Hello everyone! I’m currently working on an AntiCheat system, which will only be accessible to games on a whitelist. However, I’m facing a challenge with a LocalScript that needs to load the IDs of allowed games. Unfortunately, LocalScripts are unable to directly retrieve LoadString from external websites, and I have stored the game IDs on a website. I would greatly appreciate any ideas (or scripts) on how to ensure that this LocalScript can only be executed if it is on the whitelist.
Doing LoadString on some data you pull from a website sounds like a huge security issue and may possibly be against TOS. Will reserve judgement in case someone who knows TOS well is able to check this.
That’s how most anti cheats do it, they request a paste from external site to work or use HTTPService to check if a game is whitelisted.
(Most of the time they’re obfuscated, so crackers found a way around it by…not turning on httpservice.)
Obfuscated code is definitely against TOS, though.
Well, what can you do? They’re paid anti-cheat, obviously they don’t care, it’s up to the consumer not the manufacturer.
If someone audits your game and finds obfuscated code being pulled from another website, do you think they are gonna track down the original author of that script or just ban the owner of the place? I would not be doing it, is what I mean.
can i see the source/citation on this??
Oh the anti cheats aren’t sold on marketplace! They’re sold off-platform then imported using a rbxm!
LocalScripts aren’t even worthy of being anticheats anyways, they’re easily bypassable, you should be focusing on server sided anticheats, with redundancy in the Client.
who says it’s being published on the roblox marketplace
If I made a script that remotely loads any other form of rule breaking content, do you think I would get a pass just because that content itself is not technically on the marketplace? Are you being, as the kids say, For Real?
As I’ve been working on this anticheat for a long time, I’ve been researching and: Yes. Obfuscation is against the rules of Roblox IF it is published on the Marketplace. If not, I can simply send the download of my Roblox game to people and they copy my anticheat and put it in their game and roblox will not remove the game. And that’s probably more normal than you think. Games like Jailbreak probably use this system. Obfuscation is a powerful tool when used in the right way.
I know not, but I’ve already made a really cool and working system that uses Remotes and a few other things (server side) to prevent LocalScript from being deleted, but for example an Anti-Autoclicker script, which its function is simply detect if the user is giving too many clicks per second, it is not possible / it is not to my knowledge if it is possible to make a script with the same function that works on the server side.
it’s not in the official tos it’s only on marketplace tos
Remotes can also be spoofed. As well as the fact that ratelimiting clicks should be done on the server anyways, never on the client.