How secure is the FE GUN KIT really?

I was wondering if FE GUN KIT is really secure, due to how its popular and almost every fps game uses an element of it, including me, but i have a question about its security.
Since it handles ammo and fire rate on a modulescript (It is both required by a serverscript and a localscript.), does it handle editting them or no?
Because looking in one of the scripts it has a built-in script that combats this.

local function SecureSettings(Player, Gun, Module)
	if Player then
		local PreNewModule = Gun:FindFirstChild("Setting")
		if Gun and PreNewModule then
			local NewModule = require(PreNewModule)
			if (CompareTables(Module, NewModule) == false) then
				if KickPlayer then
					Player:Kick("You have been kicked and blocked from rejoining this specific server for exploiting gun stats.")
					warn(Player.Name.." has been kicked for exploiting gun stats.")
					table.insert(_G.TempBannedPlayers, Player)
				else
					warn(Player.Name.." - Potential Exploiter Bypass! Case 2: Changed Gun Stats From Client")	
				end
				return
			end
		else
		if KickPlayer then
			Player:Kick("Gun and Module are not found. Kicked!")
			warn("Gun and Module are missing from "..Player.Name.."'s inventory.")
		else
			warn(Player.Name.." - Potential Exploiter Bypass! Case 1: Missing Gun And Module")	
		end
			warn(Player.Name.." - Potential Exploiter Bypass! Case 1: Missing Gun And Module")
			return
		end
	else
		warn("Player does not exist.")
		return
	end
end
function _G.SecureSettings(Player, Gun, Module)
	SecureSettings(Player, Gun, Module)
end

Is this really reliant? Beacuse when i deleted the modulescript from one of the tools i didn’t get kicked…?
Is there any suggestions on how i can edit this kit to make the ammo handling more secure?

1 Like

This is not reliable because an exploiter could simply remove that function from the global environment. I am not sure about the ammo though.

The script is secured in a serverscriptservice so its not possible no?

I didn’t know this was serversided. Even though it is server sided, the server can’t detect changes on the client. There would have to be a remote fired to kick the exploiter on the client. That could be blocked easily too though.

2 Likes

Seems like you’re exploring in SimulateBulletScript, This is to avoid in changing stats so it’s safe to use it in every game

If this is from old version, Settings module are stored inside Tools and in the latest, it will be inside WeaponSetting.

This is why I wrote my own gun system. The client has absolutely no control over what the server contains. All the client does is send coordinates of where a user clicked or touched to fire a gun. Everything after that is on the server. Settings, ammo, projectile flight path (or instant hit bullet weld to target), damage done, etc… I know my system is secure, but it’s vulnerable to aimbots. However, I’m working on a system to handle that too.

As for the posted script, I’m assuming that KickPlayer is a Boolean that’s defined outside the function. Based on the fact that it uses the player instance and not local player, it looks like this runs on the server and not the client. So the client would have to be sending the gun and module to the server to check it.

1 Like

I’ve been testing fe gun kit over a client security when you’re changing properties of module, and as expected i was kicked everytime i’ve been changing settings. BUT the viewmodel version of fe gun kit is not secured so ye

Oh… Well i’m using the viewmodel version so :frowning: , i might have to make my own viewmodel system in that case.

I’m using the viewmodel version which is derived from here: CREATE YOUR OWN FPS GAME ON ROBLOX (FE Gun Kit Viewmodel) ft. @DoomsDayPeppers - YouTube i might to have the use the normal version and make a stand-alone viewmodel system.

Yet you shouldn’t use the old version since it’s getting buggy I’ve released before as i marked it “LEGACY VIEWMODEL” latest version can be found in toolbox

if you’re planning on saving time from creating Viewmodel then I’d recommend pairing it with EasyFirstPerson (use this on non-vm version only) as it functions like Viewmodel

1 Like

I would use the new version but, the even current one is buggy itself, everytime i try equip my tool i just get this.
GunClient:3535: attempt to index nil with 'Handle' - Client - GunClient:3535
I tried changing the script itself and debugging but it wouldnt work anyway.

	Viewmodel = viewmodelFunction:Invoke("SetUpViewmodel", script.Parent.Name)
	warn("fired")
	task.wait(2)
	print(Viewmodel) -- prints nil
	FakeCamera = Viewmodel.Handle.FakeCamera

Not to mention the fire animation for viewmodel doesn’t even play too…