How do people create anti exploit scripts?

Reading it piece-by-piece and gsubbing would probably do the trick.
Although, would have to be exploit’s function rather than a script.

It’s not against the rules. It’s against the rules to exploit.

Which is why you just make your own custom byte code format and run it in a VM.

Again, given enough time someone could still undo this, but It’s not worth the effort.

Sort of adding on to other responses, don’t focus on anti exploits. What I think really matters is that you have good remote communication. Say you have a remote event that lets a player buy a weapon. On the server (and NOT the client), you can do checks such as

• Do they have enough money?
  • Give them the weapon
• Have they sent legal information?
  • Ignore the request or do something

I see. wow thats a lotta code

I never realized how dedicated people are to exploiting roblox…

I wouldn’t say its difficult, I would say its more different then difficult as you just have to get into the habit of making your scripts less vulnerable to exploits just by habit, rather then having to go back and edit them later on.

if you’re right, that’s why I always do a test of my scripts in studio but going back to the topic is difficult to create scripts for anti-exploits since the creators of exploits always find a way to cheat that system and what I still do not understand is there people make scripts for their exploits

Exploits control anything on the client, including your anti-exploit scripts.
Some exploits have specific functions to combat anti-exploits.
Making a client anti-exploit is a waste of time, it’ll catch the few cheaters who don’t know how to bypass, but all it takes is one exploiter releasing a bypass for everyone to start using it.
It’s a cat and mouse game, and a waste of time. Keep your remotes sanitized and you’ll have no problems, (mostly).

I made an edit earlier talking about this in more detail further up in the thread, but exploiters have their own decompilers now. Open source tools like luadec aren’t used the way they used to be. It’s now proprietary decompilers built into cheats that exploiters pay for.

All the exploits currently use unluac / luadec. They’re changed a bit to support Roblox scripts, that’s it. There are still many flaws in them that people can use to stop decompiling, however the issue can be fixed and your “anti-decompile” is no more.

Thank you all for the replies, I understand now not to trust the client and to handle very little on the client. I understand there is no way to create a true anti-exploits, just hurdles for the exploit to jump.

As many have already said, don’t trust the client EVER. Client-side anti-exploits are easily bypassed.

Sure client-side anti-cheats will stop basic skids, but I don’t want to deal with an experienced exploiter’s ego exploding when they make a simple “bypass”

A client can manipulate anything on his client. You must always remember that. Roblox has many vulnerabilities that aren’t being fixed.

It’s not that they aren’t being “fixed” (they aren’t broken in the first place), it’s that they can’t be. You said it yourself: the client can do anything on their end. It’s their device, they hold authority. It’s up to the developer to ensure their server has as little openings to be leveraged as possible.

My bad, I did not mean fixed but rather patched.

Those two words essentially mean the same thing in this context and the stance does not change. If they “patch” such things, you’re going to experience a lot of edge cases. Roblox does not intentionally leave vulnerabilities. You are free to report any bugs or such using the appropriate channels provided (DevForum categories or emailing Roblox).

Aside from things that are out of your control to handle, you as the developer are responsible for the security of your server, not them.

I agree with what you are saying, however I would like to state that I wasn’t trying to imply that roblox was “broken”. Yes, client security is important and yes roblox did an ok job with vulnerabilities. Wonder how that FE shutdown was created? Because roblox didn’t do a good job with sound replication. Roblox introduced RespectFilteringEnabled to try combat it.