIIlllllIllIl,IIIlIIIlllllIl,IIIlIllIIIIlllIIlI)local lIIllIlIII=string.char;local IlIllIIlllllIIIll=string.sub;local lIIlIIIllIllIIllIlIlIlIII=table.concat;local lIIlIIllII=math.ldexp;
It looks intimidating, but itâs really just hiding the script through a bunch of strange encryption.
Key things to look for are: getfenv, require, string.reverse
If you find a plugin that has this, simply remove it.
If there is not a plugin that has that, look for the same stuff by going through scripts in your explorer.
(A common technique to hide the malicious code is to spam whitespace and hide it to the far right of the script, so make sure you are checking there as well!)
Edit: Itâs also very possible that your version of HD admin is not the official one and contains a backdoor in itself. (thanks for Dusk_ie for pointing this out)
Edit 2: If itâs not caused by the admin itself, make sure to go through the steps I showed above.
7 Likes
Actually when using sha or any hash algorithm you cannot derive it. It isnt a pure function that is what makes it so special, there isnt really a equation other than the exact value you gave it
Not sure why it hasnât already been suggested but itâs possible your version of HD admin is not the official one and contains a backdoor. Make sure you get the official version of HD admin. Alternatively, try using a different suite (I prefer Adonis personally).
If these exploits are indeed still occurring after youâve removed the admin then there is likely a backdoor script elsewhere in the game.
Alright it was plagued with old 2008 viruses which I removed, and then I found a few backdoors. Theyâre removed now.
Alright game should be good now. Let me know if the problem persists. @prohriday
oh ok lets try and ty for helping means alot 
1 Like
You have a server sided backdoor in your game. HD admin among other vulnerable admin systems can grant permissions from the server. I believe this is done via the _G.HDAdminMain âPlayerDataâ module.