Making an AI Script non-hackable and formatted

imnotaguest1121 · May 22, 2024, 6:39pm

Hello there!

I’m currently done making a script for an enemy that hops slowly towards a player and explodes when near said player or dying. The issues however are that:

Hackers can take control of the NPC and modify it to their will.
The formatting is mediocre, especially around the chasing part.

How can I fix the two things above?

--//NPC\\--
local NPC = script.Parent
local RootPart  = NPC:WaitForChild("HumanoidRootPart")
local Humanoid = NPC:WaitForChild("Humanoid")
--//Services\\--
local Players = game:GetService("Players")
--//Chasing\\--
--Pathfinding
local function FindTarget()
	local players = {}
	local Nearest = math.huge
	local Target = nil
	
	for _, player in pairs(Players:GetPlayers()) do
		local character = player.Character or player.CharacterAdded:Wait()
		
		local Magnitude = (NPC.HumanoidRootPart.Position - character.PrimaryPart.Position).Magnitude
		if Magnitude <= Nearest then
			table.insert(players,{
				Magnitude = Magnitude,
				Player = player
			})
		end
	end
	
	for _, Entry in pairs(players) do
		local Mag = Entry.Magnitude
		local Plr = Entry.Player
		if Mag <= Nearest then
			Nearest= Mag
			Target = Plr
		end
	end
	
	return Target
end
--Chase
local DeathCoro = coroutine.create(function()
	local AlreadyExploded = false
	if NPC.Parent == workspace then
		NPC.HumanoidRootPart.EmitSound:Play()
		repeat
			task.wait()
		until Humanoid.Health <= 1 and not AlreadyExploded
		--Explode
		NPC.Head.Transparency = 1
		AlreadyExploded = true
		NPC.HumanoidRootPart.EmitSound:Stop()
		NPC.HumanoidRootPart.Explosion:Play()

		local Hits = {}

		local Explosion = Instance.new("Explosion",NPC.HumanoidRootPart)
		Explosion.DestroyJointRadiusPercent = 0
		Explosion.BlastRadius = 10
		Explosion.Position = NPC.HumanoidRootPart.Position

		Explosion.Hit:Connect(function(OnHit)
			local CheckIfPlayer = Players:GetPlayerFromCharacter(OnHit.Parent)
			if CheckIfPlayer and not Hits[CheckIfPlayer] then
				Hits[CheckIfPlayer] = true

				local Hum = CheckIfPlayer.Character:FindFirstChildWhichIsA("Humanoid")
				Hum:TakeDamage(300)
				task.wait(1)
				Hits[CheckIfPlayer] = false
			end
		end)

		game:GetService("Debris"):AddItem(NPC,3)
	end
end)
coroutine.resume(DeathCoro)

task.wait(5)
local AboutToExplode = false
while task.wait() and not AboutToExplode do
	local Player = FindTarget()
	if Player == nil then
		return
	end
	local Plr_Char = Player.Character or Player.CharacterAdded:Wait()
	--//Chasing
	--Making it so it turns at the player
	local Reference = Vector3.new(Plr_Char.PrimaryPart.Position.X, NPC.PrimaryPart.Position.Y,  Plr_Char.PrimaryPart.Position.Z)
	NPC.HumanoidRootPart.CFrame = CFrame.new(NPC.PrimaryPart.Position,Reference)
	--Actually chasing
	Humanoid.Jump = true
	Humanoid:Move(RootPart.CFrame.LookVector * 30)
	if Humanoid:GetState() == Enum.HumanoidStateType.Landed then
		Humanoid:Move(Vector3.new(0,0,0))
		task.wait(3)
	end
	--Exploding near a player
	local FlashWarnTime = 1
	local NearPlayer = coroutine.create(function()
		local Mag = (NPC.PrimaryPart.Position - Plr_Char.PrimaryPart.Position).Magnitude
		if Mag <= 12 and not AboutToExplode then
			AboutToExplode = true
			Humanoid:Move(Vector3.new(0,0,0))
			
			local FlashWarn = coroutine.create(function()
				RootPart.PointLight.Enabled = true
				task.wait(FlashWarnTime)
				RootPart.PointLight.Enabled = false
				task.wait(FlashWarnTime)
			end)
			coroutine.resume(FlashWarn)
			
			repeat
				RootPart.EmitSound.PlaybackSpeed += 1
				FlashWarnTime -= 0.1
				task.wait(0.1)
			until RootPart.EmitSound.PlaybackSpeed == 5
			task.wait(2.5)

			Humanoid.Health = 0
		end
	end)
	coroutine.resume(NearPlayer)
end

Scottifly · May 22, 2024, 7:27pm

I’m guessing you’re doing this on the client instead of the server?

If server scripts are controlling the NPCs Position then I don’t think hackers should be able to change it.

imnotaguest1121 · May 22, 2024, 9:01pm

Ah, well it’s a server script. But wouldn’t there still be a chance for them to be able to do so?

thyswedishviking · May 22, 2024, 9:09pm

There’s only a handful of ways for a hacker/exploiter to manipulate the server, one being:
if you have any type of Event or unsecured service, that isn’t properly secured or handled. Events allow for Client-Server communication, if you don’t rate limit remotes then a hacker can spam them, and also send false messages to the server. You also want to make sure you don’t have any server scripts in workspace, replicated first, or replicated storage because that’ll replicate the server script to the client.

if a client can see a server script due to it being replicated to the client, it can manipulate it. So check for all this to determine what vulnerabilities you have, and how to fix or hide them.

imnotaguest1121 · May 22, 2024, 9:15pm

Well, I guess it’s save. How about my formatting however?

thyswedishviking · May 22, 2024, 9:18pm

I can’t really say much, it’s really what ever format is readable to you and make sure the format is at least coherent for others to read. Because I could just tell you make it all camel case, blah blah, but if that’s not how you read, nor write code, than don’t do it.

imnotaguest1121 · May 22, 2024, 9:19pm

Well alright then, thanks!

snkassnkdsakndnk

thyswedishviking · May 22, 2024, 9:20pm

No worries, glad I could help you out. Have a blessed day.

Harisaiyo · May 23, 2024, 5:40pm

Lets address your first point: 1. Hackers can take control of the NPC and modify it to their will.
I do a Server → Client approach for AI. Animations are done with animator:PlayAnimation by the server and humanoid.MoveTo to manipulate movement in a secure way. This is pretty secure. The only way they can manipulate is two things:

data on client being sent to server: Always sanitize and validate your event parameters on the server
doing certain behaviors which manipulate the server logic to behave favorably in their manner

For your second point 2. The formatting is mediocre, especially around the chasing part.

Your code is ok but it isnt scalable and makes maintaining hard if you scale up your game and add more monsters. For an example of a structured ai loop checkout my response. FX, and camera rendering is done all by client. Server manipulates humanoid and plays animation which replicate across all clients by default.

imnotaguest1121 · May 23, 2024, 9:52pm

Well, as of the current, the enemy AI is literally just a subspace tripmine and is a custom rig. The script is also server script. Although I am making more variants of the enemy currently in my game albeit slightly different.

Also, I’ll take a look at the link you provided me! Thank you.

system · June 6, 2024, 9:53pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.