Looking for a deep dive into exploit creation, and therefore prevention

Nope still wouldn’t work because you can’t really modify or access the properties of anything under the CoreGui with a script, at least our “low level” scripts

1 Like

dang so I couldn’t use something like

game.StarterGui:SetCoreGuiEnabled(Enum.CoreGuiType.PlayerList, false)

Nope ya cant cuz Roblox only gives you a small list of Enum.CoreGuiTypes you can Enabled and Disable

1 Like

Makes sense, I mean we deserve more power, or set some whitelist to give some people higher level scripts :confused:

Well with higher level scripts, devs could do some really shady stuff like getting rid of the leave button, etc.

And really it’s basically now like I said earlier almost if not impossible since the exploiter has FULL CONTROL over their client. You cant detect the other windows they have open in the background or their files.

But at least Synapse is now partnering with Roblox which means that it’ll be harder to exploit.

ok I gotta go now since it’s Christmas tmmr and it’s night time for me.

Merry Christmas if you celebrate it

1 Like

The leave button isn’t much of an issue in my eyes since it is bypassable yk, but Roblox should keep the leave button as a constant like no matter what you can’t delete it the same way on how some server sided anti-cheats keep their client-sided one on the client at all times. Also the shady stuff is the reason there should be a whitelist

but gn

1 Like

what does remotespy do, and how would it counter it?

1 Like

Any exploiter who knows what they’re doing will definitely be using something like Dex Explorer and will be able to see all of your boolvalues, remoteevents, remotefunctions, player attributes, serverscript names, part names / locations, and local scripts.

A remote spy is a little gui (can be printed out through console) that shows exploiters all of the remoteevents firing in your game, so for example if you have a remoteevent to award xp an exploiting can see that make reverse engineer a 3 line piece of code and add a while wait() do loop to give themselves unlimited xp.

In my opinion the 2 best ways of countering exploiters is to encrypt all of your remoteevents so they’re unreadable / usable and to detect suspicious player activity and report it to an admin discord / chat of some kind.

Although all of the worst exploits that you see on youtube are done through backdoors, which are basically tiny bits of code in serverscripts that can get snuck into your game through things like infected free models, plugins, or other people with studio access. These give selected exploiters total control over every part of your game and they can basically do anything.

1 Like

RemoteSpy is an exploit that allows you to basically “spy” on remotes.
You can see the data being sent and received, you can read the data, you can modify the data, etc. It’s an advanced tool experienced exploiters use to create exploits that can give them an advantage on the server side of things.

1 Like

How would you encrypt it? Do you have any examples

How would u encrypt the remote events?

1 Like

I have already asked that question lol

Another thing you could do is make remoteevents appear as something like “ge678erg679878e6GERT35Y434==-=-23rr23@RT” when they’re used.

I will look into that video thanks

Thank you so much for sending this video, now I know about GnomeCode which lead me to watching his videos and now i understand collection service lol