How would I go about making an "Exploit Client Sensor"

and, how does using a function that loads in content detect that?

I’ve done my research and the way to bypass this is actually really simple. here’s the code you could put in any decent exploit that’ll bypass exactly this

local old; old = hookmetamethod(game, "__namecall", function(self, ...)
   if getnamecallmethod() == "PreloadAsync" then
       return
   end    
   
   return old(self, ...)    
end)
local old2; old2 = hookfunction(setmetatable, function(tb, methods, ...)
   if methods["__mode"] then methods["__mode"] = nil end
   
   return old2(tb, methods, ...)    

furthermore, the widely used dex script made by BabyHamsta already has bypasses for the following:

CollectGarbage/GCInfo
Memory Spoofer
DecendantAdded
ContentProvider
GetFocusedTextBox
NewProxy

do tell me if im missing any other types of bypasses.

so please instead of trying to get rid of client side vulnerabilities do your research and secure your game from other types of exploits which could prove more harmful.

also please do try to step your ego back a bit its stopping us from having a civilized discussion

This can be detected by :

C stack
Error msg
Upvalue count
Testing [f] calls

Possibly even EQ checking the __mode value

Baby hamsta’s * secure * dex isn’t secure just because it’s called secure.

also please do try to step your ego back a bit its stopping us from having a civilized discussion

Don’t be mad at the fact that i’m proving you wrong.

I’d like to know how you can access the C stack? Error messages are a good way to get false positives, upvalue counts are not possible within roblox’s luau closure either. please tell me how to test function calls too. also the __mode metamethod is patched.

plus i think you are missing some of the real vulnerabilities in your method here, even if say you can detect dex, how would you kick them? call player:kick()? game metatable modification, easily bypassed. Remote call? easily bypassed. Crash using while true loop? here is a script to bypass that on any decent exploit: game.ScriptContext:SetTimeout(0.05), maybe check if remote function is stalling or something? just dont hook a wait. I literally do not see any way, even if you could detect dex, that you can stop it from executing. There are better things to secure including your remotes and network owners than making an inconvenience for some exploit scripters to bypass within roughly 5 minutes and some alts.

@Sinkl0z I noticed your behavior on this post has been extremely aimed towards a passive-aggressive mood.

I made researches on my own, and I concluded that @Yesil_HiyarAlt’s methods did work and yours were proven to be completely inefficient.

You also keep repeating that we shouldn’t talk about something we “don’t know anything about”, not only is that hypocrite in that case since your solutions are useless but not only does your behavior contribute to a climate of toxicity on this post.

Your behavior does not represent the Developer Forum. If you cannot chat on a forum without getting aggressive, I would recommend you leave.

2 Likes

you’re able to create custom crash functions

I doubt you’re able to write any method i’ve mentioned.

If you’re sad, mad or upset because i respond with facts then don’t stick to this thread.

You’re not proving anybody wrong. You’re just implying you can. Where is your proof? So you’ve said that dex has ‘detection vectors’ and that some exploit methods can be detected. How? What’s your secret, if any?

I’d also like to add, that you don’t need to be overly aggresive or critical to get your point across. Try to stay calm!

Summary (literally)

:fearful:

I’m not going to spoon feed people detections on a thread that isn’t mine.

I’ve also mentioned how to detect certain things, CTRL + F my username you’ll find my replies

It would help if you could explain this a little more:

image

It doesn’t mean much.

I won’t explain all methods I know of how to detect hooks and bypassing’s in this thread. I’ll just make a thread later today with a lot of client sided security methods.

i’d like an example then? also for your point it’d be a good idea to provide some code for us to critique instead of having to go off of what you are saying

There’s almost always going to be a limitation to what you can detect besides always knowing what the values should and shouldn’t be, BUT, information and many forms of assets are just outright exposed to the hacker for swiping. Roblox legally has to fight this junk all the time indefinitely, (legit crimes) AND it’s the best gift in the world on this platform if you play honest cards. (Roblox legally protecting us for free pretty much)

Faithfully, work hard on your game and stay focused on improving every gap. You’re gonna get to the point, exploiting community shifts over to being non-toxic, because, you love them, and they love you regardless of the sides.

Update: So I’ve read all of your informed replies and most of them have helped a-lot with what I am planning on creating, I get that it’s almost impossible to detect everything since exploits are getting constantly updated. But now apparently after Roblox’s Byfron “Anti-Exploit” it’ll be almost impossible for exploiters to inject their scripts. However, I am still yet concerned on how skilled exploiters could probably if-not definitely bypass Byfron, so I’m in a pickle on how I should continue moving forward I.E Making the detection or Just leaving it to Byfron.

Also please do not criticize one another, I’ve seen the replies and that does absolutely nothing to help my case, just ignore them if you will and I’ll be the judge of everything. Take care, and I’m looking forward to seeing what you have to say.

Hyperion has already been bypassed (no I’m not talking about exploiters just using the UWP Roblox client) but it is yet to be released to the public, the exploits that inject into the UWP Client are 10x easier to detect on both injection and execution so if you wanted to find detections for those it’d be a good start.

Hey, I forgot I even was on this forum.
Edit: I’m really sorry if this bothered you

Exploits have already been made and has been discussed with other people, recently a new exploit called NetflixCE has release. Also RuneCE is detectable and SirHurt has achieved possible execution but I’m not aware if it’s factual or not.

If you are still trying to make Detections I still recommend that you should make a Server Sided AC w/ functions to detect basic exploits (WalkSpeed & JumpPower), allow customizability if you’re releasing it to the public, etc

NetflixCE and RuneCE use the same method and are both detectable serverside as soon as they join the game