Ive been worried about my game security for a long time, Im afraid of exploiters ruining it and stealing my assets.
I need advice on how i could create my own anti exploit that blocks popular script injectors like Synapse-X
Any advice would be appreciated.
I don’t think there is way to prevent exploiters from injecting exploits, they can control everything on client and server won’t even notice. Only thing you can do is make good anticheat. If you game is known if someone steals your assets people would tell “That is not your’s you stole it!”
Edit: Typo
Only thing is, I hardly get any players so my game is very unknown
If you have stable client memory usage (although sometimes inaffective) maybe detect big memory spikes for when the executor is detected or when dark dex is executed since they both have massive spikes (note: auto attach completely bypasses this).
Since Trolling Guis don’t replicate to server if you wanted to detect them you would have to on the client (which the exploiter can control and can disable/delete) and even if you do find a way to hide the detection on the client most expansive GUIs like dark dex create their own GUI service or is set in core gui which you can’t access
I’m affraid there’s no proper way to detect exploits since any detection would probably be bypassed by the size of the synapse dev team. Although I have seen games like Bad Buisness and others somehow have an anti dark dex and if they were to make their method public they would be bypassed.
The only secure way would be to secure your remote events and do sanity checks on the server
Some things to note about exploits capabilities;
Some exploits have a getnilinstances() which returns all instances parented to nil/destroyed on the client.
Most GUIs now would hide in CoreGui or like dark dex create their own service which is impossible for people to detect.
Exploiters can actaully read your local scripts (and module scripts)
All i know is, If i want a script to be un-useable for them i just have to put it in serverscriptservice or workspace.
Exploiters can’t access or change Server Scripts (normal scripts) since when a player joins local scripts gets their data tranferred to the client through an encrypted bytecode. Which then exploiters can decompile and read the script
when sending bytecode roblox completely ignore variable names so they would be like
normal local script
local smth = something
--hello
local anthThing = anotherThing
print("yes")
what an exploiter would see
local v1 = something
local v2 = anotherThing
print("yes")
also exploiters can’t access server sided containers (ServerScriptService and ServerStorage)
Problem with this memory spikes are pretty frequent (atleast in my case), when i open Chrome (i normally use brave) my computer completly lags and all games have big memory spike. And getting kicked from game just for opening chrome doesn’t sound like good solution to me.
while true do
wait()
if game:IsLoaded() then
break
end
end
spawn(
function()
while game:GetService("RunService").RenderStepped:Wait() do
local current = game:GetService("Stats"):GetMemoryUsageMbForTag("LuaHeap")
wait()
local new = game:GetService("Stats"):GetMemoryUsageMbForTag("LuaHeap")
if
new ~= current and new - current > 6 or
pcall(
function()
pcall(game:GetMemoryUsageMbForTag()) -- anti metatable spoofing?
end
)
then
game:GetService("Players").LocalPlayer:Kick("Dex Explorer? Down Bad.")
end
end
end
)
code for anti-dex explorer, and f3x sometimes.
if your game has super bad performance it will kick you.
Its the only way I could think of detecting exploits although it may be inaffective in some cases its worked for me sometimes
I really don’t think this is good solution,
If you look at my old PC parameters:
Operating System: Windows 7 Home Premium 64-bit
System Manufacturer: Packard Bell
Processor: Intel® Pentium® CPU B960 @ 2.20GHz (2 CPUs), ~2.2GHz
Memory: 4096MB RAM
Card name: Intel® HD Graphics Family
I had hard time running simple games on 1 graphics and getting kicked for having bad performance isn’t good thing.
Didn’t notice but I’m pretty sure detecting memory spike from the lua heap won’t spike even if you open chrome
There is no way for you to detect injectors. Relying on memory usage is a horrible way to detect exploits this will only result in innocent players getting affected. Synapse X has auto launch and auto attach this will help reduce the memory spike as it attaches to the roblox client as soon as it loads and that could be even before they have entered your game.
You should add server sided checks in your game. Don’t use remotes for in game currency/valuable items, everything important should be done on the server. At the end of the day you can’t do anything to stop exploiters except add sanity checks and make sure you have a decent anti cheat
change the “6” higher, but dont go above 70.
edit: dont go above 50 either.
stay around 10/20 max.
I also heard that (if a game is rooted of all its errors that appear in the console) There can be a script that shuts down the server and prevents the exploiter (if there is an exploiter causing it) to mess up the server even more.
Exactly! Doing that just prevents people on low-end computers from playing your games. And even exploiters with good computer won’t be affected.
If you don’t have any gear in your game you can do this to stop F3X things:
--localscript
game:GetService"Players".LocalPlayer.Backpack.DecendantAdded:Connect(function(item)
item:Destroy()
end)
spawn(function()
game:GetService"RunService".Heartbeat:Connect(function()
script.Name = tostring(math.random())
end)
end
)
(and by the way you don’t need parenthesis to call GetService)
wouldnt you just need to check if the tool name is == to like “f3x”? that would allow tools in game i think
This is a terrible way to anti-exploit, its much better to just use a report system.
At this point exploits use rconsoleprint, and slower memory loading, so that they aren’t detected. Also people can spoof this will metatables.
The F3X part you can just detect when a hopperbin or tool is added and if its named f3x
yes, to add on to my reply with this, synapse has a auto-launch feature where it will edit the client for less lag, and probably will end up kicking innocent laggy players then exploiters.
the majority of people who use syn x dont use autolaunch, i was giving the option i use for my game. Ive had 1 person report a false kick
Wrong. Most synx users DO Use auto launch, because it makes there client faster loading + injects autoatically. Again, you’re better off using a report system then false kicking players because of lag.