How do people know what to "inject" for exploits?

Hello, doge here. I’ve been wondering about how people get the exact name of instances and their properties. I’ve read about people being able to change the size of swords in sword-fighting games in order to gain more reach. But, how do people go about doing this as they won’t know what exact code to inject. Do they first inject code to get the names and properties?
I want to prevent this kind of issue in my game where players can modify localscripts and player properties.

2 Likes

This should explain it, now for your particular problem;

You can’t do anything about exploiters changing local scripts or LOCAL player properties but the properties won’t replicate. Now things like position can replicate and in this case you can quite easily prevent it. The short reason you can’t do anything about exploiters doing local stuff is it’s well, their own pc and they can change/take/alter absolutely everything but it won’t replicate so don’t worry.

3 Likes

Exploiters can do anything a normal LocalScript can do & more. You can read properties with a LocalScript? So can they!
It isn’t a matter of “knowing what to inject”. They can simply run any code they want to as a separate LocalScript. If they want to change your sword’s size, they can just print the contents of your backpack to get the sword’s name and from that point resize its handle.

1 Like

The general rule is not to trust the client. Using the client for specific purposes is fine, and prevents the server from being heavy.

However, scripts that should not be accessible publicly (ie datastores) should be stored on the server, because exploiters can easily access the client.

I’m not the best in Lua currently, so I’m sharing general knowledge. If I am incorrect, happily correct me.


Edit:

I can’t help you here in terms of what the Roblox engine is capable of, but to prevent exploited content, it’s always safer to get on the legal side of things instead of relying on Roblox; essentially add an UI that lists the game’s ToS - the player must agree to it to carry on.

1 Like

Ah, thx, I forgot that you can simply print things out from instances.