How do people make exploit scripts?

Help and Feedback Scripting Support
#1

Developing a roblox game consists of the server and client, while developers do it, how do people who make exploits make scripts, surely they’d have to understand how the game works and a good portion consists of the server, and as I have read, it is impossible to exploit the server with average exploits.

Conclusion:

How do exploit script developers make scripts when they can’t see anything from the server?

2 Likes
#2

Game tree.
People can use DEX to see the content of your game, they can’t see anything from ServerScriptService, and most services that are not client replicated. But they can see the contents of your game. Let’s say for instance, ReplicatedStorage. It’s client replicated, and they can see anything in there, and modify anything.

And they can even use simple code to find out the game tree themselves, if DEX is not usable.

#3

Yeah but like how do they know what the server does, like bypass the server checking to see if the player is flying or not?

#4

Well to start off, they could be on their main or alt and start using exploits, until they realize something detected what they were doing, and they got banned. They use another alt(particularly new, or old) to try and bypass it. Once they find a way to bypass it, they will share the solution to everyone, and it will be abused.

2 Likes
#5

You might like this thread:

3 Likes
#6

Roblox.
IF you wanna see your full exploit environment. You can check with this:

for i, v in next, getgenv() do
print(i, v)
end

Just to know. Exploits use: require(), firetouchinterest, basically exploiting stuff.
And now, you cannot stop the environment. Because they use getgenv() solution,
to hide stuff, getgenv() is _G, but undetectable.

How do they make “firetouchinterest()” or “debug.getregistry()”…
Using getgenv().function env:
getgenv().humanoidwalkspeed = function(walkspeed)
game.Players.LocalPlayer.Character.Humanoid.WalkSpeed = 100
end
And they fire it using
humanoidwalkspeed()

Not fully true, i may be wrong. But i obtained this info by testing.

#7

And that explains why you should put most scripts there than in workspace

1 Like