game.Players.LocalPlayer.DescendantAdded:Connect(function(Decendent)
if Decendent:IsA("LocalScript") then
if not Decendent:HasTag("TOTALLYLEGITSCRIPTHAHAHA") then
Decendent:Destroy()
print("Banned")
end
end
end)
As far as my research goes hackers / exploiters (Im just calling them hackers for the purpose of this post) can only add scripts into the client. What then stops a script like the one above from working.
I have a place with a “Malicious” script in it and i put it into the client via the explorer (Locally) it trys to whitelist itself, deleate the anti-cheat script, and print signalling it won… none of that happens and it just gets destroyed and my anti cheat prints “banned”.
I could also add stuff such as 2 scripts that check for when the other is deleated to ban and much more.
I know there is probably a way around this or else it wouldve been discovered long ago but still it just seems like there isnt a way around this.
If it is running locally, then you know there is not point actually.
If it is running on the server, the scripts that are injected by the client wouldn’t be replicated to the server, therefore server wouldn’t be able to delete it or interact with it in any way.
I’ll clarify as much as I can.
Exploiters often inject directly into the environment (mostly via executors like KRNL if it still exists to this day or other instances) meaning they don’t even create actual LocalScript instances. Your :IsA("LocalScript") check will never catch those because there’s no physical object being added.
Also, if I understood it clearly enough, your script is only watching game.Players.LocalPlayer and its descendants and If an exploiter injects a script into another part of the game like a UI object in CoreGui, your check won’t even get to see it
They don’t need LocalScripts at all. They inject pure Lua functions directly into the game’s environment. That’s why your script (which only watches for actual LocalScript instances being added) basically just misses them completely
Some scripts appear in the core gui which you can detect using content provider preload async. All client anti cheats are technically not impossible to bypass it’s just that ethical hackers and cybersecurity experts are capable of creating ones that are so difficult to bypass that even the best of exploiters end up surrendering and instead they will find a different game that doesn’t have any client anti cheat but one of my biggest dreams is being able to change that for big game developers and being able to provide them with one that is capable of stopping exploiters in their game directly from the client side
Well said, my current goal is making a client side system that blocks them from adding scripts and keeping a local script from being deleated. I dont work on it much but when/if i find a solution ill make sure to let yk because its a great first step towards the greater goal.
I’ve been in the game now for years and can assure you it’s a lot to learn. Only the most passionate of people reach their goals(depending of course on the level of goals you set out for yourself). I wish you the absolute best of luck on your endeavors my friend
thanks, i thought they just injected a script instance
