Hi, I wanted to ask you guys how can I detect smaller gui’s, I managed to detect dark dex using simple memory checks, but I don’t know how can I detect smaller gui’s. Also I was wondering how could I detect script execution, because I’ve seen someone did that.
1 Like
Memory checks are a very bad way of detecting hacks, because they give more false alarms than catching actual cheaters.
As for detecting most injectors, there isnt any possible way at the moment to my knowledge.
From what ive heard, most injectors insert their scripts directly into CoreGui, which is inaccessible from scripts, or something like that.
@DonDydo I think the best way to do this is to loop through Guis in a player PlayerGuis and check the guis names for certain phrases. So you could create a table and then use string.find() on gui names to check if they are malicious
You could always put the power of moderation in the players, a vote-kick system of some kind!
Nothing you can do rn that will 100% stop exploiters so best thing is make a small anticheat. However roblox has bought an anticheat company so we might see it being rolled out in the years to come which will drastically stop exploiters
If you don’t know anything about exploits dont reply. All guis are located in coregui which cannot be checked due to it being locked to Roblox script security.
1 Like
Yout cannot. Exploits use information the server has already sent them voluntarily, and you have no way of telling whether they are using it in the intended way. The only solution is to design your game in a way that limits what exploits are capable of. You can also design ways to “trap” exploits that you know for sure someone is using, such as teleporting, using serverside sanity checks.
As i said i’ve made simple anti dex using memory checks, it doesn’t gives that much of false positives.
No you haven’t. I just don’t believe you. Most likely you found a way to detect an old version of an exploit. But you won’t have to prove it either way because you can just say that you don’t want to “reveal” how you did it. Any detection method you make takes advantage of a mistake that the exploit creator made that they can just fix. You cannot fix the underlying ability to perform exploits in general because you have no control over the security model that roblox uses for multiplayer.
1 Like
Now, one tip I have for you is don’t listen to people who talk about client anti-cheats. Client anti-cheats are impossible to make in your power. Take it from someone who has attempted it so many times I ended up making a server side anti-cheat. I may put this script open sourced, but I think I’m willing to risk my game to save thousands of other games.
1 Like
You could have a max walk speed and if a humanoid’s walk speed is faster than the world walk speed, kick them.
Dark dex is an script used by exploiters to explore game instances that are replicated on the client, it can be detected with memory checks because it causes memory to go up.
To detect smaller gui’s, you can use a combination of game events and game object checks. You can add a game event that is triggered when a player attempts to use a gui, and then you can use game object checks to see if that object is valid. This will allow you to detect if a player is attempting to use a gui that is not supported by the game.
To detect script execution, you can use a combination of game events and user permissions. You can add a game event that triggers when a script is executed, and then you can check if the user has the appropriate permissions to execute the script. If they do not have the right permissions, then you can take appropriate action.
-
Ensure that all sensitive game-related information is stored securely on the server and is not accessible by a client unless needed. For exemple, in a role game, if you need to store the roles of users, store them in the Server Storage Service and not in a Service that will get replicated to all clients.
-
Make sure that all of your Remonte events/functions have security controls that prevent exploiters from simply triggering them. For example, if a certain tool calls a remote event that will kill a player, do a server-side check to make sure the player calling the remote event has unlocked the tool and equipped it. Same thing for money or a shop, verify that the user is close enough from the shop.
-
It is possible to create a server-side anti-cheat system, but it will only prevent certain types of exploits. Client-side exploits can also be created, and there are techniques to make them a little more difficult to remove, but they will not prevent anyone with enough knowledge from removing them. As for GUI detection, a local-script could probably detect unknow GUI but this can easly be bypassed with CoreGUI assuming the local-script is protected enought to make it “hard” to remove.
I wrote this message 11 days ago, but for some reason the message never got sent. There is already a answer set, but some of the things I mentioned here are not in it and it might be useful for you in the future.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.