I’m trying to say that code is already kinda obfuscated by Roblox, as, again, it’s compiled to bytecode to be run, it’s not human-readable when you get the executed code of a script.
Unless you get an exploiter to use an exploit like Synapse or Krnl to decompile an obfuscated and a non-obfuscated script, and the obfuscated one actually looks obfuscated (being on one line etc), I’m just going to say that obfuscation does NOTHING in the long run for preventing exploits. There’ll always be someone determined enough, and there’s always Lua code beautifiers online.
I’ve seen a few solutions that reccommend you checking on the client, please DON’T.
All your checks should be server-sided and soley on the server.
Use the client to recieve information / send least important information and that is it.
Exploiters cannot access ServerScripts because they’re not replicated.
There is no indefinite way to permanently patch Dark-Dex and any variations of the script, and trying is futile. Yes, you could use a client-sided script that would detect traces of it but this can be easily overcome. The simple solution is (for the millionth time on this thread) literally just protect your remotes and any critical information that exploiters could abuse. Until Roblox provides us a definite method or way that doesn’t use hacky methods to detect things in CoreGUI or find Dex in general (or Roblox itself, takes action against this, which is close to a miracle in terms of chance), this is just a race between the two, and we’re clearly losing because of the limitations Roblox has set up. Any temporary way to detect Dex in general are most likely private or paid and will be eventually overcome by the developers of DarkDex. Until then, this discussion will just continue in an endless loop of useless arguments that will not progress anywhere.
If you really want to, just put a ton of client-sided scripts to find DarkDex. It’s not reliable, but it’ll stop some people.
Dark Dex is undetectable because they use something called the random string method plus Synapse X has a protectgui() method where it turns the roblox gui into a html based gui in the C++ programming language. Plus exploiters also use the randomstring() method which encrypts the gui
------- EXAMPLE OF A ENCYPTION OF A GUI
function randomString()
local length = math.random(10,20)
local array = {}
for i = 1, length do
array[i] = string.char(math.random(32, 126))
end
return table.concat(array)
end
COREGUI = game:GetService("CoreGui")
PARENT = nil
if (not is_sirhurt_closure) and (syn and syn.protect_gui) then --sirhurt is ■■■■■■■■
local Main = Instance.new("ScreenGui")
Main.Name = randomString()
syn.protect_gui(Main)
Main.Parent = COREGUI
PARENT = Main
elseif get_hidden_gui or gethui then
local hiddenUI = get_hidden_gui or gethui
local Main = Instance.new("ScreenGui")
Main.Name = randomString()
Main.Parent = hiddenUI()
PARENT = Main
elseif COREGUI:FindFirstChild('RobloxGui') then --------- Also sometimes they put it in the roblox gui located in coregui
PARENT = COREGUI.RobloxGui
else
local Main = Instance.new("ScreenGui") ---------Encrypts the GUI for non SynapseX scripts
Main.Name = randomString()
Main.Parent = COREGUI
PARENT = Main
end
That’s called a drawing library ui, but that’s not what protect_gui() is at all lmao, protect gui protects the instance from certain connections such as FindFirstChild, childAdded, and descendantAdded.
You won’t be able to ever delete DarkDex or any other major exploit UI, because the Synapse operator changes the programs’ names every 2-3 hours.
Your script won’t work either, because Kick needs to call from a player, which you haven’t declared.
as you said, LocalScripts can’t access CoreGui, so you can’t access LocalPlayer to be able to kick them either.
This is incorrect. The way obfuscators work is by making a lot of function calls and having weird arrays and strings. Unless there is incredible optimization in the compiler, what you said could not be farther from the truth.
To add, if there are remote events exposed that can only work if they are exposed, do something called server authentication.
(ex: Check if a player had enough money instead of just verifying if a remote event has fired, people can easily fake those remote events)
I was mostly referring to stuff like minification, but to be honest it’s not like I work at Roblox and know how their compiler works, and it’s not like I’ll break their ToS just to prove a point, so you could be right.
the server cant see when a localscript is destroyed because its local and not replicated and even if it was, the exploiter could just say “yep. the localscript is still there.” whenever you check or they could just redefine “DescendantRemoving” in YOUR script to be anything they want,
they can redefine :kick and localplayer in your script
:kick on the client does nothing to exploiters, and you cant even send it to the server because the exploiter can spoof that too
exploiters can just make their objects not visible to your scripts AT ALL you literally can not see them because referencing them returns nil(almost as if they weren’t there)
long answer:
doubt its possible, but even if there’s a method to detect dark dex, that would have no point in doing so.
there is a synapse code saveinstance() which basically saves (almost) everything without creating a single gui, part or anything else (that means it will save workspace, replicatedstorage, etc). exploiters can even take stuff further and enable decompiling for localscripts to see what script does a localscript run.
edit: if you dont get it how saveinstance() works, it creates a place file with all stuff in it