How did exploiter make void script?

commitblue · March 5, 2022, 7:04pm

So, I have seen an exploiter fling players in a game, but I wonder how? It’s amazing that an client sided executor can do this. Can someone show example code ?

Also, how do we prevent these scripts? Perhaps send an localscript example so I can know what it does

TheH0meLands · March 5, 2022, 7:10pm

they can just do this:

task.wait(2)
local plrs = game:GetService("Players"):GetPlayers()
local rng = Random.new()
for _, plr in ipairs(plrs) do
	local char = plr.Character
	if char then
		local primary = char.PrimaryPart
		if primary then
			local force = Instance.new("VectorForce")
			local att = Instance.new("Attachment")
			att.Parent = primary
			force.Attachment0 = att
			force.Force = Vector3.new(rng:NextNumber(25000, 555000),rng:NextNumber(25000, 555000),rng:NextNumber(25000, 555000)) 
			force.ApplyAtCenterOfMass = true
			force.Parent = primary
			task.wait(0.5)
			att:Destroy()
			force:Destroy()
		end
	end
end

local script btw

commitblue · March 5, 2022, 7:11pm

Interesting… wonder how I can patch this.

Thanks!

TheH0meLands · March 5, 2022, 7:11pm

do u mind making my post the solution as it provides an example of how exploiters do this?

commitblue · March 5, 2022, 7:12pm

Oh I forgot to do it, anyway thanks.

dersaf4 · March 5, 2022, 7:41pm

So, is there a way to prevent this? Well, yes.

The crazy velocity applied to the HumanoidRootPart translates to the server because the local user has access to the movement. This velocity is used to fling others from the high force.

I would detect it from the server. This is because the velocity has to be applied to the server to be able to fling players. Checking if a user’s velocity is absurdly high from the server tells you that it is definite to be able to fling. Also, exploiters have access to the client, so it is never fully reliable and can be hooked in a state which makes it falsely unreadable.

With that being said, once it is detected it is important to note not all high velocities are from fling scripts. They could be simply from your game if your game has lots of high movement or even from just falling from a tall height. Other checks must be passed before immediately assuming whoever is exploiting.

To conclude, fling scripts are somewhat detectable and will always be updating for the lesser detection. It’s your script that has to go through checks that verify that where the velocity came from is unknown to know the user is exploiting.

Hope this helped!

commitblue · March 5, 2022, 7:56pm

Thanks for your help, but I don’t know how to check if his velocity is high

Do I just check if orientation fires so frequently?