The client is in control on localscripts, which means they can just stop it from running (or never run certain parts of it) and make the server think it still is because the server needs to ask the client.
The client can stop replicating data of it’s own accord.
This is apparently really easy to do with function hooking, where everytime the localscript tries to call a function, the call gets redirected to one the exploiter defined.
Btw, I’ve heard that there are hacks that delete local scripts before the event even fires
The server sends the client the localscripts data, so the client doesn’t know any localscripts exist before the server sends it to it, not to mention players can’t join a server before it’s loaded.
Sorry I meant to say the firing of the event
So it’s still just “.Disable = true”
because the script will disable on the client, but not on the server
That is, the client can literally know what is currently running in the local script, and when, say, there will be this line of code
--Original local script
local x = 1
local function xadd()
x += 1
end
xadd()
print(x) --because the fake code will be triggered, the output will be 0
--Fake code
if xadd() then
function xadd()
x -= 1
end
end
the fake code will be executed?
Yes, if it’s in a local script they have full control of the code
Also they can change the information of the remote event being fired, so it’ll be bypassed
It will be like the remote event never even fired and then they will delete without getting kicked.
Yes, it is possible, I will not explain how, but I managed to delete the script, even before it is loaded
(or rather literally, as soon as the script is loaded, immediately disable/delete it)
But in my case, the player gets kicked, because every second there is a check if the data was sent. and since the script/event was deleted, the player gets kicked
Yes cool, but not in my case.
Please read the script!
BECAUSE, as I said above, if the server will not receive information, the player will be kicked!
But it can receive the wrong information
Well, yes, I don’t argue.
But what does this have to do with my idea?
That the LocalScript can not be removed
If it’s the wrong information, the local script can get replaced without the server knowing. The client can never be trusted and I’m not the first to say this nor will I be the last. I’m sorry, but no local script is safe from exploiters.
If you define “replaced” as disabling the original, and sending data by the fake script, then it will work.
And if by replaced to define the removal of the original, and sending data fake, it will not work.
Are you kidding me? why are you telling me this, I already told you about it
READ my quote, and don’t tell me again that the script can just be disabled, you’re bored and trolling me?
this won’t work, exploits run on the client and some are explicitly made to bypass all security (eg. synapse X which runs even higher priority then coregui)
you cannot circumvent exploits like this, the only basic thing you can do to protect your game is velocity detectors, checking remote events to see if their actually the correct values, and moderators ofcourse
tl;dr:
it can be bypassed easily. (exploiters can delete the localscript that does this along with the other localscripts, which will only be on their side, not the server, you can’t detect this)
I’m tired of answering people like you, who are too lazy to read and understand how it works. Throw here a video/script, where you very easily bypassed my protection
(of removing the local script without getting kicked out.)
Correct me if I’m wrong but you’re checking for the name of the local script?
Well, you could open the studio, and find out what the command is all about:
:GetFullName()
other words - get the full path
example:
game.Players.LocalPlayer.PlayerGui.Script.f1.name
i’d rather not openly exploit just to prove someone wrong on the internet, why are you even creating this in the first place? what would it even do?
I think you don’t know how roblox studio work
Why use cheats to prove something? Create a local script in the game itself, and show the workaround
I will not answer these silly questions, for the answer to them, I gave 100 times, but you are too lazy to read, you just want something to answer and say: “It does not work”
And prove that the protection does not work you are not able to
This thread was hard to read.
This is a pretty clever approach, I like it. I think the best way to bypass it is to edit the local script, which is possible but not easy. This is the sort of thing hackers outside of Roblox do all the time, finding a single string of bytecode that detects hacking and disabling it. It’s not as easy when it’s Lua based unless the hacker has experience with how Lua is integrated into systems. I honestly don’t think anyone will take the time. Most likely they’ll work on easier hacks and ones your script won’t detect, such as external RemoteEvent handling or finding out if they can increase the range on their gun without you finding out (they can, but not if it’s server verified as well)
That said, I don’t think it’s worth it. Pretty much everything can be fixed with server-sided anti-exploits.
it’s easy, dex explorer has a built in executor, remote event fire-er, and a script editor (which can edit live scripts)