Looking for a deep dive into exploit creation, and therefore prevention

yeah, I guess but everything has to constantly evolve does it not?

But do you have any good resources for me? Since it seems you have looked into the topic a lot

Well yeah but the thing is that I came to a conclusion when I was doing that research (a couple months ago). And that is that it’s really, really, really hard to detect an injection / attachment. Why is that? It’s because most of the time, the exploiting GUIs are inserted into the CoreGui which we as developers cannot access because our scripts don’t have a high enough Level to access it which I’m pretty sure is for security purposes.

There are probably many hacky undiscovered ways to detect them but I assume that many have already been discovered and been patched

1 Like

that honestly sucks for us, but if we can’t access Roblox should hire a team of actual Roblox developers, like big game ones to make anti-cheats for us. There is def a bypass to it but it would involve the developer having to do hacky stuff

1 Like

Well there is a way to make CoreGui scripts of your own BUT it would be against ToS to do so (it’s a hacky way)

1 Like

dang, can I know I don’t wanna use it but its good to know everything I can, also as I asked before is there any tell tale signs someone is hacking like high memory usage?

Yeah here but don’t use it

1 Like

Probably you might have to do a little digging unless it’s a post someone posted on mine

1 Like

I won’t thanks though, I am hoping this will give me a bit of insight on how hackers do that. But techincally if it is a core gui I could brute force disable it correct? Like how you would disable the inventory for example, all I need is the name of the core guy

1 Like

You can check these patched exploit detections that will kinda give you an idea of how they can be detected:

2 Likes

If you’re wondering what MessageBusService is, it’s basically a secure version of MessagingService for Roblox scripts. Sadly I’m pretty sure you can’t reference it anymore (or maybe you were never able to)

would this work? or nah because if it does it may take a few minutes but that’s a few minutes to detect for like days of anti-exploit yk

Ehhh no yeah no it wouldn’t work. You cant really reference anything that is parented under CoreGui.

Like right now if you tried to get the name of something parented under CoreGui (CoreGui.thisthing.Name) it would give you an error telling you that your script is lacking permission

Yes it’s really hard to detect an injection practically almost impossible

1 Like

I mean like, how you would disable the inventory or leaderboard yk

Nope still wouldn’t work because you can’t really modify or access the properties of anything under the CoreGui with a script, at least our “low level” scripts

1 Like

dang so I couldn’t use something like

game.StarterGui:SetCoreGuiEnabled(Enum.CoreGuiType.PlayerList, false)

Nope ya cant cuz Roblox only gives you a small list of Enum.CoreGuiTypes you can Enabled and Disable

1 Like

Makes sense, I mean we deserve more power, or set some whitelist to give some people higher level scripts :confused:

Well with higher level scripts, devs could do some really shady stuff like getting rid of the leave button, etc.

And really it’s basically now like I said earlier almost if not impossible since the exploiter has FULL CONTROL over their client. You cant detect the other windows they have open in the background or their files.

But at least Synapse is now partnering with Roblox which means that it’ll be harder to exploit.

ok I gotta go now since it’s Christmas tmmr and it’s night time for me.

Merry Christmas if you celebrate it

1 Like

The leave button isn’t much of an issue in my eyes since it is bypassable yk, but Roblox should keep the leave button as a constant like no matter what you can’t delete it the same way on how some server sided anti-cheats keep their client-sided one on the client at all times. Also the shady stuff is the reason there should be a whitelist

but gn

1 Like

what does remotespy do, and how would it counter it?

1 Like