Weird. I have the instructions. Clicked the link, scrolled down a little bit, and:
Theres also stuff further below about the API.
Theres also stuff further below about the API.
Oof, I was looking at the Github source page and not the installation page lol
you can easily bypass this with just changing your walkspeed without any bypass code?
If you change walkspeed server sided, it will of course update the check. This anti-speed check works via checking magnitude, although I do plan on implementing a velocity check soon to be more precise.
If it checks the position of the player from the last frame versus the current frame, then something’s VERY wrong.
I’d disagree, this can be easily bypassed and could result in memory leaks on the server (not significant enough though), the player could use a function hook so they can wait before returning a value and, they could even spoof values returned, I’d recommend using Player:GetNetworkPing() instead, unfortunately, I don’t know how this has been implemented and don’t know how secure it is from being spoofed (it’s almost certainly more secure than using remote events since Roblox could just ping your public ip; you’d actually have to modify your router settings or intercept packets to spoof your ping or they could also ping your ISP instead).
Also, I looked through some of your code and, this loop isn’t being terminated when a player leaves
; it will be run indefinitely and result in memory leaks + lag considering you’re using a while true do loop for each player, I’d highly recommend having a single loop which loops through a list of players rather than having a loop (or several loops) per player.
this is also the case with your speed check sub module
While these checks (below) will stop most inexperienced exploiters (assuming they’re trying to actually make scripts), they can be “bypassed” with ease by using simple metamethod and function hooks
Some of your code is actually really good though,
I’d recommend using variables though and a single function which can be reused (e.g. PlayerAdded).
4 Likes
Alright, this version supports auto updating so I can easily update it, thanks for the tip!
Velocity checks make vehicles unusable. You have no anti-fly, and most of your features require a client. This isn’t that great of an anti-cheat. You should use humanoid.Running instead of your velocity checks.
1 Like
You realize the client handles the humanoid of their own character, therefore the client fires the .Running event? So, they can just stop the event from firing or just spoof the speed argument of the event?
I have made an anti cheat using .Velocity and i already made an exploit to be able to speed hack by changing the position and not the velocity or walkspeed
i don’t recommend using velocity
If this AntiCheat gets better and better maybe add a Webhook thingy to log stuff?
I’ve reviewed some of your code:
- Your hitbox expanding is easily bypassed using metatables
- Anti script injection is bypassable since memory can be spoofed
- Speed can also be bypassed, easily.
I didn’t test ping check… thoe
overall this anti exploit/cheat can easily be bypassed; please test your methods before releasing.
I am not trying to be rude with the stuff above
1 Like
What does the UI look like? Also, how does the screen watch feature work?
As a “Security expert” aka someone with common sense.
If the exploiter finds the correct amount of time you have to do to ping the server back then it can be bypassed. And yes, they will put their time to do that.
This is why you can’t say “My anti-cheat is better than others” because it can’t be better than others on Roblox.
Go to “Configuration” then “Admin” and add your name or ID just like this:
Then you need to publish to Roblox, and then you have to need to type in chat: “!anticheat” or something near that because mine is set on “!ac” and if you put a username in it that is in the game right now you can select screen watch and watch him or her where he or she looks and what he or she is doing right now. (You can’t see their GUI’s)
Instead of stopping all movement, like shown in your Speed check module,
char.PrimaryPart.Anchored = true
char:PivotTo(CFrame.new(currentPos))
delay(mainWaitTime/4,function()
char.PrimaryPart.Anchored = false
end)
You can instead do something like this:
HumanoidRootPart:SetNetworkOwner(nil)
task.wait(4)
HumanoidRootPart:SetNetworkOwner(Player)
This way, the player will still be able to move however all the movement will be calculated on the server until you return NetworkOwnership. I don’t know if executors have the power to regrant themselves ownership, if so, you can just check every frame to see if they have ownership when they aren’t supposed to and then just repunish them.
1 Like
Ive always wondered about how to test anti script injection stuff without getting on a alt and getting synapse or something and 90 cryptominers on your pc
Same here, this is why I specified I did not test anti script injection, I don’t own any injectors.
One hypothetical way would be to use a VM (you won’t be able to simulate everything an exploit will be able to do unfortunately though).