You can always read through the source code, that’s how i prevent dark dex save instance.
I found this via reading through a popular admin system, [infinite yield] source code.
1 Like
Like the Workspace, Replicated Storage, and everything???
Everything that is viewable to the client. For example they can get everything in workspace and be able to read local scripts however they can’t read normal scripts as they are handled by server. They won’t be able to see things like serverscriptservice as that is all handled by the server. Basically all the things that the client handles is viewable to them.
OMG. WOW That’s stunning.
I hate to say this, but exploiters can be really smart if they want to be.
1 Like
Yeah, that’s why I believe wasting all your time on these dark dex anti exploits isn’t worth it. Exploiters can easily get around them.
You dont, simple.
Stop asking how to do this lmao.
I’ve seen methods ranging from debug.info all the way to inspecting memory spikes. Put it this way, if any way got detected, it’d be patched within a few days. Exploit developers are faster than you. Why do you think Synapse updates every week.
Trying to detect exploits is not the best thing you do, tighten up your server communication, there’s no way to access that unless the exploiter could get into the backend RCCService which is astronomically unlikely, you’d also need an exploit for that anyway, which definitely doesn’t exist.
Im not throwing off the possibility of exploiters intercepting said request using a program like Fiddler but at that point, I think Roblox could tell something was up with the requests and you’d definitely be banned. I dont even think requests from the client can be detected by Fiddler.
Blocking explorer exploits is pointless anyway when you can just read the raw memory in certain programs
4 Likes
How do you propose stopping them when they run a getnilinstances() for your localscript/modulescript’s classnames, and run the ScriptWare’s Disassembler on that to get the script’s source and then hire someone to re-make the lua script with assembly knowledge. It would give the main upvalues/constants already.
It’s tough to wanna just give up and do that, look at Football Fusion or Rogue Lineage…heck even BloxBurg (well their statistics checks) as golden examples that you really can lock things down. Quite well too!
You already figured out how to detect CoreGui insertions? Or just Dex, we all know Dex is very fat, and makes many noticeable, but brief alterations to the game client that are all detectable in any rudimentary way.
i cant believe this thread is still active
1.) you cant effectively detect dark dex without exploiting a way that was overlooked by engineering team
2.) you cant detect exploits in coregui like some people are implying
3.) if your antiexploits are running on the client then an exploiter can bypass it
secure your game and if someone steals it get over it, they only have your client-sided scripts and if your code is good and doesnt have any sensitive info in it you shouldnt have a problem with people seeing it
everyone gets their work stolen at some point, it’s part of being a developer on roblox
end of story
3 Likes
You can’t. Exploits support a hidden gui that renders separately from CoreGui and PlayerGui. Dex makes use of this.
Not only that, the names are randomized and connections meant to detect it are cut. This is the product of constant patching. Like germs, exploiters evolve. Too many antibiotics, and now nothing works.
All that aside, Dex shouldn’t be a problem. All Dex does is visualize the Roblox hierarchy. I could easily mimick dex like so:
for i, v in pairs(game:GetChildren()) do
print(i,v);
end
If there’s something a user shouldn’t be able to see, don’t keep it on the client. ServerStorage exists, and is non accessible client sided.
Even if you delete stuff, they can retrieve it from nil using a function getNilInstances()
As for work getting stolen, detecting Dex won’t solve your problem. Scriptware, and a few other exploits have built in features for this now:
1 Like
I get these arguments of client-side anticheat futility. But, it begs the question if that’s the case then why would successful examples like Football Fusion and Rogue Lineage be doing these then?
It’s out of curiosity sake and a means of wanting to do more than just securing the remotes but still letting cheaters spin around and mess with others in your own experience yk?
They are not specifically looking for Dex. Whatever they are doing will react the same for any gui opened, except for a few bypasses in which I suspect pay the rogue lineage devs for blindspots so they can profit off GUI’s sold to the exploiting community. I remember Elym early on allowed any other script to function without triggering a ban after u ran its script, including Infinite Yield
1 Like
I patched an old version of dark dex back in the day by detecting significant changes in GUI memory usage. If for some reason the client’s GUI memory usage spiked momentarily combined with a short FPS freeze, that would almost certainly mean they were using dex.
1 Like
The Gui memory could happen when you load in guis upon respawning like the Jailbreak game or games that are heavily reliant on GUIS, they would spike or have a generally high GUI memory tag statistic sadly…
What’s your take on GetGuisAtPosition()? Is there a way to whitelist standard CoreGuis so this can be viable?
I have my ways, that can detect when dex or a nother exploit decompiles nil objects.
Yes we have we are both devs for something called Hidden anti cheat and the core gui detection works fine so far. How ever something’s started parenting to roblox guis so they are all most impossible to detect, the point being you shouldn’t worry about dex because no matter what you do people can always steal your work most of the time. What you can do it put an obfuscated script inside the model and check the game ID and if not game.gameId == 0000 then you can kick or auto delete the model.
1 Like
Yes this works fine even today just make sure to wait until the game is loaded and don’t check for small spikes like 1-5 you should make sure it spikes more than 6mb.
You just have to fine tune it. If your game has a 3 second lag spike followed by an instant spike in GUI memory then you’ve made a bad game. You can tune it specifically for dex, and everyone saying you can’t just haven’t tried.
That said of course, the best solution is to just not make a game where dark dex allows for much of an advantage.
Have you seen how laggy Jailbreak is? Can that Dex detection happen in Jailbreak? The loading there is not great at all, but somehow it’s a great working game.
1 Like