Looking for a deep dive into exploit creation, and therefore prevention

Help and Feedback Scripting Support
, , ,
#21

Do you have any other ways to indicate someone is exploiting, like I mentioned I want to mainly go into the more advanced ways, I mean understanding how exploits work is a good thing I also want to know

#22

Uhh well you could try checking a player’s speed to see if the distance they traveled is sane for their speed unless you have some sorta mechanic that boosts the player.

You basically use this formula: speed = distance/time.

How would you use this? You basically check every interval (for example 5 seconds) and save their position in a table or something (ON THE SERVER). Then if there is a value before it in the table, then you use the formula and determine if the speed is similar or the same as their speed.

local t = {
-- add players to this table when they join
}

coroutine.wrap(function()
task.wait(5)
table.insert(t[Player.Name], Character.HumanoidRootPart.Position)

if #t[Player.Name] > 1 then
     -- do math which I’ll add soon
     -- nvm cuz OP doesn’t want it
end

end)()
1 Like
#24

I forgot to say thank you, so sorry

1 Like
#25

Could you provide an example of what you’re looking for?

1 Like
#26

types* I meant types, I was looking for a general all around anti-cheat, that is not the basic anti-speed, anti-fly etc. I want one that can at least somewhat detect injects and use styles of anti-cheat barley used, and more robust ones

1 Like
#27

I forgot to mention I also want information on the exploit creation process and how injectors, work and how they are bypassing current anti-cheats

1 Like
#28

Well I don’t really know any ways of detecting injects, i have looked into that before but failed. Even if I did know I wouldn’t share it because if I did, then it would get patched like really fast because exploiters sometimes linger around here in secret (or someone announces it).

There are some on the DevForum here but they’ve all already got patched

You could search it up or look at some documentation on it. I’m not really 100% sure about this too.

1 Like
#29

yeah, I guess but everything has to constantly evolve does it not?

But do you have any good resources for me? Since it seems you have looked into the topic a lot

#30

Well yeah but the thing is that I came to a conclusion when I was doing that research (a couple months ago). And that is that it’s really, really, really hard to detect an injection / attachment. Why is that? It’s because most of the time, the exploiting GUIs are inserted into the CoreGui which we as developers cannot access because our scripts don’t have a high enough Level to access it which I’m pretty sure is for security purposes.

There are probably many hacky undiscovered ways to detect them but I assume that many have already been discovered and been patched

1 Like
#31

that honestly sucks for us, but if we can’t access Roblox should hire a team of actual Roblox developers, like big game ones to make anti-cheats for us. There is def a bypass to it but it would involve the developer having to do hacky stuff

1 Like
#32

Well there is a way to make CoreGui scripts of your own BUT it would be against ToS to do so (it’s a hacky way)

1 Like
#33

dang, can I know I don’t wanna use it but its good to know everything I can, also as I asked before is there any tell tale signs someone is hacking like high memory usage?

#34

Yeah here but don’t use it

1 Like
#35

Probably you might have to do a little digging unless it’s a post someone posted on mine

1 Like
#36

I won’t thanks though, I am hoping this will give me a bit of insight on how hackers do that. But techincally if it is a core gui I could brute force disable it correct? Like how you would disable the inventory for example, all I need is the name of the core guy

1 Like
#37

You can check these patched exploit detections that will kinda give you an idea of how they can be detected:

2 Likes
#38

If you’re wondering what MessageBusService is, it’s basically a secure version of MessagingService for Roblox scripts. Sadly I’m pretty sure you can’t reference it anymore (or maybe you were never able to)

#39

would this work? or nah because if it does it may take a few minutes but that’s a few minutes to detect for like days of anti-exploit yk

#40

Ehhh no yeah no it wouldn’t work. You cant really reference anything that is parented under CoreGui.

Like right now if you tried to get the name of something parented under CoreGui (CoreGui.thisthing.Name) it would give you an error telling you that your script is lacking permission

Yes it’s really hard to detect an injection practically almost impossible

1 Like
#41

I mean like, how you would disable the inventory or leaderboard yk