Yes, it is possible, I will not explain how, but I managed to delete the script, even before it is loaded
(or rather literally, as soon as the script is loaded, immediately disable/delete it)
But in my case, the player gets kicked, because every second there is a check if the data was sent. and since the script/event was deleted, the player gets kicked
Yes cool, but not in my case.
Please read the script!
BECAUSE, as I said above, if the server will not receive information, the player will be kicked!
But it can receive the wrong information
Well, yes, I donāt argue.
But what does this have to do with my idea?
That the LocalScript can not be removed
If itās the wrong information, the local script can get replaced without the server knowing. The client can never be trusted and Iām not the first to say this nor will I be the last. Iām sorry, but no local script is safe from exploiters.
1 Like
If you define āreplacedā as disabling the original, and sending data by the fake script, then it will work.
And if by replaced to define the removal of the original, and sending data fake, it will not work.
Are you kidding me? why are you telling me this, I already told you about it
READ my quote, and donāt tell me again that the script can just be disabled, youāre bored and trolling me?
this wonāt work, exploits run on the client and some are explicitly made to bypass all security (eg. synapse X which runs even higher priority then coregui)
you cannot circumvent exploits like this, the only basic thing you can do to protect your game is velocity detectors, checking remote events to see if their actually the correct values, and moderators ofcourse
tl;dr:
it can be bypassed easily. (exploiters can delete the localscript that does this along with the other localscripts, which will only be on their side, not the server, you canāt detect this)
1 Like
Iām tired of answering people like you, who are too lazy to read and understand how it works. Throw here a video/script, where you very easily bypassed my protection
(of removing the local script without getting kicked out.)
Correct me if Iām wrong but youāre checking for the name of the local script?
Well, you could open the studio, and find out what the command is all about:
:GetFullName()
other words - get the full path
example:
game.Players.LocalPlayer.PlayerGui.Script.f1.name
iād rather not openly exploit just to prove someone wrong on the internet, why are you even creating this in the first place? what would it even do?
1 Like
I think you donāt know how roblox studio work
Why use cheats to prove something? Create a local script in the game itself, and show the workaround
Video
I will not answer these silly questions, for the answer to them, I gave 100 times, but you are too lazy to read, you just want something to answer and say: āIt does not workā
And prove that the protection does not work you are not able to
This thread was hard to read.
This is a pretty clever approach, I like it. I think the best way to bypass it is to edit the local script, which is possible but not easy. This is the sort of thing hackers outside of Roblox do all the time, finding a single string of bytecode that detects hacking and disabling it. Itās not as easy when itās Lua based unless the hacker has experience with how Lua is integrated into systems. I honestly donāt think anyone will take the time. Most likely theyāll work on easier hacks and ones your script wonāt detect, such as external RemoteEvent handling or finding out if they can increase the range on their gun without you finding out (they can, but not if itās server verified as well)
That said, I donāt think itās worth it. Pretty much everything can be fixed with server-sided anti-exploits.
2 Likes
itās easy, dex explorer has a built in executor, remote event fire-er, and a script editor (which can edit live scripts)
Not surprising. Itās been a few years since the bytecode update. I donāt keep up with Roblox security much anymore, but last time I did nobody had yet made a decompiler. I am a little surprised though because I was under the impression that the number of bytes in a script had to remain the same for simple edits, and that was where I was placing my confidence that it was difficult. I wonder if these editors are able to relocate the script in memory. That would be pretty cool for a little Roblox hack
1 Like
I donāt quite understand why this particular local script needs to be edited? Itās empty, and it just sends its location.
Basically, thereās 1 thing to accomplish:
That the object:GetFullName() command would work after deleting this object (more specifically, that it would be possible to know where the object is now, even though the object was deleted)
And if it succeeds, then that would mean that my protection doesnāt work.
Even if after some time, no one will not say how to bypass this protection, then at the moment from this protection does not make sense in the real game.
Maybe in the future Roblox will add/modify something and this protection will make sense
I think you somewhat missed the point:
They can do anything they want with their own copy of your local scripts. If you have a remote that pings the client for a response so the server will know itās deleted, the client can rehook that and spoofing it by providing it with the āoriginalā details. That way it renders it completely useless. And the worst part is, is that you canāt detect it.
1 Like
I was well aware of this.
But my script is designed in such a way that if the LocalScript is deleted, the server will detect it with a 100% chance
I left the game file, you can open it and see for yourself.
After you delete the original LocalScript, and try to send the right data to the server, the server will realize that the original was deleted.
That isnāt how it works.
Exploiters can rehook the function to a ādummyā function which keeps the server updated, instantaneously.
The server has to rely on the client for any client related information. That being said, the client can abuse this form of power regardless how safe you think you may have made this.
I recommend reading about metatables and the client server modal.
1 Like
Okay, cheaters can send the needed data through the fake (new) Local Script.
But how can they send the needed data if they delete my original script?
The client will not send me the data I need if they delete the original script.
Iām beginning to guess that you havenāt even read my scripts, but youāre already starting to say they donāt work.
Read what the local script sends, and what the server does, and you understand that this protection is not bypassed.
And if you say that it is possible to bypass it, be kind enough to explain how, and not in words (ācheaters can do anythingā), but with examples in the form of lines of code.
And you do not need to have a cheat to try to bypass my protection, hereās a video where I clearly showed that you can just create a script in the studio itself, and there try to bypass.