How to stop script dumping?

Script dumping cannot be stopped from my knowledge. There isn’t much you can do for this Client Sided, but I believe if you store crucial scripts in ServerScriptService then you should be able to protect some scripts since they are server sided only, unlike Workspace, or ReplicatedStorage. For your “Wanting to detect the lag spike” question, I don’t really think you can do that unless you wait for a specific GUI to appear in CoreGui, or PlayerGui, then kick the player, or kick them from the game if their frames drop to 1, since some exploits do that upon script injection, from those exploiter YouTube channels I’ve seen. hint hint Roblox

-Void_Xiety :white_heart:

I’m pretty sure it’s impossible for you to stop script dumping due to the way LUA/Roblox is designed.

As long as you are a competent programmer and properly design your game, you should not have to worry about people knowing how your game works.

1 Like

If my gcinfo returns 69 (default for fresh baseplate) when you execute Dex it spike to 10069 round about surely checking that is an anti-Dex and there are work around a if they do hookfunction it like checking if the script errors or check if gcinfo returns a proper value by storing it as the game starts. if you for I = 1, #game:GetDecendants()you could check if the parent is Coregui and if the name is not whitelisted it kicks the playe

I do not know how to get fps so

Yeah, you could create a table for whitelisted GUIs, or do it the lazy way (like me) and just wait for a specific GUI. In this case, ScreenGui since most exploit scripts (including dex last time I checked*) use this.

I don’t either since I’m not a very good scripter, however people indeed have done this before, and I believe this thread right here could be of some help. It’s one I found just now.

Forum Post

And how are you planning to do that with a script that doesn’t have permission level 1? You can’t index CoreGui because it would error since your average localscript or script doesn’t have level 1 permission.

Oh yeah, speaking of Permission Level 1, for some reason when I used a Local Script to detect if a certain GUI opened up in CoreGui (me being not-so-smart with scripting, and still am) did it anyways with CoreGui, and it still worked. So I don’t know if it really matters. :man_shrugging:

You can’t stop it because it uses bytecode to get the script plus LUAU already makes it difficult to read the dumped scripts anyway.

Well if it uses bytecode why does the dump have symbols like v26 and u6

Because of LUAU it makes dumped scripts harder to read so there really isn’t any need to actually secure it since its pretty hard to read anyway. Also how did you stop Dex?

The compiler gets rid of names of variables upon script compilation or something like that. Also @112365595 OP was just checking memory to detect dex because dex loads in a lot of things, however that’s unreliable because gcinfo can be hooked

The exploiter can just get the value you stored and return it

1 Like

gcinfo can be hooked but I can use pcall and GetDescendants()

If LuaU just makes it harder whats the point in it?

You can’t completely stop script dumping, but you can try to minimise the effects of it. For example, if an exploiter figures out how to spam a certain action which gives them a competitive advantage, you can add a server-sided check to prevent them from spamming said action.

Instance:GetDescendants can be hooked as well.

Luau*, as mentioned above, strips local variable names and upvalue names, so they aren’t present in the bytecode. I guess exploiters still see some value in decompiling scripts even despite that.

Yes but if they hook it they cant use it in there silly GUI’s and if it is hooked I can just add an if statement to check what the value returns and if the value is not plausable then just kick them

They have functions to check if the hooked function is being called on a thread created by their executor, so they can use the non-hooked result and you would use the hooked one. And they can simply remove their GUI and its descendants from the table returned, so that when you get the length of this table, you wouldn’t notice.

░██████╗░█████╗░██╗░░░░░██╗░░░██╗████████╗██╗░█████╗░███╗░░██╗
██╔════╝██╔══██╗██║░░░░░██║░░░██║╚══██╔══╝██║██╔══██╗████╗░██║
╚█████╗░██║░░██║██║░░░░░██║░░░██║░░░██║░░░██║██║░░██║██╔██╗██║
░╚═══██╗██║░░██║██║░░░░░██║░░░██║░░░██║░░░██║██║░░██║██║╚████║
██████╔╝╚█████╔╝███████╗╚██████╔╝░░░██║░░░██║╚█████╔╝██║░╚███║
╚═════╝░░╚════╝░╚══════╝░╚═════╝░░░░╚═╝░░░╚═╝░╚════╝░╚═╝░░╚══╝

After much debating we have finally come to a solution use gcinfo getdescendants and getchildren add if statements also use the sevice that shows errors and check if you can find a scripts name that is in the game from that error using string.find if you cannot then kick the player since errors that come from exploits have a hash code. This is the solution .

You could make the decompiler hang if you make the script really long, however, I think you should prioritize normal players’ experience over making a complex local anticheat. If you had good server-side checks you shouldn’t need to rely on hiding client-side code

2 Likes