Is it possible to detect exploit Injection?

This has been done in the Sleeper Hit “Rogue Lineage” where if you inject an exploit it would ban you from the game (not saying which exploit just incase its not allowed to name)

I wanna know how they have done this since it seems very intresting.

3 Likes

I don’t know. I don’t think the server can detect if the client has modifications like that. I don’t think it is, but I think rogue lineage is doing it for injected scripts, not the actual injection itself.

Game likely checks for spikes in memory using the Stats service. This is terribly unreliable, it shouldn’t matter if an exploiter injects their stuff, your backend should be secure and prepared for when the frontend tries attacking.

2 Likes

I can confirm that its false, I dont have any association with exploiters but an old friend of mine (im not friends with him anymore) got banned right after he injected with [ free exploit ]

Spikes in memory can occur in any other way tho. :thinking:

Which is precisely why I said:

1 Like

Oh. From YouTube videos I learned that most free exploits use something called “WRD” and that it adds a notification in the game. They must of seen that notification and banned them.

1 Like

No wait, I dont think that a notification can cause that tho. But I’m not entirely sure, since its a free exploit the devs of the game must’ve digged into the api to find a way to detect when it was injected???

Not sure. The only instance added was the notification, to my knowledge, so maybe they saw the localscript that was added to make the notification. That’s the only way I could think of.

1 Like

It is possible, I’ve made a detection before (without memory tracking which is horribly unreliable).

There is no point though, it will get patched very fast, and would probably only work on the first couple of people until It’s investigated.

2 Likes

Then it is confirmed to be possible but hard to hide, I can totally respect that you dont wanna release this information since there are people that make those stuff roaming around trying to patch everything in their way.

Maybe that game detects weird changes to the game such as the character flying through the air or a character running super fast.

Also perhaps you can create a system which asks the client to send a list of all the parts (or maybe some hash value) to the server, and the server would see if those parts exist. Though, the client may choose to pretend those injected parts don’t exist. Maybe there is a clever workaround to prevent that.

Can you say what the exploit did to the game? I’m just curious.

It only injects a dll into the client, no changes to the actual map or part or anything else. (mostly why im confused at to how they found out a way to detect injection)

It’s usually detected through their init script, for ex free exploits would send a notification - that can be detected.

Paid exploits aren’t that simple, but it can still be done it just takes some creativity and luck.

12 Likes

Can you tell me what you mean by notification? Is it just one of those notifications that appear in the bottom right of the screen? Does it have certain text?

Yes that is correct, the notification that occurs when someone tries to add you, etc

This unfortunately doesn’t work, except for very specific circumstances IIRC, and even then it can be worked around easily by the exploit developer with some precautions. There’s not much of a way to detect the higher end exploits at all, save for just having an anti-cheat in your game.

1 Like

And how exactly would you detect the client side notification, afaik its unretrivable.
(Sorry for the necropost but I need the solution)

Hello you will need to be creative about this and no one will share you methods as they will get patched some free exploits “krnl” will also inject global variables that you could detect in local scripts although this has probably been patched out by this point.

Wouldnt that depend on the script they are using or will the exploit (krnl in this case) automatically inject them upon dll injection? Also, how can one verify this because maybe I can do the same procedure with other known exploits…