I’ll keep this simple, GetAssetFetchStatus lets you tell if the Roblox game engine has loaded an asset or not.
This was pretty ideal for detecting if any decals/images from any exploit GUIs were loaded, and a great alternative to PreloadAsync.
This was until recently when I found out through some old exploiter buddies that Animation IDs also show in GetAssetFetchStatus (I don’t know why I didn’t realize this sooner, but judging from others I’ve spoken to, I’m not alone)
Wanna know what else is special about Animations?
Correct. AnimationTrack:Play() replicates.
So.
Exploiter creates an AnimationTrack and puts the animation asset ID as a detected exploit decal
Exploiter calls :Play() on it
It replicates
Congrats, you just nuked an entire game server.
Here’s an exploiter abusing it on Da Hood to ban an entire server in seconds:
So uh yeah don’t use it thanks, just use PreloadAsync on CoreGui instead
EDIT: @Mauio64 did some researching on my behalf just now, you should be fine as long as you check if the asset is actually loaded or not, instead of just checking if the result is not equal to Enum.AssetFetchStatus.None, like Da Hood did.
Since it’s a decal and not a anim, it should fail to load with Enum.AssetFetchStatus.Failure.
Remember guys, don’t be like Da Hood. Remember that assets can in fact try to load, which switches the status to Enum.AssetFetchStatus.Loading followed by Enum.AssetFetchStatus.Failure (because of course you can’t actually load a decal as an animation id).
Da Hood’s mistake was assuming that any fetch status other than None indicated that the asset loaded successfully.
Detecting exploits in general is unreliable and finicky business. I’d honestly recommend against trying to do it, since it’s generally not worth the time and effort (and apparantly risk), but if you want to do it then go right ahead.
This topic is great, but it would’ve been even better if it wasn’t to specifically out Da Hood in 50% of the topic (personal preference ).
Looks like Da Hood isn’t the only front-page game that was affected; ER:LC seems to also be vulnerable to this attack @Shawnyg
I’m sorry but that’s the worst piece of advice you could ever give, performance-wise…
That was due to a mistake on our end, as @Mauio64 pointed out, and the lack of detailed documentation about Enum.AssetFetchStatus; It doesn’t indicate that Failure can be a result of fetching an incorrect asset type, at least to my knowledge (example setting a sound asset id to AntimationId).
Only game I was aware of, Looking back at my own AC I would’ve had the same problem had it been introduced to any games I used to protect.
Checking CoreGui for any bad assets is not the end of the world, it’s obviously less efficient since it calls a callback for every single asset ID, even duplicates, but still good nonetheless.
The asset failed to load successfully. Subsequent attempts are likely to fail; there may be something wrong with the Content string.
wow
The issue was that GetAssetFetchStatus returned Enum.AssetFetchStatus.Failure for a valid asset ID of the wrong type. That behavior isn’t mentioned anywhere in the docs, and it’s exactly what allowed the exploit to work.
Just to add on to this, it’s typically not laggy unless you’re performing a lot of logic in the callback.
My personal obfuscation takes about ~5ms to complete everything, though it uses lots of undocumented Luau tricks to reduce constant propagation in JUMPX(X) instructions & uses registers rather than a traditional table stack where possible, your speeds will definitely vary using Luraph.
Maybe you should not make stupid client-sided anti-exploits and should focus on fixing your own games instead?That is the stupidest thing, making client-side anti-exploit.
That problem of you and your game’s moderation mostly.
Also commonly, your game isn’t getting that high exploiter count, so you better lower ego with expecting exploiters and instead take care that innocent players will be unaffected.
However, I do agree that using them to take out the majority of skids could be used if it is flawless and safe.
“Anti-skids” is completely fine, but if you go further than that, then it’s sort of a mental illness to me.
It’s very easy to make your game lag on stupid, nobody-needed memory checks or make updating the game impossible because of that disease.
).
