Kernel anti cheats are always possible. (Just look at valorant)
I don’t think you quite understand how exploiting works. Anything the client does can be bypassed by exploiters. A ChildAdded connection can be removed by an exploiter in a single line of code. Adding specific functions to prevent cheating would do absolutely nothing.
The reason Roblox, and every game on Roblox, has cheaters, and EVERY game on the market (Fortnite, Call of Duty, CS:GO, etc.) has cheaters despite having anti-exploit measures, is because cheaters will ALWAYS find a way to get around them.
Roblox is prioritizing protecting vulnerable young players from malicious game developers over exploiters because they know they cannot do anything much beyond what they already do. This is their choice and is ultimately the right decision.
2 Likes
Kernel anti cheats are always possible. (Just look at valorant)
Kernel anti-cheats are more effective, but still bypassable. Valorant, Fortnite, and other games with kernel-level solutions all still suffer from large amounts of cheaters. You aren’t going to get rid of it.
I guess you are right 
, let’s just hope the said promised new anti cheat will at least do something against this.
2 Likes
A lot of good information here, but I do which to point one thing out… There’s a number of pieces of information that’s accessible on a PC which one can use to come up with a unique ID. MAC addresses, HDD/SSD serial numbers, UEFI/BIOS information, CPU characteristics and features can all be hashed individually to come up with a mostly unique fingerprint of a machine. Ban that, and the offender will need to get some new hardware.
That was part of the issue when the CPUID instruction gave up the CPU serial number to the caller. Microsoft and Sony does this for their X-Box and Playstation consoles, respectively.
But client side anti-cheats that work in conjunction with the server seems to be the most effective. Look how successful Blizzard’s Warden was for World of Warcraft. The server would send specific commands to the client to gather specific data and send it to the server. Memory locations, running programs, window titles, etc… could all be sent to the server for examination. If something was preventing Warden from working on the client, the player would be banned.
I had exploiter friends. I don’t know if it has changed, but at the time the Injectors Modified a Roblox DLL to execute as much code as they want.
This is why I always said, and still believe, that Roblox should add SHA256 CRC verification to its Client Files.
also, when a way to access CoreGUI from Studio is found it is patched because malicious developers can use it to do bad things to players
3 Likes
Roblox uses a Permission level system where normal game developers have a permission level of 1 or 2 (I don’t remember if it was 1 or 2) this is a system to prevent dev’s from doing malicious stuff through game creations. Why exploiters are able to reach coreGui etc etc is because the majority of exploits are created and allowed a higher permission level. For eg. Synapse and script-ware both run on permission level 7, that’s 6 levels higher than a normal game dev’s perms. This gives the exploiter accessibilityto perhibeted things.
1 Like
Exploiters scripts have an Identity of at least 6, Synapse has 7 and Sciptware has 8
Depending on the script identity your script can or can’t access different things.
For example your localscript has an identity of 2 and your serverscript has an identity of 3, giving less access to services.
- xor
Synapse is 7, Scriptware is 8
charrrsss
Level 8? Isn’t that past local user security or what??
What do you mean?
Its just a higher script identity, allowing for more ways of exploitation. That’s why I prefer Script-ware for pentesting my games
7-8 doesn’t have a impact on the exploit itself AND level 7-8 are so alike that they can be called identical. Script-ware contains less key functions compared to what synapse does. But synapse is generaly more instable(This isn’t due to the level 7 Security perms. It’s due to internal stuff)
Security context 8 is actually more restrictive than 7. But people need to get over this whole normal identity thing. It’s wholly irrelevant nowadays, if Roblox even still uses it. The documentation for script context has been gone for some time. Exploits have become so developed that the majority of the hack programs exists outside of Roblox where the whole idea of security context is void. And beyond that, they can just disable whatever security barriers are in place or trick Roblox into thinking that a script is of identity 7. You shouldn’t be basing your hack prevention on what they can or can’t access, because they can access all of it.
1 Like
This is to clear some things up. Levels do not exist in Roblox scripting. The identity numbers are indices into a table that determine what tags a script has. In other words, the script identity is a profile id. That ID has security tags attached to it. Those tags denote what a script can and cannot access. You can read more about it here.
lacking permission error does occurr with low level exploits. Paid exploits have measures against this. (obviously). The only thing we can do is hope that byfron changes something in that, but for now nothing can be done.
I’m also 100% sure that byfron’s anti-cheat will be bypassed in a matter of weeks.
So technically, roblox can lock coregui access by giving it a higher script level permission?
Expect that byfron is anti-tamper and not an anti-cheat.
It’s not a level. It’s a profile. The profile has specific tags associated with it. The tags are where the real security is. If a script does not have a tag that an API requires, that script is not getting to use that API. I’ve written web software like this. You specify a profile which translates into permissions of which modules a user can access, and what flags are set. The number is an index into another table in the database which contains the information. It’s also known as the security context (Roblox Terminology), but it’s essentially the same thing that I developed.
Well, cheating does involve tampering in some way, so yes, it’s an anti-cheat solution. They will have access to the user’s system in a way that Roblox will not give us. So they can look at things and do things that we can’t.
Has anyone heard when the update is coming? After the announcement that Roblox acquired Byfron, I haven’t seen anything else.
1 Like
env takeovers are a thing, so no. It’s not useless