Need help patching teleport exploit

Froredion · January 19, 2020, 11:33am

I want to patch a teleport exploit but this will break some of the teleport scripts I have, even when I tried to make it so it detects when the script is the one teleporting player, it still detects in my anti-cheat sometimes that it’s a TP through client.

local plr = game.Players.LocalPlayer

repeat wait() until plr:FindFirstChild("SpawnValue")

if plr.SpawnValue.Value ~= "None" then

repeat wait() until (plr.Character.HumanoidRootPart.Position - workspace[plr.SpawnValue.Value].Position).magnitude <= 40

end

local RunService = game:GetService('RunService')

Check = false

Boop = false

local LastestPos

local safe = false

local safe2 = false

local safe3 = false

local offense = 0

local stateType = Enum.HumanoidStateType

local character = script.Parent

local humanoid = character:WaitForChild("Humanoid")

humanoid:SetStateEnabled(stateType.FallingDown, false)

humanoid:SetStateEnabled(stateType.Ragdoll, false)

local CurrentHum = script.Parent.Humanoid

local CurrentRoot = script.Parent.HumanoidRootPart

local function FlingPreventionUpdate()

if CurrentHum ~= nil and CurrentRoot ~= nil then

if CurrentRoot:IsDescendantOf(workspace) then

if not CurrentHum:GetState() == Enum.HumanoidStateType.Jumping then

if CurrentRoot.RotVelocity.magnitude >= 50 or CurrentRoot.Velocity.magnitude >= 50 then

print(CurrentRoot.Velocity.magnitude)

CurrentRoot.RotVelocity = Vector3.new()

CurrentRoot.Velocity = Vector3.new()

end

end

end

end

end

local skillsChecker,extraSkill = game.ReplicatedStorage.GUIRemote.SkillsChecker:InvokeServer()

local uis = game:GetService("UserInputService")

local cd2 = false

local mouse = game.Players.LocalPlayer:GetMouse()

uis.InputBegan:Connect(function(input)

if cd2 == false and input.KeyCode == Enum.KeyCode.X and skillsChecker["FirstSkill"].SkillName == "Purge of the Thunder Emperor" then

cd2 = true

LastestPos = script.Parent.HumanoidRootPart.Position

safe3 = true

wait(7)

LastestPos = script.Parent.HumanoidRootPart.Position

safe3 = false

wait(3)

cd2 = false

elseif cd2 == false and input.KeyCode == Enum.KeyCode.V and skillsChecker["FirstSkill"].SkillName == "Cruel Sun" then

if mouse.Target.Parent:FindFirstChild("Humanoid") or mouse.Target.Parent.Parent:FindFirstChild("Humanoid") then

cd2 = true

LastestPos = script.Parent.HumanoidRootPart.Position

safe3 = true

wait(7)

LastestPos = script.Parent.HumanoidRootPart.Position

safe3 = false

wait(8)

cd2 = false

end

end

end)

RunService.Heartbeat:Connect(function(step)

FlingPreventionUpdate()

if game.Players.LocalPlayer.Character.Humanoid.WalkSpeed > 50 then

if script.Parent:FindFirstChild("Beastmen") and game.Players.LocalPlayer.Character.Humanoid.WalkSpeed < 100 then

else

game.Players.LocalPlayer:Kick("Kicked for speed hacking!")

end

end

if offense >= 3 then

game.Players.LocalPlayer:Kick("Kicked for flinging/teleporting!")

end

if script.Parent:FindFirstChild("HumanoidRootPart") then

if Check == false and Boop == false then

LastestPos = script.Parent.HumanoidRootPart.Position

Boop = true

wait(.1)

Check = true

Boop = false

else

if Boop == false then

if safe == true then

return

elseif safe2 == true then

return

elseif safe2 == true and safe3 == true then

return

end

if script.Parent.Bypass.isFiring.Value == true then

return

end

local NewPos = script.Parent.HumanoidRootPart.Position

if (LastestPos - NewPos).Magnitude > 100 then

game.Players.LocalPlayer.Character.HumanoidRootPart.CFrame = CFrame.new(LastestPos)

game.Players.LocalPlayer.Character.HumanoidRootPart.Anchored = true

delay(2,function() game.Players.LocalPlayer.Character.HumanoidRootPart.Anchored = false end)

offense = offense + 1

end

Check = false

Boop = false

end

end

end

end)

game.ReplicatedStorage.isitSafe.OnClientEvent:Connect(function(ho)

LastestPos = script.Parent.HumanoidRootPart.Position

safe = ho

end)

local cd = false

repeat wait() until script.Parent:FindFirstChild("Bypass")

script.Parent.Bypass.Event:Connect(function()

script.Parent.Bypass.isFiring.Value = false

if cd == false then

cd = true

LastestPos = script.Parent.HumanoidRootPart.Position

safe2 = true

wait(7)

LastestPos = script.Parent.HumanoidRootPart.Position

safe2 = false

wait(3)

cd = false

end

end)

Sorry, if this script is messy. I did all what I can but it still detects in my anti-cheat sometimes that it’s a TP through client making players get kicked unintentionally.

JS_Coded · January 19, 2020, 11:38am

Try adding a value named “Teleportation” and if its true it bypasses the patch, and if false it runs the anti exploit script.

Froredion · January 19, 2020, 11:39am

I tried that, although it kinda solves it somehow, it still kicks player unintentionally.

JS_Coded · January 19, 2020, 11:51am

Hmm… Are you sure the value is always fired as true whenever you teleport? Have u made a wait after setting the value?

Froredion · January 19, 2020, 11:52am

Yeah, I’m very sure that it fires true everytime you teleport and even BEFORE you teleport.

JS_Coded · January 19, 2020, 11:53am

Have you reassured this with console prints?

PlayAsync · January 19, 2020, 11:59am

The problem here is that you’re creating your exploit detection on the client so even if the script did work you still will not solve the problem of exploters.

Why is it a problem you ask?

Exploiters whilst being unable to touch anything on the server can modify anything on the client. You can create the best possible exploit protection ever on the client but then an exploiter can come along and see this script and just use :Destroy() on their end to remove it.

Can I use some tricks to avoid this?

You might think that firing a remote every couple of seconds to check that the script still exists may prevent against this, after all they can’t just create another script and bypass this. Wrong! Of course they can. Do not underestimate what power the player has.

Conclusion

The main issue here isn’t exactly that the script isn’t working. The real issue is that when it is fixed your potentially still allowing exploiters to teleport because they can just bypass whatever you throw at them on the client.

To fix this you must create your exploit protection on the server. Yes, this is going to take some time and is much harder than just making it on the client… but on the client your wasting your time.

Goodluck!

Froredion · January 19, 2020, 12:01pm

I already consider that and made it so whenever that is deleted, it automatically ban the person.

PlayAsync · January 19, 2020, 12:03pm

As I said never underestimate the power of the player. Most people don’t understand this which is… well understandable.

If you create a script to check if the script is deleted. It won’t work. If you’re checking if it’s deleted from the server then simply the server can’t see if it is actually deleted because its being deleted on the client and if you make another client script to check for deletion they can simply remove both.

You should never be making any sort of exploit protection on the client.

nooneisback · January 19, 2020, 12:30pm

This script should work, but I never tested it. Server sided protection is the best solution to most issues as the client can’t directly affect anything. Place this in a server script and ask a few people to join and rejoin to see if any issues arise.

local serPlayers = game:GetService("Players")
local listCharPos0 = {}
local listChar = {}
local listPlyrs = {}
local listMaxSpeed = {}

--Avoid false positives due to imprecision
local valThreshold = 1

--Load new players as they join
local function AddPlayer(plyr)
	--avoid loading twice
	if listPlyrs[plyr] then return end
	listPlyrs[plyr] = true
	--load/unload characters
	plyr.CharacterAdded:Connect(function(char)
		listChar[plyr] = char
		listCharPos0[char] = char.HumanoidRootPart.Position
		listMaxSpeed[char] = 16
	end)
	plyr.CharacterRemoving:Connect(function(char)
		listChar[plyr] = nil
		listCharPos0[char] = nil
		listMaxSpeed[char] = nil
	end)
end
serPlayers.PlayerAdded:Connect(AddPlayer)
--Load already present players
for _,plyr in next, serPlayers:GetPLayers() do
	AddPlayer(plyr)
end

--Remove player data when leaving to avoid issues when rejoining
serPlayers.PlayerRemoving:Connect(function(plyr)
	listPlyrs[plyr] = nil
	local char = plyr.Character
	if not char then return end
	listCharPos0[char] = nil
	listChar[plyr] = nil
	listMaxSpeed[char] = nil
end)

--Use this to teleport your characters
local function TeleportCharacter(char,pos)
	local cf0 = char.HumanoidRootPart.CFrame
	--move to position, but keep orientation
	char.HumanoidRootPart.CFrame = CFrame.new(pos)*(cf0-cf0.Position)
	--update last position to avoid teleporting back
	listCharPos0[char] = pos
end

--Use this to set the maximum speed for each character
local function SetMaxSpeed(char,spd)
	listMaxSpeed[char] = spd
end

game:GetService("RunService").Heartbeat:Connect(function(timeDelta)
	for char, pos0 in next, listCharPos0 do
		local pos1 = char.HumanoidRootPart.Position
		if (pos1-pos0).magnitude>listMaxSpeed[char]*timeDelta+valThreshold then
			--Teleport the character back if the distance traveled is too large
			TeleportCharacter(char,pos0)
		else
			listCharPos0[char] = pos1
		end
	end
end)

Froredion · January 19, 2020, 12:32pm

This could actually work, I’ll give an update if this works ^^

Really need to sleep now!

Froredion · January 19, 2020, 12:33pm

Oh sadly, there’s a dash script and double jump script in the game, these might not work. ^^

nooneisback · January 19, 2020, 12:34pm

You could add an additional table for character speed limits.

Edited my script to include some form of it.

AskWisp · January 19, 2020, 2:59pm

To stress PlayAsync’s point, it never needs to be deleted in the first place. Exploiters can manipulate, stall, or rewrite local code in any way they see fit. No matter how crafty the developer is, it’s all utterly useless if it runs off of the client.