Is this a working protection of the LocalScript from deletion?

Yes, if it’s in a local script they have full control of the code

Also they can change the information of the remote event being fired, so it’ll be bypassed

It will be like the remote event never even fired and then they will delete without getting kicked.

Yes, it is possible, I will not explain how, but I managed to delete the script, even before it is loaded
(or rather literally, as soon as the script is loaded, immediately disable/delete it)
But in my case, the player gets kicked, because every second there is a check if the data was sent. and since the script/event was deleted, the player gets kicked

Yes cool, but not in my case.
Please read the script!
BECAUSE, as I said above, if the server will not receive information, the player will be kicked!

But it can receive the wrong information

Well, yes, I don’t argue.
But what does this have to do with my idea?
That the LocalScript can not be removed

If it’s the wrong information, the local script can get replaced without the server knowing. The client can never be trusted and I’m not the first to say this nor will I be the last. I’m sorry, but no local script is safe from exploiters.

1 Like

If you define “replaced” as disabling the original, and sending data by the fake script, then it will work.
And if by replaced to define the removal of the original, and sending data fake, it will not work.
Are you kidding me? why are you telling me this, I already told you about it
READ my quote, and don’t tell me again that the script can just be disabled, you’re bored and trolling me?

this won’t work, exploits run on the client and some are explicitly made to bypass all security (eg. synapse X which runs even higher priority then coregui)

you cannot circumvent exploits like this, the only basic thing you can do to protect your game is velocity detectors, checking remote events to see if their actually the correct values, and moderators ofcourse

tl;dr:

it can be bypassed easily. (exploiters can delete the localscript that does this along with the other localscripts, which will only be on their side, not the server, you can’t detect this)

1 Like

I’m tired of answering people like you, who are too lazy to read and understand how it works. Throw here a video/script, where you very easily bypassed my protection
(of removing the local script without getting kicked out.)

Correct me if I’m wrong but you’re checking for the name of the local script?

Well, you could open the studio, and find out what the command is all about:
:GetFullName()

other words - get the full path
example:
game.Players.LocalPlayer.PlayerGui.Script.f1.name

i’d rather not openly exploit just to prove someone wrong on the internet, why are you even creating this in the first place? what would it even do?

1 Like

I think you don’t know how roblox studio work
Why use cheats to prove something? Create a local script in the game itself, and show the workaround

Video

I will not answer these silly questions, for the answer to them, I gave 100 times, but you are too lazy to read, you just want something to answer and say: “It does not work”
And prove that the protection does not work you are not able to

This thread was hard to read.

This is a pretty clever approach, I like it. I think the best way to bypass it is to edit the local script, which is possible but not easy. This is the sort of thing hackers outside of Roblox do all the time, finding a single string of bytecode that detects hacking and disabling it. It’s not as easy when it’s Lua based unless the hacker has experience with how Lua is integrated into systems. I honestly don’t think anyone will take the time. Most likely they’ll work on easier hacks and ones your script won’t detect, such as external RemoteEvent handling or finding out if they can increase the range on their gun without you finding out (they can, but not if it’s server verified as well)

That said, I don’t think it’s worth it. Pretty much everything can be fixed with server-sided anti-exploits.

2 Likes

it’s easy, dex explorer has a built in executor, remote event fire-er, and a script editor (which can edit live scripts)

Not surprising. It’s been a few years since the bytecode update. I don’t keep up with Roblox security much anymore, but last time I did nobody had yet made a decompiler. I am a little surprised though because I was under the impression that the number of bytes in a script had to remain the same for simple edits, and that was where I was placing my confidence that it was difficult. I wonder if these editors are able to relocate the script in memory. That would be pretty cool for a little Roblox hack

1 Like

I don’t quite understand why this particular local script needs to be edited? It’s empty, and it just sends its location.
Basically, there’s 1 thing to accomplish:
That the object:GetFullName() command would work after deleting this object (more specifically, that it would be possible to know where the object is now, even though the object was deleted)
And if it succeeds, then that would mean that my protection doesn’t work.
Even if after some time, no one will not say how to bypass this protection, then at the moment from this protection does not make sense in the real game.
Maybe in the future Roblox will add/modify something and this protection will make sense

I think you somewhat missed the point:

They can do anything they want with their own copy of your local scripts. If you have a remote that pings the client for a response so the server will know it’s deleted, the client can rehook that and spoofing it by providing it with the “original” details. That way it renders it completely useless. And the worst part is, is that you can’t detect it.

1 Like

I was well aware of this.
But my script is designed in such a way that if the LocalScript is deleted, the server will detect it with a 100% chance
I left the game file, you can open it and see for yourself.
After you delete the original LocalScript, and try to send the right data to the server, the server will realize that the original was deleted.

That isn’t how it works.

Exploiters can rehook the function to a “dummy” function which keeps the server updated, instantaneously.

The server has to rely on the client for any client related information. That being said, the client can abuse this form of power regardless how safe you think you may have made this.

I recommend reading about metatables and the client server modal.

1 Like