Is this a working protection of the LocalScript from deletion?

It took me a long time to get somewhere, and I think I was able to create a LocalScript protection so that it could not be deleted/transferred.

Game(Roblox Studio file): Test.rbxl (35.3 KB)

foto_1444×696 46.5 KB

local SecureScript = script.Parent.LocalScript
local Listok = {} 		-- List (true - test passed, false - failed)
local ListClone = {}	-- List with SecureScript (LocalScript)
local ListPlr = {}		-- List with players
local Listdied = {}		-- List (true - player dead, false - player not dead)

local playerload = false

local event = game.ReplicatedStorage.RemoteEvent
local HttpS = game:GetService("HttpService")

game.Players.PlayerAdded:Connect(function(Plr)
	--Avoiding false kick when a player is dead
	task.spawn(function()
		Plr.CharacterAdded:Wait()
		Plr.Character:WaitForChild("Humanoid")
		Plr.Character.Humanoid.Died:Connect(function()
			Listdied[table.find(ListPlr,Plr)] = true
			task.wait(2)
			ListClone[table.find(ListPlr,Plr)].Parent = Plr
			Plr.Character.Changed:Wait()
			Plr.PlayerGui.ChildAdded:Wait()
			ListClone[table.find(ListPlr,Plr)].Parent = Plr.PlayerGui.Script.f1
			Listdied[table.find(ListPlr,Plr)] = false
		end)
	end)
	--When a player enters, assign him a script
	while not Plr.PlayerGui:FindFirstChild("Script") do
		task.wait()
	end
	local FolderLoad = false
	task.spawn(function()
		for i = 1, 10 do
			while not Plr.PlayerGui.Script:FindFirstChild(string.format("f%.f",i)) do
				task.wait()
			end
		end
		FolderLoad = true
	end)
	while not FolderLoad do
		task.wait()
	end
	task.spawn(function()
		if not playerload then playerload = true end
	end)
	local clone = SecureScript:Clone()
	clone.Parent = Plr.PlayerGui.Script.f1
	table.insert(ListPlr,Plr)		-- [number] = player
	table.insert(ListClone,clone)	-- [number] = script
	table.insert(Listok,true)		-- [number] = true
	table.insert(Listdied, false)	-- [number] = false
end)

--Removal from the list if a player is out
game.Players.PlayerRemoving:Connect(function(Plr)
	table.remove(ListClone,table.find(ListPlr,Plr))
	table.remove(Listok,table.find(ListPlr,Plr))
	table.remove(Listdied,table.find(ListPlr,Plr))
	table.remove(ListPlr,table.find(ListPlr,Plr))
end)

event.OnServerEvent:Connect(function(plr,FullName)
	-- FullNameServer = the script that this player has
	local FullNameServer = ListClone[table.find(ListPlr,plr)]:GetFullName()
	
	--Does the path that came in match the one on the server
	if FullName == FullNameServer then
		Listok[table.find(ListPlr,plr)] = true
	else
		print("Script deleted")
		plr:Kick()
	end
end)

while not playerload do
	task.wait(0.1)
end

while task.wait(1) do
	--Changes the name (a kind of signal)
	code = HttpS:GenerateGUID(false)
	for i, obj in pairs(ListClone) do
		task.spawn(function()
			if Listdied[i] then return end -- If dead = do not perform
			obj.Name = code
			event.OnServerEvent:Wait()
			task.wait(0.1)
			obj.Parent = ListPlr[i].PlayerGui.Script:GetChildren()[math.random(1,10)]
			obj.Name = code
		end)
	end
	--It is necessary that it is not possible to delete "RemoteEvent"
	for i, ok in pairs(Listok) do
		task.spawn(function()
			if not ok then
				print("No response was received")
				ListPlr[i]:Kick()
			else
				if Listdied[table.find(Listok,ok)] then return end -- If dead = do not perform
				Listok[i] = false
			end
		end)
	end
end

--...
--Some kind of script

local event = game.ReplicatedStorage.RemoteEvent
script:GetPropertyChangedSignal("Name"):Connect(function()
	event:FireServer(script:GetFullName())
end)

--Some kind of script
--...

Demonstration of how the script works:

Yes, this will not protect the script in general, for it can simply be disabled, and artificially signal with its location.

If make it impossible to disable LocalScript, then it will be a protected local script.

But I spent 25+ hours on this(I tried a lot of different ways, but then I bypassed them myself, but I could not get around this), so I’ll tell you like everyone else - “Never trust the client”, the local script can not be fully protected, do checks on the server, and important things only on the server, the local script should be used at a minimum, only for things that can not be done on the server.

If you tell me that this can be circumvented (and demonstrate how), I will realize that I lost 25+ hours, and I will no longer try to protect what cannot be protected.
(Clarification) You must remove LocalScript, NOT disable it, exactly remove it. As I said above, of course, this protection does not - make sense/apply in the real game.
But the point is that under artificial conditions (condition - LocalScript can only be deleted) make it so that my protection no longer works

So the question is, does my script work, or can it be bypassed?
(Clarification) With the condition that you can not just turn off LocalScript(.Disabled = true – don’t use), you must specifically delete the script, and make sure that the server does not know about it (so you do not get kicked)

Why do I put these conditions?
Because as I said in the beginning, and in the title of topic - is to protect LocalScript from being deleted, but not from being turned off

Edit: I made a clarification, so there would be no misunderstandings

heres a thing, bypassing roblox exploits are very hard so every exploiter can find its way over there by returning results when indexed (or maybe in a different way), correct me if im wrong

i am not entirely sure if it can protect the script

y’know they can just use metatables to spoof its name for the localscript? then delete it safely

or inject the exact same.code with exact same name and delete the original one.

heres a thing; client anti exploits and client protections are useless, no matter how secure they are. use serverscripts instead.

You can riddle around all you want, exploiters can always manage to destroy your localscripts easily and, since that change won’t get replicated, the server won’t realize if they got deleted or not

I don’t really understand you, how can they delete the original, and put another script, but so to speak with the original index? Do they literally create a script on the client, and somehow upload it to the server in the guise of one of the scripts that are visible on the server?
In the video you can see that whatever I create duplicates the server will only refer to a particular script, because I made duplicates locally, the server only this script. But even when I started doing duplicates on the server, nothing has changed(Probably every object in roblox, has a unique hidden index)

Does this help?

--bypass
local event = game.ReplicatedStorage.RemoteEvent

script.Parent.LocalScript:Destroy()

event:FireServer("game.Players.commitblue.PlayerGui.Script.f1.LocalScript")

My point is, you shouldn’t try to make client anti exploits.

EDIT: edited the bypass a bit.

I don’t know if you read my post (it feels like no one read it, and only read the title)
But what you wrote will not work
At least read my script, the location of LocalScript changes constantly and randomly.
And read the post, because I wrote myself that this protection does not make sense, since the script can be simply deactivated.
But the bottom line is that I was able to create a protection against deletion LocalScript, although it makes no sense, as you can simply disable the script (and send the necessary data to the server)

@Jblocks12321
If you read the script, and the post, you will understand that it is impossible to send (object:GetFullName()) if you delete this object

Or rather, you’ll understand it when you try to do it.

@hatespine
Honestly, I don’t know what “replicate” means.
But that doesn’t change the fact that I was able to make a script that knows if LocaScript is deleted or not

if you don’t know what replicating/boundaries are, you shouldn’t be coding in the first place, exploiters can easily trick you

no lol, they can just delete all local scripts, including the one that searches for local script deletion

I know what it is, apparently I just don’t know the terminology.
And if you had just looked at how the script works(read it, which is what you should do before replying to the topic), you would have realized that I know it, and that’s what my script works on

You are now telling me the obvious, and trying to tell me something.
This would not be the case if, before replying, you had read the topic itself and scripts, not just title

Client side anti exploits never work (Unless you have access to the kernel, like easy anti cheat, but even then that doesn’t always work, but this is roblox so you do not)
The only way to detect exploits is through server code. You always have to assume that somehow someone has spoofed any client side data they send to the server and that it is not trustworthy. You have to assume someone has modified/deleted or injected code into your game. Exploiters can spoof information in this scenario to trick the server into thinking they are legit.
No. data. you. ever. receive. from. a. client. should. ever. be. trusted.
You cannot trust a client. Fullstop.
Client side anti exploits don’t work. That’s just how it is. I’ve been programming for 5+ years so I know a thing or two.

These are bypassed by an experienced cheater, you may be able to stop unexperienced but then you could just use a simple one. If you are making anything client sided it should maybe be some baits that ban them besides that don’t trust the client. Make a server sided one instead, I can let you read some of my server sided anti cheat code.

Explain at least somehow, or demonstrate how you can get(object:GetFullName()) if you deleted this object.
I created this topic for a reason, I was trying to do it, but it didn’t work, which led me to conclude that this is the perfect protection

In this case there is nothing to protect/verify, it is an empty script, the point of which is to demonstrate that it cannot be deleted, deactivate - yes, delete - no

I do not have a game that needs Anti cheat code.
I create, but there are all the scripts on the server, so far local did not have to create.
This topic, my 25+ hours of excrement with LocalScript, and so far the experiments have ended at least a little bit successfully

This still can be deleted, they can send their own remotes. Though this is great for possibly stopping script kiddies

As I answered everyone above:
impossible to send (object:GetFullName()) if you delete this object
I created this topic for a reason, I was trying to do it, but it didn’t work, which led me to conclude that this is the perfect protection

I see your purpose here. Though, they could keep their humanoid deleted, and also this with more then one script wouldn’t work too well.

Another thing to add, why would you protect the script? Exploiters can hookfunctions and metatables and change what functions do. On top of that they could disable the script, but create their own that is sending the name over even though it is disabled. And they can do this simultaneously.

Good luck with this, cool idea in though definitely will stop non experienced exploiters, but say it was to be a game, once one script gets released to pass it, everyone has it.

Yes this defense does not stop anyone, maximum as you said “script kiddies”
This protection does not make sense to apply in the real game, because:

1. we disable LocalScript
2. we send to the server (LocalScript:GetFullName())
   code example:

local Lscript = game.Players.LocalPlayer.PlayerGui.Script:GetChildren()
local event = game.ReplicatedStorage.RemoteEvent

local a
workspace:IsA()
for _, obj in pairs() do
	if obj:IsA("LocalScript") then
		a = obj
	end
end

a.Disabled = true

a.Changed:Connect(function() 
	event:FireServer(a:GetFullName())
end)

As I said, this is purely an experiment.
And although the LocalScript can’t be removed. That doesn’t make sense.