NetworkOwnership Exploit Patch (Outdated)

anon2793720 · June 4, 2020, 10:37am

Yes, I just checked this, you’re right actually - my apologies there. If anything then, the above is a method to perhaps bypass the check then.

TheDemoDeveloper · June 4, 2020, 11:17am

So if I use this script to ban exploiters, would there be false bans for players that did nothing?

StolenGeometry · June 4, 2020, 11:34pm

I have to inform you that this patch has recently been rendered useless, as exploiters have found a way around the detection, somehow.

exxtremestuffs · June 5, 2020, 12:42am

It seems that exploits now have a bypass for this method; using this will only affect their outdated scripts.

T_eethyz · June 5, 2020, 3:13am

Thank you for releasing this patch, this is a wonderful method to get rid of all the annoying exploiters.

Nowadays, exploits like Synapse offer custom functions such as SetSimRadius which doesn’t send a Changed packet but this is still a wonderful patch.

Sudden_Demise · June 5, 2020, 10:33am

This was released on v3rmillion as well.

I can confirm this patch is real and does actually work for those outdated scripts but I’m pretty sure there’s a new workaround.

H4XERZZZZ · June 6, 2020, 4:01pm

I’ve seen the new workaround, in a nutshell they fire a event called SimulationRadiusChanged, which doesn’t get triggered by the server so I’ll be looking for an alternative way, and if I cant then there will have to be a dedicated script to check the controlled parts

Diltz_3 · June 20, 2020, 9:11am

This won’t help. I’m pretty sure exploiters already found method how to bypass it.

NeoInversion · June 29, 2020, 2:40am

They have, but the people who make the scripts haven’t. The real exploit creators have their own functions to set the simulation radius; also, Roblox made SimulationRadius a hidden property it seems. But theres also a sethiddenproperty function so not very effective, not that I think it was meant to stop SimulationRadius exploitation.

raulib · July 1, 2020, 10:55am

Wrong method, easily bypassable, and yet you cannot read changes from a localscript.

unix_system · July 1, 2020, 10:57am

What? Can you elaborate?

This method isn’t bypassable - it will not stop, however, people who exploit stuff they already have network ownership of

NeoInversion · July 1, 2020, 11:51am

It is bypassable; see above replies and not just mine.

I don’t know what he’s talking about though. SimulationRadius is meant to replicate. It’s part of physics.

NachtHemd · July 1, 2020, 1:52pm

As long as Roblox doesn’t allow us reading out SimulationRadius from players (which isn’t going to happen since they just marked it as hidden), you shouldn’t use automatic part ownership system. Use SetNetworkOwner instead. When I find the motivation I would make a replacement for the automatic system in the future which isn’t exploitable.

raulib · July 1, 2020, 9:34pm

Values aren’t replicated in any way, exploits have a trick behind their sleeve to set the value and yet there are better ways to fix it.

unix_system · July 2, 2020, 1:18am

They are replicated, otherwise this server script would not work.

The way Network Ownership works is best detailed on the DevHub: Network Ownership
However, to summarise:

Roblox Physics is generally not handled by the server, but by individual clients
The server decides who is the best player to give that network ownership to, based on range
The SimulationRadius property tells the server how close players should be before they are considered as a Network Owner for a physics instance
Since this value is used by the server as-is, it can’t be “bypassed” without also negating the point of this exploit.

Exploiters can still screw with Network Ownership - this won’t patch that. However it will patch them arbitrarily extending their network ownership reach to wayy beyond usual.

NachtHemd · July 2, 2020, 1:49am

As @H4XERZZZZ already pointed out, certain exploits fully bypass this patch by apparently firing the SimulationRadiusChanged event with a custom function, which does not trigger the Changed event but does set the property to an arbitrary value. I can confirm that it works and that it does bypass the patch.
Hence why I said in my last reply that with no direct access to the property, the automatic ownership system is unsafe and should be avoided.

DemonLexe · July 2, 2020, 2:16am

Has anyone found a patch to the workaround yet?

Rile_ey · July 2, 2020, 4:32am

The replies on this thread have been a little unclear, does that patch work effectively or not?
I’ve been experiencing this in my game and we had to shut down because of it right after we hit 1 million visits.

Is there any way to counter it?

Diltz_3 · July 15, 2020, 5:47pm

You can just set all unanchored parts, network owner as server, so exploiters will be unable to control them

local Part = workspace.Part
Part:SetNetworkOwner(nil) -- will set owner as server since there no player instance as argument

micheal999990 · July 24, 2020, 4:04pm

Simplest solution would be imo to then make sure that networkownership of things like vehicles are only given when the player is seated and that you go thru some form of serverside whitelisting of the driver to make sure they are a legit player before giving ownership if this is in a game or group type thing where vehicles are restricted to specfic groups or people. If no one is seated then the SetNetworkOwner should be nil to set access to server only and not Automatic. You can check randomly who is the current Network Owner with GetNetworkOwner() and then again if no one is seated in driver seat or the NetworkOwner shown isnt the driver seated you can kick or do whatever is needed to rectify situation. Imo should be a simple fix for most games in my eyes but who am I to say for sure lol.