How do you detect dark dex?

It was well deserved because they gave a misleading script that’s considered a trojan.

Yeah, I did! I didn’t join here for it to be treated like some gang where everyone follows rules and lines up like the military. I joined here to develop with others and learn, while having fun at the same time.

Please don’t swear here, you may know what it means but you didn’t get the point of it

I’m pretty sure with legit close to no scripting experience or just putting it into the script editor that you know it’s fake.

Well then this explains your rotten attitude towards everyone.

If you wanna continue go dms to avoid off topic, thanks.

It is indeed possible to detect dark dex without using stupid ways like gcinfo(), one of the ways would be using preloadasync (with which i am not going to go in detail).

Cry about it.
Humans are humans if he wants to add a lil humor I don’t see the issue. Don’t be “that guy”

That method is OP I can vouch.

But I will!

This is the current Dex (and GUI) detection:

game:GetService("ContentProvider"):preloadAsync({game.CoreGui}, function(assetid, status)
    if assetid:find("rbxassetid://") then
        while true do end --We can confirm that this is a unknown gui as no roblox gui in coregui uses rbxassetid://, so lets crash them
    end
end)

How this works:

Basically, we request a preload from game.CoreGui, then we check if an assetid contains rbxassetid:// (as no roblox coregui object uses rbxassetid://), if there is, we crash the client.

you could send the clients guis to the server via remote and just check on the server

you can’t use game.CoreGui on your script.

They’re not misleading, I actually BOUGHT it myself.

Well, does it work? Have you actually tested it with multiple exploiters?

you can bypass this using metatables.

Ofcourse, your number 1 rule is never ever trust the client ever.

I will give you an true answer.

ya don’t.

why? The proof is simple. The owners of dark dex and other versions of it can easily patch it. Or even the exploiter himself can bypass it in many ways.

let’s just make a list.

metatables
disable localscript
destroy localscript
set localscript parent to nil
etc

you can never rely on localscripts as an anti exploit , it’s better to rely on serverscripts as anti exploits.

The exploiter can destroy the localscript and send malicious data to the remoteevent. So the server will think “oh it’s safe.”

Yes it does work, source is obfuscated can’t say more

the function preloadasync doesn’t security level check, so it won’t error, and will just return the assets in coregui

What’s to stop the cheat author from simply making the cheat executable install its image assets locally, in the Roblox content folder?

Don’t know why this is even a debate. You can’t patch gui exploits unless your game has no guis at all.
You also can’t give your gui a special boolvalue that allows it to bypass, because the exploiter can find this boolvalue and just add it to their ui.

In conclusion, don’t worry about something you can’t fix. Worry about your remote event security.

Can you send me a list of all the functions you know that does not have any CoreGui checks at DMs?

(it would help so much!)

IIRC obfuscation does nothing, the code is compiled to bytecode before being ran, so there’s no whitespace, and variable names are lost, so decompilers need to automatically beautify the code to make it readable.

Ok but they can’t “unobfuscate” the code just beautify it still won’t be readable but you never know I heard synapse v3 basically makes obfuscations useless but those claims haven’t been backed up .