How do you detect dark dex?

Can you send me a list of all the functions you know that does not have any CoreGui checks at DMs?

(it would help so much!)

IIRC obfuscation does nothing, the code is compiled to bytecode before being ran, so there’s no whitespace, and variable names are lost, so decompilers need to automatically beautify the code to make it readable.

Ok but they can’t “unobfuscate” the code just beautify it still won’t be readable but you never know I heard synapse v3 basically makes obfuscations useless but those claims haven’t been backed up .

A beautifier will not help in a scenario like this, as obfuscated code uses random-mixed bytecode.

You can’t directly compile to bytecode, you give the normal, human-readable code (or not, if it’s obfuscated) to Roblox through a script, who then compiles it to bytecode so it can be run. Bytecode doesn’t contain spaces, tabs, variable names, comments and a whole bunch of other stuff because you don’t need those for code to work, so decompilers need to substitute them with tabs and spaces. Obfuscated code and normal code will look exactly the same in bytecode, therefore look the same when decompiled, if you haven’t change the overall structure.

I’m not sure who informed you Synapse v3 makes obfuscation obsolete.

Synapse is a exploit, not a script deobfuscator. Script obfuscators utilise a variety of techniques to render the script unreadable, making it nearly difficult to deobfuscate them all. It would take much too much time and effort to break them all. Many obfuscators, such as Luraph, have yet to be cracked or deobfuscated.

Please take into account that is possible for scripts to be completely deobfuscated via reverse engineering. The outcome of a deobfuscated script is a result of time and patience.

I find it amusing that people go to such lengths to build dex patches that are then readily overcome. People on this post, for example, were bragging about how they detected dark dex using memory spikes, and what do you know? A new version of dex was released shortly after that bypassed all of these tests and is now undetected.

The circle of misery will repeat itself. More game creators will patch dex and teach them something new until it becomes very hard to discover something that makes dex identifiable, at which point what will you do?

In short, there’s little you can do to prevent these sorts of vulnerabilities; instead, store the majority of your stuff on server where exploiters won’t be able to access it. “Save instancing” is inevitable.

I agree I think the only patch would be if Roblox did something about it, which is a long shot. I doubt they have any ideas of how to patch, which is why they haven’t done anything. It sucks how Roblox is easy to exploit, wish they’d make it more difficult.

They can just hook function preloadAsync . Not hard
Proves my point, no point trying to patch these scripts as your patches can easily be bypassed.

But how will they know that they need to hook the function, if they can’t even see the script.

I dont know what dark dex is but if you havent figured it out yet then i dont think its possible

It’s possible, a year or so ago one of my friends told me synapse x doesn’t work on roller coaster tycoon 2. And I know Denis is a mad scripter so he probs found a way round it

I’m not exactly sure what you are trying to prove here or how what I said is related but ok.

They will be able to see the script?? It is local.

I already knew it was b.s. but I’ve heard rumors about it.

Decompiling, save instance, many ways.

I’m trying to say that code is already kinda obfuscated by Roblox, as, again, it’s compiled to bytecode to be run, it’s not human-readable when you get the executed code of a script.

Unless you get an exploiter to use an exploit like Synapse or Krnl to decompile an obfuscated and a non-obfuscated script, and the obfuscated one actually looks obfuscated (being on one line etc), I’m just going to say that obfuscation does NOTHING in the long run for preventing exploits. There’ll always be someone determined enough, and there’s always Lua code beautifiers online.

I’ve seen a few solutions that reccommend you checking on the client, please DON’T.

All your checks should be server-sided and soley on the server.
Use the client to recieve information / send least important information and that is it.

Exploiters cannot access ServerScripts because they’re not replicated.

– Please stop bumping this thread –

There is no indefinite way to permanently patch Dark-Dex and any variations of the script, and trying is futile. Yes, you could use a client-sided script that would detect traces of it but this can be easily overcome. The simple solution is (for the millionth time on this thread) literally just protect your remotes and any critical information that exploiters could abuse. Until Roblox provides us a definite method or way that doesn’t use hacky methods to detect things in CoreGUI or find Dex in general (or Roblox itself, takes action against this, which is close to a miracle in terms of chance), this is just a race between the two, and we’re clearly losing because of the limitations Roblox has set up. Any temporary way to detect Dex in general are most likely private or paid and will be eventually overcome by the developers of DarkDex. Until then, this discussion will just continue in an endless loop of useless arguments that will not progress anywhere.

If you really want to, just put a ton of client-sided scripts to find DarkDex. It’s not reliable, but it’ll stop some people.