getnilinstances() is a function used by exploiters. It basically gets a list of everything that is well, set to nil
And getfenv() gets the current function’s environment “env” which is basically all the global variables in a script including game, workspace, and every global variable you set (i.e. myVar = 1). However keep in mind that you can also use it to get the global variables of functions too
so using getfenv will look for global variables, and how should I use that to help?
@TheRealANDRO mentioned that exploiters can set the values to nil therefore making them undetectable to us, the developers. And if there is a way, I’m unaware of it.
The client is outta your control basically like he mentioned
so the best way, is to set the global varibles that are unrecognized to nil? to hopefully break some parts
Wait no no no I was just saying that the exploiters can do that to hide their tracks.
Here’s a good post
ohhh, make sense. But what are ways that will help me detect an exploiter, like for example checking if the memory is high (I don’t rely on it much I only do a kick for it considering that it could just be someones device)
Well yes that could indicate that the player is actually exploiting but you will get a lot of false positives from non explorers due to their device
nvm
Do you have any other ways to indicate someone is exploiting, like I mentioned I want to mainly go into the more advanced ways, I mean understanding how exploits work is a good thing I also want to know
Uhh well you could try checking a player’s speed to see if the distance they traveled is sane for their speed unless you have some sorta mechanic that boosts the player.
You basically use this formula: speed = distance/time.
How would you use this? You basically check every interval (for example 5 seconds) and save their position in a table or something (ON THE SERVER). Then if there is a value before it in the table, then you use the formula and determine if the speed is similar or the same as their speed.
local t = {
-- add players to this table when they join
}
coroutine.wrap(function()
task.wait(5)
table.insert(t[Player.Name], Character.HumanoidRootPart.Position)
if #t[Player.Name] > 1 then
-- do math which I’ll add soon
-- nvm cuz OP doesn’t want it
end
end)()
I forgot to say thank you, so sorry
Could you provide an example of what you’re looking for?
types* I meant types, I was looking for a general all around anti-cheat, that is not the basic anti-speed, anti-fly etc. I want one that can at least somewhat detect injects and use styles of anti-cheat barley used, and more robust ones
I forgot to mention I also want information on the exploit creation process and how injectors, work and how they are bypassing current anti-cheats
Well I don’t really know any ways of detecting injects, i have looked into that before but failed. Even if I did know I wouldn’t share it because if I did, then it would get patched like really fast because exploiters sometimes linger around here in secret (or someone announces it).
There are some on the DevForum here but they’ve all already got patched
You could search it up or look at some documentation on it. I’m not really 100% sure about this too.
yeah, I guess but everything has to constantly evolve does it not?
But do you have any good resources for me? Since it seems you have looked into the topic a lot
Well yeah but the thing is that I came to a conclusion when I was doing that research (a couple months ago). And that is that it’s really, really, really hard to detect an injection / attachment. Why is that? It’s because most of the time, the exploiting GUIs are inserted into the CoreGui which we as developers cannot access because our scripts don’t have a high enough Level to access it which I’m pretty sure is for security purposes.
There are probably many hacky undiscovered ways to detect them but I assume that many have already been discovered and been patched
that honestly sucks for us, but if we can’t access Roblox should hire a team of actual Roblox developers, like big game ones to make anti-cheats for us. There is def a bypass to it but it would involve the developer having to do hacky stuff
Well there is a way to make CoreGui scripts of your own BUT it would be against ToS to do so (it’s a hacky way)
dang, can I know I don’t wanna use it but its good to know everything I can, also as I asked before is there any tell tale signs someone is hacking like high memory usage?