Is it possible to detect exploit Injection?

sjr04 · August 5, 2020, 2:27pm

Which is precisely why I said:

mutedarlo · August 5, 2020, 2:28pm

Oh. From YouTube videos I learned that most free exploits use something called “WRD” and that it adds a notification in the game. They must of seen that notification and banned them.

tackyv · August 5, 2020, 2:30pm

No wait, I dont think that a notification can cause that tho. But I’m not entirely sure, since its a free exploit the devs of the game must’ve digged into the api to find a way to detect when it was injected???

mutedarlo · August 5, 2020, 2:31pm

Not sure. The only instance added was the notification, to my knowledge, so maybe they saw the localscript that was added to make the notification. That’s the only way I could think of.

Meta_data · August 5, 2020, 2:37pm

It is possible, I’ve made a detection before (without memory tracking which is horribly unreliable).

There is no point though, it will get patched very fast, and would probably only work on the first couple of people until It’s investigated.

tackyv · August 5, 2020, 2:39pm

Then it is confirmed to be possible but hard to hide, I can totally respect that you dont wanna release this information since there are people that make those stuff roaming around trying to patch everything in their way.

imalex4 · August 5, 2020, 2:47pm

Maybe that game detects weird changes to the game such as the character flying through the air or a character running super fast.

Also perhaps you can create a system which asks the client to send a list of all the parts (or maybe some hash value) to the server, and the server would see if those parts exist. Though, the client may choose to pretend those injected parts don’t exist. Maybe there is a clever workaround to prevent that.

Can you say what the exploit did to the game? I’m just curious.

tackyv · August 5, 2020, 2:50pm

It only injects a dll into the client, no changes to the actual map or part or anything else. (mostly why im confused at to how they found out a way to detect injection)

Meta_data · August 5, 2020, 2:57pm

It’s usually detected through their init script, for ex free exploits would send a notification - that can be detected.

Paid exploits aren’t that simple, but it can still be done it just takes some creativity and luck.

imalex4 · August 5, 2020, 3:10pm

Can you tell me what you mean by notification? Is it just one of those notifications that appear in the bottom right of the screen? Does it have certain text?

Meta_data · August 5, 2020, 3:16pm

Yes that is correct, the notification that occurs when someone tries to add you, etc

Mauio64 · December 23, 2020, 3:37pm

This unfortunately doesn’t work, except for very specific circumstances IIRC, and even then it can be worked around easily by the exploit developer with some precautions. There’s not much of a way to detect the higher end exploits at all, save for just having an anti-cheat in your game.

aarav2you · February 3, 2022, 3:11pm

And how exactly would you detect the client side notification, afaik its unretrivable.
(Sorry for the necropost but I need the solution)

SushiWasN_otHere · February 3, 2022, 4:33pm

Hello you will need to be creative about this and no one will share you methods as they will get patched some free exploits “krnl” will also inject global variables that you could detect in local scripts although this has probably been patched out by this point.

aarav2you · February 4, 2022, 3:52am

Wouldnt that depend on the script they are using or will the exploit (krnl in this case) automatically inject them upon dll injection? Also, how can one verify this because maybe I can do the same procedure with other known exploits…

SushiWasN_otHere · February 4, 2022, 4:31am

It was the exploit but I remember seeing leaks of the code used to detect it on other forums but I can’t find at this point

eggspIicit · August 27, 2022, 12:14am

A lot of free low quality exploits send a notification. As quoted by

This can be easily detected with the script created below.

spawn(function()
	while game:GetService("RunService").RenderStepped:Wait() do
		local _, exploit = pcall(function()
			return game.FindFirstChild(game, "NotificationFrame", true) ~= nil;
		end);

		if exploit then
			game.Players.LocalPlayer:Kick("Exploit injection detected.")
		end;
	end;
end);

Matrice · August 29, 2022, 7:46am

That’s actually nothing. That was patched by Synapse many months ago. There are no “low quality” exploits that are detected with that.

TheShowCaseMaker · August 30, 2022, 2:04am

Yeah what you said makes no sense.

Synapse has never used a NotificationFrame, and every exploit that does has never bothered to take Synapse’s patch (mostly because a lot of garbage exploits use the same 5 year old DLL that has never been fixed)

Matrice · August 30, 2022, 2:39pm

What? No, what you’re saying makes no sense. That was actually a way to detect synapse, there was a devforum on it

The author of that thread goes: > this was pretty simple to make, and very easy for the developers to patch (already in the process as i heard)

it’s a simple check to see if a frame titled NotificationFrame which is located inside of the service CoreGui exists or not - i don’t know why synapse even made it create an instance upon injection, seems incredibly stupid in my eyes