Script dumping cannot be stopped from my knowledge. There isn’t much you can do for this Client Sided, but I believe if you store crucial scripts in ServerScriptService then you should be able to protect some scripts since they are server sided only, unlike Workspace, or ReplicatedStorage. For your “Wanting to detect the lag spike” question, I don’t really think you can do that unless you wait for a specific GUI to appear in CoreGui, or PlayerGui, then kick the player, or kick them from the game if their frames drop to 1, since some exploits do that upon script injection, from those exploiter YouTube channels I’ve seen. hint hint Roblox
If my gcinfo returns 69 (default for fresh baseplate) when you execute Dex it spike to 10069 round about surely checking that is an anti-Dex and there are work around a if they do hookfunction it like checking if the script errors or check if gcinfo returns a proper value by storing it as the game starts. if you for I = 1, #game:GetDecendants()you could check if the parent is Coregui and if the name is not whitelisted it kicks the playe
Yeah, you could create a table for whitelisted GUIs, or do it the lazy way (like me) and just wait for a specific GUI. In this case, ScreenGui since most exploit scripts (including dex last time I checked*) use this.
I don’t either since I’m not a very good scripter, however people indeed have done this before, and I believe this thread right here could be of some help. It’s one I found just now.
And how are you planning to do that with a script that doesn’t have permission level 1? You can’t index CoreGui because it would error since your average localscript or script doesn’t have level 1 permission.
Oh yeah, speaking of Permission Level 1, for some reason when I used a Local Script to detect if a certain GUI opened up in CoreGui (me being not-so-smart with scripting, and still am) did it anyways with CoreGui, and it still worked. So I don’t know if it really matters.
Because of LUAU it makes dumped scripts harder to read so there really isn’t any need to actually secure it since its pretty hard to read anyway. Also how did you stop Dex?
The compiler gets rid of names of variables upon script compilation or something like that. Also @112365595 OP was just checking memory to detect dex because dex loads in a lot of things, however that’s unreliable because gcinfo can be hooked
The exploiter can just get the value you stored and return it
You can’t completely stop script dumping, but you can try to minimise the effects of it. For example, if an exploiter figures out how to spam a certain action which gives them a competitive advantage, you can add a server-sided check to prevent them from spamming said action.
Luau*, as mentioned above, strips local variable names and upvalue names, so they aren’t present in the bytecode. I guess exploiters still see some value in decompiling scripts even despite that.
Yes but if they hook it they cant use it in there silly GUI’s and if it is hooked I can just add an if statement to check what the value returns and if the value is not plausable then just kick them
They have functions to check if the hooked function is being called on a thread created by their executor, so they can use the non-hooked result and you would use the hooked one. And they can simply remove their GUI and its descendants from the table returned, so that when you get the length of this table, you wouldn’t notice.
After much debating we have finally come to a solution use gcinfo getdescendants and getchildren add if statements also use the sevice that shows errors and check if you can find a scripts name that is in the game from that error using string.find if you cannot then kick the player since errors that come from exploits have a hash code. This is the solution .
You could make the decompiler hang if you make the script really long, however, I think you should prioritize normal players’ experience over making a complex local anticheat. If you had good server-side checks you shouldn’t need to rely on hiding client-side code
