How do you detect dark dex?

the function preloadasync doesn’t security level check, so it won’t error, and will just return the assets in coregui

What’s to stop the cheat author from simply making the cheat executable install its image assets locally, in the Roblox content folder?

Don’t know why this is even a debate. You can’t patch gui exploits unless your game has no guis at all.
You also can’t give your gui a special boolvalue that allows it to bypass, because the exploiter can find this boolvalue and just add it to their ui.

In conclusion, don’t worry about something you can’t fix. Worry about your remote event security.

Can you send me a list of all the functions you know that does not have any CoreGui checks at DMs?

(it would help so much!)

IIRC obfuscation does nothing, the code is compiled to bytecode before being ran, so there’s no whitespace, and variable names are lost, so decompilers need to automatically beautify the code to make it readable.

Ok but they can’t “unobfuscate” the code just beautify it still won’t be readable but you never know I heard synapse v3 basically makes obfuscations useless but those claims haven’t been backed up .

A beautifier will not help in a scenario like this, as obfuscated code uses random-mixed bytecode.

You can’t directly compile to bytecode, you give the normal, human-readable code (or not, if it’s obfuscated) to Roblox through a script, who then compiles it to bytecode so it can be run. Bytecode doesn’t contain spaces, tabs, variable names, comments and a whole bunch of other stuff because you don’t need those for code to work, so decompilers need to substitute them with tabs and spaces. Obfuscated code and normal code will look exactly the same in bytecode, therefore look the same when decompiled, if you haven’t change the overall structure.

I’m not sure who informed you Synapse v3 makes obfuscation obsolete.

Synapse is a exploit, not a script deobfuscator. Script obfuscators utilise a variety of techniques to render the script unreadable, making it nearly difficult to deobfuscate them all. It would take much too much time and effort to break them all. Many obfuscators, such as Luraph, have yet to be cracked or deobfuscated.

Please take into account that is possible for scripts to be completely deobfuscated via reverse engineering. The outcome of a deobfuscated script is a result of time and patience.

I find it amusing that people go to such lengths to build dex patches that are then readily overcome. People on this post, for example, were bragging about how they detected dark dex using memory spikes, and what do you know? A new version of dex was released shortly after that bypassed all of these tests and is now undetected.

The circle of misery will repeat itself. More game creators will patch dex and teach them something new until it becomes very hard to discover something that makes dex identifiable, at which point what will you do?

In short, there’s little you can do to prevent these sorts of vulnerabilities; instead, store the majority of your stuff on server where exploiters won’t be able to access it. “Save instancing” is inevitable.

I agree I think the only patch would be if Roblox did something about it, which is a long shot. I doubt they have any ideas of how to patch, which is why they haven’t done anything. It sucks how Roblox is easy to exploit, wish they’d make it more difficult.

They can just hook function preloadAsync . Not hard
Proves my point, no point trying to patch these scripts as your patches can easily be bypassed.

But how will they know that they need to hook the function, if they can’t even see the script.

I dont know what dark dex is but if you havent figured it out yet then i dont think its possible

It’s possible, a year or so ago one of my friends told me synapse x doesn’t work on roller coaster tycoon 2. And I know Denis is a mad scripter so he probs found a way round it

I’m not exactly sure what you are trying to prove here or how what I said is related but ok.

They will be able to see the script?? It is local.

I already knew it was b.s. but I’ve heard rumors about it.

Decompiling, save instance, many ways.